CISA Exam Dumps | After an IS auditor has identified threats and potential impacts, the auditor should:

<< Prev Question Next Question >>

Question 234/770

After an IS auditor has identified threats and potential impacts, the auditor should:

A. Identify and evaluate the existing controls

B. Conduct a business impact analysis (BIA)

C. Report on existing controls

D. Propose new controls

Question List (770q): Question 1: Which of the following statement is NOT true about Voice-Ove...; Question 2: Which of the following statement correctly describes the dif...; Question 3: An IS auditor reviewing wireless network security determines...; Question 4: Which of the following protocol does NOT work at the Applica...; Question 5: Which of the following is a sophisticated computer based swi...; Question 6: Which of the following is MOST directly affected by network ...; Question 7: Regarding digital signature implementation, which of the fol...; Question 8: An IS auditor needs to consider many factors while evaluatin...; Question 9: Which of the following encryption techniques will BEST prote...; Question 10: After installing a network, an organization installed a vuln...; Question 11: Which of the following is the MOST likely reason why e-mail ...; Question 12: What should regression testing use to obtain accurate conclu...; Question 13: Validated digital signatures in an e-mail software applicati...; Question 14: A programmer maliciously modified a production program to ch...; Question 15: Which of the following attack could be avoided by creating m...; Question 16: An IS auditor evaluating the resilience of a high-availabili...; Question 17: An IS auditor finds that, at certain times of the day, the d...; Question 18: When reviewing an implementation of a VoIP system over a cor...; Question 19: What benefit does using capacity-monitoring software to moni...; Question 20: How is the time required for transaction processing review u...; Question 21: In the 2c area of the diagram, there are three hubs connecte...; Question 22: Which of the following tests performed by an IS auditor woul...; Question 23: The waterfall life cycle model of software development is mo...; Question 24: The specific advantage of white box testing is that it:...; Question 25: Which of the following should be included in a feasibility s...; Question 26: Which of the following is a software application that preten...; Question 27: Which of the following protocol is PRIMARILY used to provide...; Question 28: An offsite information processing facility having electrical...; Question 29: Ensuring that security and control policies support business...; Question 30: Which of the following would be the BEST overall control for...; Question 31: Which of the following cryptographic systems is MOST appropr...; Question 32: Which of the following network configuration options contain...; Question 33: Responsibility and reporting lines cannot always be establis...; Question 34: Which of the following methods of providing telecommunicatio...; Question 35: Which of the following is the PRIMARY advantage of using com...; Question 36: What influences decisions regarding criticality of assets?...; Question 37: Two-factor authentication can be circumvented through which ...; Question 38: When developing a risk-based audit strategy, an IS auditor c...; Question 39: An IS auditor reviewing the implementation of an intrusion d...; Question 40: Which of the following is a form of Hybrid Cryptography wher...; Question 41: An IS auditor finds that user acceptance testing of a new sy...; Question 42: The MOST significant security concerns when using flash memo...; Question 43: When reviewing system parameters, an IS auditor's PRIMARY co...; Question 44: A company is implementing a dynamic host configuration proto...; Question 45: Which of the following provides the strongest authentication...; Question 46: Which of the following would normally be the MOST reliable e...; Question 47: Which of the following transmission media is MOST difficult ...; Question 48: When should reviewing an audit client's business plan be per...; Question 49: Distributed denial-of-service (DDOS) attacks on Internet sit...; Question 50: Which of the following is a good control for protecting conf...; Question 51: The GREATEST benefit in implementing an expert system is the...; Question 52: Data edits are implemented before processing and are conside...; Question 53: The traditional role of an IS auditor in a control self-asse...; Question 54: What is the most common purpose of a virtual private network...; Question 55: Off-site data storage should be kept synchronized when prepa...; Question 56: Which of the following is NOT a component of IPSec?...; Question 57: A sender of an e-mail message applies a digital signature to...; Question 58: Which of the following is the dominating objective of BCP an...; Question 59: How often should a Business Continuity Plan be reviewed?...; Question 60: Which of the following BEST reduces the ability of one devic...; Question 61: A control that detects transmission errors by appending calc...; Question 62: Which of the following uses a prototype that can be updated ...; Question 63: Which of the following term in business continuity determine...; Question 64: Doing which of the following during peak production hours co...; Question 65: In an online transaction processing system, data integrity i...; Question 66: Which of the following term in business continuity defines t...; Question 67: The PRIMARY advantage of a continuous audit approach is that...; Question 68: What type of risk results when an IS auditor uses an inadequ...; Question 69: Who assumes ownership of a systems-development project and t...; Question 70: Which of the following type of network service stores inform...; Question 71: Which of the following are effective controls for detecting ...; Question 72: Parity bits are a control used to validate:...; Question 73: What method might an IS auditor utilize to test wireless sec...; Question 74: How can minimizing single points of failure or vulnerabiliti...; Question 75: An IS auditor usually places more reliance on evidence direc...; Question 76: Which of the following is MOST likely to result from a busin...; Question 77: Which of the following database controls would ensure that t...; Question 78: Ideally, stress testing should be carried out in a:...; Question 79: Data flow diagrams are used by IS auditors to:...; Question 80: An IS auditor selects a server for a penetration test that w...; Question 81: A core tenant of an IS strategy is that it must:...; Question 82: What is often the most difficult part of initial efforts in ...; Question 83: The directory system of a database-management system describ...; Question 84: The goal of an information system is to achieve integrity, a...; Question 85: The PRIMARY reason for using digital signatures is to ensure...; Question 86: What can be used to help identify and investigate unauthoriz...; Question 87: Which of the following sampling methods is MOST useful when ...; Question 88: The IS management of a multinational company is considering ...; Question 89: An organization has a mix of access points that cannot be up...; Question 90: The use of a GANTT chart can:; Question 91: Which of the following attack occurs when a malicious action...; Question 92: Which of the following potentially blocks hacking attempts?...; Question 93: Naming conventions for system resources are important for ac...; Question 