CISA Exam Dumps | The MAJOR advantage of the risk assessment approach over the baseline approach to information security

Valid CISA Dumps shared by ExamDiscuss.com for Helping Passing CISA Exam! ExamDiscuss.com now offer the newest CISA exam dumps, the ExamDiscuss.com CISA exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CISA dumps with Test Engine here:

Access CISA Dumps Premium Version
(1435 Q&As Dumps, 35%OFF Special Discount Code: freecram)

<< Prev Question Next Question >>

Question 128/1100

The MAJOR advantage of the risk assessment approach over the baseline approach to information security management is that it ensures:

A. information assets are overprotected.

B. a basic level of protection is applied regardless of asset value.

C. appropriate levels of protection are applied to information assets.

D. an equal proportion of resources are devoted to protecting all information assets.

Question List (1100q): 1 commentQuestion 1: While planning an audit, an assessment of risk should be mad...; Question 2: .Who assumes ownership of a systems-development project and ...; Question 3: .What is often assured through table link verification and r...; Question 4: .Key verification is one of the best controls for ensuring t...; Question 5: Which of the following components is responsible for the col...; Question 6: Which of the following provides the best evidence of the ade...; Question 7: To support an organization's goals, an IS department should ...; Question 8: Which of the following systems-based approaches would a fina...; Question 9: An IS auditor evaluating the resilience of a high-availabili...; Question 10: When a new system is to be implemented within a short time f...; Question 11: You may reduce a cracker's chances of success by (choose all...; Question 12: Which of the following is an example of the defense in-depth...; Question 13: The responsibility for authorizing access to a business appl...; Question 14: Responsibility for the governance of IT should rest with the...; Question 15: Company.com has contracted with an external consulting firm ...; Question 16: When performing a database review, an IS auditor notices tha...; Question 17: The extent to which data will be collected during an IS audi...; Question 18: The final decision to include a material finding in an audit...; Question 19: Which of the following are the characteristics of a good pas...; Question 20: Which of the following is a continuity plan test that uses a...; Question 21: A virus typically consists of what major parts (choose all t...; Question 22: The reliability of an application system's audit trail may b...; Question 23: Which of the following is an oft-cited cause of vulnerabilit...; Question 24: Which of the following cryptographic systems is MOST appropr...; Question 25: .Database snapshots can provide an excellent audit trail for...; Question 26: .Which of the following processes are performed during the d...; Question 27: During an audit of an enterprise that is dedicated to e-comm...; Question 28: Which of the following provides the GREATEST assurance of me...; Question 29: Which of the following would an IS auditor consider the MOST...; Question 30: Codes from exploit programs are frequently reused in:...; Question 31: Which of the following would effectively verify the originat...; Question 32: Digital signatures require the:...; Question 33: The purpose of code signing is to provide assurance that:...; Question 34: An IS auditor who was involved in designing an organization'...; Question 35: To protect a VoIP infrastructure against a denial-of-service...; Question 36: During a change control audit of a production system, an IS ...; Question 37: .Who is responsible for implementing cost-effective controls...; Question 38: During an exit interview, in cases where there is disagreeme...; Question 39: The PRIMARY purpose of implementing Redundant Array of Inexp...; Question 40: .What type of risk results when an IS auditor uses an inadeq...; Question 41: An IS auditor finds that a DBA has read and write access to ...; Question 42: Which of the following is an implementation risk within the ...; Question 43: Which of the following is MOST critical when creating data f...; Question 44: To assist an organization in planning for IT investments, an...; Question 45: The use of digital signatures:; Question 46: Which of the following should an IS auditor recommend for th...; Question 47: Disaster recovery planning (DRP) addresses the:...; Question 48: When two or more systems are integrated, input/output contro...; Question 49: Normally, it would be essential to involve which of the foll...; Question 50: Which of the following network configuration options contain...; Question 51: .Input/output controls should be implemented for which appli...; Question 52: IT governance is PRIMARILY the responsibility of the:...; Question 53: .Which of the following is often used as a detection and det...; Question 54: The technique of rummaging through commercial trash to colle...; Question 55: .If an IS auditor finds evidence of risk involved in not imp...; Question 56: Integer overflow occurs primarily with:...; Question 57: .When should an application-level edit check to verify that ...; Question 58: An IS auditor recommends that an initial validation control ...; Question 59: Which of the following procedures would BEST determine wheth...; Question 60: .What can be used to help identify and investigate unauthori...; Question 61: A hub is a device that connects:...; Question 62: .When storing data archives off-site, what must be done with...; Question 63: Which of the following would be of MOST concern to an IS aud...; Question 64: To determine how data are accessed across different platform...; Question 65: Which of the following exposures could be caused by a line g...; Question 66: After a full operational contingency test, an IS auditor per...; Question 67: The BEST method for assessing the effectiveness of a busines...; Question 68: Which of the following is not a good tactic to use against h...; Question 69: Which of the following would an IS auditor consider a weakne...; Question 70: .Obtaining user approval of program changes is very effectiv...; Question 71: An IS auditor is reviewing access to an application to deter...; Question 72: To optimize an organization's business contingency plan (BCP...; Question 73: The sophistication and formality of IS audit programs may va...; Question 74: .What is often the most difficult part of initial efforts in...; Question 75: An IS auditor reviews an organizational chart PRIMARILY for:...; Question 76: Which of the following would be MOST important for an IS aud...; Question 77: An IS auditor has been assigned to review IT structures and ...; Question 78: In addition to the backup considerations for all systems, wh...; Question 79: Which of the following activities should the business contin...; Question 80: Which of the following is a technique that could be used to ...; Question 81: An IS auditor can verify that an organization's business con...; Question 82: After installing a network, an organization installed a vuln...; Question 83: .A primary benefit derived from an organization employing co...; Question 84: Which of the following types of data validation editing chec...; Question 85: .What is the first step in a business process re-engineering...; 1 commentQuestion 86: Java applets and ActiveX controls are distributed executable...; Question 87: Which of the following is the PRIMARY safeguard for securing...; Question 88: To minimize the cost of a software project, quality manageme...; Question 89: An organization provides information to its supply chain par...; Question 90: Why is one-time pad not always preferable for encryption (ch...; Question 91: A live test of a mutual agreement for IT system recovery has...; Question 92: .What is a primary high-level goal for an auditor who is rev...; Question 93: During the requirements definition phase of a software devel...; Question 94: Which of the following does a lack of adequate security cont...; Question 95: Which of the following is the BEST audit procedure to determ...; Question 96: An IS auditor is reviewing an IT security risk management pr...; Question 97: The MOST effective biometric control system is the one:...; Question 98: The PRIMARY reason for using digital signatures is to ensure...; Question 99: A long-term IS employee with a strong technical background a...; Question 100: .How does the SSL network protocol provide confidentiality?...; Question 101: When selecting audit procedures, an IS auditor should use pr...; Question 102: A virtual private network (VPN) provides data confidentialit...; Question 103: A business application system accesses a corporate database ...; Question 104: To develop a successful business continuity plan, end user i...; Question 105: The GREATEST risk posed by an improperly implemented intrusi...; Question 106: An IS auditor should be MOST concerned with what aspect of a...; Question 107: The 'trusted systems' approach has been predominant in the d...; Question 108: What is the MOST prevalent security risk when an organizatio...; Question 109: The management of an organization has decided to establish a...; Question 110: An IS auditor conducting a review of disaster recovery plann...; Question 111: To prevent IP spoofing attacks, a firewall should be configu...; Question 112: Which of the following is the MOST robust method for disposi...; Question 113: Assessing IT risks is BEST achieved by:...; Question 114: You should keep all computer rooms at reasonable temperature...; Question 115: Responsibility and reporting lines cannot always be establis...; Question 116: An investment advisor e-mails periodic newsletters to client...; Question 117: Which of the following is an example of a passive attack ini...; Question 118: When evaluating the controls of an EDI application, an IS au...; Question 119: Which of the following BEST ensures the integrity of a serve...; Question 120: Which of the following attacks targets the Secure Sockets La...; Question 121: .When is regression testing used to determine whether new ap...; Question 122: An IS auditor is performing an audit of a network operating ...; Question 123: What would be the MOST effective control for enforcing accou...; Question 124: The PRIMARY purpose for meeting with auditees prior to forma...; Question 125: When performing an audit of a client relationship management...; Question 126: With Deep packet inspection, which of the following OSI laye...; Question 127: Which of the following BEST restricts users to those functio...; Question 128: The MAJOR advantage of the risk assessment approach over the...; Question 129: Which of the following refers to the