Valid CISA Dumps shared by ExamDiscuss.com for Helping Passing CISA Exam! ExamDiscuss.com now offer the newest CISA exam dumps, the ExamDiscuss.com CISA exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CISA dumps with Test Engine here:
Access CISA Dumps Premium Version
(1435 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 556/770
Which of the following BEST ensures the integrity of a server's operating system?
Correct Answer: C
Explanation/Reference:
Explanation:
Hardening a system means to configure it in the most secure manner (install latest security patches, properly define the access authorization for users and administrators, disable insecure options and uninstall unused services) to prevent nonprivileged users from gaining the right to execute privileged instructions and thus take control of the entire machine, jeopardizing the OS's integrity. Protecting the server in a secure location and setting a boot password are good practices, but do not ensure that a user will not try to exploit logical vulnerabilities and compromise the OS. Activity logging has two weaknesses in this scenario-it is a detective control (not a preventive one), and the attacker who already gained privileged access can modify logs or disable them.
Explanation:
Hardening a system means to configure it in the most secure manner (install latest security patches, properly define the access authorization for users and administrators, disable insecure options and uninstall unused services) to prevent nonprivileged users from gaining the right to execute privileged instructions and thus take control of the entire machine, jeopardizing the OS's integrity. Protecting the server in a secure location and setting a boot password are good practices, but do not ensure that a user will not try to exploit logical vulnerabilities and compromise the OS. Activity logging has two weaknesses in this scenario-it is a detective control (not a preventive one), and the attacker who already gained privileged access can modify logs or disable them.
- Question List (770q)
- Question 1: Which of the following statement is NOT true about Voice-Ove...
- Question 2: Which of the following statement correctly describes the dif...
- Question 3: An IS auditor reviewing wireless network security determines...
- Question 4: Which of the following protocol does NOT work at the Applica...
- Question 5: Which of the following is a sophisticated computer based swi...
- Question 6: Which of the following is MOST directly affected by network ...
- Question 7: Regarding digital signature implementation, which of the fol...
- Question 8: An IS auditor needs to consider many factors while evaluatin...
- Question 9: Which of the following encryption techniques will BEST prote...
- Question 10: After installing a network, an organization installed a vuln...
- Question 11: Which of the following is the MOST likely reason why e-mail ...
- Question 12: What should regression testing use to obtain accurate conclu...
- Question 13: Validated digital signatures in an e-mail software applicati...
- Question 14: A programmer maliciously modified a production program to ch...
- Question 15: Which of the following attack could be avoided by creating m...
- Question 16: An IS auditor evaluating the resilience of a high-availabili...
- Question 17: An IS auditor finds that, at certain times of the day, the d...
- Question 18: When reviewing an implementation of a VoIP system over a cor...
- Question 19: What benefit does using capacity-monitoring software to moni...
- Question 20: How is the time required for transaction processing review u...
- Question 21: In the 2c area of the diagram, there are three hubs connecte...
- Question 22: Which of the following tests performed by an IS auditor woul...
- Question 23: The waterfall life cycle model of software development is mo...
- Question 24: The specific advantage of white box testing is that it:...
- Question 25: Which of the following should be included in a feasibility s...
- Question 26: Which of the following is a software application that preten...
- Question 27: Which of the following protocol is PRIMARILY used to provide...
- Question 28: An offsite information processing facility having electrical...
- Question 29: Ensuring that security and control policies support business...
- Question 30: Which of the following would be the BEST overall control for...
- Question 31: Which of the following cryptographic systems is MOST appropr...
- Question 32: Which of the following network configuration options contain...
- Question 33: Responsibility and reporting lines cannot always be establis...
- Question 34: Which of the following methods of providing telecommunicatio...
- Question 35: Which of the following is the PRIMARY advantage of using com...
- Question 36: What influences decisions regarding criticality of assets?...
- Question 37: Two-factor authentication can be circumvented through which ...
- Question 38: When developing a risk-based audit strategy, an IS auditor c...
- Question 39: An IS auditor reviewing the implementation of an intrusion d...
- Question 40: Which of the following is a form of Hybrid Cryptography wher...
- Question 41: An IS auditor finds that user acceptance testing of a new sy...
- Question 42: The MOST significant security concerns when using flash memo...
- Question 43: When reviewing system parameters, an IS auditor's PRIMARY co...
