CISA Exam Dumps | .What can be implemented to provide the highest level of protection from external attack?

<< Prev Question Next Question >>

Question 535/1100

.What can be implemented to provide the highest level of protection from external attack?

A. Layering perimeter network protection by configuring the firewall as a screened host in a screened subnet behind the bastion host

B. Configuring the firewall as a screened host behind a router

C. Configuring the firewall as the protecting bastion host

D. Configuring two load-sharing firewalls facilitating VPN access from external hosts to internal hosts

Question List (1100q): 1 commentQuestion 1: While planning an audit, an assessment of risk should be mad...; Question 2: .Who assumes ownership of a systems-development project and ...; Question 3: .What is often assured through table link verification and r...; Question 4: .Key verification is one of the best controls for ensuring t...; Question 5: Which of the following components is responsible for the col...; Question 6: Which of the following provides the best evidence of the ade...; Question 7: To support an organization's goals, an IS department should ...; Question 8: Which of the following systems-based approaches would a fina...; Question 9: An IS auditor evaluating the resilience of a high-availabili...; Question 10: When a new system is to be implemented within a short time f...; Question 11: You may reduce a cracker's chances of success by (choose all...; Question 12: Which of the following is an example of the defense in-depth...; Question 13: The responsibility for authorizing access to a business appl...; Question 14: Responsibility for the governance of IT should rest with the...; Question 15: Company.com has contracted with an external consulting firm ...; Question 16: When performing a database review, an IS auditor notices tha...; Question 17: The extent to which data will be collected during an IS audi...; Question 18: The final decision to include a material finding in an audit...; Question 19: Which of the following are the characteristics of a good pas...; Question 20: Which of the following is a continuity plan test that uses a...; Question 21: A virus typically consists of what major parts (choose all t...; Question 22: The reliability of an application system's audit trail may b...; Question 23: Which of the following is an oft-cited cause of vulnerabilit...; Question 24: Which of the following cryptographic systems is MOST appropr...; Question 25: .Database snapshots can provide an excellent audit trail for...; Question 26: .Which of the following processes are performed during the d...; Question 27: During an audit of an enterprise that is dedicated to e-comm...; Question 28: Which of the following provides the GREATEST assurance of me...; Question 29: Which of the following would an IS auditor consider the MOST...; Question 30: Codes from exploit programs are frequently reused in:...; Question 31: Which of the following would effectively verify the originat...; Question 32: Digital signatures require the:...; Question 33: The purpose of code signing is to provide assurance that:...; Question 34: An IS auditor who was involved in designing an organization'...; Question 35: To protect a VoIP infrastructure against a denial-of-service...; Question 36: During a change control audit of a production system, an IS ...; Question 37: .Who is responsible for implementing cost-effective controls...; Question 38: During an exit interview, in cases where there is disagreeme...; Question 39: The PRIMARY purpose of implementing Redundant Array of Inexp...; Question 40: .What type of risk results when an IS auditor uses an inadeq...; Question 41: An IS auditor finds that a DBA has read and write access to ...; Question 42: Which of the following is an implementation risk within the ...; Question 43: Which of the following is MOST critical when creating data f...; Question 44: To assist an organization in planning for IT investments, an...; Question 45: The use of digital signatures:; Question 46: Which of the following should an IS auditor recommend for th...; Question 47: Disaster recovery planning (DRP) addresses the:...; Question 48: When two or more systems are integrated, input/output contro...; Question 49: Normally, it would be essential to involve which of the foll...; Question 50: Which of the following network configuration options contain...; Question 51: .Input/output controls should be implemented for which appli...; Question 52: IT governance is PRIMARILY the responsibility of the:...; Question 53: .Which of the following is often used as a detection and det...; Question 54: The technique of rummaging through commercial trash to colle...; Question 55: .If an IS auditor finds evidence of risk involved in not imp...; Question 56: Integer overflow occurs primarily with:...; Question 57: .When should an application-level edit check to verify that ...; Question 58: An IS auditor recommends that an initial validation control ...; Question 59: Which of the following procedures would BEST determine wheth...; Question 60: .What can be used to help identify and investigate unauthori...; Question 61: A hub is a device that connects:...; Question 62: .When storing data archives off-site, what must be done with...; Question 63: Which of the following would be of MOST concern to an IS aud...; Question 64: To determine how data are accessed across different platform...; Question 65: Which of the following exposures could be caused by a line g...; Question 66: After a full operational contingency test, an IS auditor per...; Question 67: The BEST method for assessing the effectiveness of a busines...; Question 68: Which of the following is not a good tactic to use against h...; Question 69: Which of the following would an IS auditor consider a weakne...; Question 70: .Obtaining user approval of program changes is very effectiv...; Question 71: An IS auditor is reviewing access to an application to deter...; Question 72: To optimize an organization's business contingency plan (BCP...; Question 73: The sophistication and formality of IS audit programs may va...; Question 74: .What is often the most difficult part of initial efforts in...; Question 75: An IS auditor reviews an organizational chart PRIMARILY for:...; Question 76: Which of the following would be MOST important for an IS aud...; Question 77: An IS auditor has been assigned to review IT structures and ...; Question 78: In addition to the backup considerations for all systems, wh...; Question 79: Which of the following activities should the business contin...; Question 80: Which of the following is a technique that could be used to ...; Question 81: An IS auditor can verify that an organization's business con...; Question 82: After installing a network, an organization installed a vuln...; Question 83: .A primary benefit derived from an organization employing co...; Question 84: Which of the following types of data validation editing chec...; Question 85: .What is the first step in a business process re-engineering...; 1 commentQuestion 86: Java applets and ActiveX controls are distributed executable...; Question 87: Which of the following is the PRIMARY safeguard for securing...; Question 88: To minimize the cost of a software project, quality manageme...; Question 89: An organization provides information to its supply chain par...; Question 90: Why is one-time pad not always preferable for encryption (ch...; Question 91: A live test of a mutual agreement for IT system recovery has...; Question 92: .What is a primary high-level goal for an auditor who is rev...; Question 93: During the requirements definition phase of a software devel...; Question 94: Which of the following does a lack of adequate security cont...; Question 95: Which of the following is the BEST audit procedure to determ...; Question 96: An IS auditor is reviewing an IT security risk management pr...; Question 97: The MOST effective biometric control system is the one:...; Question 98: The PRIMARY reason for using digital signatures is to ensure...; Question 99: A long-term IS employee with a strong technical background a...; Question 100: .How does the SSL network protocol provide confidentiality?...; Question 101: When selecting audit procedures, an IS auditor should use pr...; Question 102: A virtual private network (VPN) provides data confidentialit...; Question 103: A business application system accesses a corporate database ...; Question 104: To develop a successful business continuity plan, end user i...; Question 105: The GREATEST risk posed by an improperly implemented intrusi...; Question 106: An IS auditor should be MOST concerned with what aspect of a...; Question 107: The 'trusted systems' approach has been predominant in the d...; Question 108: What is the MOST prevalent security risk when an organizatio...; Question 109: The management of an organization has decided to establish a...; Question 110: An IS auditor conducting a review of disaster recovery plann...; Question 111: To prevent IP spoofing attacks, a firewall should be configu...; Question 112: Which of the following is the MOST robust method for disposi...; Question 113: Assessing IT risks is BEST achieved by:...; Question 114: You should keep all computer rooms at reasonable temperature...; Question 115: Responsibility and reporting lines cannot always be establis...; Question 116: An investment advisor e-mails periodic newsletters to client...; Question 117: Which of the following is an example of a passive attack ini...; Question 118: When evaluating the controls of an EDI application, an IS au...; Question 119: Which of the following BEST ensures the integrity of a serve...; Question 120: Which of the following attacks targets the Secure Sockets La...; Question 121: .When is regression testing used to determine whether new ap...; Question 122: An IS auditor is performing an audit of a network operating ...; Question 123: What would be the MOST effective control for enforcing accou...; Question 124: The PRIMARY purpose for meeting with auditees prior to forma...; Question 125: When performing an audit of a client relationship management...; Question 126: With Deep packet inspection, which of the following OSI laye...; Question 127: Which of the following BEST restricts users to those functio...; Question 128: The MAJOR advantage of the risk assessment approach over the...; Question 129: Which of the following refers to the proving of mathematical...; Question 130: Which of the following will BEST ensure the successful offsh...; Question 131: In a small organization, an employee performs computer opera...; Question 132: The ultimate purpose of IT governance is to:...; Question 133: As