proving of mathematical...; Question 130: Which of the following will BEST ensure the successful offsh...; Question 131: In a small organization, an employee performs computer opera...; Question 132: The ultimate purpose of IT governance is to:...; Question 133: As a driver of IT governance, transparency of IT's cost, val...; Question 134: The PRIMARY objective of Secure Sockets Layer (SSL) is to en...; Question 135: Which of the following would normally be the MOST reliable e...; Question 136: Which of the following will help detect changes made by an i...; Question 137: When developing a business continuity plan (BCP), which of t...; Question 138: Vendors have released patches fixing security flaws in their...; Question 139: Which of the following should concern an IS auditor when rev...; Question 140: .What is/are used to measure and ensure proper network capac...; Question 141: The sender of a public key would be authenticated by a:...; Question 142: Which of the following findings should an IS auditor be MOST...; Question 143: Which of the following is a benefit of using callback device...; Question 144: When developing a disaster recovery plan, the criteria for d...; Question 145: Which of the following goals would you expect to find in an ...; Question 146: The potential for unauthorized system access by way of termi...; Question 147: .Off-site data backup and storage should be geographically s...; Question 148: When performing a computer forensic investigation, in regard...; Question 149: The BEST method of proving the accuracy of a system tax calc...; Question 150: .What can be used to gather evidence of network attacks?...; Question 151: Which of the following is an advantage of the top-down appro...; Question 152: Machines that operate as a closed system can NEVER be eavesd...; Question 153: An organization is using an enterprise resource management (...; Question 154: All Social Engineering techniques are based on flaws in:...; Question 155: For locations 3a, 1d and 3d, the diagram indicates hubs with...; Question 156: What process uses test data as part of a comprehensive test ...; Question 157: An IS auditor reviewing digital rights management (DRM) appl...; Question 158: An IS auditor performing an application maintenance audit wo...; Question 159: Everything not explicitly permitted is forbidden has which o...; Question 160: .Which of the following is a guiding best practice for imple...; Question 161: The initial step in establishing an information security pro...; Question 162: For a discretionary access control to be effective, it must:...; Question 163: In a contract with a hot, warm or cold site, contractual pro...; Question 164: .What should IS auditors always check when auditing password...; Question 165: Inadequate programming and coding practices introduce the ri...; Question 166: A financial services organization is developing and document...; Question 167: The Federal Information Processing Standards (FIPS) are prim...; Question 168: .When reviewing print systems spooling, an IS auditor is MOS...; Question 169: A comprehensive IS audit policy should include guidelines de...; Question 170: During a logical access controls review, an IS auditor obser...; Question 171: The knowledge base of an expert system that uses questionnai...; Question 172: A hard disk containing confidential data was damaged beyond ...; Question 173: The GREATEST risk when end users have access to a database a...; Question 174: To affix a digital signature to a message, the sender must f...; Question 175: Which of the following backup techniques is the MOST appropr...; Question 176: In transport mode, the use of the Encapsulating Security Pay...; Question 177: Gimmes often work through:; Question 178: Which of the following refers to a symmetric key cipher whic...; Question 179: An appropriate control for ensuring the authenticity of orde...; Question 180: The PRIMARY purpose of audit trails is to:...; Question 181: When developing a risk-based audit strategy, an IS auditor s...; Question 182: After the merger of two organizations, multiple self-develop...; Question 183: An organization has outsourced its help desk activities. An ...; Question 184: .What type of risk is associated with authorized program exi...; Question 185: Which of the following is the key benefit of control self-as...; Question 186: .Authentication techniques for sending and receiving data be...; Question 187: .Who is ultimately accountable for the development of an IS ...; Question 188: Business units are concerned about the performance of a newl...; Question 189: Security administration procedures require read-only access ...; Question 190: .A transaction journal provides the information necessary fo...; Question 191: Which of the following would be the GREATEST cause for conce...; Question 192: Which of the following would prevent unauthorized changes to...; Question 193: A data center has a badge-entry system. Which of the followi...; Question 194: Which of the following would an IS auditor consider to be th...; Question 195: "Under the concept of ""defense in depth"", subsystems shoul...; Question 196: Which of the following is normally a responsibility of the c...; Question 197: The FIRST step in a successful attack to a system would be:...; Question 198: An IS auditor identifies that reports on product profitabili...; Question 199: Structured programming is BEST described as a technique that...; Question 200: During what process should router access control lists be re...; Question 201: The decisions and actions of an IS auditor are MOST likely t...; Question 202: The MOST likely effect of the lack of senior management comm...; Question 203: The purpose of business continuity planning and disaster-rec...; Question 204: .Whenever business processes have been re-engineered, the IS...; Question 205: .The traditional role of an IS auditor in a control self-ass...; Question 206: A comprehensive and effective e-mail policy should address t...; Question 207: .Which of the following is a passive attack method used by i...; Question 208: Which of the following controls would be the MOST comprehens...; Question 209: The BEST overall quantitative measure of the performance of ...; Question 210: The optimum business continuity strategy for an entity is de...; Question 211: What is wrong with a Black Box type of intrusion detection s...; Question 212: .The quality of the metadata produced from a data warehouse ...; Question 213: The GREATEST advantage of using web services for the exchang...; Question 214: .An intentional or unintentional disclosure of a password is...; Question 215: When reviewing a digital certificate verification process, w...; Question 216: Introducing inhomogeneity to your network for the sake of ro...; Question 217: Is it appropriate for an IS auditor from a company that is c...; Question 218: During a disaster recovery test, an IS auditor observes that...; Question 219: Which of the following provides the BEST evidence of an orga...; Question 220: .Which of the following is of greatest concern when performi...; Question 221: A call-back system requires that a user with an id and passw...; Question 222: .What type of BCP test uses actual resources to simulate a s...; Question 223: .When participating in a systems-development project, an IS ...; Question 224: Which of the following is MOST likely to result from a busin...; Question 225: When reviewing a project where quality is a major concern, a...; Question 226: When transmitting a payment instruction, which of the follow...; Question 227: At the end of the testing phase of software development, an ...; Question 228: An organization is implementing an enterprise resource plann...; Question 229: Iptables is based on which of the following frameworks?...; Question 230: An IS auditor conducting a review of software usage and lice...; Question 231: As part of the business continuity planning process, which o...; Question 232: While observing a full simulation of the business continuity...; Question 233: Which of the following would have the HIGHEST priority in a ...; Question 234: .Of the three major types of off-site processing facilities,...; Question 235: Which of the following is a continuity plan test that uses a...; Question 236: .What topology provides the greatest redundancy of routes an...; Question 237: Which of the following is a practice that should be incorpor...; Question 238: Which of the following controls would provide the GREATEST a...; Question 239: In a public key infrastructure, a registration authority:...; Question 240: Which of the following should be seen as one of the most sig...; Question 241: Which of the following is a rewrite of ipfwadm?...; Question 242: Management considered two projections for its business conti...; Question 243: .What are often the primary safeguards for systems software ...; Question 244: .If an IS auditor observes that individual modules of a syst...; Question 245: Applying a retention date on a file will ensure that:...; Question 246: A hacker could obtain passwords without the use of computer ...; Question 247: An organization has recently installed a security patch, whi...; Question 248: An organization has a mix of access points that cannot be up...; Question 249: To determine which users can gain access to the privileged s...; Question 250: An organization is planning to replace its wired networks wi...; Question 251: .Which of the following provides the strongest authenticatio...; Question 252: In large corporate networks having supply partners across th...; Question 253: An organization with extremely high security requirements is...; Question 254: The database administrator (DBA) suggests that DB efficiency...; Question 255: What method might an IS auditor utilize to test wireless sec...; Question 256: A company has recently upgraded its purchase system to incor...; Question 257: .What kind of protocols does the OSI Transport Layer of the ...; Question 258: Electromagnetic emissions from a terminal represent an expos...; Question 259: Which of the following is the BEST type of program for an or...; Question 260: An efficient use of public key infrastructure (PKI) should e...; Question 261: The PRIMARY goal of a web site certificate is:...; Question 262: Disabling which of the following would make wireless local a...; Question 263: From a control perspective, the key element in job descripti...; Question 264: An IS auditor is evaluating a corporate network for a possib...; Question 265: The purpose of a deadman door controlling access to a comput...; Question 266: .What must an IS auditor understand before performing an app...; Question 267: Data flow diagrams are used by IS auditors to:...; Question 268: .Network environments often add to the complexity