- Question 44: A company is implementing a dynamic host configuration proto...
- Question 45: Which of the following provides the strongest authentication...
- Question 46: Which of the following would normally be the MOST reliable e...
- Question 47: Which of the following transmission media is MOST difficult ...
- Question 48: When should reviewing an audit client's business plan be per...
- Question 49: Distributed denial-of-service (DDOS) attacks on Internet sit...
- Question 50: Which of the following is a good control for protecting conf...
- Question 51: The GREATEST benefit in implementing an expert system is the...
- Question 52: Data edits are implemented before processing and are conside...
- Question 53: The traditional role of an IS auditor in a control self-asse...
- Question 54: What is the most common purpose of a virtual private network...
- Question 55: Off-site data storage should be kept synchronized when prepa...
- Question 56: Which of the following is NOT a component of IPSec?...
- Question 57: A sender of an e-mail message applies a digital signature to...
- Question 58: Which of the following is the dominating objective of BCP an...
- Question 59: How often should a Business Continuity Plan be reviewed?...
- Question 60: Which of the following BEST reduces the ability of one devic...
- Question 61: A control that detects transmission errors by appending calc...
- Question 62: Which of the following uses a prototype that can be updated ...
- Question 63: Which of the following term in business continuity determine...
- Question 64: Doing which of the following during peak production hours co...
- Question 65: In an online transaction processing system, data integrity i...
- Question 66: Which of the following term in business continuity defines t...
- Question 67: The PRIMARY advantage of a continuous audit approach is that...
- Question 68: What type of risk results when an IS auditor uses an inadequ...
- Question 69: Who assumes ownership of a systems-development project and t...
- Question 70: Which of the following type of network service stores inform...
- Question 71: Which of the following are effective controls for detecting ...
- Question 72: Parity bits are a control used to validate:...
- Question 73: What method might an IS auditor utilize to test wireless sec...
- Question 74: How can minimizing single points of failure or vulnerabiliti...
- Question 75: An IS auditor usually places more reliance on evidence direc...
- Question 76: Which of the following is MOST likely to result from a busin...
- Question 77: Which of the following database controls would ensure that t...
- Question 78: Ideally, stress testing should be carried out in a:...
- Question 79: Data flow diagrams are used by IS auditors to:...
- Question 80: An IS auditor selects a server for a penetration test that w...
- Question 81: A core tenant of an IS strategy is that it must:...
- Question 82: What is often the most difficult part of initial efforts in ...
- Question 83: The directory system of a database-management system describ...
- Question 84: The goal of an information system is to achieve integrity, a...
- Question 85: The PRIMARY reason for using digital signatures is to ensure...
- Question 86: What can be used to help identify and investigate unauthoriz...
- Question 87: Which of the following sampling methods is MOST useful when ...
- Question 88: The IS management of a multinational company is considering ...
- Question 89: An organization has a mix of access points that cannot be up...
- Question 90: The use of a GANTT chart can:
- Question 91: Which of the following attack occurs when a malicious action...
- Question 92: Which of the following potentially blocks hacking attempts?...
- Question 93: Naming conventions for system resources are important for ac...
- Question 94: Which of the following is a dynamic analysis tool for the pu...
- Question 95: Which of the following is an example of a passive attack ini...
- Question 96: Sign-on procedures include the creation of a unique user ID ...
- Question 97: Which of the following layer of an OSI model responsible for...
- Question 98: The GREATEST advantage of rapid application development (RAD...
- Question 99: The vice president of human resources has requested an audit...
- Question 100: Which of the following layer of an OSI model controls dialog...
- Question 101: Which of the following translates e-mail formats from one ne...
- Question 102: An IS auditor reviewing database controls discovered that ch...
- Question 103: Which of the following controls will MOST effectively detect...
- Question 104: A company undertakes a business process reengineering (BPR) ...
- Question 105: Processing controls ensure that data is accurate and complet...
- Question 106: An IS auditor recommends that an initial validation control ...
- Question 107: Input/output controls should be implemented for which applic...
- Question 108: Why does the IS auditor often review the system logs?...
- Question 109: There are several types of penetration tests depending upon ...
- Question 110: Which of the following is the INCORRECT "layer - protocol da...
- Question 111: Which of the following types of data validation editing chec...
- Question 112: In a client-server architecture, a domain name service (DNS)...