a driver of IT governance, transparency of IT's cost, val...; Question 134: The PRIMARY objective of Secure Sockets Layer (SSL) is to en...; Question 135: Which of the following would normally be the MOST reliable e...; Question 136: Which of the following will help detect changes made by an i...; Question 137: When developing a business continuity plan (BCP), which of t...; Question 138: Vendors have released patches fixing security flaws in their...; Question 139: Which of the following should concern an IS auditor when rev...; Question 140: .What is/are used to measure and ensure proper network capac...; Question 141: The sender of a public key would be authenticated by a:...; Question 142: Which of the following findings should an IS auditor be MOST...; Question 143: Which of the following is a benefit of using callback device...; Question 144: When developing a disaster recovery plan, the criteria for d...; Question 145: Which of the following goals would you expect to find in an ...; Question 146: The potential for unauthorized system access by way of termi...; Question 147: .Off-site data backup and storage should be geographically s...; Question 148: When performing a computer forensic investigation, in regard...; Question 149: The BEST method of proving the accuracy of a system tax calc...; Question 150: .What can be used to gather evidence of network attacks?...; Question 151: Which of the following is an advantage of the top-down appro...; Question 152: Machines that operate as a closed system can NEVER be eavesd...; Question 153: An organization is using an enterprise resource management (...; Question 154: All Social Engineering techniques are based on flaws in:...; Question 155: For locations 3a, 1d and 3d, the diagram indicates hubs with...; Question 156: What process uses test data as part of a comprehensive test ...; Question 157: An IS auditor reviewing digital rights management (DRM) appl...; Question 158: An IS auditor performing an application maintenance audit wo...; Question 159: Everything not explicitly permitted is forbidden has which o...; Question 160: .Which of the following is a guiding best practice for imple...; Question 161: The initial step in establishing an information security pro...; Question 162: For a discretionary access control to be effective, it must:...; Question 163: In a contract with a hot, warm or cold site, contractual pro...; Question 164: .What should IS auditors always check when auditing password...; Question 165: Inadequate programming and coding practices introduce the ri...; Question 166: A financial services organization is developing and document...; Question 167: The Federal Information Processing Standards (FIPS) are prim...; Question 168: .When reviewing print systems spooling, an IS auditor is MOS...; Question 169: A comprehensive IS audit policy should include guidelines de...; Question 170: During a logical access controls review, an IS auditor obser...; Question 171: The knowledge base of an expert system that uses questionnai...; Question 172: A hard disk containing confidential data was damaged beyond ...; Question 173: The GREATEST risk when end users have access to a database a...; Question 174: To affix a digital signature to a message, the sender must f...; Question 175: Which of the following backup techniques is the MOST appropr...; Question 176: In transport mode, the use of the Encapsulating Security Pay...; Question 177: Gimmes often work through:; Question 178: Which of the following refers to a symmetric key cipher whic...; Question 179: An appropriate control for ensuring the authenticity of orde...; Question 180: The PRIMARY purpose of audit trails is to:...; Question 181: When developing a risk-based audit strategy, an IS auditor s...; Question 182: After the merger of two organizations, multiple self-develop...; Question 183: An organization has outsourced its help desk activities. An ...; Question 184: .What type of risk is associated with authorized program exi...; Question 185: Which of the following is the key benefit of control self-as...; Question 186: .Authentication techniques for sending and receiving data be...; Question 187: .Who is ultimately accountable for the development of an IS ...; Question 188: Business units are concerned about the performance of a newl...; Question 189: Security administration procedures require read-only access ...; Question 190: .A transaction journal provides the information necessary fo...; Question 191: Which of the following would be the GREATEST cause for conce...; Question 192: Which of the following would prevent unauthorized changes to...; Question 193: A data center has a badge-entry system. Which of the followi...; Question 194: Which of the following would an IS auditor consider to be th...; Question 195: "Under the concept of ""defense in depth"", subsystems shoul...; Question 196: Which of the following is normally a responsibility of the c...; Question 197: The FIRST step in a successful attack to a system would be:...; Question 198: An IS auditor identifies that reports on product profitabili...; Question 199: Structured programming is BEST described as a technique that...; Question 200: During what process should router access control lists be re...; Question 201: The decisions and actions of an IS auditor are MOST likely t...; Question 202: The MOST likely effect of the lack of senior management comm...; Question 203: The purpose of business continuity planning and disaster-rec...; Question 204: .Whenever business processes have been re-engineered, the IS...; Question 205: .The traditional role of an IS auditor in a control self-ass...; Question 206: A comprehensive and effective e-mail policy should address t...; Question 207: .Which of the following is a passive attack method used by i...; Question 208: Which of the following controls would be the MOST comprehens...; Question 209: The BEST overall quantitative measure of the performance of ...; Question 210: The optimum business continuity strategy for an entity is de...; Question 211: What is wrong with a Black Box type of intrusion detection s...; Question 212: .The quality of the metadata produced from a data warehouse ...; Question 213: The GREATEST advantage of using web services for the exchang...; Question 214: .An intentional or unintentional disclosure of a password is...; Question 215: When reviewing a digital certificate verification process, w...; Question 216: Introducing inhomogeneity to your network for the sake of ro...; Question 217: Is it appropriate for an IS auditor from a company that is c...; Question 218: During a disaster recovery test, an IS auditor observes that...; Question 219: Which of the following provides the BEST evidence of an orga...; Question 220: .Which of the following is of greatest concern when performi...; Question 221: A call-back system requires that a user with an id and passw...; Question 222: .What type of BCP test uses actual resources to simulate a s...; Question 223: .When participating in a systems-development project, an IS ...; Question 224: Which of the following is MOST likely to result from a busin...; Question 225: When reviewing a project where quality is a major concern, a...; Question 226: When transmitting a payment instruction, which of the follow...; Question 227: At the end of the testing phase of software development, an ...; Question 228: An organization is implementing an enterprise resource plann...; Question 229: Iptables is based on which of the following frameworks?...; Question 230: An IS auditor conducting a review of software usage and lice...; Question 231: As part of the business continuity planning process, which o...; Question 232: While observing a full simulation of the business continuity...; Question 233: Which of the following would have the HIGHEST priority in a ...; Question 234: .Of the three major types of off-site processing facilities,...; Question 235: Which of the following is a continuity plan test that uses a...; Question 236: .What topology provides the greatest redundancy of routes an...; Question 237: Which of the following is a practice that should be incorpor...; Question 238: Which of the following controls would provide the GREATEST a...; Question 239: In a public key infrastructure, a registration authority:...; Question 240: Which of the following should be seen as one of the most sig...; Question 241: Which of the following is a rewrite of ipfwadm?...; Question 242: Management considered two projections for its business conti...; Question 243: .What are often the primary safeguards for systems software ...; Question 244: .If an IS auditor observes that individual modules of a syst...; Question 245: Applying a retention date on a file will ensure that:...; Question 246: A hacker could obtain passwords without the use of computer ...; Question 247: An organization has recently installed a security patch, whi...; Question 248: An organization has a mix of access points that cannot be up...; Question 249: To determine which users can gain access to the privileged s...; Question 250: An organization is planning to replace its wired networks wi...; Question 251: .Which of the following provides the strongest authenticatio...; Question 252: In large corporate networks having supply partners across th...; Question 253: An organization with extremely high security requirements is...; Question 254: The database administrator (DBA) suggests that DB efficiency...; Question 255: What method might an IS auditor utilize to test wireless sec...; Question 256: A company has recently upgraded its purchase system to incor...; Question 257: .What kind of protocols does the OSI Transport Layer of the ...; Question 258: Electromagnetic emissions from a terminal represent an expos...; Question 259: Which of the following is the BEST type of program for an or...; Question 260: An efficient use of public key infrastructure (PKI) should e...; Question 261: The PRIMARY goal of a web site certificate is:...; Question 262: Disabling which of the following would make wireless local a...; Question 263: From a control perspective, the key element in job descripti...; Question 264: An IS auditor is evaluating a corporate network for a possib...; Question 265: The purpose of a deadman door controlling access to a comput...; Question 266: .What must an IS auditor understand before performing an app...; Question 267: Data flow diagrams are used by IS auditors to:...; Question 268: .Network environments often add to the complexity of program...; Question 269: Which of the following is a prevalent risk in the developmen...; Question 270: Which of the following internet security threats could compr...; Question 271: A computer system is no more secure