94: Which of the following is a dynamic analysis tool for the pu...; Question 95: Which of the following is an example of a passive attack ini...; Question 96: Sign-on procedures include the creation of a unique user ID ...; Question 97: Which of the following layer of an OSI model responsible for...; Question 98: The GREATEST advantage of rapid application development (RAD...; Question 99: The vice president of human resources has requested an audit...; Question 100: Which of the following layer of an OSI model controls dialog...; Question 101: Which of the following translates e-mail formats from one ne...; Question 102: An IS auditor reviewing database controls discovered that ch...; Question 103: Which of the following controls will MOST effectively detect...; Question 104: A company undertakes a business process reengineering (BPR) ...; Question 105: Processing controls ensure that data is accurate and complet...; Question 106: An IS auditor recommends that an initial validation control ...; Question 107: Input/output controls should be implemented for which applic...; Question 108: Why does the IS auditor often review the system logs?...; Question 109: There are several types of penetration tests depending upon ...; Question 110: Which of the following is the INCORRECT "layer - protocol da...; Question 111: Which of the following types of data validation editing chec...; Question 112: In a client-server architecture, a domain name service (DNS)...; Question 113: What protects an application purchaser's ability to fix or c...; Question 114: Which of the following statement correctly describes the dif...; Question 115: An IS auditor is evaluating management's risk assessment of ...; Question 116: Structured programming is BEST described as a technique that...; Question 117: Which of the following provides the framework for designing ...; Question 118: Time constraints and expanded needs have been found by an IS...; Question 119: Proper segregation of duties normally does not prohibit a LA...; Question 120: When two or more systems are integrated, input/output contro...; Question 121: Which of the following statement correctly describes the dif...; Question 122: Organizations should use off-site storage facilities to main...; Question 123: To determine if unauthorized changes have been made to produ...; Question 124: An IS auditor is performing an audit of a network operating ...; Question 125: Which of the following protocol uses serial interface for co...; Question 126: Which of the following method is recommended by security pro...; Question 127: Which of the following BEST characterizes a mantrap or deadm...; Question 128: In a small organization, an employee performs computer opera...; Question 129: Which of the following types of transmission media provide t...; Question 130: A data administrator is responsible for:...; Question 131: During a review of a customer master file, an IS auditor dis...; Question 132: Which of the following PBX feature supports shared extension...; Question 133: In a client-server system, which of the following control te...; Question 134: Which of the following term related to network performance r...; Question 135: When auditing third-party service providers, an IS auditor s...; 1 commentQuestion 136: The FIRST step in data classification is to:...; Question 137: Which of the following device in Frame Relay WAN technique i...; Question 138: Which of the following is MOST is critical during the busine...; Question 139: Which of the following BEST describes the necessary document...; Question 140: What control detects transmission errors by appending calcul...; Question 141: The FIRST step in managing the risk of a cyber-attack is to:...; Question 142: Which of the following line media would provide the BEST sec...; Question 143: Which of the following procedures would MOST effectively det...; Question 144: IT best practices for the availability and continuity of IT ...; Question 145: Which of the following is the INCORRECT Layer to Protocol ma...; Question 146: What would an IS auditor expect to find in the console log?...; Question 147: Sending a message and a message hash encrypted by the sender...; Question 148: How does the SSL network protocol provide confidentiality?...; Question 149: To ensure compliance with a security policy requiring that p...; Question 150: Which of the following provide(s) near-immediate recoverabil...; Question 151: An IS auditor should carefully review the functional require...; Question 152: In a public key infrastructure, a registration authority:...; Question 153: Which of the following is a network diagnostic tool that mon...; Question 154: How does the process of systems auditing benefit from using ...; Question 155: Once an organization has finished the business process reeng...; Question 156: Which of the following service is a distributed database tha...; Question 157: Which of the following is the GREATEST risk when implementin...; Question 158: Which of the following would be of MOST concern to an IS aud...; Question 159: Which of the following is the most important element in the ...; Question 160: Which of the following PBX feature allows a PBX to be config...; Question 161: IT operations for a large organization have been outsourced....; Question 162: Private Branch Exchange(PBX) environment involves many secur...; Question 163: Which of the following would be the GREATEST cause for conce...; Question 164: Which of the following type of a computer network covers a l...; Question 165: Which of the following will BEST ensure the successful offsh...; Question 166: In regard to moving an application program from the test env...; Question 167: When conducting a penetration test of an organization's inte...; Question 168: Which of the following functionality is NOT performed by the...; Question 169: As an IS auditor it is very important to understand the impo...; Question 170: During the audit of an acquired software package, an IS audi...; Question 171: isk analysis is not always possible because the IS auditor i...; Question 172: Which of the following fire-suppression methods is considere...; Question 173: Which of the following is an example of the defense in-depth...; Question 174: What are trojan horse programs?...; Question 175: An IS auditor should use statistical sampling and not judgme...; Question 176: Which of the following is BEST suited for secure communicati...; Question 177: When should application controls be considered within the sy...; Question 178: A digital signature contains a message digest to:...; Question 179: An organization's IS audit charter should specify the:...; Question 180: What is the most common reason for information systems to fa...; Question 181: What is an edit check to determine whether a field contains ...; Question 182: A hub is a device that connects:...; Question 183: Which of the following Confidentiality, Integrity, Availabil...; Question 184: When should plans for testing for user acceptance be prepare...; Question 185: Which of the following layer of an OSI model encapsulates pa...; Question 186: In an EDI process, the device which transmits and receives e...; Question 187: Which of the following INCORRECTLY describes the layer funct...; Question 188: Which of the following controls would be MOST effective in e...; Question 189: Which significant risk is introduced by running the file tra...; Question 190: Which audit technique provides the BEST evidence of the segr...; Question 191: The security