- Question 113: What protects an application purchaser's ability to fix or c...
- Question 114: Which of the following statement correctly describes the dif...
- Question 115: An IS auditor is evaluating management's risk assessment of ...
- Question 116: Structured programming is BEST described as a technique that...
- Question 117: Which of the following provides the framework for designing ...
- Question 118: Time constraints and expanded needs have been found by an IS...
- Question 119: Proper segregation of duties normally does not prohibit a LA...
- Question 120: When two or more systems are integrated, input/output contro...
- Question 121: Which of the following statement correctly describes the dif...
- Question 122: Organizations should use off-site storage facilities to main...
- Question 123: To determine if unauthorized changes have been made to produ...
- Question 124: An IS auditor is performing an audit of a network operating ...
- Question 125: Which of the following protocol uses serial interface for co...
- Question 126: Which of the following method is recommended by security pro...
- Question 127: Which of the following BEST characterizes a mantrap or deadm...
- Question 128: In a small organization, an employee performs computer opera...
- Question 129: Which of the following types of transmission media provide t...
- Question 130: A data administrator is responsible for:...
- Question 131: During a review of a customer master file, an IS auditor dis...
- Question 132: Which of the following PBX feature supports shared extension...
- Question 133: In a client-server system, which of the following control te...
- Question 134: Which of the following term related to network performance r...
- Question 135: When auditing third-party service providers, an IS auditor s...
- 1 commentQuestion 136: The FIRST step in data classification is to:...
- Question 137: Which of the following device in Frame Relay WAN technique i...
- Question 138: Which of the following is MOST is critical during the busine...
- Question 139: Which of the following BEST describes the necessary document...
- Question 140: What control detects transmission errors by appending calcul...
- Question 141: The FIRST step in managing the risk of a cyber-attack is to:...
- Question 142: Which of the following line media would provide the BEST sec...
- Question 143: Which of the following procedures would MOST effectively det...
- Question 144: IT best practices for the availability and continuity of IT ...
- Question 145: Which of the following is the INCORRECT Layer to Protocol ma...
- Question 146: What would an IS auditor expect to find in the console log?...
- Question 147: Sending a message and a message hash encrypted by the sender...
- Question 148: How does the SSL network protocol provide confidentiality?...
- Question 149: To ensure compliance with a security policy requiring that p...
- Question 150: Which of the following provide(s) near-immediate recoverabil...
- Question 151: An IS auditor should carefully review the functional require...
- Question 152: In a public key infrastructure, a registration authority:...
- Question 153: Which of the following is a network diagnostic tool that mon...
- Question 154: How does the process of systems auditing benefit from using ...
- Question 155: Once an organization has finished the business process reeng...
- Question 156: Which of the following service is a distributed database tha...
- Question 157: Which of the following is the GREATEST risk when implementin...
- Question 158: Which of the following would be of MOST concern to an IS aud...
- Question 159: Which of the following is the most important element in the ...
- Question 160: Which of the following PBX feature allows a PBX to be config...
- Question 161: IT operations for a large organization have been outsourced....
- Question 162: Private Branch Exchange(PBX) environment involves many secur...
- Question 163: Which of the following would be the GREATEST cause for conce...
- Question 164: Which of the following type of a computer network covers a l...
- Question 165: Which of the following will BEST ensure the successful offsh...
- Question 166: In regard to moving an application program from the test env...
- Question 167: When conducting a penetration test of an organization's inte...
- Question 168: Which of the following functionality is NOT performed by the...
- Question 169: As an IS auditor it is very important to understand the impo...
- Question 170: During the audit of an acquired software package, an IS audi...
- Question 171: isk analysis is not always possible because the IS auditor i...
- Question 172: Which of the following fire-suppression methods is considere...
- Question 173: Which of the following is an example of the defense in-depth...
- Question 174: What are trojan horse programs?...
- Question 175: An IS auditor should use statistical sampling and not judgme...
- Question 176: Which of the following is BEST suited for secure communicati...
- Question 177: When should application controls be considered within the sy...
- Question 178: A digital signature contains a message digest to:...
- Question 179: An organization's IS audit charter should specify the:...
- Question 180: What is the most common reason for information systems to fa...
- Question 181: What is an edit check to determine whether a field contains ...
- Question 182: A hub is a device that connects:...