of program...; Question 269: Which of the following is a prevalent risk in the developmen...; Question 270: Which of the following internet security threats could compr...; Question 271: A computer system is no more secure than the human systems r...; Question 272: When implementing an IT governance framework in an organizat...; Question 273: The BEST way to minimize the risk of communication failures ...; Question 274: Upon receipt of the initial signed digital certificate the u...; Question 275: A company uses a bank to process its weekly payroll. Time sh...; Question 276: The use of residual biometric information to gain unauthoriz...; Question 277: With respect to the outsourcing of IT services, which of the...; Question 278: .What type of fire-suppression system suppresses fire via wa...; Question 279: During the requirements definition phase for a database appl...; Question 280: Which of the following is by far the most common prevention ...; Question 281: An example of a direct benefit to be derived from a proposed...; Question 282: .An integrated test facility is not considered a useful audi...; Question 283: Which of the following is a passive attack to a network?...; Question 284: At the completion of a system development project, a postpro...; Question 285: .Which of the following typically focuses on making alternat...; Question 286: What control detects transmission errors by appending calcul...; Question 287: Which of the following tasks should be performed FIRST when ...; Question 288: Which of the following is the BEST information source for ma...; Question 289: During a human resources (HR) audit, an IS auditor is inform...; Question 290: .What are intrusion-detection systems (IDS) primarily used f...; Question 291: When segregation of duties concerns exist between IT support...; Question 292: Which of the following online auditing techniques is most ef...; Question 293: E-mail traffic from the Internet is routed via firewall-1 to...; Question 294: When conducting a penetration test of an organization's inte...; Question 295: The advantage of a bottom-up approach to the development of ...; Question 296: Which of the following is a dynamic analysis tool for the pu...; Question 297: An IS auditor reviewing the implementation of an intrusion d...; Question 298: Which of the following techniques would BEST help an IS audi...; Question 299: Which of the following is the GREATEST risk to the effective...; Question 300: When reviewing procedures for emergency changes to programs,...; Question 301: Which of the following would be the MOST secure firewall sys...; Question 302: .Which of the following should an IS auditor review to deter...; Question 303: Which of the following antispam filtering techniques would B...; Question 304: Many IT projects experience problems because the development...; Question 305: .What should an IS auditor do if he or she observes that pro...; Question 306: Host Based ILD&P primarily addresses the issue of:...; Question 307: A lower recovery time objective (RTO) results in:...; Question 308: A local area network (LAN) administrator normally would be r...; Question 309: Which of the following is the GREATEST risk when storage gro...; Question 310: Which of the following encrypt/decrypt steps provides the GR...; Question 311: An integrated test facility is considered a useful audit too...; Question 312: Which of the following is a tool you can use to simulate a b...; Question 313: Which of the following is the MOST important IS audit consid...; Question 314: In-house personnel performing IS audits should posses which ...; Question 315: A company has decided to implement an electronic signature s...; Question 316: From a risk management point of view, the BEST approach when...; Question 317: .Which of the following is the MOST critical step in plannin...; Question 318: Which of the following is the PRIMARY purpose for conducting...; Question 319: Which of the following translates e-mail formats from one ne...; Question 320: In which of the following situations is it MOST appropriate ...; Question 321: The waterfall life cycle model of software development is mo...; Question 322: An IS auditor observes a weakness in the tape management sys...; Question 323: Which of the following is MOST critical for the successful i...; Question 324: The IS auditor learns that when equipment was brought into t...; Question 325: While designing the business continuity plan (BCP) for an ai...; Question 326: When reviewing an organization's approved software product l...; Question 327: The MAIN purpose of a transaction audit trail is to:...; Question 328: To address a maintenance problem, a vendor needs remote acce...; Question 329: .Which of the following can help detect transmission errors ...; Question 330: After initial investigation, an IS auditor has reasons to be...; Question 331: In an organization, the responsibilities for IT security are...; Question 332: In planning an audit, the MOST critical step is the identifi...; Question 333: An existing system is being extensively enhanced by extracti...; Question 334: Which of the following is a benefit of using a callback devi...; Question 335: An IS steering committee should:...; Question 336: Which of the following is widely accepted as one of the crit...; Question 337: An organization has a recovery time objective (RTO) equal to...; Question 338: Which of the following would BEST provide assurance of the i...; Question 339: .To properly evaluate the collective effect of preventative,...; Question 340: Well-written risk assessment guidelines for IS auditing shou...; Question 341: .What is used to provide authentication of the website and c...; Question 342: Which of the following is a good tool to use to help enforci...; Question 343: An organization is implementing a new system to replace a le...; Question 344: Which of the following would an IS auditor consider to be th...; Question 345: Which of the following would an IS auditor consider to be th...; Question 346: An IS auditor attempting to determine whether access to prog...; Question 347: Creating which of the following is how a hacker can insure h...; Question 348: Which of the following encryption methods uses a matching pa...; Question 349: Talking about biometric authentication, physical characteris...; Question 350: When reviewing an implementation of a VoIP system over a cor...; Question 351: IT operations for a large organization have been outsourced....; Question 352: To minimize costs and improve service levels an outsourcer s...; Question 353: You should know the difference between an exploit and a vuln...; Question 354: In an EDI process, the device which transmits and receives e...; Question 355: An IS auditor reviewing wireless network security determines...; Question 356: In the event of a disruption or disaster, which of the follo...; Question 357: A retail outlet has introduced radio frequency identificatio...; Question 358: Which of the following are valid choices for the Apache/SSL ...; Question 359: Which of the following are valid examples of Malware (choose...; Question 360: The success of control self-assessment (CSA) highly depends ...; Question 361: Which of the following programs would a sound information se...; Question 362: Which of the following is the MOST reliable form of single f...; Question 363: Integrating business continuity planning (BCP) into an IT pr...; Question 364: Which of the following is the GREATEST advantage of elliptic...; Question 365: To install backdoors, hackers generally prefer to use:...; Question 366: A hot site should be implemented as a recovery strategy when...; Question 367: The risks associated with electronic evidence gathering woul...; Question 368: An IS auditor finds that a system under development has 12 l...; Question 369: Security should ALWAYS be an all or nothing issue....; Question 370: .What type of cryptosystem is characterized by data being en...; Question 371: .When should systems administrators first assess the impact ...; Question 372: When reviewing a hardware maintenance program, an IS auditor...; Question 373: .What is an edit check to determine whether a field contains...; Question 374: When developing a risk management program, what is the FIRST...; Question 375: .What is an effective control for granting temporary access ...; Question 376: A PRIMARY benefit derived from an organization employing con...; Question 377: Which of the following is the BEST way to satisfy a two-fact...; Question 378: Which significant risk is introduced by running the file tra...; Question 379: Two-factor authentication can be circumvented through which ...; Question 380: When performing a review of the structure of an electronic f...; Question 381: An IS auditor finds that user acceptance testing of a new sy...; Question 382: A team conducting a risk analysis is having difficulty proje...; Question 383: .What is an acceptable recovery mechanism for extremely time...; Question 384: The PRIMARY advantage of a continuous audit approach is that...; Question 385: To ensure message integrity, confidentiality and non repudia...; Question 386: The vice president of human resources has requested an audit...; Question 387: When reviewing the configuration of network devices, an IS a...; Question 388: The reason a certification and accreditation process is perf...; Question 389: The FIRST step in data classification is to:...; Question 390: .Data edits are implemented before processing and are consid...; Question 391: An IS auditor reviewing an accounts payable system discovers...; Question 392: Which of the following types of attack makes use of common c...; Question 393: .Off-site data storage should be kept synchronized when prep...; Question 394: When reviewing IS strategies, an IS auditor can BEST assess ...; Question 395: Back Orifice is an example of:; Question 396: Which of the following intrusion detection systems (IDSs) wi...; Question 397: Which of the following should be of MOST concern to an IS au...; Question 398: .What does PKI use to provide some of the strongest overall ...; Question 399: Which of the following software tools is often used for stea...; Question 400: The MAIN purpose for periodically testing offsite facilities...; Question 401: When reviewing input controls, an IS auditor observes that, ...; Question 402: Which of the following functions is performed by a virtual p...; Question 403: Which of the following concerns associated with the World Wi...; Question 404: The rate of change in technology increases the importance of...; Question 405: .Which of the following is BEST characterized by unauthorize...; Question 406: .