than the human systems r...; Question 272: When implementing an IT governance framework in an organizat...; Question 273: The BEST way to minimize the risk of communication failures ...; Question 274: Upon receipt of the initial signed digital certificate the u...; Question 275: A company uses a bank to process its weekly payroll. Time sh...; Question 276: The use of residual biometric information to gain unauthoriz...; Question 277: With respect to the outsourcing of IT services, which of the...; Question 278: .What type of fire-suppression system suppresses fire via wa...; Question 279: During the requirements definition phase for a database appl...; Question 280: Which of the following is by far the most common prevention ...; Question 281: An example of a direct benefit to be derived from a proposed...; Question 282: .An integrated test facility is not considered a useful audi...; Question 283: Which of the following is a passive attack to a network?...; Question 284: At the completion of a system development project, a postpro...; Question 285: .Which of the following typically focuses on making alternat...; Question 286: What control detects transmission errors by appending calcul...; Question 287: Which of the following tasks should be performed FIRST when ...; Question 288: Which of the following is the BEST information source for ma...; Question 289: During a human resources (HR) audit, an IS auditor is inform...; Question 290: .What are intrusion-detection systems (IDS) primarily used f...; Question 291: When segregation of duties concerns exist between IT support...; Question 292: Which of the following online auditing techniques is most ef...; Question 293: E-mail traffic from the Internet is routed via firewall-1 to...; Question 294: When conducting a penetration test of an organization's inte...; Question 295: The advantage of a bottom-up approach to the development of ...; Question 296: Which of the following is a dynamic analysis tool for the pu...; Question 297: An IS auditor reviewing the implementation of an intrusion d...; Question 298: Which of the following techniques would BEST help an IS audi...; Question 299: Which of the following is the GREATEST risk to the effective...; Question 300: When reviewing procedures for emergency changes to programs,...; Question 301: Which of the following would be the MOST secure firewall sys...; Question 302: .Which of the following should an IS auditor review to deter...; Question 303: Which of the following antispam filtering techniques would B...; Question 304: Many IT projects experience problems because the development...; Question 305: .What should an IS auditor do if he or she observes that pro...; Question 306: Host Based ILD&P primarily addresses the issue of:...; Question 307: A lower recovery time objective (RTO) results in:...; Question 308: A local area network (LAN) administrator normally would be r...; Question 309: Which of the following is the GREATEST risk when storage gro...; Question 310: Which of the following encrypt/decrypt steps provides the GR...; Question 311: An integrated test facility is considered a useful audit too...; Question 312: Which of the following is a tool you can use to simulate a b...; Question 313: Which of the following is the MOST important IS audit consid...; Question 314: In-house personnel performing IS audits should posses which ...; Question 315: A company has decided to implement an electronic signature s...; Question 316: From a risk management point of view, the BEST approach when...; Question 317: .Which of the following is the MOST critical step in plannin...; Question 318: Which of the following is the PRIMARY purpose for conducting...; Question 319: Which of the following translates e-mail formats from one ne...; Question 320: In which of the following situations is it MOST appropriate ...; Question 321: The waterfall life cycle model of software development is mo...; Question 322: An IS auditor observes a weakness in the tape management sys...; Question 323: Which of the following is MOST critical for the successful i...; Question 324: The IS auditor learns that when equipment was brought into t...; Question 325: While designing the business continuity plan (BCP) for an ai...; Question 326: When reviewing an organization's approved software product l...; Question 327: The MAIN purpose of a transaction audit trail is to:...; Question 328: To address a maintenance problem, a vendor needs remote acce...; Question 329: .Which of the following can help detect transmission errors ...; Question 330: After initial investigation, an IS auditor has reasons to be...; Question 331: In an organization, the responsibilities for IT security are...; Question 332: In planning an audit, the MOST critical step is the identifi...; Question 333: An existing system is being extensively enhanced by extracti...; Question 334: Which of the following is a benefit of using a callback devi...; Question 335: An IS steering committee should:...; Question 336: Which of the following is widely accepted as one of the crit...; Question 337: An organization has a recovery time objective (RTO) equal to...; Question 338: Which of the following would BEST provide assurance of the i...; Question 339: .To properly evaluate the collective effect of preventative,...; Question 340: Well-written risk assessment guidelines for IS auditing shou...; Question 341: .What is used to provide authentication of the website and c...; Question 342: Which of the following is a good tool to use to help enforci...; Question 343: An organization is implementing a new system to replace a le...; Question 344: Which of the following would an IS auditor consider to be th...; Question 345: Which of the following would an IS auditor consider to be th...; Question 346: An IS auditor attempting to determine whether access to prog...; Question 347: Creating which of the following is how a hacker can insure h...; Question 348: Which of the following encryption methods uses a matching pa...; Question 349: Talking about biometric authentication, physical characteris...; Question 350: When reviewing an implementation of a VoIP system over a cor...; Question 351: IT operations for a large organization have been outsourced....; Question 352: To minimize costs and improve service levels an outsourcer s...; Question 353: You should know the difference between an exploit and a vuln...; Question 354: In an EDI process, the device which transmits and receives e...; Question 355: An IS auditor reviewing wireless network security determines...; Question 356: In the event of a disruption or disaster, which of the follo...; Question 357: A retail outlet has introduced radio frequency identificatio...; Question 358: Which of the following are valid choices for the Apache/SSL ...; Question 359: Which of the following are valid examples of Malware (choose...; Question 360: The success of control self-assessment (CSA) highly depends ...; Question 361: Which of the following programs would a sound information se...; Question 362: Which of the following is the MOST reliable form of single f...; Question 363: Integrating business continuity planning (BCP) into an IT pr...; Question 364: Which of the following is the GREATEST advantage of elliptic...; Question 365: To install backdoors, hackers generally prefer to use:...; Question 366: A hot site should be implemented as a recovery strategy when...; Question 367: The risks associated with electronic evidence gathering woul...; Question 368: An IS auditor finds that a system under development has 12 l...; Question 369: Security should ALWAYS be an all or nothing issue....; Question 370: .What type of cryptosystem is characterized by data being en...; Question 371: .When should systems administrators first assess the impact ...; Question 372: When reviewing a hardware maintenance program, an IS auditor...; Question 373: .What is an edit check to determine whether a field contains...; Question 374: When developing a risk management program, what is the FIRST...; Question 375: .What is an effective control for granting temporary access ...; Question 376: A PRIMARY benefit derived from an organization employing con...; Question 377: Which of the following is the BEST way to satisfy a two-fact...; Question 378: Which significant risk is introduced by running the file tra...; Question 379: Two-factor authentication can be circumvented through which ...; Question 380: When performing a review of the structure of an electronic f...; Question 381: An IS auditor finds that user acceptance testing of a new sy...; Question 382: A team conducting a risk analysis is having difficulty proje...; Question 383: .What is an acceptable recovery mechanism for extremely time...; Question 384: The PRIMARY advantage of a continuous audit approach is that...; Question 385: To ensure message integrity, confidentiality and non repudia...; Question 386: The vice president of human resources has requested an audit...; Question 387: When reviewing the configuration of network devices, an IS a...; Question 388: The reason a certification and accreditation process is perf...; Question 389: The FIRST step in data classification is to:...; Question 390: .Data edits are implemented before processing and are consid...; Question 391: An IS auditor reviewing an accounts payable system discovers...; Question 392: Which of the following types of attack makes use of common c...; Question 393: .Off-site data storage should be kept synchronized when prep...; Question 394: When reviewing IS strategies, an IS auditor can BEST assess ...; Question 395: Back Orifice is an example of:; Question 396: Which of the following intrusion detection systems (IDSs) wi...; Question 397: Which of the following should be of MOST concern to an IS au...; Question 398: .What does PKI use to provide some of the strongest overall ...; Question 399: Which of the following software tools is often used for stea...; Question 400: The MAIN purpose for periodically testing offsite facilities...; Question 401: When reviewing input controls, an IS auditor observes that, ...; Question 402: Which of the following functions is performed by a virtual p...; Question 403: Which of the following concerns associated with the World Wi...; Question 404: The rate of change in technology increases the importance of...; Question 405: .Which of the following is BEST characterized by unauthorize...; Question 406: .