- Question 183: Which of the following Confidentiality, Integrity, Availabil...
- Question 184: When should plans for testing for user acceptance be prepare...
- Question 185: Which of the following layer of an OSI model encapsulates pa...
- Question 186: In an EDI process, the device which transmits and receives e...
- Question 187: Which of the following INCORRECTLY describes the layer funct...
- Question 188: Which of the following controls would be MOST effective in e...
- Question 189: Which significant risk is introduced by running the file tra...
- Question 190: Which audit technique provides the BEST evidence of the segr...
- Question 191: The security level of a private key system depends on the nu...
- Question 192: A check digit is an effective edit check to:...
- Question 193: The IS auditor learns that when equipment was brought into t...
- Question 194: In a public key infrastructure (PKI), the authority responsi...
- Question 195: What can be implemented to provide the highest level of prot...
- Question 196: Confidentiality of the data transmitted in a wireless LAN is...
- Question 197: Which of the following technique is used for speeding up net...
- Question 198: Which of the following is protocol data unit (PDU) of networ...
- Question 199: Which of the following do digital signatures provide?...
- Question 200: An IS auditor performing an application maintenance audit wo...
- Question 201: When implementing an application software package, which of ...
- Question 202: The reliability of an application system's audit trail may b...
- Question 203: Network environments often add to the complexity of program-...
- Question 204: Vendors have released patches fixing security flaws in their...
- Question 205: Which of the following is used to evaluate biometric access ...
- Question 206: Which of the following types of firewalls provide the GREATE...
- Question 207: Who is primarily responsible for storing and safeguarding th...
- Question 208: Within IPSEC which of the following defines security paramet...
- Question 209: Which of the following concerns associated with the World Wi...
- Question 210: The GREATEST risk when end users have access to a database a...
- Question 211: Run-to-run totals can verify data through which stage(s) of ...
- Question 212: To detect attack attempts that the firewall is unable to rec...
- Question 213: The MAIN reason for requiring that all computer clocks acros...
- Question 214: When reviewing an organization's approved software product l...
- Question 215: Which of the following would impair the independence of a qu...
- Question 216: Who is responsible for implementing cost-effective controls ...
- Question 217: Which of the following is a continuity plan test that uses a...
- Question 218: A transaction journal provides the information necessary for...
- Question 219: Overall business risk for a particular threat can be express...
- Question 220: Which of the following systems or tools can recognize that a...
- Question 221: Who is responsible for the overall direction, costs, and tim...
- Question 222: Which of the following attack best describe "Computer is the...
- Question 223: Which of the following controls would provide the GREATEST a...
- Question 224: Electromagnetic emissions from a terminal represent an expos...
- Question 225: An IS auditor has imported data from the client's database. ...
- Question 226: Using the OSI reference model, what layer(s) is/are used to ...
- Question 227: During the audit of a database server, which of the followin...
- Question 228: What is the BEST approach to mitigate the risk of a phishing...
- Question 229: Above almost all other concerns, what often results in the g...
- Question 230: An organization has contracted with a vendor for a turnkey s...
- Question 231: Who is accountable for maintaining appropriate security meas...
- Question 232: The decisions and actions of an IS auditor are MOST likely t...
- Question 233: Which of the following is the GREATEST risk to the effective...
- Question 234: After an IS auditor has identified threats and potential imp...
- Question 235: When using an integrated test facility (ITF), an IS auditor ...
- Question 236: To properly evaluate the collective effect of preventative, ...
- Question 237: What should an IS auditor do if he or she observes that proj...
- Question 238: An IS auditor has identified the lack of an authorization pr...
- Question 239: Which type of major BCP test only requires representatives f...
- Question 240: A number of system failures are occurring when corrections t...
- Question 241: When evaluating the controls of an EDI application, an IS au...
- Question 242: A critical function of a firewall is to act as a:...
- Question 243: Which of the following would be the BEST population to take ...
- Question 244: Who should be responsible for network security operations?...
- Question 245: The PRIMARY objective of a logical access control review is ...
- Question 246: Which of the following layer of the OSI model provides a sta...
- Question 247: The MOST likely explanation for the use of applets in an Int...
- Question 248: What is used to provide authentication of the website and ca...
- Question 249: Which of the following help(s) prevent an organization's sys...
- Question 250: While conducting an audit, an IS auditor detects the presenc...