________________ (fill in the blank) should be implemented ...; Question 407: An IS auditor should expect which of the following items to ...; Question 408: The PRIMARY objective of testing a business continuity plan ...; Question 409: An IS auditor reviewing an organization's IT strategic plan ...; Question 410: The MAIN criterion for determining the severity level of a s...; Question 411: Which of the following audit techniques would BEST aid an au...; Question 412: Web and e-mail filtering tools are PRIMARILY valuable to an ...; Question 413: Which of the following data validation edits is effective in...; Question 414: During the audit of an acquired software package, an IS audi...; Question 415: Which of the following is a management technique that enable...; Question 416: For which of the following applications would rapid recovery...; Question 417: An organization has outsourced its wide area network (WAN) t...; Question 418: .What is used as a control to detect loss, corruption, or du...; Question 419: Once an organization has finished the business process reeng...; Question 420: A clerk changed the interest rate for a loan on a master fil...; Question 421: Fault-tolerance is a feature particularly sought-after in wh...; Question 422: When reviewing an active project, an IS auditor observed tha...; Question 423: An organization is migrating from a legacy system to an ente...; Question 424: To prevent unauthorized entry to the data maintained in a di...; Question 425: Which of the following is a distinctive feature of the Secur...; Question 426: Relatively speaking, firewalls operated at the application l...; Question 427: An organization has a number of branches across a wide geogr...; Question 428: An IS auditor finds that, in accordance with IS policy, IDs ...; Question 429: The PRIMARY benefit of implementing a security program as pa...; Question 430: Which of the following user profiles should be of MOST conce...; Question 431: Which of the following provides the framework for designing ...; Question 432: An IS auditor should be concerned when a telecommunication a...; Question 433: Sophisticated database systems provide many layers and types...; Question 434: .Which of the following exploit vulnerabilities to cause los...; Question 435: Which of the following represents the GREATEST potential ris...; Question 436: An IS auditor is reviewing a software-based firewall configu...; Question 437: An IS auditor is assigned to audit a software development pr...; Question 438: .Processing controls ensure that data is accurate and comple...; Question 439: Which of the following is the GREATEST risk when implementin...; Question 440: Time constraints and expanded needs have been found by an IS...; Question 441: Which of the following is the BEST method for preventing the...; Question 442: While reviewing sensitive electronic work papers, the IS aud...; Question 443: During an audit, an IS auditor notices that the IT departmen...; Question 444: Which of the following would provide the BEST protection aga...; Question 445: Talking about the different approaches to security in comput...; Question 446: TEMPEST is a hardware for which of the following purposes?...; Question 447: In the event of a data center disaster, which of the followi...; Question 448: A manager of a project was not able to implement all audit r...; Question 449: The editing/validation of data entered at a remote site woul...; Question 450: Which of the following terms generally refers to small progr...; Question 451: Which of the following is an appropriate test method to appl...; Question 452: .What influences decisions regarding criticality of assets?...; Question 453: The PRIMARY objective of an audit of IT security policies is...; Question 454: The PRIMARY objective of performing a postincident review is...; Question 455: Which of the following controls would BEST detect intrusion?...; Question 456: An IS auditor performing detailed network assessments and ac...; Question 457: .Proper segregation of duties prohibits a system analyst fro...; Question 458: A technical lead who was working on a major project has left...; Question 459: Which of the following is an advantage of prototyping?...; Question 460: .Which of the following is best suited for searching for add...; Question 461: Which of the following would be the MOST cost-effective reco...; Question 462: The BEST filter rule for protecting a network from being use...; Question 463: Which of the following should an IS auditor review to unders...; Question 464: Which of the following is the PRIMARY objective of an IT per...; Question 465: Active radio frequency ID (RFID) tags are subject to which o...; Question 466: Which of the following is MOST directly affected by network ...; Question 467: The FIRST step in managing the risk of a cyber attack is to:...; Question 468: An IS auditor should recommend the use of library control so...; Question 469: Which of the following methods of encryption has been proven...; Question 470: .An off-site processing facility should be easily identifiab...; Question 471: Which of the following are often considered as the first def...; Question 472: A database administrator is responsible for:...; Question 473: An IS auditor is performing a network security review of a t...; Question 474: What is the lowest level of the IT governance maturity model...; Question 475: Which of the following forms of evidence for the auditor wou...; Question 476: .Which of the following BEST characterizes a mantrap or dead...; Question 477: When protecting an organization's IT systems, which of the f...; Question 478: .Which of the following is used to evaluate biometric access...; Question 479: .Which of the following provide(s) near-immediate recoverabi...; Question 480: An organization has contracted with a vendor for a turnkey s...; Question 481: Depending on the complexity of an organization's business co...; Question 482: .What is essential for the IS auditor to obtain a clear unde...; Question 483: A web server is attacked and compromised. Which of the follo...; Question 484: .Proper segregation of duties does not prohibit a quality co...; Question 485: The PRIMARY reason an IS auditor performs a functional walkt...; Question 486: The role of the certificate authority (CA) as a third party ...; Question 487: A structured walk-through test of a disaster recovery plan i...; Question 488: Which of the following aspects of symmetric key encryption i...; Question 489: Naming conventions for system resources are important for ac...; Question 490: When evaluating the collective effect of preventive, detecti...; Question 491: Which of the following append themselves to files as a prote...; Question 492: What should be done to determine the appropriate level of au...; Question 493: Which of the following implementation modes would provide th...; Question 494: .What is the primary objective of a control self-assessment ...; Question 495: During an audit of a telecommunications system, an IS audito...; Question 496: An organization can ensure that the recipients of e-mails fr...; Question 497: Which of the following is the BEST way to handle obsolete ma...; Question 498: IS audits should be selected through a risk analysis process...; Question 499: Confidentiality of the data transmitted in a wireless LAN is...; Question 500: An IS auditor noted that an organization had adequate busine...; Question 501: Which of the following devices extends the network and has t...; Question 502: When reviewing an intrusion detection system (IDS), an IS au...; Question 503: Functional acknowledgements are used:...; Question 504: In an audit of an inventory application, which approach woul...; Question 505: An IS auditor has imported data from the client's database. ...; Question 506: IT control objectives are useful to IS auditors, as they pro...; Question 507: When reviewing an organization's logical access security, wh...; Question 508: In a client-server architecture, a domain name service (DNS)...; Question 509: Involvement of senior management is MOST important in the de...; Question 510: .Ensuring that security and control policies support busines...; Question 511: When using an integrated test facility (ITF), an IS auditor ...; Question 512: .Business process re-engineering often results in __________...; Question 513: Which of the following activities performed by a database ad...; Question 514: .Why does an IS auditor review an organization chart?...; Question 515: Which of the following would be the BEST access control proc...; Question 516: The GREATEST benefit in implementing an expert system is the...; Question 517: .What often results in project scope creep when functional r...; Question 518: .How is the time required for transaction processing review ...; Question 519: .Which of the following do digital signatures provide?...; Question 520: An organization has just completed their annual risk assessm...; Question 521: What is a risk associated with attempting to control physica...; Question 522: A benefit of open system architecture is that it:...; Question 523: Which of the following is the MOST effective control when gr...; Question 524: Which of the following is one most common way that spyware i...; Question 525: Which of the following intrusion detection systems (IDSs) mo...; Question 526: An organization's disaster recovery plan should address earl...; Question 527: An advantage of the use of hot sites as a backup alternative...; Question 528: Information for detecting unauthorized input from a terminal...; Question 529: In a botnet, malbot logs into a particular type of system fo...; Question 530: An IS auditor reviewing access controls for a client-server ...; Question 531: IS management has decided to rewrite a legacy customer relat...; Question 532: Which of the following should be the MOST important criterio...; Question 533: The reason for establishing a stop or freezing point on the ...; Question 534: Which of the following is a control over component communica...; Question 535: .What can be implemented to provide the highest level of pro...; Question 536: A successful risk-based IT audit program should be based on:...; Question 537: The development of an IS security policy is ultimately the r...; Question 538: To ensure that audit resources deliver the best value to the...; Question 539: From a control perspective, the PRIMARY objective of classif...; Question 540: Which of the following types of firewall treats each network...; Question 541: Which of the following BEST limits the impact of server fail...; Question 542: .When performing an IS strategy audit, an IS auditor should ...; Question 543: Which of the following would BEST ensure continuity of a wid...; Question 544: Which of the following presents an inherent risk with no dis...; Question 545: Which of the following would be the BEST population to