level of a private key system depends on the nu...; Question 192: A check digit is an effective edit check to:...; Question 193: The IS auditor learns that when equipment was brought into t...; Question 194: In a public key infrastructure (PKI), the authority responsi...; Question 195: What can be implemented to provide the highest level of prot...; Question 196: Confidentiality of the data transmitted in a wireless LAN is...; Question 197: Which of the following technique is used for speeding up net...; Question 198: Which of the following is protocol data unit (PDU) of networ...; Question 199: Which of the following do digital signatures provide?...; Question 200: An IS auditor performing an application maintenance audit wo...; Question 201: When implementing an application software package, which of ...; Question 202: The reliability of an application system's audit trail may b...; Question 203: Network environments often add to the complexity of program-...; Question 204: Vendors have released patches fixing security flaws in their...; Question 205: Which of the following is used to evaluate biometric access ...; Question 206: Which of the following types of firewalls provide the GREATE...; Question 207: Who is primarily responsible for storing and safeguarding th...; Question 208: Within IPSEC which of the following defines security paramet...; Question 209: Which of the following concerns associated with the World Wi...; Question 210: The GREATEST risk when end users have access to a database a...; Question 211: Run-to-run totals can verify data through which stage(s) of ...; Question 212: To detect attack attempts that the firewall is unable to rec...; Question 213: The MAIN reason for requiring that all computer clocks acros...; Question 214: When reviewing an organization's approved software product l...; Question 215: Which of the following would impair the independence of a qu...; Question 216: Who is responsible for implementing cost-effective controls ...; Question 217: Which of the following is a continuity plan test that uses a...; Question 218: A transaction journal provides the information necessary for...; Question 219: Overall business risk for a particular threat can be express...; Question 220: Which of the following systems or tools can recognize that a...; Question 221: Who is responsible for the overall direction, costs, and tim...; Question 222: Which of the following attack best describe "Computer is the...; Question 223: Which of the following controls would provide the GREATEST a...; Question 224: Electromagnetic emissions from a terminal represent an expos...; Question 225: An IS auditor has imported data from the client's database. ...; Question 226: Using the OSI reference model, what layer(s) is/are used to ...; Question 227: During the audit of a database server, which of the followin...; Question 228: What is the BEST approach to mitigate the risk of a phishing...; Question 229: Above almost all other concerns, what often results in the g...; Question 230: An organization has contracted with a vendor for a turnkey s...; Question 231: Who is accountable for maintaining appropriate security meas...; Question 232: The decisions and actions of an IS auditor are MOST likely t...; Question 233: Which of the following is the GREATEST risk to the effective...; Question 234: After an IS auditor has identified threats and potential imp...; Question 235: When using an integrated test facility (ITF), an IS auditor ...; Question 236: To properly evaluate the collective effect of preventative, ...; Question 237: What should an IS auditor do if he or she observes that proj...; Question 238: An IS auditor has identified the lack of an authorization pr...; Question 239: Which type of major BCP test only requires representatives f...; Question 240: A number of system failures are occurring when corrections t...; Question 241: When evaluating the controls of an EDI application, an IS au...; Question 242: A critical function of a firewall is to act as a:...; Question 243: Which of the following would be the BEST population to take ...; Question 244: Who should be responsible for network security operations?...; Question 245: The PRIMARY objective of a logical access control review is ...; Question 246: Which of the following layer of the OSI model provides a sta...; Question 247: The MOST likely explanation for the use of applets in an Int...; Question 248: What is used to provide authentication of the website and ca...; Question 249: Which of the following help(s) prevent an organization's sys...; Question 250: While conducting an audit, an IS auditor detects the presenc...; Question 251: Which of the following term in business continuity defines t...; Question 252: Business units are concerned about the performance of a newl...; Question 253: An advantage of a continuous audit approach is that it can i...; Question 254: In RFID technology which of the following risk could represe...; Question 255: In computer forensics, which of the following is the process...; Question 256: Which of the following is a passive attack to a network?...; Question 257: An IS auditor finds that client requests were processed mult...; Question 258: Which of the following exploit vulnerabilities to cause loss...; Question 259: Which of the following is MOST critical when creating data f...; Question 260: What is the key distinction between encryption and hashing a...; Question 261: Batch control reconciliation is a _____________________ (fil...; Question 262: Proper segregation of duties does not prohibit a quality con...; Question 263: What type of risk is associated with authorized program exit...; Question 264: Key verification is one of the best controls for ensuring th...; Question 265: What type of BCP test uses actual resources to simulate a sy...; Question 266: After observing suspicious activities in a server, a manager...; Question 267: When reviewing a hardware maintenance program, an IS auditor...; Question 268: When is regression testing used to determine whether new app...; Question 269: What can be used to gather evidence of network attacks?...; Question 270: Which of the following transmission media is LEAST vulnerabl...; Question 271: A clerk changed the interest rate for a loan on a master fil...; Question 272: Mitigating the risk and impact of a disaster or business int...; Question 273: To determine how data are accessed across different platform...; Question 274: An investment advisor e-mails periodic newsletters to client...; Question 275: An IS auditor notes that IDS log entries related to port sca...; Question 276: Which of the following is a standard secure email protection...; Question 277: Which of the following database model allow many-to-many rel...; Question 278: The purpose of business continuity planning and disaster-rec...; Question 279: Transmitting redundant information with each character or fr...; Question 280: The network of an organization has been the victim of severa...; Question 281: Which of the following statement correctly describes differe...; Question 282: When assessing the design of network monitoring controls, an...; Question 283: What type of fire-suppression system suppresses fire via wat...; Question 284: In order to properly protect against unauthorized disclosure...; Question 285: As an IS auditor it is very important to understand software...; Question 286: In which of the following RFID risks competitor potentially ...; Question 287: As an IS auditor, it is very important