- Question 251: Which of the following term in business continuity defines t...
- Question 252: Business units are concerned about the performance of a newl...
- Question 253: An advantage of a continuous audit approach is that it can i...
- Question 254: In RFID technology which of the following risk could represe...
- Question 255: In computer forensics, which of the following is the process...
- Question 256: Which of the following is a passive attack to a network?...
- Question 257: An IS auditor finds that client requests were processed mult...
- Question 258: Which of the following exploit vulnerabilities to cause loss...
- Question 259: Which of the following is MOST critical when creating data f...
- Question 260: What is the key distinction between encryption and hashing a...
- Question 261: Batch control reconciliation is a _____________________ (fil...
- Question 262: Proper segregation of duties does not prohibit a quality con...
- Question 263: What type of risk is associated with authorized program exit...
- Question 264: Key verification is one of the best controls for ensuring th...
- Question 265: What type of BCP test uses actual resources to simulate a sy...
- Question 266: After observing suspicious activities in a server, a manager...
- Question 267: When reviewing a hardware maintenance program, an IS auditor...
- Question 268: When is regression testing used to determine whether new app...
- Question 269: What can be used to gather evidence of network attacks?...
- Question 270: Which of the following transmission media is LEAST vulnerabl...
- Question 271: A clerk changed the interest rate for a loan on a master fil...
- Question 272: Mitigating the risk and impact of a disaster or business int...
- Question 273: To determine how data are accessed across different platform...
- Question 274: An investment advisor e-mails periodic newsletters to client...
- Question 275: An IS auditor notes that IDS log entries related to port sca...
- Question 276: Which of the following is a standard secure email protection...
- Question 277: Which of the following database model allow many-to-many rel...
- Question 278: The purpose of business continuity planning and disaster-rec...
- Question 279: Transmitting redundant information with each character or fr...
- Question 280: The network of an organization has been the victim of severa...
- Question 281: Which of the following statement correctly describes differe...
- Question 282: When assessing the design of network monitoring controls, an...
- Question 283: What type of fire-suppression system suppresses fire via wat...
- Question 284: In order to properly protect against unauthorized disclosure...
- Question 285: As an IS auditor it is very important to understand software...
- Question 286: In which of the following RFID risks competitor potentially ...
- Question 287: As an IS auditor, it is very important to make sure all stor...
- Question 288: What increases encryption overhead and cost the most?...
- Question 289: Which of the following should be of PRIMARY concern to an IS...
- Question 290: The PRIMARY objective of service-level management (SLM) is t...
- Question 291: Which of the following is protocol data unit (PDU) of data a...
- Question 292: A manufacturing firm wants to automate its invoice payment s...
- Question 293: Which of the following is a program evaluation review techni...
- Question 294: Security administration procedures require read-only access ...
- Question 295: What process uses test data as part of a comprehensive test ...
- Question 296: Which of the following is of greatest concern when performin...
- Question 297: In which of the following database model is the data organiz...
- Question 298: Which of the following statement INCORRECTLY describes packe...
- Question 299: An auditor needs to be aware of technical controls which are...
- Question 300: Who is responsible for authorizing access level of a data us...
- Question 301: Fourth-Generation Languages (4GLs) are most appropriate for ...
- Question 302: Which of the following protocol is developed jointly by VISA...
- Question 303: When performing an audit of a client relationship management...
- Question 304: Identify the WAN message switching technique being used from...
- Question 305: To ensure message integrity, confidentiality and non-repudia...
- Question 306: When storing data archives off-site, what must be done with ...
- Question 307: In a relational database with referential integrity, the use...
- Question 308: An integrated test facility is considered a useful audit too...
- Question 309: Web and e-mail filtering tools are PRIMARILY valuable to an ...
- Question 310: Which of the following antivirus software implementation str...
- Question 311: ________________ (fill in the blank) should be implemented a...
- Question 312: The PRIMARY purpose of an IT forensic audit is:...
- Question 313: To prevent unauthorized entry to the data maintained in a di...
- Question 314: An IS auditor is performing a network security review of a t...
- Question 315: Which of the following protocol is used for electronic mail ...
- Question 316: Which of the following statement INCORRECTLY describes netwo...
- Question 317: If senior management is not committed to strategic planning,...
- Question 318: Which of the following term related to network performance r...
- Question 319: An intentional or unintentional disclosure of a password is ...