take ...; Question 546: An organization has been recently downsized, in light of thi...; Question 547: Broadly speaking, a Trojan horse is any program that invites...; Question 548: An organization has created a policy that defines the types ...; Question 549: Functionality is a characteristic associated with evaluating...; Question 550: Which of the following would be the BEST method for ensuring...; Question 551: The feature of a digital signature that ensures the sender c...; Question 552: .What type of approach to the development of organizational ...; Question 553: An offsite information processing facility:...; Question 554: A large chain of shops with electronic funds transfer (EFT) ...; Question 555: Talking about application system audit, focus should always ...; Question 556: An organization having a number of offices across a wide geo...; Question 557: An IS auditor who has discovered unauthorized transactions d...; Question 558: To ensure compliance with a security policy requiring that p...; Question 559: During a postimplementation review of an enterprise resource...; Question 560: .Rather than simply reviewing the adequacy of access control...; Question 561: The use of a GANTT chart can:; Question 562: Which of the following is a mechanism for mitigating risks?...; Question 563: In a public key infrastructure (PKI), the authority responsi...; Question 564: Which of the following is the BEST method for determining th...; Question 565: What is the best defense against Distributed DoS Attack?...; Question 566: Which of the following situations would increase the likelih...; Question 567: A proposed transaction processing application will have many...; Question 568: Performance of a biometric measure is usually referred to in...; Question 569: While copying files from a floppy disk, a user introduced a ...; Question 570: During an audit of a business continuity plan (BCP), an IS a...; Question 571: An IS auditor reviewing the key roles and responsibilities o...; Question 572: .Fourth-Generation Languages (4GLs) are most appropriate for...; Question 573: What is the recommended minimum length of a good password?...; Question 574: During a business continuity audit an IS auditor found that ...; Question 575: A company is implementing a dynamic host configuration proto...; Question 576: .Mitigating the risk and impact of a disaster or business in...; Question 577: The Secure Sockets Layer (SSL) protocol addresses the confid...; Question 578: .A check digit is an effective edit check to:...; Question 579: Which of the following is a feature of an intrusion detectio...; Question 580: .Why does the IS auditor often review the system logs?...; Question 581: Which of the following would an IS auditor use to determine ...; Question 582: Which of the following fire suppression systems is MOST appr...; Question 583: Which of the following is the MOST important action in recov...; Question 584: What is the BEST backup strategy for a large database with d...; Question 585: Which of the following ensures the availability of transacti...; Question 586: Which of the following is the GREATEST risk of an inadequate...; Question 587: The MOST likely explanation for a successful social engineer...; Question 588: .Whenever an application is modified, what should be tested ...; Question 589: Accountability for the maintenance of appropriate security m...; Question 590: A medium-sized organization, whose IT disaster recovery meas...; Question 591: An accurate biometric system usually exhibits (choose all th...; Question 592: .Which of the following help(s) prevent an organization's sy...; Question 593: Which of the following is the MOST likely reason why e-mail ...; Question 594: .Who is responsible for the overall direction, costs, and ti...; Question 595: When planning to add personnel to tasks imposing time constr...; Question 596: .Which of the following is the most fundamental step in prev...; Question 597: .What is a common vulnerability, allowing denial-of-service ...; Question 598: "Which of the following BEST describes the concept of ""defe...; Question 599: .Allowing application programmers to directly patch or chang...; Question 600: IT best practices for the availability and continuity of IT ...; Question 601: An IS auditor has audited a business continuity plan (BCP). ...; Question 602: .If a programmer has update access to a live system, IS audi...; Question 603: .What is the PRIMARY purpose of audit trails?...; Question 604: An organization has outsourced its help desk. Which of the f...; Question 605: The cost of ongoing operations when a disaster recovery plan...; Question 606: What is the best defense against Local DoS attacks?...; Question 607: Which of the following potentially blocks hacking attempts?...; Question 608: Which of the following terms is used more generally for desc...; Question 609: What should an organization do before providing an external ...; Question 610: Effective IT governance will ensure that the IT plan is cons...; Question 611: In a public key infrastructure (PKI), which of the following...; Question 612: An organization is considering connecting a critical PC-base...; Question 613: .Which of the following is a program evaluation review techn...; Question 614: An IS auditor is reviewing a project that is using an Agile ...; Question 615: Which of the following would be BEST prevented by a raised f...; Question 616: Many WEP systems require a key in a relatively insecure form...; Question 617: .Who is accountable for maintaining appropriate security mea...; Question 618: Which of the following types of attack almost always require...; Question 619: To verify that the correct version of a data file was used f...; Question 620: Which of the following would MOST effectively enhance the se...; Question 621: The difference between a vulnerability assessment and a pene...; Question 622: A company has implemented a new client-server enterprise res...; Question 623: Which of the following refers to any program that invites th...; Question 624: A project manager of a project that is scheduled to take 18 ...; Question 625: The network of an organization has been the victim of severa...; Question 626: Distributed denial-of-service (DDOS) attacks on Internet sit...; Question 627: .What is the most common reason for information systems to f...; Question 628: An IS auditor finds that not all employees are aware of the ...; Question 629: Which of the following is the MOST secure and economical met...; Question 630: .Test and development environments should be separated. True...; Question 631: Change control for business application systems being develo...; Question 632: Which of the following methods of suppressing a fire in a da...; Question 633: What is the BEST approach to mitigate the risk of a phishing...; Question 634: An IS auditor notes that IDS log entries related to port sca...; Question 635: When auditing security for a data center, an IS auditor shou...; Question 636: A disaster recovery plan for an organization's financial sys...; Question 637: Which of the following should an IS auditor use to detect du...; Question 638: .What type(s) of firewalls provide(s) the greatest degree of...; Question 639: An organization is using symmetric encryption. Which of the ...; Question 640: Facilitating telecommunications continuity by providing redu...; Question 641: Which of the following kinds of function are particularly vu...; Question 642: Regarding a disaster recovery plan, the role of an IS audito...; Question 643: Which of the following manages the digital certificate life ...; Question 644: Relatively speaking, firewalls operated at the physical leve...; Question 645: As updates to an online order entry system are processed, th...; Question 646: An IS auditor is performing an audit of a remotely managed s...; Question 647: .What is the recommended initial step for an IS auditor to i...; Question 648: Minimum password length and password complexity verification...; Question 649: When installing an intrusion detection system (IDS), which o...; Question 650: A TCP/IP-based environment is exposed to the Internet. Which...; Question 651: Which of the following is a network diagnostic tool that mon...; Question 652: An IS auditor discovers that developers have operator access...; Question 653: .When should plans for testing for user acceptance be prepar...; Question 654: The GREATEST advantage of rapid application development (RAD...; Question 655: .How is the risk of improper file access affected upon imple...; Question 656: A company has contracted with an external consulting firm to...; Question 657: A hardware control that helps to detect errors when data are...; Question 658: The MOST effective control for addressing the risk of piggyb...; Question 659: Which of the following is an attribute of the control self-a...; Question 660: While evaluating software development practices in an organi...; Question 661: During the development of an application, the quality assura...; Question 662: Which of the following sampling methods is MOST useful when ...; Question 663: Users are issued security tokens to be used in combination w...; Question 664: An IS auditor performing a review of the backup processing f...; Question 665: An IS auditor reviewing database controls discovered that ch...; Question 666: Which of the following physical access controls effectively ...; Question 667: Properly planned risk-based audit programs are often capable...; Question 668: Which of the following refers to an anomalous condition wher...; Question 669: An IS auditor finds that, at certain times of the day, the d...; Question 670: In determining the acceptable time period for the resumption...; Question 671: Which of the following would be the MOST significant audit f...; Question 672: .Who is ultimately responsible and accountable for reviewing...; Question 673: Which of the following would help to ensure the portability ...; Question 674: Which of the following is the MOST reasonable option for rec...; Question 675: Online banking transactions are being posted to the database...; Question 676: .Which of the following would prevent accountability for an ...; Question 677: An organization currently using tape backups takes one full ...; Question 678: Which of the following can be thought of as the simplest and...; Question 679: Neural networks are effective in detecting fraud because the...; Question 680: Effective IT governance requires organizational structures a...; Question 681: .An advantage of a continuous audit approach is that it can ...; Question 682: Which of the following BEST supports the prioritization of n...; Question 683: .The use of statistical sampling procedures helps minimize:...; Question 684: .When are benchmarking