________________ (fill in the blank) should be implemented ...; Question 407: An IS auditor should expect which of the following items to ...; Question 408: The PRIMARY objective of testing a business continuity plan ...; Question 409: An IS auditor reviewing an organization's IT strategic plan ...; Question 410: The MAIN criterion for determining the severity level of a s...; Question 411: Which of the following audit techniques would BEST aid an au...; Question 412: Web and e-mail filtering tools are PRIMARILY valuable to an ...; Question 413: Which of the following data validation edits is effective in...; Question 414: During the audit of an acquired software package, an IS audi...; Question 415: Which of the following is a management technique that enable...; Question 416: For which of the following applications would rapid recovery...; Question 417: An organization has outsourced its wide area network (WAN) t...; Question 418: .What is used as a control to detect loss, corruption, or du...; Question 419: Once an organization has finished the business process reeng...; Question 420: A clerk changed the interest rate for a loan on a master fil...; Question 421: Fault-tolerance is a feature particularly sought-after in wh...; Question 422: When reviewing an active project, an IS auditor observed tha...; Question 423: An organization is migrating from a legacy system to an ente...; Question 424: To prevent unauthorized entry to the data maintained in a di...; Question 425: Which of the following is a distinctive feature of the Secur...; Question 426: Relatively speaking, firewalls operated at the application l...; Question 427: An organization has a number of branches across a wide geogr...; Question 428: An IS auditor finds that, in accordance with IS policy, IDs ...; Question 429: The PRIMARY benefit of implementing a security program as pa...; Question 430: Which of the following user profiles should be of MOST conce...; Question 431: Which of the following provides the framework for designing ...; Question 432: An IS auditor should be concerned when a telecommunication a...; Question 433: Sophisticated database systems provide many layers and types...; Question 434: .Which of the following exploit vulnerabilities to cause los...; Question 435: Which of the following represents the GREATEST potential ris...; Question 436: An IS auditor is reviewing a software-based firewall configu...; Question 437: An IS auditor is assigned to audit a software development pr...; Question 438: .Processing controls ensure that data is accurate and comple...; Question 439: Which of the following is the GREATEST risk when implementin...; Question 440: Time constraints and expanded needs have been found by an IS...; Question 441: Which of the following is the BEST method for preventing the...; Question 442: While reviewing sensitive electronic work papers, the IS aud...; Question 443: During an audit, an IS auditor notices that the IT departmen...; Question 444: Which of the following would provide the BEST protection aga...; Question 445: Talking about the different approaches to security in comput...; Question 446: TEMPEST is a hardware for which of the following purposes?...; Question 447: In the event of a data center disaster, which of the followi...; Question 448: A manager of a project was not able to implement all audit r...; Question 449: The editing/validation of data entered at a remote site woul...; Question 450: Which of the following terms generally refers to small progr...; Question 451: Which of the following is an appropriate test method to appl...; Question 452: .What influences decisions regarding criticality of assets?...; Question 453: The PRIMARY objective of an audit of IT security policies is...; Question 454: The PRIMARY objective of performing a postincident review is...; Question 455: Which of the following controls would BEST detect intrusion?...; Question 456: An IS auditor performing detailed network assessments and ac...; Question 457: .Proper segregation of duties prohibits a system analyst fro...; Question 458: A technical lead who was working on a major project has left...; Question 459: Which of the following is an advantage of prototyping?...; Question 460: .Which of the following is best suited for searching for add...; Question 461: Which of the following would be the MOST cost-effective reco...; Question 462: The BEST filter rule for protecting a network from being use...; Question 463: Which of the following should an IS auditor review to unders...; Question 464: Which of the following is the PRIMARY objective of an IT per...; Question 465: Active radio frequency ID (RFID) tags are subject to which o...; Question 466: Which of the following is MOST directly affected by network ...; Question 467: The FIRST step in managing the risk of a cyber attack is to:...; Question 468: An IS auditor should recommend the use of library control so...; Question 469: Which of the following methods of encryption has been proven...; Question 470: .An off-site processing facility should be easily identifiab...; Question 471: Which of the following are often considered as the first def...; Question 472: A database administrator is responsible for:...; Question 473: An IS auditor is performing a network security review of a t...; Question 474: What is the lowest level of the IT governance maturity model...; Question 475: Which of the following forms of evidence for the auditor wou...; Question 476: .Which of the following BEST characterizes a mantrap or dead...; Question 477: When protecting an organization's IT systems, which of the f...; Question 478: .Which of the following is used to evaluate biometric access...; Question 479: .Which of the following provide(s) near-immediate recoverabi...; Question 480: An organization has contracted with a vendor for a turnkey s...; Question 481: Depending on the complexity of an organization's business co...; Question 482: .What is essential for the IS auditor to obtain a clear unde...; Question 483: A web server is attacked and compromised. Which of the follo...; Question 484: .Proper segregation of duties does not prohibit a quality co...; Question 485: The PRIMARY reason an IS auditor performs a functional walkt...; Question 486: The role of the certificate authority (CA) as a third party ...; Question 487: A structured walk-through test of a disaster recovery plan i...; Question 488: Which of the following aspects of symmetric key encryption i...; Question 489: Naming conventions for system resources are important for ac...; Question 490: When evaluating the collective effect of preventive, detecti...; Question 491: Which of the following append themselves to files as a prote...; Question 492: What should be done to determine the appropriate level of au...; Question 493: Which of the following implementation modes would provide th...; Question 494: .What is the primary objective of a control self-assessment ...; Question 495: During an audit of a telecommunications system, an IS audito...; Question 496: An organization can ensure that the recipients of e-mails fr...; Question 497: Which of the following is the BEST way to handle obsolete ma...; Question 498: IS audits should be selected through a risk analysis process...; Question 499: Confidentiality of the data transmitted in a wireless LAN is...; Question 500: An IS auditor noted that an organization had adequate busine...; Question 501: Which of the following devices extends the network and has t...; Question 502: When reviewing an intrusion detection system (IDS), an IS au...; Question 503: Functional acknowledgements are used:...; Question 504: In an audit of an inventory application, which approach woul...; Question 505: An IS auditor has imported data from the client's database. ...; Question 506: IT control objectives are useful to IS auditors, as they pro...; Question 507: When reviewing an organization's logical access security, wh...; Question 508: In a client-server architecture, a domain name service (DNS)...; Question 509: Involvement of senior management is MOST important in the de...; Question 510: .Ensuring that security and control policies support busines...; Question 511: When using an integrated test facility (ITF), an IS auditor ...; Question 512: .Business process re-engineering often results in __________...; Question 513: Which of the following activities performed by a database ad...; Question 514: .Why does an IS auditor review an organization chart?...; Question 515: Which of the following would be the BEST access control proc...; Question 516: The GREATEST benefit in implementing an expert system is the...; Question 517: .What often results in project scope creep when functional r...; Question 518: .How is the time required for transaction processing review ...; Question 519: .Which of the following do digital signatures provide?...; Question 520: An organization has just completed their annual risk assessm...; Question 521: What is a risk associated with attempting to control physica...; Question 522: A benefit of open system architecture is that it:...; Question 523: Which of the following is the MOST effective control when gr...; Question 524: Which of the following is one most common way that spyware i...; Question 525: Which of the following intrusion detection systems (IDSs) mo...; Question 526: An organization's disaster recovery plan should address earl...; Question 527: An advantage of the use of hot sites as a backup alternative...; Question 528: Information for detecting unauthorized input from a terminal...; Question 529: In a botnet, malbot logs into a particular type of system fo...; Question 530: An IS auditor reviewing access controls for a client-server ...; Question 531: IS management has decided to rewrite a legacy customer relat...; Question 532: Which of the following should be the MOST important criterio...; Question 533: The reason for establishing a stop or freezing point on the ...; Question 534: Which of the following is a control over component communica...; Question 535: .What can be implemented to provide the highest level of pro...; Question 536: A successful risk-based IT audit program should be based on:...; Question 537: The development of an IS security policy is ultimately the r...; Question 538: To ensure that audit resources deliver the best value to the...; Question 539: From a control perspective, the PRIMARY objective of classif...; Question 540: Which of the following types of firewall treats each network...; Question 541: Which of the following BEST limits the impact of server fail...; Question 542: .When performing an IS strategy audit, an IS auditor should ...; Question 543: Which of the following would BEST ensure continuity of a wid...; Question 544: Which of the following presents an inherent risk with no dis...; Question 545: Which of the following would be the BEST population to take ...; Question 546: An organization has been recently downsized, in light of thi...; Question 547: Broadly speaking, a Trojan horse is any program