to make sure all stor...; Question 288: What increases encryption overhead and cost the most?...; Question 289: Which of the following should be of PRIMARY concern to an IS...; Question 290: The PRIMARY objective of service-level management (SLM) is t...; Question 291: Which of the following is protocol data unit (PDU) of data a...; Question 292: A manufacturing firm wants to automate its invoice payment s...; Question 293: Which of the following is a program evaluation review techni...; Question 294: Security administration procedures require read-only access ...; Question 295: What process uses test data as part of a comprehensive test ...; Question 296: Which of the following is of greatest concern when performin...; Question 297: In which of the following database model is the data organiz...; Question 298: Which of the following statement INCORRECTLY describes packe...; Question 299: An auditor needs to be aware of technical controls which are...; Question 300: Who is responsible for authorizing access level of a data us...; Question 301: Fourth-Generation Languages (4GLs) are most appropriate for ...; Question 302: Which of the following protocol is developed jointly by VISA...; Question 303: When performing an audit of a client relationship management...; Question 304: Identify the WAN message switching technique being used from...; Question 305: To ensure message integrity, confidentiality and non-repudia...; Question 306: When storing data archives off-site, what must be done with ...; Question 307: In a relational database with referential integrity, the use...; Question 308: An integrated test facility is considered a useful audit too...; Question 309: Web and e-mail filtering tools are PRIMARILY valuable to an ...; Question 310: Which of the following antivirus software implementation str...; Question 311: ________________ (fill in the blank) should be implemented a...; Question 312: The PRIMARY purpose of an IT forensic audit is:...; Question 313: To prevent unauthorized entry to the data maintained in a di...; Question 314: An IS auditor is performing a network security review of a t...; Question 315: Which of the following protocol is used for electronic mail ...; Question 316: Which of the following statement INCORRECTLY describes netwo...; Question 317: If senior management is not committed to strategic planning,...; Question 318: Which of the following term related to network performance r...; Question 319: An intentional or unintentional disclosure of a password is ...; Question 320: An organization having a number of offices across a wide geo...; Question 321: When transmitting a payment instruction, which of the follow...; Question 322: Who is responsible for providing adequate physical and logic...; Question 323: Which of the following processes should an IS auditor recomm...; Question 324: Which of the following statements regarding an off-site info...; Question 325: An IS auditor should know information about different networ...; Question 326: Which of the following is a management technique that enable...; Question 327: The MAJOR advantage of a component-based development approac...; Question 328: Who is ultimately accountable for the development of an IS s...; Question 329: Which testing approach is MOST appropriate to ensure that in...; Question 330: An efficient use of public key infrastructure (PKI) should e...; Question 331: An organization can ensure that the recipients of e-mails fr...; Question 332: Which of the following should an IS auditor review to determ...; Question 333: An IS auditor reviewing a proposed application software acqu...; Question 334: Identify the INCORRECT statement related to network performa...; Question 335: Passwords should be:; Question 336: Which of the following would MOST effectively reduce social ...; Question 337: An organization has recently installed a security patch, whi...; Question 338: Which of the following is the MOST important action in recov...; Question 339: Which of the following represents the GREATEST potential ris...; Question 340: Business Continuity Planning (BCP) is not defined as a prepa...; Question 341: Which of the following BEST limits the impact of server fail...; Question 342: When performing an IS strategy audit, an IS auditor should r...; Question 343: From a risk management point of view, the BEST approach when...; Question 344: A hacker could obtain passwords without the use of computer ...; Question 345: Obtaining user approval of program changes is very effective...; Question 346: Which of the following attack redirects outgoing message fro...; Question 347: An IS auditor reviewing access controls for a client-server ...; Question 348: Reconfiguring which of the following firewall types will pre...; Question 349: A database administrator has detected a performance problem ...; Question 350: An IS auditor reviewing an accounts payable system discovers...; Question 351: Who is responsible for restricting and monitoring access of ...; Question 352: Which of the following type of a computer network is a WAN t...; Question 353: Why is a clause for requiring source code escrow in an appli...; Question 354: Which of the following will prevent dangling tuples in a dat...; Question 355: The PRIMARY purpose of audit trails is to:...; Question 356: Which of the following would BEST maintain the integrity of ...; Question 357: What is/are used to measure and ensure proper network capaci...; Question 358: Which of the following attack involves sending forged ICMP E...; Question 359: Reverse proxy technology for web servers should be deployed ...; Question 360: Which of the following BEST describes the role of a director...; Question 361: Which of the following is a substantive test?...; Question 362: An appropriate control for ensuring the authenticity of orde...; Question 363: In auditing a web server, an IS auditor should be concerned ...; Question 364: IS management has decided to rewrite a legacy customer relat...; Question 365: To ensure that audit resources deliver the best value to the...; Question 366: An IS auditor finds out-of-range data in some tables of a da...; Question 367: By evaluating application development projects against the c...; Question 368: If an IS auditor observes that individual modules of a syste...; Question 369: Which of the following would help to ensure the portability ...; Question 370: Applying a retention date on a file will ensure that:...; Question 371: How does the digital envelop work? What are the correct step...; Question 372: Which of the following is a ITU-T standard protocol suite fo...; Question 373: An IS auditor attempting to determine whether access to prog...; Question 374: Accountability for the maintenance of appropriate security m...; Question 375: Which of the following type of lock uses a magnetic or embed...; Question 376: What is a common vulnerability, allowing denial-of-service a...; Question 377: Which of the following data validation edits is effective in...; Question 378: When selecting audit procedures, an IS auditor should use pr...; Question 379: Which of the following statement INCORRECTLY describes anti-...; Question 380: As compared to understanding an organization's IT process fr...; Question 381: An IS auditor examining the configuration of an operating sy...; Question 382: Which of the following is a data validation edit and control...; Question 383: Which of the following statement correctly describes the dif...; Question 384: During an application audit, an IS auditor