partners identified within the benchm...; Question 685: An IS auditor interviewing a payroll clerk finds that the an...; Question 686: Buffer overflow aims primarily at corrupting:...; Question 687: An IS auditor is reviewing the physical security measures of...; Question 688: Which of the following is the MOST effective method for deal...; Question 689: Which of the following correctly describes the purpose of an...; Question 690: .Using the OSI reference model, what layer(s) is/are used to...; Question 691: Which of the following should be included in a feasibility s...; Question 692: A number of system failures are occurring when corrections t...; Question 693: An IS auditor performing an independent classification of sy...; Question 694: Network ILD&P are typically installed:...; Question 695: The ability of the internal IS audit function to achieve des...; Question 696: E-mail message authenticity and confidentiality is BEST achi...; Question 697: Which of the following is a general operating system access ...; Question 698: .Regarding digital signature implementation, which of the fo...; Question 699: .What uses questionnaires to lead the user through a series ...; Question 700: An IS auditor has identified the lack of an authorization pr...; Question 701: An internet-based attack using password sniffing can:...; Question 702: Which of the following systems or tools can recognize that a...; Question 703: Which of the following should be of MOST concern to an IS au...; Question 704: Screening router inspects traffic through examining:...; Question 705: A LAN administrator normally would be restricted from:...; Question 706: Which of the following is the MOST important function to be ...; Question 707: Which of the following ensures a sender's authenticity and a...; Question 708: The IT balanced scorecard is a business governance tool inte...; Question 709: .The directory system of a database-management system descri...; Question 710: During maintenance of a relational database, several values ...; Question 711: While conducting an audit, an IS auditor detects the presenc...; Question 712: .Batch control reconciliation is a _____________________ (fi...; Question 713: .What are used as the framework for developing logical acces...; Question 714: As part of the IEEE 802.11 standard ratified in September 19...; Question 715: .After an IS auditor has identified threats and potential im...; Question 716: An IS auditor performing a review of an application's contro...; Question 717: If a database is restored using before-image dumps, where sh...; Question 718: .What increases encryption overhead and cost the most?...; Question 719: .What is a reliable technique for estimating the scope and c...; Question 720: During the planning stage of an IS audit, the PRIMARY goal o...; Question 721: During an audit of the logical access control of an ERP fina...; Question 722: Which of the following is an object-oriented technology char...; Question 723: The IS management of a multinational company is considering ...; Question 724: Which of the following refers to the collection of policies ...; Question 725: Use of asymmetric encryption in an internet e-commerce site,...; Question 726: Doing which of the following during peak production hours co...; Question 727: Which of the following BEST describes the necessary document...; Question 728: When using a digital signature, the message digest is comput...; Question 729: Phishing attack works primarily through:...; Question 730: .Atomicity enforces data integrity by ensuring that a transa...; Question 731: Which of the following is the MOST important criterion when ...; Question 732: .Which of the following is a good control for protecting con...; Question 733: Pretexting is an act of:; Question 734: The most common problem in the operation of an intrusion det...; Question 735: Which of the following BEST describes the role of a director...; Question 736: An IS auditor evaluating logical access controls should FIRS...; Question 737: Which of the following is an advantage of an integrated test...; Question 738: .After identifying potential security vulnerabilities, what ...; Question 739: Though management has stated otherwise, an IS auditor has re...; Question 740: The PRIMARY purpose of a business impact analysis (BIA) is t...; Question 741: To ensure an organization is complying with privacy requirem...; Question 742: Which of the following refers to any authentication protocol...; Question 743: To determine who has been given permission to use a particul...; Question 744: Which of the following refers to a method of bypassing norma...; Question 745: With the help of a security officer, granting access to data...; Question 746: What is the MOST effective method of preventing unauthorized...; Question 747: In a small organization, developers may release emergency ch...; Question 748: Which of the following refers to the act of creating and usi...; Question 749: A company undertakes a business process reengineering (BPR) ...; Question 750: The MOST important reason for an IS auditor to obtain suffic...; Question 751: Which of the following types of attack works by taking advan...; Question 752: To aid management in achieving IT and business alignment, an...; Question 753: .Any changes in systems assets, such as replacement of hardw...; Question 754: An IS auditor who is reviewing incident reports discovers th...; Question 755: In an online banking application, which of the following wou...; Question 756: Which of the following are examples of tools for launching D...; Question 757: In regard to moving an application program from the test env...; Question 758: Which of the following hardware devices relieves the central...; Question 759: During the review of a web-based software development projec...; Question 760: .Function Point Analysis (FPA) provides an estimate of the s...; Question 761: Which of the following controls would be MOST effective in e...; Question 762: A sender of an e-mail message applies a digital signature to...; Question 763: .______________ risk analysis is not always possible because...; Question 764: .What would an IS auditor expect to find in the console log?...; Question 765: Within a virus, which component is responsible for what the ...; Question 766: An IS auditor reviewing an organization's IS disaster recove...; Question 767: As part of the IEEE 802.11 standard ratified in September 19...; Question 768: During a security audit of IT processes, an IS auditor found...; Question 769: The activation of an enterprise's business continuity plan s...; Question 770: When reviewing the implementation of a LAN, an IS auditor sh...; Question 771: .If a database is restored from information backed up before...; Question 772: Which of the following should be the MOST important consider...; Question 773: The use of risk assessment tools for classifying risk factor...; Question 774: Which of the following is a dynamic analysis tool for the pu...; Question 775: Which of the following will replace system binaries and/or h...; Question 776: Which of the following BEST reduces the ability of one devic...; Question 777: To determine if unauthorized changes have been made to produ...; Question 778: Which of the following is BEST suited for secure communicati...; Question 779: .A core tenant of an IS strategy is that it must:...; Question 780: An IS auditor is reviewing a project to implement a payment ...; Question 781: A data administrator is responsible for:...; Question 782: Over the long term, which of the following has the greatest ...; Question 783: There are several methods of providing telecommunications co...; Question 784: When using a universal storage bus (USB) flash drive to tran...; Question 785: Which of the following are designed to detect network attack...; Question 786: An IS auditor reviewing an organization's data file control ...; Question 787: Above almost all other concerns, what often results in the g...; Question 788: Validated digital signatures in an e-mail software applicati...; Question 789: A penetration test performed as part of evaluating network s...; Question 790: During an implementation review of a multiuser distributed a...; Question 791: .Who should be responsible for network security operations?...; Question 792: Which of the following should be considered FIRST when imple...; Question 793: Documentation of a business case used in an IT development p...; Question 794: .An IS auditor should carefully review the functional requir...; Question 795: To gain an understanding of the effectiveness of an organiza...; Question 796: A firm is considering using biometric fingerprint identifica...; Question 797: An IS auditor finds that client requests were processed mult...; Question 798: .How do modems (modulation/demodulation) function to facilit...; Question 799: Physical access controls are usually implemented based on wh...; Question 800: An organization's IS audit charter should specify the:...; Question 801: The MOST likely explanation for the use of applets in an Int...; Question 802: Which of the following is the BEST practice to ensure that a...; Question 803: Assuming this diagram represents an internal facility and th...; Question 804: Common implementations of strong authentication may use whic...; Question 805: Which of the following would impair the independence of a qu...; Question 806: The phases and deliverables of a system development life cyc...; Question 807: Following best practices, formal plans for implementation of...; Question 808: After reviewing its business processes, a large organization...; Question 809: .What are used as a countermeasure for potential database co...; Question 810: .What process allows IS management to determine whether the ...; Question 811: Which of the following IT governance best practices improves...; Question 812: An IS auditor is assigned to perform a postimplementation re...; Question 813: You should keep all computer rooms at reasonable humidity le...; Question 814: The PRIMARY objective of implementing corporate governance b...; Question 815: The use of risk assessment tools for classifying risk factor...; Question 816: .Which of the following could lead to an unintentional loss ...; Question 817: .Digital signatures require the sender to "sign" the data by...; Question 818: .Which of the following is MOST is critical during the busin...; Question 819: Which of the following network components is PRIMARILY set u...; Question 820: Squid is an example of:; Question 821: An organization having a number of offices across a wide geo...; Question 822: Change management procedures are established by IS managemen...; Question 823: When reviewing the IT strategic planning process, an IS audi...; Question 824: Sending a message