- Question 320: An organization having a number of offices across a wide geo...
- Question 321: When transmitting a payment instruction, which of the follow...
- Question 322: Who is responsible for providing adequate physical and logic...
- Question 323: Which of the following processes should an IS auditor recomm...
- Question 324: Which of the following statements regarding an off-site info...
- Question 325: An IS auditor should know information about different networ...
- Question 326: Which of the following is a management technique that enable...
- Question 327: The MAJOR advantage of a component-based development approac...
- Question 328: Who is ultimately accountable for the development of an IS s...
- Question 329: Which testing approach is MOST appropriate to ensure that in...
- Question 330: An efficient use of public key infrastructure (PKI) should e...
- Question 331: An organization can ensure that the recipients of e-mails fr...
- Question 332: Which of the following should an IS auditor review to determ...
- Question 333: An IS auditor reviewing a proposed application software acqu...
- Question 334: Identify the INCORRECT statement related to network performa...
- Question 335: Passwords should be:
- Question 336: Which of the following would MOST effectively reduce social ...
- Question 337: An organization has recently installed a security patch, whi...
- Question 338: Which of the following is the MOST important action in recov...
- Question 339: Which of the following represents the GREATEST potential ris...
- Question 340: Business Continuity Planning (BCP) is not defined as a prepa...
- Question 341: Which of the following BEST limits the impact of server fail...
- Question 342: When performing an IS strategy audit, an IS auditor should r...
- Question 343: From a risk management point of view, the BEST approach when...
- Question 344: A hacker could obtain passwords without the use of computer ...
- Question 345: Obtaining user approval of program changes is very effective...
- Question 346: Which of the following attack redirects outgoing message fro...
- Question 347: An IS auditor reviewing access controls for a client-server ...
- Question 348: Reconfiguring which of the following firewall types will pre...
- Question 349: A database administrator has detected a performance problem ...
- Question 350: An IS auditor reviewing an accounts payable system discovers...
- Question 351: Who is responsible for restricting and monitoring access of ...
- Question 352: Which of the following type of a computer network is a WAN t...
- Question 353: Why is a clause for requiring source code escrow in an appli...
- Question 354: Which of the following will prevent dangling tuples in a dat...
- Question 355: The PRIMARY purpose of audit trails is to:...
- Question 356: Which of the following would BEST maintain the integrity of ...
- Question 357: What is/are used to measure and ensure proper network capaci...
- Question 358: Which of the following attack involves sending forged ICMP E...
- Question 359: Reverse proxy technology for web servers should be deployed ...
- Question 360: Which of the following BEST describes the role of a director...
- Question 361: Which of the following is a substantive test?...
- Question 362: An appropriate control for ensuring the authenticity of orde...
- Question 363: In auditing a web server, an IS auditor should be concerned ...
- Question 364: IS management has decided to rewrite a legacy customer relat...
- Question 365: To ensure that audit resources deliver the best value to the...
- Question 366: An IS auditor finds out-of-range data in some tables of a da...
- Question 367: By evaluating application development projects against the c...
- Question 368: If an IS auditor observes that individual modules of a syste...
- Question 369: Which of the following would help to ensure the portability ...
- Question 370: Applying a retention date on a file will ensure that:...
- Question 371: How does the digital envelop work? What are the correct step...
- Question 372: Which of the following is a ITU-T standard protocol suite fo...
- Question 373: An IS auditor attempting to determine whether access to prog...
- Question 374: Accountability for the maintenance of appropriate security m...
- Question 375: Which of the following type of lock uses a magnetic or embed...
- Question 376: What is a common vulnerability, allowing denial-of-service a...
- Question 377: Which of the following data validation edits is effective in...
- Question 378: When selecting audit procedures, an IS auditor should use pr...
- Question 379: Which of the following statement INCORRECTLY describes anti-...
- Question 380: As compared to understanding an organization's IT process fr...
- Question 381: An IS auditor examining the configuration of an operating sy...
- Question 382: Which of the following is a data validation edit and control...
- Question 383: Which of the following statement correctly describes the dif...
- Question 384: During an application audit, an IS auditor finds several pro...
- Question 385: An organization is migrating from a legacy system to an ente...
- Question 386: Which of the following is the protocol data unit (PDU) of ap...
- Question 387: Which of the following option INCORRECTLY describes PBX feat...