finds several pro...; Question 385: An organization is migrating from a legacy system to an ente...; Question 386: Which of the following is the protocol data unit (PDU) of ap...; Question 387: Which of the following option INCORRECTLY describes PBX feat...; Question 388: To determine which users can gain access to the privileged s...; Question 389: Which of the following layer of an OSI model ensures that me...; Question 390: The initial step in establishing an information security pro...; Question 391: Which of the following is the MOST effective control when gr...; Question 392: What process allows IS management to determine whether the a...; Question 393: With the help of a security officer, granting access to data...; Question 394: Which of the following public key infrastructure (PKI) eleme...; Question 395: Which of the following is often used as a detection and dete...; Question 396: The implementation of access controls FIRST requires:...; Question 397: When a new system is to be implemented within a short time f...; Question 398: The MOST significant level of effort for business continuity...; Question 399: Off-site data backup and storage should be geographically se...; Question 400: Which policy helps an auditor to gain a better understanding...; Question 401: A PRIMARY benefit derived from an organization employing con...; Question 402: During what process should router access control lists be re...; Question 403: In which of the following WAN message transmission technique...; Question 404: Which of the following exposures associated with the spoolin...; Question 405: With the objective of mitigating the risk and impact of a ma...; Question 406: In transport mode, the use of the Encapsulating Security Pay...; Question 407: An IS auditor performing an independent classification of sy...; Question 408: In which of the following transmission media it is MOST diff...; Question 409: When reviewing input controls, an IS auditor observes that, ...; Question 410: Which of the following type of a computer network are variat...; Question 411: Which of the following is a control over component communica...; Question 412: An IS auditor is assigned to perform a post implementation r...; Question 413: The objective of concurrency control in a database system is...; Question 414: Normally, it would be essential to involve which of the foll...; Question 415: Which of the following is a prevalent risk in the developmen...; Question 416: An existing system is being extensively enhanced by extracti...; Question 417: When reviewing an intrusion detection system (IDS), an IS au...; Question 418: Which of the following antispam filtering techniques would B...; Question 419: The feature of a digital signature that ensures the sender c...; Question 420: Which of the following applet intrusion issues poses the GRE...; Question 421: Following best practices, formal plans for implementation of...; Question 422: Of the three major types of off-site processing facilities, ...; Question 423: The MAIN criterion for determining the severity level of a s...; Question 424: At the end of the testing phase of software development, an ...; Question 425: Which of the following term related to network performance r...; Question 426: What is a data validation edit control that matches input da...; Question 427: Rather than simply reviewing the adequacy of access control,...; Question 428: The database administrator (DBA) suggests that DB efficiency...; Question 429: Which of the following would be the BEST access control proc...; Question 430: Which of the following is an implementation risk within the ...; Question 431: An IS auditor is evaluating a corporate network for a possib...; Question 432: There are many firewall implementations provided by firewall...; Question 433: What type of approach to the development of organizational p...; Question 434: When reviewing an organization's logical access security, wh...; Question 435: What kind of testing should programmers perform following an...; Question 436: The purpose of code signing is to provide assurance that:...; Question 437: Which key is used by the sender of a message to create a dig...; Question 438: A review of wide area network (WAN) usage discovers that tra...; Question 439: An installed Ethernet cable run in an unshielded twisted pai...; Question 440: What is the primary objective of a control self-assessment (...; Question 441: Allowing application programmers to directly patch or change...; Question 442: When are benchmarking partners identified within the benchma...; Question 443: The use of object-oriented design and development techniques...; Question 444: Which of the following provides the MOST relevant informatio...; Question 445: A company has decided to implement an electronic signature s...; Question 446: An IS auditor analyzing the audit log of a database manageme...; Question 447: The MAIN purpose of a transaction audit trail is to:...; Question 448: In a small organization, developers may release emergency ch...; Question 449: Identify the correct sequence of Business Process Reengineer...; Question 450: Proper segregation of duties prevents a computer operator (u...; Question 451: Business process re-engineering often results in ___________...; Question 452: An organization has an integrated development environment (I...; Question 453: If a database is restored from information backed up before ...; Question 454: An IS auditor should be MOST concerned with what aspect of a...; Question 455: During a postimplementation review of an enterprise resource...; Question 456: What are used as the framework for developing logical access...; Question 457: Which of the following protocol does NOT work at Network int...; Question 458: Which of the following attack is against computer network an...; Question 459: When should systems administrators first assess the impact o...; Question 460: Whenever an application is modified, what should be tested t...; Question 461: An IS auditor reviewing the key roles and responsibilities o...; Question 462: There are many types of audit logs analysis tools available ...; Question 463: Which of the following method should be recommended by secur...; Question 464: A firewall is being deployed at a new location. Which of the...; Question 465: In an audit of an inventory application, which approach woul...; Question 466: Which of the following is a type of computer network used fo...; Question 467: Which of the following type of network service is used by ne...; Question 468: When performing a computer forensic investigation, in regard...; Question 469: During the requirements definition phase of a software devel...; Question 470: Which of the following is an effective method for controllin...; Question 471: In computer forensic which of the following describe the pro...; Question 472: If an IS auditor finds evidence of risk involved in not impl...; Question 473: An IS auditor reviewing an organization's data file control ...; Question 474: During the requirements definition phase for a database appl...; Question 475: A company has recently upgraded its purchase system to incor...; Question 476: Which of the following attacks targets the Secure Sockets La...; Question 477: Which of the following protocols would be involved in the im...; Question 478: Functionality is a characteristic associated with evaluating...; Question 479: Which of the following attack is MOSTLY performed by an atta...; Question 480: Identify the network topology from below