and a message hash encrypted by the sender...; Question 825: Wi-Fi Protected Access implements the majority of which IEEE...; Question 826: During the review of a biometrics system operation, an IS au...; Question 827: Which of the following virus prevention techniques can be im...; Question 828: A financial institution that processes millions of transacti...; Question 829: Talking about biometric authentication, which of the followi...; Question 830: The PRIMARY objective of a logical access control review is ...; Question 831: Which of the following cryptography options would increase o...; Question 832: An advantage in using a bottom-up vs. a top-down approach to...; Question 833: Network Data Management Protocol (NDMP) technology should be...; Question 834: During a review of a customer master file, an IS auditor dis...; Question 835: Which of the following is the PRIMARY advantage of using com...; Question 836: Which of the following should an IS auditor recommend to BES...; Question 837: Ideally, stress testing should be carried out in a:...; Question 838: Which of the following biometrics has the highest reliabilit...; Question 839: Which testing approach is MOST appropriate to ensure that in...; Question 840: When identifying an earlier project completion time, which i...; Question 841: The application systems of an organization using open-source...; Question 842: During the design of a business continuity plan, the busines...; Question 843: An IS auditor selects a server for a penetration test that w...; Question 844: Software is considered malware based on:...; Question 845: The objective of concurrency control in a database system is...; Question 846: The PRIMARY purpose of an IT forensic audit is:...; Question 847: Receiving an EDI transaction and passing it through the comm...; Question 848: Which of the following types of transmission media provide t...; Question 849: When reviewing system parameters, an IS auditor's PRIMARY co...; Question 850: Which of the following measures can protect systems files an...; Question 851: When performing an audit of access rights, an IS auditor sho...; Question 852: Which of the following is the BEST performance criterion for...; Question 853: Which of the following issues should be the GREATEST concern...; Question 854: A sequence of bits appended to a digital document that is us...; Question 855: Which of the following terms refers to systems designed to d...; Question 856: Which of the following environmental controls is appropriate...; Question 857: Which of the following would be the BEST overall control for...; Question 858: The security level of a private key system depends on the nu...; Question 859: The MAIN reason for requiring that all computer clocks acros...; Question 860: Which of the following is the MOST reliable sender authentic...; Question 861: Which of the following is the MOST important consideration w...; Question 862: When planning an audit of a network setup, an IS auditor sho...; Question 863: In the course of performing a risk analysis, an IS auditor h...; Question 864: An IS auditor conducting a review of disaster recovery plann...; Question 865: After completing the business impact analysis (BIA), what is...; Question 866: Default permit is only a good approach in an environment whe...; Question 867: The specific advantage of white box testing is that it:...; Question 868: Which audit technique provides the BEST evidence of the segr...; Question 869: What should be the GREATEST concern to an IS auditor when em...; Question 870: Which of the following is a function of an IS steering commi...; Question 871: A programmer maliciously modified a production program to ch...; Question 872: Which of the following is a data validation edit and control...; Question 873: In an organization where an IT security baseline has been de...; Question 874: In order to coordinate the activity of many infected compute...; Question 875: .Which of the following provides the BEST single-factor auth...; Question 876: Before implementing an IT balanced scorecard, an organizatio...; Question 877: .When should reviewing an audit client's business plan be pe...; Question 878: When developing a formal enterprise security program, the MO...; Question 879: .Which of the following fire-suppression methods is consider...; Question 880: A poor choice of passwords and transmission over unprotected...; Question 881: An installed Ethernet cable run in an unshielded twisted pai...; Question 882: An offsite information processing facility with electrical w...; Question 883: Which of the following must exist to ensure the viability of...; Question 884: Which of the following encryption techniques will BEST prote...; Question 885: A manufacturing firm wants to automate its invoice payment s...; Question 886: A critical function of a firewall is to act as a:...; Question 887: Which of the following types of attack often take advantage ...; Question 888: .IS auditors are MOST likely to perform compliance tests of ...; Question 889: .Who is ultimately responsible for providing requirement spe...; Question 890: For application acquisitions with significant impacts, parti...; Question 891: A trojan horse simply cannot operate autonomously....; Question 892: .Which of the following would provide the highest degree of ...; Question 893: .An IS auditor usually places more reliance on evidence dire...; Question 894: .Why is a clause for requiring source code escrow in an appl...; Question 895: During a review of a business continuity plan, an IS auditor...; Question 896: Why is it not preferable for a firewall to treat each networ...; Question 897: Which of the following data validation edits is effective in...; Question 898: .________________ (fill in the blank) is/are are ultimately ...; Question 899: An audit charter should:; Question 900: Which of the following should be included in an organization...; Question 901: A major portion of what is required to address nonrepudiatio...; Question 902: Which of the following results in a denial-of-service attack...; Question 903: .Although BCP and DRP are often implemented and tested by mi...; Question 904: In the context of effective information security governance,...; Question 905: An IS auditor reviewing a database application discovers tha...; Question 906: Which of the following procedures would MOST effectively det...; Question 907: An offsite information processing facility having electrical...; Question 908: .Parity bits are a control used to validate:...; Question 909: A certificate authority (CA) can delegate the processes of:...; Question 910: To detect attack attempts that the firewall is unable to rec...; Question 911: Which of the following tests performed by an IS auditor woul...; Question 912: Which of the following is the MOST effective type of antivir...; Question 913: Human error is being HEAVILY relied upon on by which of the ...; Question 914: An advantage of using sanitized live transactions in test da...; Question 915: Overall business risk for a particular threat can be express...; Question 916: When implementing an application software package, which of ...; Question 917: Which of the following is the MOST critical and contributes ...; Question 918: An IT steering committee should review information systems P...; Question 919: Which of the following is a concern when data are transmitte...; Question 920: Which of the following is a feature of Wi-Fi Protected Acces...; Question 921: IS management is considering a Voice-over Internet Protocol ...; Question 922: .What supports data transmission through split cable facilit...; Question 923: An IS auditor should expect the responsibility for authorizi...; Question 924: When an organization is outsourcing their information securi...; Question 925: .What process is used to validate a subject's identity?...; Question 926: When using public key encryption to secure data being transm...; Question 927: An IS auditor finds that conference rooms have active networ...; Question 928: .Why is the WAP gateway a component warranting critical conc...; Question 929: A review of wide area network (WAN) usage discovers that tra...; Question 930: An IS auditor issues an audit report pointing out the lack o...; Question 931: Which of the following types of firewalls would BEST protect...; Question 932: An IS auditor's PRIMARY concern when application developers ...; Question 933: Which of the following is the MOST effective control over vi...; Question 934: While reviewing the business continuity plan of an organizat...; Question 935: .Which of the following are effective in detecting fraud bec...; Question 936: Which of the following system and data conversion strategies...; Question 937: If inadequate, which of the following would be the MOST like...; Question 938: Which of the following would MOST effectively control the us...; Question 939: During an audit, an IS auditor notes that an organization's ...; Question 940: What is the BEST action to prevent loss of data integrity or...; Question 941: In the process of evaluating program change controls, an IS ...; Question 942: "Nowadays, computer security comprises mainly "preventive"" ...; Question 943: .What are trojan horse programs? Choose the BEST answer....; Question 944: The MOST effective control for reducing the risk related to ...; Question 945: The responsibility for authorizing access to application dat...; Question 946: To reduce the possibility of losing data during processing, ...; Question 947: Which of the following is the MOST important objective of da...; Question 948: .What protects an application purchaser's ability to fix or ...; Question 949: An IS auditor should use statistical sampling and not judgme...; Question 950: When reviewing the procedures for the disposal of computers,...; Question 951: Which of the following is a benefit of a risk-based approach...; Question 952: The PRIMARY objective of service-level management (SLM) is t...; Question 953: During which of the following phases in system development w...; Question 954: .What is the most common purpose of a virtual private networ...; Question 955: .In order to properly protect against unauthorized disclosur...; Question 956: In the 2c area of the diagram, there are three hubs connecte...; Question 957: Your final audit report should be issued:...; Question 958: Before implementing controls, management should FIRST ensure...; Question 959: Which of the following controls will MOST effectively detect...; Question 960: During the audit of a database server, which of the followin...; Question 961: .Which of the following is the dominating objective of BCP a...; Question 962: .When auditing third-party service providers, an IS auditor ...; Question 963: One major improvement in WPA over