that invites...; Question 548: An organization has created a policy that defines the types ...; Question 549: Functionality is a characteristic associated with evaluating...; Question 550: Which of the following would be the BEST method for ensuring...; Question 551: The feature of a digital signature that ensures the sender c...; Question 552: .What type of approach to the development of organizational ...; Question 553: An offsite information processing facility:...; Question 554: A large chain of shops with electronic funds transfer (EFT) ...; Question 555: Talking about application system audit, focus should always ...; Question 556: An organization having a number of offices across a wide geo...; Question 557: An IS auditor who has discovered unauthorized transactions d...; Question 558: To ensure compliance with a security policy requiring that p...; Question 559: During a postimplementation review of an enterprise resource...; Question 560: .Rather than simply reviewing the adequacy of access control...; Question 561: The use of a GANTT chart can:; Question 562: Which of the following is a mechanism for mitigating risks?...; Question 563: In a public key infrastructure (PKI), the authority responsi...; Question 564: Which of the following is the BEST method for determining th...; Question 565: What is the best defense against Distributed DoS Attack?...; Question 566: Which of the following situations would increase the likelih...; Question 567: A proposed transaction processing application will have many...; Question 568: Performance of a biometric measure is usually referred to in...; Question 569: While copying files from a floppy disk, a user introduced a ...; Question 570: During an audit of a business continuity plan (BCP), an IS a...; Question 571: An IS auditor reviewing the key roles and responsibilities o...; Question 572: .Fourth-Generation Languages (4GLs) are most appropriate for...; Question 573: What is the recommended minimum length of a good password?...; Question 574: During a business continuity audit an IS auditor found that ...; Question 575: A company is implementing a dynamic host configuration proto...; Question 576: .Mitigating the risk and impact of a disaster or business in...; Question 577: The Secure Sockets Layer (SSL) protocol addresses the confid...; Question 578: .A check digit is an effective edit check to:...; Question 579: Which of the following is a feature of an intrusion detectio...; Question 580: .Why does the IS auditor often review the system logs?...; Question 581: Which of the following would an IS auditor use to determine ...; Question 582: Which of the following fire suppression systems is MOST appr...; Question 583: Which of the following is the MOST important action in recov...; Question 584: What is the BEST backup strategy for a large database with d...; Question 585: Which of the following ensures the availability of transacti...; Question 586: Which of the following is the GREATEST risk of an inadequate...; Question 587: The MOST likely explanation for a successful social engineer...; Question 588: .Whenever an application is modified, what should be tested ...; Question 589: Accountability for the maintenance of appropriate security m...; Question 590: A medium-sized organization, whose IT disaster recovery meas...; Question 591: An accurate biometric system usually exhibits (choose all th...; Question 592: .Which of the following help(s) prevent an organization's sy...; Question 593: Which of the following is the MOST likely reason why e-mail ...; Question 594: .Who is responsible for the overall direction, costs, and ti...; Question 595: When planning to add personnel to tasks imposing time constr...; Question 596: .Which of the following is the most fundamental step in prev...; Question 597: .What is a common vulnerability, allowing denial-of-service ...; Question 598: "Which of the following BEST describes the concept of ""defe...; Question 599: .Allowing application programmers to directly patch or chang...; Question 600: IT best practices for the availability and continuity of IT ...; Question 601: An IS auditor has audited a business continuity plan (BCP). ...; Question 602: .If a programmer has update access to a live system, IS audi...; Question 603: .What is the PRIMARY purpose of audit trails?...; Question 604: An organization has outsourced its help desk. Which of the f...; Question 605: The cost of ongoing operations when a disaster recovery plan...; Question 606: What is the best defense against Local DoS attacks?...; Question 607: Which of the following potentially blocks hacking attempts?...; Question 608: Which of the following terms is used more generally for desc...; Question 609: What should an organization do before providing an external ...; Question 610: Effective IT governance will ensure that the IT plan is cons...; Question 611: In a public key infrastructure (PKI), which of the following...; Question 612: An organization is considering connecting a critical PC-base...; Question 613: .Which of the following is a program evaluation review techn...; Question 614: An IS auditor is reviewing a project that is using an Agile ...; Question 615: Which of the following would be BEST prevented by a raised f...; Question 616: Many WEP systems require a key in a relatively insecure form...; Question 617: .Who is accountable for maintaining appropriate security mea...; Question 618: Which of the following types of attack almost always require...; Question 619: To verify that the correct version of a data file was used f...; Question 620: Which of the following would MOST effectively enhance the se...; Question 621: The difference between a vulnerability assessment and a pene...; Question 622: A company has implemented a new client-server enterprise res...; Question 623: Which of the following refers to any program that invites th...; Question 624: A project manager of a project that is scheduled to take 18 ...; Question 625: The network of an organization has been the victim of severa...; Question 626: Distributed denial-of-service (DDOS) attacks on Internet sit...; Question 627: .What is the most common reason for information systems to f...; Question 628: An IS auditor finds that not all employees are aware of the ...; Question 629: Which of the following is the MOST secure and economical met...; Question 630: .Test and development environments should be separated. True...; Question 631: Change control for business application systems being develo...; Question 632: Which of the following methods of suppressing a fire in a da...; Question 633: What is the BEST approach to mitigate the risk of a phishing...; Question 634: An IS auditor notes that IDS log entries related to port sca...; Question 635: When auditing security for a data center, an IS auditor shou...; Question 636: A disaster recovery plan for an organization's financial sys...; Question 637: Which of the following should an IS auditor use to detect du...; Question 638: .What type(s) of firewalls provide(s) the greatest degree of...; Question 639: An organization is using symmetric encryption. Which of the ...; Question 640: Facilitating telecommunications continuity by providing redu...; Question 641: Which of the following kinds of function are particularly vu...; Question 642: Regarding a disaster recovery plan, the role of an IS audito...; Question 643: Which of the following manages the digital certificate life ...; Question 644: Relatively speaking, firewalls operated at the physical leve...; Question 645: As updates to an online order entry system are processed, th...; Question 646: An IS auditor is performing an audit of a remotely managed s...; Question 647: .What is the recommended initial step for an IS auditor to i...; Question 648: Minimum password length and password complexity verification...; Question 649: When installing an intrusion detection system (IDS), which o...; Question 650: A TCP/IP-based environment is exposed to the Internet. Which...; Question 651: Which of the following is a network diagnostic tool that mon...; Question 652: An IS auditor discovers that developers have operator access...; Question 653: .When should plans for testing for user acceptance be prepar...; Question 654: The GREATEST advantage of rapid application development (RAD...; Question 655: .How is the risk of improper file access affected upon imple...; Question 656: A company has contracted with an external consulting firm to...; Question 657: A hardware control that helps to detect errors when data are...; Question 658: The MOST effective control for addressing the risk of piggyb...; Question 659: Which of the following is an attribute of the control self-a...; Question 660: While evaluating software development practices in an organi...; Question 661: During the development of an application, the quality assura...; Question 662: Which of the following sampling methods is MOST useful when ...; Question 663: Users are issued security tokens to be used in combination w...; Question 664: An IS auditor performing a review of the backup processing f...; Question 665: An IS auditor reviewing database controls discovered that ch...; Question 666: Which of the following physical access controls effectively ...; Question 667: Properly planned risk-based audit programs are often capable...; Question 668: Which of the following refers to an anomalous condition wher...; Question 669: An IS auditor finds that, at certain times of the day, the d...; Question 670: In determining the acceptable time period for the resumption...; Question 671: Which of the following would be the MOST significant audit f...; Question 672: .Who is ultimately responsible and accountable for reviewing...; Question 673: Which of the following would help to ensure the portability ...; Question 674: Which of the following is the MOST reasonable option for rec...; Question 675: Online banking transactions are being posted to the database...; Question 676: .Which of the following would prevent accountability for an ...; Question 677: An organization currently using tape backups takes one full ...; Question 678: Which of the following can be thought of as the simplest and...; Question 679: Neural networks are effective in detecting fraud because the...; Question 680: Effective IT governance requires organizational structures a...; Question 681: .An advantage of a continuous audit approach is that it can ...; Question 682: Which of the following BEST supports the prioritization of n...; Question 683: .The use of statistical sampling procedures helps minimize:...; Question 684: .When are benchmarking partners identified within the benchm...; Question 685: An IS auditor interviewing a payroll clerk finds that the