diagram presented b...; Question 481: What is an acceptable mechanism for extremely time-sensitive...; Question 482: Which of the following technique is NOT used by a preacher a...; Question 483: What is essential for the IS auditor to obtain a clear under...; Question 484: During a human resources (HR) audit, an IS auditor is inform...; Question 485: Which of the following would provide the highest degree of s...; Question 486: A company uses a bank to process its weekly payroll. Time sh...; Question 487: Which of the following tests is an IS auditor performing whe...; Question 488: To address a maintenance problem, a vendor needs remote acce...; Question 489: Which of the following is protocol data unit (PDU) of transp...; Question 490: Which of the following attack is also known as Time of Check...; Question 491: To determine who has been given permission to use a particul...; Question 492: During an IS audit, one of your auditor has observed that so...; Question 493: When performing an audit of access rights, an IS auditor sho...; Question 494: An IS auditor is reviewing a project that is using an Agile ...; Question 495: Why does an IS auditor review an organization chart?...; Question 496: Which of the following cryptography demands less computation...; Question 497: The extent to which data will be collected during an IS audi...; Question 498: An IS auditor conducting an access control review in a clien...; Question 499: Identify the correct sequence which needs to be followed as ...; Question 500: Which of the following manages the digital certificate life ...; Question 501: Function Point Analysis (FPA) provides an estimate of the si...; Question 502: During Involuntary termination of an employee, which of the ...; Question 503: After discovering a security vulnerability in a third-party ...; Question 504: Most access violations are:; Question 505: What are used as a countermeasure for potential database cor...; Question 506: Who is ultimately responsible and accountable for reviewing ...; Question 507: Which of the following ensures a sender's authenticity and a...; Question 508: Which of the following components is responsible for the col...; Question 509: The most likely error to occur when implementing a firewall ...; Question 510: Which of the following would be the MOST cost-effective reco...; Question 511: When participating in a systems-development project, an IS a...; Question 512: To protect a VoIP infrastructure against a denial-of-service...; Question 513: What is the first step in a business process re-engineering ...; Question 514: ________ (fill in the blank) is/are ultimately accountable f...; Question 515: While reviewing the IT infrastructure, an IS auditor notices...; Question 516: The BEST method of proving the accuracy of a system tax calc...; Question 517: When reviewing print systems spooling, an IS auditor is MOST...; Question 518: An integrated test facility is not considered a useful audit...; Question 519: What are often the primary safeguards for systems software a...; Question 520: Which of the following layer of an OSI model transmits and r...; Question 521: Receiving an EDI transaction and passing it through the comm...; Question 522: Which of the following type of network service maps Domain N...; Question 523: Which of the following is the BEST type of program for an or...; Question 524: Why is the WAP gateway a component warranting critical conce...; Question 525: How do modems (modulation/demodulation) function to facilita...; Question 526: Which of the following functions should be performed by the ...; Question 527: An off-site processing facility should be easily identifiabl...; Question 528: Digital signatures require the sender to "sign" the data by ...; Question 529: Which of the following should be of MOST concern to an IS au...; Question 530: Over the long term, which of the following has the greatest ...; Question 531: Which of the following is BEST characterized by unauthorized...; Question 532: The knowledge base of an expert system that uses questionnai...; Question 533: Which of the following is the BEST audit procedure to determ...; Question 534: Which of the following type of honey pot essentially gives a...; Question 535: Which of the following type of lock uses a numeric keypad or...; Question 536: Which of the following could lead to an unintentional loss o...; Question 537: An IS auditor evaluates the test results of a modification t...; Question 538: The MAJOR advantage of the risk assessment approach over the...; Question 539: Which of the following statement correctly describes differe...; Question 540: Which of the following is an advantage of asymmetric crypto ...; Question 541: An IS auditor is performing an audit of a remotely managed s...; Question 542: Which of the following biometrics methods provides the HIGHE...; Question 543: An IS auditor is using a statistical sample to inventory the...; Question 544: Which of the following would an IS auditor consider to be th...; Question 545: An IS auditor evaluating logical access controls should FIRS...; Question 546: Identify the LAN topology from below diagram presented below...; Question 547: An IS auditor is told by IS management that the organization...; Question 548: Java applets and ActiveX controls are distributed executable...; Question 549: Proper segregation of duties prohibits a system analyst from...; Question 550: Library control software restricts source code to:...; Question 551: Which of the following type of computer has highest processi...; Question 552: What determines the strength of a secret key within a symmet...; Question 553: Which of the following would be the MOST secure firewall sys...; Question 554: Which of the following is NOT a true statement about public ...; Question 555: IS auditors are MOST likely to perform compliance tests of i...; Question 556: Which of the following BEST ensures the integrity of a serve...; Question 557: Which of the following attack involves slicing small amount ...; Question 558: Which of the following is the PRIMARY purpose for conducting...; Question 559: What is an effective control for granting temporary access t...; Question 560: Which of the following is best suited for searching for addr...; Question 561: Which of the following statement INCORRECTLY describes devic...; Question 562: As an IS auditor it is very important to understand software...; Question 563: Which of the following is the MOST critical and contributes ...; Question 564: A sequence of bits appended to a digital document that is us...; Question 565: Whenever business processes have been re-engineered, the IS ...; Question 566: A benefit of quality of service (QoS) is that the:...; Question 567: IS management recently replaced its existing wired local are...; Question 568: Which of the following hardware devices relieves the central...; Question 569: Which of the following statement is NOT true about smoke det...; Question 570: The reason a certification and accreditation process is perf...; Question 571: When performing a database review, an IS auditor notices tha...; Question 572: COBIT 5 separates information goals into three sub-dimension...; Question 573: John has been hired to fill a new position in one of the wel...; Question 574: What can ISPs use to implement inbound traffic filtering as ...; Question 575: For which of the following applications would rapid recovery...; Question 576: Neural networks are effective in detecting fraud because the...; Question 577: The