WEP is the use of a protoc...; Question 964: Which of the following exposures associated with the spoolin...; Question 965: The logical exposure associated with the use of a checkpoint...; Question 966: An IS auditor has completed a network audit. Which of the fo...; Question 967: An IS auditor should review the configuration of which of th...; Question 968: Which of the following acts as a decoy to detect active inte...; Question 969: The implementation of access controls FIRST requires:...; Question 970: An organization is disposing of a number of laptop computers...; Question 971: The computer security incident response team (CSIRT) of an o...; Question 972: When conducting a penetration test of an IT system, an organ...; Question 973: Corrective action has been taken by an auditee immediately a...; Question 974: An IS auditor inspected a windowless room containing phone s...; Question 975: An organization has an integrated development environment (I...; Question 976: An IS auditor reviewing an outsourcing contract of IT facili...; Question 977: In auditing a web server, an IS auditor should be concerned ...; Question 978: The MOST important difference between hashing and encryption...; Question 979: .How does the process of systems auditing benefit from using...; Question 980: At a hospital, medical personal carry handheld computers whi...; Question 981: .Proper segregation of duties prevents a computer operator (...; Question 982: Which of the following is the MOST important element for the...; Question 983: The human resources (HR) department has developed a system t...; Question 984: Effective transactional controls are often capable of offeri...; Question 985: Which of the following is a risk of cross-training?...; Question 986: An IS auditor reviewing an organization that uses cross-trai...; Question 987: To provide protection for media backup stored at an offsite ...; Question 988: An IS auditor has been asked to participate in project initi...; Question 989: A database administrator has detected a performance problem ...; Question 990: A digital signature contains a message digest to:...; Question 991: Which of the following would BEST support 24/7 availability?...; Question 992: Which of the following processes should an IS auditor recomm...; Question 993: .If an IS auditor observes that an IS department fails to us...; Question 994: When reviewing an organization's strategic IT plan an IS aud...; Question 995: .Of the three major types of off-site processing facilities,...; Question 996: In wireless communication, which of the following controls a...; Question 997: Which of the following functions should be performed by the ...; Question 998: A legacy payroll application is migrated to a new applicatio...; Question 999: The MOST significant security concern when using flash memor...; Question 1000: Which of the following should be a concern to an IS auditor ...; Question 1001: Which of the following is a substantive test?...; Question 1002: While reviewing the IT infrastructure, an IS auditor notices...; Question 1003: Talking about biometric measurement, which of the following ...; Question 1004: An IS auditor analyzing the audit log of a database manageme...; Question 1005: .What is used to develop strategically important systems fas...; Question 1006: An IS auditor was hired to review e-business security. The I...; Question 1007: IS management recently replaced its existing wired local are...; Question 1008: Which of the following is a telecommunication device that tr...; Question 1009: Which of the following should be of PRIMARY concern to an IS...; Question 1010: Which of the following types of spyware was originally desig...; Question 1011: A top-down approach to the development of operational polici...; Question 1012: The purpose of a mainframe audit is to provide assurance tha...; Question 1013: .What is the primary security concern for EDI environments? ...; Question 1014: The MOST significant level of effort for business continuity...; Question 1015: A perpetrator looking to gain access to and gather informati...; Question 1016: In the context of physical access control, what is known as ...; Question 1017: A firewall is being deployed at a new location. Which of the...; Question 1018: Disaster recovery planning (DRP) for a company's computer sy...; Question 1019: Due to changes in IT, the disaster recovery plan of a large ...; Question 1020: Which of the following is a good time frame for making chang...; Question 1021: Which of the following typically consists of a computer, som...; Question 1022: .What kind of testing should programmers perform following a...; Question 1023: Transmitting redundant information with each character or fr...; Question 1024: Failure in which of the following testing stages would have ...; Question 1025: An IS auditor examining a biometric user authentication syst...; Question 1026: .Which of the following best characterizes "worms"?...; Question 1027: Which of the following is a feature of Wi-Fi Protected Acces...; Question 1028: The MOST important success factor in planning a penetration ...; Question 1029: During the collection of forensic evidence, which of the fol...; Question 1030: Which of the following refers to a primary component of corp...; Question 1031: Which of the following would contribute MOST to an effective...; Question 1032: Which of the following would be an indicator of the effectiv...; Question 1033: Which of the following provides the MOST relevant informatio...; Question 1034: When auditing a disaster recovery plan for a critical busine...; Question 1035: Many organizations require an employee to take a mandatory v...; Question 1036: Of the following alternatives, the FIRST approach to develop...; Question 1037: .Proper segregation of duties normally does not prohibit a L...; Question 1038: Which of the following would MOST likely indicate that a cus...; Question 1039: A benefit of quality of service (QoS) is that the:...; Question 1040: The output of the risk management process is an input for ma...; Question 1041: Which of the following would be the MOST effective audit tec...; Question 1042: To address the risk of operations staff's failure to perform...; Question 1043: In an IS audit of several critical servers, the IS auditor w...; Question 1044: .Which type of major BCP test only requires representatives ...; Question 1045: The Federal Information Processing Standards (FIPS) were dev...; Question 1046: Sign-on procedures include the creation of a unique user ID ...; Question 1047: The initial step in establishing an information security pro...; Question 1048: Which of the following insurance types provide for a loss ar...; Question 1049: Which of the following types of data validation editing chec...; Question 1050: Which of the following satisfies a two-factor user authentic...; Question 1051: Which of the following refers to an important procedure when...; Question 1052: .What is a data validation edit control that matches input d...; Question 1053: .What is an effective countermeasure for the vulnerability o...; Question 1054: .What is a callback system?; Question 1055: .How can minimizing single points of failure or vulnerabilit...; Question 1056: During the system testing phase of an application developmen...; Question 1057: Cisco IOS based routers perform basic traffic filtering via ...; Question 1058: Which of the following protocols would be involved in the im...; Question 1059: When preparing an audit report the IS auditor should ensure ...; Question 1060: Which of the following represents the GREATEST risk created ...; Question 1061: Reverse proxy technology for web servers should be deployed ...; Question 1062: .What is an initial step in creating a proper firewall polic...; Question 1063: ALL computer programming languages are vulnerable to command...; Question 1064: When assessing the design of network monitoring controls, an...; Question 1065: Which of the following types of firewalls provide the GREATE...; Question 1066: An IS auditor performing a telecommunication access control ...; Question 1067: .An IS auditor is using a statistical sample to inventory th...; Question 1068: Which of the following line media would provide the BEST sec...; Question 1069: Which of the following correctly describe the potential prob...; Question 1070: Reconfiguring which of the following firewall types will pre...; Question 1071: Which of the following would be considered an essential feat...; Question 1072: An organization has implemented a disaster recovery plan. Wh...; Question 1073: Which of the following is the initial step in creating a fir...; Question 1074: Which of the following will prevent dangling tuples in a dat...; Question 1075: Which of the following is a characteristic of timebox manage...; Question 1076: Which of the following recovery strategies is MOST appropria...; Question 1077: An IS auditor finds out-of-range data in some tables of a da...; Question 1078: .With the objective of mitigating the risk and impact of a m...; Question 1079: .As compared to understanding an organization's IT process f...; Question 1080: A malicious code that changes itself with each file it infec...; Question 1081: Which of the following risks could result from inadequate so...; Question 1082: If the recovery time objective (RTO) increases:...; Question 1083: A disaster recovery plan for an organization should:...; Question 1084: As an outcome of information security governance, strategic ...; Question 1085: The most common reason for the failure of information system...; Question 1086: In a client-server system, which of the following control te...; Question 1087: The majority of software vulnerabilities result from a few k...; Question 1088: .What is the key distinction between encryption and hashing ...; Question 1089: After implementation of a disaster recovery plan, pre-disast...; Question 1090: Which of the following controls would an IS auditor look for...; Question 1091: .What should regression testing use to obtain accurate concl...; Question 1092: The frequent updating of which of the following is key to th...; Question 1093: .Which of the following can degrade network performance? Cho...; Question 1094: A decision support system (DSS):...; Question 1095: By evaluating application development projects against the c...; Question 1096: Which of the following types of attack involves a program th...; Question 1097: Which of the following is the most important element in the ...; Question 1098: Most trojan horse programs are spread through:...; Question 1099: .How is risk affected if users have direct access to a datab...; Question 1100: In reviewing the IS short-range (tactical) plan, an IS audit...

Question 128/1100

LEAVE A REPLY

Download PDF File