- Question 388: To determine which users can gain access to the privileged s...
- Question 389: Which of the following layer of an OSI model ensures that me...
- Question 390: The initial step in establishing an information security pro...
- Question 391: Which of the following is the MOST effective control when gr...
- Question 392: What process allows IS management to determine whether the a...
- Question 393: With the help of a security officer, granting access to data...
- Question 394: Which of the following public key infrastructure (PKI) eleme...
- Question 395: Which of the following is often used as a detection and dete...
- Question 396: The implementation of access controls FIRST requires:...
- Question 397: When a new system is to be implemented within a short time f...
- Question 398: The MOST significant level of effort for business continuity...
- Question 399: Off-site data backup and storage should be geographically se...
- Question 400: Which policy helps an auditor to gain a better understanding...
- Question 401: A PRIMARY benefit derived from an organization employing con...
- Question 402: During what process should router access control lists be re...
- Question 403: In which of the following WAN message transmission technique...
- Question 404: Which of the following exposures associated with the spoolin...
- Question 405: With the objective of mitigating the risk and impact of a ma...
- Question 406: In transport mode, the use of the Encapsulating Security Pay...
- Question 407: An IS auditor performing an independent classification of sy...
- Question 408: In which of the following transmission media it is MOST diff...
- Question 409: When reviewing input controls, an IS auditor observes that, ...
- Question 410: Which of the following type of a computer network are variat...
- Question 411: Which of the following is a control over component communica...
- Question 412: An IS auditor is assigned to perform a post implementation r...
- Question 413: The objective of concurrency control in a database system is...
- Question 414: Normally, it would be essential to involve which of the foll...
- Question 415: Which of the following is a prevalent risk in the developmen...
- Question 416: An existing system is being extensively enhanced by extracti...
- Question 417: When reviewing an intrusion detection system (IDS), an IS au...
- Question 418: Which of the following antispam filtering techniques would B...
- Question 419: The feature of a digital signature that ensures the sender c...
- Question 420: Which of the following applet intrusion issues poses the GRE...
- Question 421: Following best practices, formal plans for implementation of...
- Question 422: Of the three major types of off-site processing facilities, ...
- Question 423: The MAIN criterion for determining the severity level of a s...
- Question 424: At the end of the testing phase of software development, an ...
- Question 425: Which of the following term related to network performance r...
- Question 426: What is a data validation edit control that matches input da...
- Question 427: Rather than simply reviewing the adequacy of access control,...
- Question 428: The database administrator (DBA) suggests that DB efficiency...
- Question 429: Which of the following would be the BEST access control proc...
- Question 430: Which of the following is an implementation risk within the ...
- Question 431: An IS auditor is evaluating a corporate network for a possib...
- Question 432: There are many firewall implementations provided by firewall...
- Question 433: What type of approach to the development of organizational p...
- Question 434: When reviewing an organization's logical access security, wh...
- Question 435: What kind of testing should programmers perform following an...
- Question 436: The purpose of code signing is to provide assurance that:...
- Question 437: Which key is used by the sender of a message to create a dig...
- Question 438: A review of wide area network (WAN) usage discovers that tra...
- Question 439: An installed Ethernet cable run in an unshielded twisted pai...
- Question 440: What is the primary objective of a control self-assessment (...
- Question 441: Allowing application programmers to directly patch or change...
- Question 442: When are benchmarking partners identified within the benchma...
- Question 443: The use of object-oriented design and development techniques...
- Question 444: Which of the following provides the MOST relevant informatio...
- Question 445: A company has decided to implement an electronic signature s...
- Question 446: An IS auditor analyzing the audit log of a database manageme...
- Question 447: The MAIN purpose of a transaction audit trail is to:...
- Question 448: In a small organization, developers may release emergency ch...
- Question 449: Identify the correct sequence of Business Process Reengineer...
- Question 450: Proper segregation of duties prevents a computer operator (u...
- Question 451: Business process re-engineering often results in ___________...
- Question 452: An organization has an integrated development environment (I...
- Question 453: If a database is restored from information backed up before ...
- Question 454: An IS auditor should be MOST concerned with what aspect of a...
- Question 455: During a postimplementation review of an enterprise resource...
- Question 456: What are used as the framework for developing logical access...
- Question 457: Which of the following protocol does NOT work at Network int...