an...; Question 686: Buffer overflow aims primarily at corrupting:...; Question 687: An IS auditor is reviewing the physical security measures of...; Question 688: Which of the following is the MOST effective method for deal...; Question 689: Which of the following correctly describes the purpose of an...; Question 690: .Using the OSI reference model, what layer(s) is/are used to...; Question 691: Which of the following should be included in a feasibility s...; Question 692: A number of system failures are occurring when corrections t...; Question 693: An IS auditor performing an independent classification of sy...; Question 694: Network ILD&P are typically installed:...; Question 695: The ability of the internal IS audit function to achieve des...; Question 696: E-mail message authenticity and confidentiality is BEST achi...; Question 697: Which of the following is a general operating system access ...; Question 698: .Regarding digital signature implementation, which of the fo...; Question 699: .What uses questionnaires to lead the user through a series ...; Question 700: An IS auditor has identified the lack of an authorization pr...; Question 701: An internet-based attack using password sniffing can:...; Question 702: Which of the following systems or tools can recognize that a...; Question 703: Which of the following should be of MOST concern to an IS au...; Question 704: Screening router inspects traffic through examining:...; Question 705: A LAN administrator normally would be restricted from:...; Question 706: Which of the following is the MOST important function to be ...; Question 707: Which of the following ensures a sender's authenticity and a...; Question 708: The IT balanced scorecard is a business governance tool inte...; Question 709: .The directory system of a database-management system descri...; Question 710: During maintenance of a relational database, several values ...; Question 711: While conducting an audit, an IS auditor detects the presenc...; Question 712: .Batch control reconciliation is a _____________________ (fi...; Question 713: .What are used as the framework for developing logical acces...; Question 714: As part of the IEEE 802.11 standard ratified in September 19...; Question 715: .After an IS auditor has identified threats and potential im...; Question 716: An IS auditor performing a review of an application's contro...; Question 717: If a database is restored using before-image dumps, where sh...; Question 718: .What increases encryption overhead and cost the most?...; Question 719: .What is a reliable technique for estimating the scope and c...; Question 720: During the planning stage of an IS audit, the PRIMARY goal o...; Question 721: During an audit of the logical access control of an ERP fina...; Question 722: Which of the following is an object-oriented technology char...; Question 723: The IS management of a multinational company is considering ...; Question 724: Which of the following refers to the collection of policies ...; Question 725: Use of asymmetric encryption in an internet e-commerce site,...; Question 726: Doing which of the following during peak production hours co...; Question 727: Which of the following BEST describes the necessary document...; Question 728: When using a digital signature, the message digest is comput...; Question 729: Phishing attack works primarily through:...; Question 730: .Atomicity enforces data integrity by ensuring that a transa...; Question 731: Which of the following is the MOST important criterion when ...; Question 732: .Which of the following is a good control for protecting con...; Question 733: Pretexting is an act of:; Question 734: The most common problem in the operation of an intrusion det...; Question 735: Which of the following BEST describes the role of a director...; Question 736: An IS auditor evaluating logical access controls should FIRS...; Question 737: Which of the following is an advantage of an integrated test...; Question 738: .After identifying potential security vulnerabilities, what ...; Question 739: Though management has stated otherwise, an IS auditor has re...; Question 740: The PRIMARY purpose of a business impact analysis (BIA) is t...; Question 741: To ensure an organization is complying with privacy requirem...; Question 742: Which of the following refers to any authentication protocol...; Question 743: To determine who has been given permission to use a particul...; Question 744: Which of the following refers to a method of bypassing norma...; Question 745: With the help of a security officer, granting access to data...; Question 746: What is the MOST effective method of preventing unauthorized...; Question 747: In a small organization, developers may release emergency ch...; Question 748: Which of the following refers to the act of creating and usi...; Question 749: A company undertakes a business process reengineering (BPR) ...; Question 750: The MOST important reason for an IS auditor to obtain suffic...; Question 751: Which of the following types of attack works by taking advan...; Question 752: To aid management in achieving IT and business alignment, an...; Question 753: .Any changes in systems assets, such as replacement of hardw...; Question 754: An IS auditor who is reviewing incident reports discovers th...; Question 755: In an online banking application, which of the following wou...; Question 756: Which of the following are examples of tools for launching D...; Question 757: In regard to moving an application program from the test env...; Question 758: Which of the following hardware devices relieves the central...; Question 759: During the review of a web-based software development projec...; Question 760: .Function Point Analysis (FPA) provides an estimate of the s...; Question 761: Which of the following controls would be MOST effective in e...; Question 762: A sender of an e-mail message applies a digital signature to...; Question 763: .______________ risk analysis is not always possible because...; Question 764: .What would an IS auditor expect to find in the console log?...; Question 765: Within a virus, which component is responsible for what the ...; Question 766: An IS auditor reviewing an organization's IS disaster recove...; Question 767: As part of the IEEE 802.11 standard ratified in September 19...; Question 768: During a security audit of IT processes, an IS auditor found...; Question 769: The activation of an enterprise's business continuity plan s...; Question 770: When reviewing the implementation of a LAN, an IS auditor sh...; Question 771: .If a database is restored from information backed up before...; Question 772: Which of the following should be the MOST important consider...; Question 773: The use of risk assessment tools for classifying risk factor...; Question 774: Which of the following is a dynamic analysis tool for the pu...; Question 775: Which of the following will replace system binaries and/or h...; Question 776: Which of the following BEST reduces the ability of one devic...; Question 777: To determine if unauthorized changes have been made to produ...; Question 778: Which of the following is BEST suited for secure communicati...; Question 779: .A core tenant of an IS strategy is that it must:...; Question 780: An IS auditor is reviewing a project to implement a payment ...; Question 781: A data administrator is responsible for:...; Question 782: Over the long term, which of the following has the greatest ...; Question 783: There are several methods of providing telecommunications co...; Question 784: When using a universal storage bus (USB) flash drive to tran...; Question 785: Which of the following are designed to detect network attack...; Question 786: An IS auditor reviewing an organization's data file control ...; Question 787: Above almost all other concerns, what often results in the g...; Question 788: Validated digital signatures in an e-mail software applicati...; Question 789: A penetration test performed as part of evaluating network s...; Question 790: During an implementation review of a multiuser distributed a...; Question 791: .Who should be responsible for network security operations?...; Question 792: Which of the following should be considered FIRST when imple...; Question 793: Documentation of a business case used in an IT development p...; Question 794: .An IS auditor should carefully review the functional requir...; Question 795: To gain an understanding of the effectiveness of an organiza...; Question 796: A firm is considering using biometric fingerprint identifica...; Question 797: An IS auditor finds that client requests were processed mult...; Question 798: .How do modems (modulation/demodulation) function to facilit...; Question 799: Physical access controls are usually implemented based on wh...; Question 800: An organization's IS audit charter should specify the:...; Question 801: The MOST likely explanation for the use of applets in an Int...; Question 802: Which of the following is the BEST practice to ensure that a...; Question 803: Assuming this diagram represents an internal facility and th...; Question 804: Common implementations of strong authentication may use whic...; Question 805: Which of the following would impair the independence of a qu...; Question 806: The phases and deliverables of a system development life cyc...; Question 807: Following best practices, formal plans for implementation of...; Question 808: After reviewing its business processes, a large organization...; Question 809: .What are used as a countermeasure for potential database co...; Question 810: .What process allows IS management to determine whether the ...; Question 811: Which of the following IT governance best practices improves...; Question 812: An IS auditor is assigned to perform a postimplementation re...; Question 813: You should keep all computer rooms at reasonable humidity le...; Question 814: The PRIMARY objective of implementing corporate governance b...; Question 815: The use of risk assessment tools for classifying risk factor...; Question 816: .Which of the following could lead to an unintentional loss ...; Question 817: .Digital signatures require the sender to "sign" the data by...; Question 818: .Which of the following is MOST is critical during the busin...; Question 819: Which of the following network components is PRIMARILY set u...; Question 820: Squid is an example of:; Question 821: An organization having a number of offices across a wide geo...; Question 822: Change management procedures are established by IS managemen...; Question 823: When reviewing the IT strategic planning process, an IS audi...; Question 824: Sending a message and a message hash encrypted by the sender...; Question 825: Wi-Fi