BEST filter rule for protecting a network from being use...; Question 578: An IS auditor should review the configuration of which of th...; Question 579: For locations 3a, 1d and 3d, the diagram indicates hubs with...; Question 580: In the course of performing a risk analysis, an IS auditor h...; Question 581: Which of the following is a benefit of a risk-based approach...; Question 582: Which of the following forms of evidence for the auditor wou...; Question 583: In an IS audit of several critical servers, the IS auditor w...; Question 584: An organization is using symmetric encryption. Which of the ...; Question 585: A call-back system requires that a user with an id and passw...; Question 586: Which of the following statement INCORRECTLY describes Async...; Question 587: Which of the following statement INCORRECTLY describes circu...; Question 588: An IS auditor is reviewing access to an application to deter...; Question 589: A company has implemented a new client-server enterprise res...; Question 590: Which of the following provides the BEST single-factor authe...; Question 591: An IS auditor's PRIMARY concern when application developers ...; Question 592: During a logical access controls review, an IS auditor obser...; Question 593: Which of the following is an environmental issue caused by e...; Question 594: The GREATEST advantage of using web services for the exchang...; Question 595: How is risk affected if users have direct access to a databa...; Question 596: In large corporate networks having supply partners across th...; Question 597: During an IS audit, auditor has observed that authentication...; Question 598: Which of the following is a feature of Wi-Fi Protected Acces...; Question 599: An IS auditor who has discovered unauthorized transactions d...; Question 600: During a security audit of IT processes, an IS auditor found...; Question 601: Which of the following type of an IDS resides on important s...; Question 602: Which of the following are effective in detecting fraud beca...; Question 603: Which of the following term related to network performance r...; Question 604: What is used to develop strategically important systems fast...; Question 605: During the planning stage of an IS audit, the PRIMARY goal o...; Question 606: Which of the following is widely accepted as one of the crit...; Question 607: An advantage in using a bottom-up vs. a top-down approach to...; Question 608: Which of the following would be the BEST method for ensuring...; Question 609: Change management procedures are established by IS managemen...; Question 610: What is the recommended initial step for an IS auditor to im...; Question 611: Which of the following transmission media uses a transponder...; Question 612: Which of the following is the MOST effective method for deal...; Question 613: An information security policy stating that 'the display of ...; Question 614: During which of the following phases in system development w...; Question 615: An IS auditor observes a weakness in the tape management sys...; Question 616: Which of the following is an object-oriented technology char...; Question 617: What process is used to validate a subject's identity?...; Question 618: What can be very helpful to an IS auditor when determining t...; Question 619: Of the three major types of off-site processing facilities, ...; Question 620: What supports data transmission through split cable faciliti...; Question 621: The PRIMARY objective of performing a postincident review is...; Question 622: Database snapshots can provide an excellent audit trail for ...; Question 623: A TCP/IP-based environment is exposed to the Internet. Which...; Question 624: In which of the following WAN message transmission technique...; Question 625: Establishing data ownership is an important first step for w...; Question 626: Which of the following is a guiding best practice for implem...; Question 627: Which of the following types of testing would determine whet...; Question 628: Which of the following statement correctly describes one way...; Question 629: Which of the following is the INCORRECT "layer - protocol" m...; Question 630: When evaluating the collective effect of preventive, detecti...; Question 631: Test and development environments should be separated. True ...; Question 632: A proposed transaction processing application will have many...; Question 633: Which of the following term in business continuity determine...; Question 634: An audit charter should:; Question 635: What is the MOST effective method of preventing unauthorized...; Question 636: Which of the following is the unique identifier within and I...; Question 637: What is a callback system?; Question 638: Identify the correct sequence of Business Process Reengineer...; Question 639: Which of the following is an advantage of the top-down appro...; Question 640: An advantage of using sanitized live transactions in test da...; Question 641: Which of the following device in Frame Relay WAN technique i...; Question 642: Which of the following online auditing techniques is most ef...; Question 643: What is used as a control to detect loss, corruption, or dup...; Question 644: Which of the following best characterizes "worms"?...; Question 645: Which of the following is the PRIMARY safeguard for securing...; Question 646: What often results in project scope creep when functional re...; Question 647: An IS auditor should recommend the use of library control so...; Question 648: An organization has outsourced its help desk. Which of the f...; Question 649: As described at security policy, the CSO implemented an e-ma...; Question 650: What topology provides the greatest redundancy of routes and...; Question 651: During the system testing phase of an application developmen...; Question 652: When should an application-level edit check to verify that a...; Question 653: When reviewing the configuration of network devices, an IS a...; Question 654: To verify that the correct version of a data file was used f...; Question 655: Which of the following functionality is NOT supported by SSL...; Question 656: What must an IS auditor understand before performing an appl...; Question 657: A decision support system (DSS):...; Question 658: Which of the following cryptography is based on practical ap...; Question 659: A LAN administrator normally would be restricted from:...; Question 660: Disabling which of the following would make wireless local a...; Question 661: Which of the following is a benefit of using callback device...; Question 662: The BEST way to minimize the risk of communication failures ...; Question 663: A hardware control that helps to detect errors when data are...; Question 664: Which of the following is an advantage of an integrated test...; Question 665: Which of the following is NOT a disadvantage of Single Sign ...; Question 666: What is often assured through table link verification and re...; Question 667: If a programmer has update access to a live system, IS audit...; Question 668: As an auditor it is very important to ensure confidentiality...; Question 669: While planning an audit, an assessment of risk should be mad...; Question 670: Which of the following is of greatest concern to the IS audi...; Question 671: There are many known weaknesses within an Intrusion Detectio...; Question 672: Which of the following can degrade network performance?...; Question 673: Which of the following attacks could capture network user pa...; Question 674: After identifying potential security