Protected Access implements the majority of which IEEE...; Question 826: During the review of a biometrics system operation, an IS au...; Question 827: Which of the following virus prevention techniques can be im...; Question 828: A financial institution that processes millions of transacti...; Question 829: Talking about biometric authentication, which of the followi...; Question 830: The PRIMARY objective of a logical access control review is ...; Question 831: Which of the following cryptography options would increase o...; Question 832: An advantage in using a bottom-up vs. a top-down approach to...; Question 833: Network Data Management Protocol (NDMP) technology should be...; Question 834: During a review of a customer master file, an IS auditor dis...; Question 835: Which of the following is the PRIMARY advantage of using com...; Question 836: Which of the following should an IS auditor recommend to BES...; Question 837: Ideally, stress testing should be carried out in a:...; Question 838: Which of the following biometrics has the highest reliabilit...; Question 839: Which testing approach is MOST appropriate to ensure that in...; Question 840: When identifying an earlier project completion time, which i...; Question 841: The application systems of an organization using open-source...; Question 842: During the design of a business continuity plan, the busines...; Question 843: An IS auditor selects a server for a penetration test that w...; Question 844: Software is considered malware based on:...; Question 845: The objective of concurrency control in a database system is...; Question 846: The PRIMARY purpose of an IT forensic audit is:...; Question 847: Receiving an EDI transaction and passing it through the comm...; Question 848: Which of the following types of transmission media provide t...; Question 849: When reviewing system parameters, an IS auditor's PRIMARY co...; Question 850: Which of the following measures can protect systems files an...; Question 851: When performing an audit of access rights, an IS auditor sho...; Question 852: Which of the following is the BEST performance criterion for...; Question 853: Which of the following issues should be the GREATEST concern...; Question 854: A sequence of bits appended to a digital document that is us...; Question 855: Which of the following terms refers to systems designed to d...; Question 856: Which of the following environmental controls is appropriate...; Question 857: Which of the following would be the BEST overall control for...; Question 858: The security level of a private key system depends on the nu...; Question 859: The MAIN reason for requiring that all computer clocks acros...; Question 860: Which of the following is the MOST reliable sender authentic...; Question 861: Which of the following is the MOST important consideration w...; Question 862: When planning an audit of a network setup, an IS auditor sho...; Question 863: In the course of performing a risk analysis, an IS auditor h...; Question 864: An IS auditor conducting a review of disaster recovery plann...; Question 865: After completing the business impact analysis (BIA), what is...; Question 866: Default permit is only a good approach in an environment whe...; Question 867: The specific advantage of white box testing is that it:...; Question 868: Which audit technique provides the BEST evidence of the segr...; Question 869: What should be the GREATEST concern to an IS auditor when em...; Question 870: Which of the following is a function of an IS steering commi...; Question 871: A programmer maliciously modified a production program to ch...; Question 872: Which of the following is a data validation edit and control...; Question 873: In an organization where an IT security baseline has been de...; Question 874: In order to coordinate the activity of many infected compute...; Question 875: .Which of the following provides the BEST single-factor auth...; Question 876: Before implementing an IT balanced scorecard, an organizatio...; Question 877: .When should reviewing an audit client's business plan be pe...; Question 878: When developing a formal enterprise security program, the MO...; Question 879: .Which of the following fire-suppression methods is consider...; Question 880: A poor choice of passwords and transmission over unprotected...; Question 881: An installed Ethernet cable run in an unshielded twisted pai...; Question 882: An offsite information processing facility with electrical w...; Question 883: Which of the following must exist to ensure the viability of...; Question 884: Which of the following encryption techniques will BEST prote...; Question 885: A manufacturing firm wants to automate its invoice payment s...; Question 886: A critical function of a firewall is to act as a:...; Question 887: Which of the following types of attack often take advantage ...; Question 888: .IS auditors are MOST likely to perform compliance tests of ...; Question 889: .Who is ultimately responsible for providing requirement spe...; Question 890: For application acquisitions with significant impacts, parti...; Question 891: A trojan horse simply cannot operate autonomously....; Question 892: .Which of the following would provide the highest degree of ...; Question 893: .An IS auditor usually places more reliance on evidence dire...; Question 894: .Why is a clause for requiring source code escrow in an appl...; Question 895: During a review of a business continuity plan, an IS auditor...; Question 896: Why is it not preferable for a firewall to treat each networ...; Question 897: Which of the following data validation edits is effective in...; Question 898: .________________ (fill in the blank) is/are are ultimately ...; Question 899: An audit charter should:; Question 900: Which of the following should be included in an organization...; Question 901: A major portion of what is required to address nonrepudiatio...; Question 902: Which of the following results in a denial-of-service attack...; Question 903: .Although BCP and DRP are often implemented and tested by mi...; Question 904: In the context of effective information security governance,...; Question 905: An IS auditor reviewing a database application discovers tha...; Question 906: Which of the following procedures would MOST effectively det...; Question 907: An offsite information processing facility having electrical...; Question 908: .Parity bits are a control used to validate:...; Question 909: A certificate authority (CA) can delegate the processes of:...; Question 910: To detect attack attempts that the firewall is unable to rec...; Question 911: Which of the following tests performed by an IS auditor woul...; Question 912: Which of the following is the MOST effective type of antivir...; Question 913: Human error is being HEAVILY relied upon on by which of the ...; Question 914: An advantage of using sanitized live transactions in test da...; Question 915: Overall business risk for a particular threat can be express...; Question 916: When implementing an application software package, which of ...; Question 917: Which of the following is the MOST critical and contributes ...; Question 918: An IT steering committee should review information systems P...; Question 919: Which of the following is a concern when data are transmitte...; Question 920: Which of the following is a feature of Wi-Fi Protected Acces...; Question 921: IS management is considering a Voice-over Internet Protocol ...; Question 922: .What supports data transmission through split cable facilit...; Question 923: An IS auditor should expect the responsibility for authorizi...; Question 924: When an organization is outsourcing their information securi...; Question 925: .What process is used to validate a subject's identity?...; Question 926: When using public key encryption to secure data being transm...; Question 927: An IS auditor finds that conference rooms have active networ...; Question 928: .Why is the WAP gateway a component warranting critical conc...; Question 929: A review of wide area network (WAN) usage discovers that tra...; Question 930: An IS auditor issues an audit report pointing out the lack o...; Question 931: Which of the following types of firewalls would BEST protect...; Question 932: An IS auditor's PRIMARY concern when application developers ...; Question 933: Which of the following is the MOST effective control over vi...; Question 934: While reviewing the business continuity plan of an organizat...; Question 935: .Which of the following are effective in detecting fraud bec...; Question 936: Which of the following system and data conversion strategies...; Question 937: If inadequate, which of the following would be the MOST like...; Question 938: Which of the following would MOST effectively control the us...; Question 939: During an audit, an IS auditor notes that an organization's ...; Question 940: What is the BEST action to prevent loss of data integrity or...; Question 941: In the process of evaluating program change controls, an IS ...; Question 942: "Nowadays, computer security comprises mainly "preventive"" ...; Question 943: .What are trojan horse programs? Choose the BEST answer....; Question 944: The MOST effective control for reducing the risk related to ...; Question 945: The responsibility for authorizing access to application dat...; Question 946: To reduce the possibility of losing data during processing, ...; Question 947: Which of the following is the MOST important objective of da...; Question 948: .What protects an application purchaser's ability to fix or ...; Question 949: An IS auditor should use statistical sampling and not judgme...; Question 950: When reviewing the procedures for the disposal of computers,...; Question 951: Which of the following is a benefit of a risk-based approach...; Question 952: The PRIMARY objective of service-level management (SLM) is t...; Question 953: During which of the following phases in system development w...; Question 954: .What is the most common purpose of a virtual private networ...; Question 955: .In order to properly protect against unauthorized disclosur...; Question 956: In the 2c area of the diagram, there are three hubs connecte...; Question 957: Your final audit report should be issued:...; Question 958: Before implementing controls, management should FIRST ensure...; Question 959: Which of the following controls will MOST effectively detect...; Question 960: During the audit of a database server, which of the followin...; Question 961: .Which of the following is the dominating objective of BCP a...; Question 962: .When auditing third-party service providers, an IS auditor ...; Question 963: One major improvement in WPA over WEP is the use of a protoc...; Question 964: Which of the following exposures associated with the spoolin...; Question 965: The logical exposure associated with the use of a checkpoint...; Question 966: An IS auditor has completed a network audit. Which of the fo...; Question 967: An IS auditor should review the configuration of which of th...; Question 968: Which of the following acts as a decoy to detect active inte...; Question 969: The implementation of access controls FIRST requires:...; Question 970: An organization is disposing of a number of laptop computers...; Question 971: The computer security incident response team (CSIRT) of an o...; Question 972: When conducting a penetration test of an IT system, an organ...; Question 973: Corrective action has been taken by an auditee immediately a...; Question 974: An IS auditor inspected a windowless room containing phone s...; Question 975: An organization has an integrated development environment (I...; Question 976: An IS auditor reviewing an outsourcing contract of IT facili...; Question 977: In auditing a web server, an IS auditor should be concerned ...; Question 978: The MOST important difference between hashing and encryption...; Question 979: .How does the process of systems auditing benefit from using...; Question 980: At a hospital, medical personal carry handheld computers whi...; Question 981: .Proper segregation of duties prevents a computer operator (...; Question 982: Which of the following is the MOST important element for the...; Question 983: The human resources (HR) department has developed a system t...; Question 984: Effective transactional controls are often capable of offeri...; Question 985: Which of the following is a risk of cross-training?...; Question 986: An IS auditor reviewing an organization that uses cross-trai...; Question 987: To provide protection for media backup stored at an offsite ...; Question 988: An IS auditor has been asked to participate in project initi...; Question 989: A database administrator has detected a performance problem ...; Question 990: A digital signature contains a message digest to:...; Question 991: Which of the following would BEST support 24/7 availability?...; Question 992: Which of the following processes should an IS auditor recomm...; Question 993: .If an IS auditor observes that an IS department fails to us...; Question 994: When reviewing an organization's strategic IT plan an IS aud...; Question 995: .Of the three major types of off-site processing facilities,...; Question 996: In wireless communication, which of the following controls a...; Question 997: Which of the following functions should be performed by the ...; Question 998: A legacy payroll application is migrated to a new applicatio...; Question 999: The MOST significant security concern when using flash memor...; Question 1000: Which of the following should be a concern to an IS auditor ...; Question 1001: Which of the following is a substantive test?...; Question 1002: While reviewing the IT infrastructure, an IS auditor notices...; Question 1003: Talking about biometric measurement, which of the following ...; Question 1004: An IS auditor analyzing the audit log of a database manageme...; Question 1005: .What is used to develop strategically important systems fas...; Question 1006: An IS auditor was hired to review e-business security. The I...; Question 1007: IS management recently replaced its existing wired local are...; Question 1008: Which of the following is a telecommunication device that tr...; Question 1009: Which of the following should be of PRIMARY concern to an IS...; Question 1010: Which of the following types of spyware was originally desig...; Question 1011: A top-down approach to the development of operational polici...; Question 1012: The purpose of a mainframe audit is to provide assurance tha...; Question 1013: .What is the primary security concern for EDI environments? ...; Question 1014: The MOST significant level of effort for business continuity...; Question 1015: A perpetrator looking to gain access to and gather informati...; Question 1016: In the context of physical access control, what is known as ...; Question 1017: A firewall is being deployed at a new location. Which of the...; Question 1018: Disaster recovery planning (DRP) for a company's computer sy...; Question 1019: Due to changes in IT, the disaster recovery plan of a large ...; Question 1020: Which of the following is a good time frame for making chang...; Question 1021: Which of the following typically consists of a computer, som...; Question 1022: .What kind of testing should programmers perform following a...; Question 1023: Transmitting redundant information with each character or fr...; Question 1024: Failure in which of the following testing stages would have ...; Question 1025: An IS auditor examining a biometric user authentication syst...; Question 1026: .Which of the following best characterizes "worms"?...; Question 1027: Which of the following is a feature of Wi-Fi Protected Acces...; Question 1028: The MOST important success factor in planning a penetration ...; Question 1029: During the collection of forensic evidence, which of the fol...; Question 1030: Which of the following refers to a primary component of corp...; Question 1031: Which of the following would contribute MOST to an effective...; Question 1032: Which of the following would be an indicator of the effectiv...; Question 1033: Which of the following provides the MOST relevant informatio...; Question 1034: When auditing a disaster recovery plan for a critical busine...; Question 1035: Many organizations require an employee to take a mandatory v...; Question 1036: Of the following alternatives, the FIRST approach to develop...; Question 1037: .Proper segregation of duties normally does not prohibit a L...; Question 1038: Which of the following would MOST likely indicate that a cus...; Question 1039: A benefit of quality of service (QoS) is that the:...; Question 1040: The output of the risk management process is an input for ma...; Question 1041: Which of the following would be the MOST effective audit tec...; Question 1042: To address the risk of operations staff's failure to perform...; Question 1043: In an IS audit of several critical servers, the IS auditor w...; Question 1044: .Which type of major BCP test only requires representatives ...; Question 1045: The Federal Information Processing Standards (FIPS) were dev...; Question 1046: Sign-on procedures include the creation of a unique user ID ...; Question 1047: The initial step in establishing an information security pro...; Question 1048: Which of the following insurance types provide for a loss ar...; Question 1049: Which of the following types of data validation editing chec...; Question 1050: Which of the following satisfies a two-factor user authentic...; Question 1051: Which of the following refers to an important procedure when...; Question 1052: .What is a data validation edit control that matches input d...; Question 1053: .What is an effective countermeasure for the vulnerability o...; Question 1054: .What is a callback system?; Question 1055: .How can minimizing single points of failure or vulnerabilit...; Question 1056: During the system testing phase of an application developmen...; Question 1057: Cisco IOS based routers perform basic traffic filtering via ...; Question 1058: Which of the following protocols would be involved in the im...; Question 1059: When preparing an audit report the IS auditor should ensure ...; Question 1060: Which of the following represents the GREATEST risk created ...; Question 1061: Reverse proxy technology for web servers should be deployed ...; Question 1062: .What is an initial step in creating a proper firewall polic...; Question 1063: ALL computer programming languages are vulnerable to command...; Question 1064: When assessing the design of network monitoring controls, an...; Question 1065: Which of the following types of firewalls provide the GREATE...; Question 1066: An IS auditor performing a telecommunication access control ...; Question 1067: .An IS auditor is using a statistical sample to inventory th...; Question 1068: Which of the following line media would provide the BEST sec...; Question 1069: Which of the following correctly describe the potential prob...; Question 1070: Reconfiguring which of the following firewall types will pre...; Question 1071: Which of the following would be considered an essential feat...; Question 1072: An organization has implemented a disaster recovery plan. Wh...; Question 1073: Which of the following is the initial step in creating a fir...; Question 1074: Which of the following will prevent dangling tuples in a dat...; Question 1075: Which of the following is a characteristic of timebox manage...; Question 1076: Which of the following recovery strategies is MOST appropria...; Question 1077: An IS auditor finds out-of-range data in some tables of a da...; Question 1078: .With the objective of mitigating the risk and impact of a m...; Question 1079: .As compared to understanding an organization's IT process f...; Question 1080: A malicious code that changes itself with each file it infec...; Question 1081: Which of the following risks could result from inadequate so...; Question 1082: If the recovery time objective (RTO) increases:...; Question 1083: A disaster recovery plan for an organization should:...; Question 1084: As an outcome of information security governance, strategic ...; Question 1085: The most common reason for the failure of information system...; Question 1086: In a client-server system, which of the following control te...; Question 1087: The majority of software vulnerabilities result from a few k...; Question 1088: .What is the key distinction between encryption and hashing ...; Question 1089: After implementation of a disaster recovery plan, pre-disast...; Question 1090: Which of the following controls would an IS auditor look for...; Question 1091: .What should regression testing use to obtain accurate concl...; Question 1092: The frequent updating of which of the following is key to th...; Question 1093: .Which of the following can degrade network performance? Cho...; Question 1094: A decision support system (DSS):...; Question 1095: By evaluating application development projects against the c...; Question 1096: Which of the following types of attack involves a program th...; Question 1097: Which of the following is the most important element in the ...; Question 1098: Most trojan horse programs are spread through:...; Question 1099: .How is risk affected if users have direct access to a datab...; Question 1100: In reviewing the IS short-range (tactical) plan, an IS audit...

Question 535/1100

LEAVE A REPLY

Download PDF File