vulnerabilities, what s...; Question 675: Which of the following is the most fundamental step in preve...; Question 676: Which of the following comparisons are used for identificati...; Question 677: Assuming this diagram represents an internal facility and th...; Question 678: What is an initial step in creating a proper firewall policy...; Question 679: Active radio frequency ID (RFID) tags are subject to which o...; Question 680: Which of the following malware technical fool's malware by a...; Question 681: When reviewing procedures for emergency changes to programs,...; Question 682: Which of the following process consist of identification and...; Question 683: Which of the following would be considered an essential feat...; Question 684: Which of the following is a passive attack method used by in...; Question 685: Which of the following processes are performed during the de...; Question 686: Which of the following exposures could be caused by a line g...; Question 687: During the review of a web-based software development projec...; Question 688: If an IS auditor observes that an IS department fails to use...; Question 689: What is the primary security concern for EDI environments?...; Question 690: Which of the following type of computer is a large, general ...; Question 691: In planning an audit, the MOST critical step is the identifi...; Question 692: When auditing a proxy-based firewall, an IS auditor should:...; Question 693: A virtual private network (VPN) provides data confidentialit...; Question 694: The application systems of an organization using open-source...; Question 695: Which of the following type of a computer network covers a b...; Question 696: Which of the following would provide the BEST protection aga...; Question 697: Which of the following ensures confidentiality of informatio...; Question 698: When reviewing the implementation of a LAN, an IS auditor sh...; Question 699: In which of the following database models is the data repres...; Question 700: During the testing of the business continuity plan (BCP), wh...; Question 701: A substantive test to verify that tape library inventory rec...; Question 702: Authentication techniques for sending and receiving data bet...; Question 703: Identify the network topology from below diagram presented b...; Question 704: Which of the following would be an indicator of the effectiv...; Question 705: Which of the following is penetration test where the penetra...; Question 706: Which of the following system and data conversion strategies...; Question 707: Which of the following would prevent accountability for an a...; Question 708: The quality of the metadata produced from a data warehouse i...; Question 709: Who is ultimately responsible for providing requirement spec...; Question 710: Which are the two primary types of scanner used for protecti...; Question 711: Functional acknowledgements are used:...; Question 712: Which of the following should be a concern to an IS auditor ...; Question 713: What type of cryptosystem is characterized by data being enc...; Question 714: An IS auditor reviews an organizational chart PRIMARILY for:...; Question 715: Which of the following reports should an IS auditor use to c...; Question 716: To affix a digital signature to a message, the sender must f...; Question 717: Any changes in systems assets, such as replacement of hardwa...; Question 718: What does PKI use to provide some of the strongest overall c...; Question 719: Which of the following user profiles should be of MOST conce...; Question 720: Which of the following is the MOST critical step in planning...; Question 721: In what way is a common gateway interface (CGI) MOST often u...; Question 722: Which of the following statements pertaining to IPSec is inc...; Question 723: The use of statistical sampling procedures helps minimize:...; Question 724: During maintenance of a relational database, several values ...; Question 725: What kind of protocols does the OSI Transport Layer of the T...; Question 726: An IS auditor performing a review of an application's contro...; Question 727: Which of the following systems-based approaches would a fina...; Question 728: Which of the following can help detect transmission errors b...; Question 729: What should IS auditors always check when auditing password ...; Question 730: Which of the following will help detect changes made by an i...; Question 731: What is a reliable technique for estimating the scope and co...; Question 732: An organization is implementing a new system to replace a le...; Question 733: Which of the following INCORRECTLY describes the layer funct...; Question 734: Company.com has contracted with an external consulting firm ...; Question 735: Which of the following network components is PRIMARILY set u...; Question 736: Which of the following devices extends the network and has t...; Question 737: A database administrator is responsible for:...; Question 738: Which of the following PBX feature provides the possibility ...; Question 739: The phases and deliverables of a system development life cyc...; Question 740: Which of the following types of firewalls would BEST protect...; Question 741: What uses questionnaires to lead the user through a series o...; Question 742: While evaluating logical access control the IS auditor shoul...; Question 743: Which of the following satisfies a two-factor user authentic...; Question 744: What is a primary high-level goal for an auditor who is revi...; Question 745: What are intrusion-detection systems (IDS) primarily used fo...; Question 746: A web server is attacked and compromised. Which of the follo...; Question 747: Diskless workstation is an example of:...; Question 748: In a public key infrastructure (PKI), which of the following...; Question 749: An IS auditor notes that patches for the operating system us...; Question 750: What type(s) of firewalls provide(s) the greatest degree of ...; Question 751: An organization provides information to its supply chain par...; Question 752: Which of the following type of IDS has self-learning functio...; Question 753: A malicious code that changes itself with each file it infec...; Question 754: During the development of an application, the quality assura...; Question 755: Atomicity enforces data integrity by ensuring that a transac...; Question 756: The computer security incident response team (CSIRT) of an o...; Question 757: Which of the following is an advantage of prototyping?...; Question 758: Digital signatures require the:...; Question 759: Which of the following term in business continuity determine...; Question 760: To prevent IP spoofing attacks, a firewall should be configu...; Question 761: Which of the following attack includes social engineering, l...; Question 762: An IS auditor reviewing a database application discovers tha...; Question 763: Which of the following term related to network performance r...; Question 764: Although BCP and DRP are often implemented and tested by mid...; Question 765: Which of the following typically focuses on making alternati...; Question 766: When installing an intrusion detection system (IDS), which o...; Question 767: What is an effective countermeasure for the vulnerability of...; Question 768: Failure in which of the following testing stages would have ...; Question 769: An IS auditor is reviewing the remote access methods of a co...; Question 770: How is the risk of improper file access affected upon implem...

Question 234/770

LEAVE A REPLY

Download PDF File