- Question 458: Which of the following attack is against computer network an...
- Question 459: When should systems administrators first assess the impact o...
- Question 460: Whenever an application is modified, what should be tested t...
- Question 461: An IS auditor reviewing the key roles and responsibilities o...
- Question 462: There are many types of audit logs analysis tools available ...
- Question 463: Which of the following method should be recommended by secur...
- Question 464: A firewall is being deployed at a new location. Which of the...
- Question 465: In an audit of an inventory application, which approach woul...
- Question 466: Which of the following is a type of computer network used fo...
- Question 467: Which of the following type of network service is used by ne...
- Question 468: When performing a computer forensic investigation, in regard...
- Question 469: During the requirements definition phase of a software devel...
- Question 470: Which of the following is an effective method for controllin...
- Question 471: In computer forensic which of the following describe the pro...
- Question 472: If an IS auditor finds evidence of risk involved in not impl...
- Question 473: An IS auditor reviewing an organization's data file control ...
- Question 474: During the requirements definition phase for a database appl...
- Question 475: A company has recently upgraded its purchase system to incor...
- Question 476: Which of the following attacks targets the Secure Sockets La...
- Question 477: Which of the following protocols would be involved in the im...
- Question 478: Functionality is a characteristic associated with evaluating...
- Question 479: Which of the following attack is MOSTLY performed by an atta...
- Question 480: Identify the network topology from below diagram presented b...
- Question 481: What is an acceptable mechanism for extremely time-sensitive...
- Question 482: Which of the following technique is NOT used by a preacher a...
- Question 483: What is essential for the IS auditor to obtain a clear under...
- Question 484: During a human resources (HR) audit, an IS auditor is inform...
- Question 485: Which of the following would provide the highest degree of s...
- Question 486: A company uses a bank to process its weekly payroll. Time sh...
- Question 487: Which of the following tests is an IS auditor performing whe...
- Question 488: To address a maintenance problem, a vendor needs remote acce...
- Question 489: Which of the following is protocol data unit (PDU) of transp...
- Question 490: Which of the following attack is also known as Time of Check...
- Question 491: To determine who has been given permission to use a particul...
- Question 492: During an IS audit, one of your auditor has observed that so...
- Question 493: When performing an audit of access rights, an IS auditor sho...
- Question 494: An IS auditor is reviewing a project that is using an Agile ...
- Question 495: Why does an IS auditor review an organization chart?...
- Question 496: Which of the following cryptography demands less computation...
- Question 497: The extent to which data will be collected during an IS audi...
- Question 498: An IS auditor conducting an access control review in a clien...
- Question 499: Identify the correct sequence which needs to be followed as ...
- Question 500: Which of the following manages the digital certificate life ...
- Question 501: Function Point Analysis (FPA) provides an estimate of the si...
- Question 502: During Involuntary termination of an employee, which of the ...
- Question 503: After discovering a security vulnerability in a third-party ...
- Question 504: Most access violations are:
- Question 505: What are used as a countermeasure for potential database cor...
- Question 506: Who is ultimately responsible and accountable for reviewing ...
- Question 507: Which of the following ensures a sender's authenticity and a...
- Question 508: Which of the following components is responsible for the col...
- Question 509: The most likely error to occur when implementing a firewall ...
- Question 510: Which of the following would be the MOST cost-effective reco...
- Question 511: When participating in a systems-development project, an IS a...
- Question 512: To protect a VoIP infrastructure against a denial-of-service...
- Question 513: What is the first step in a business process re-engineering ...
- Question 514: ________ (fill in the blank) is/are ultimately accountable f...
- Question 515: While reviewing the IT infrastructure, an IS auditor notices...
- Question 516: The BEST method of proving the accuracy of a system tax calc...
- Question 517: When reviewing print systems spooling, an IS auditor is MOST...
- Question 518: An integrated test facility is not considered a useful audit...
- Question 519: What are often the primary safeguards for systems software a...
- Question 520: Which of the following layer of an OSI model transmits and r...
- Question 521: Receiving an EDI transaction and passing it through the comm...
- Question 522: Which of the following type of network service maps Domain N...
- Question 523: Which of the following is the BEST type of program for an or...
- Question 524: Why is the WAP gateway a component warranting critical conce...
- Question 525: How do modems (modulation/demodulation) function to facilita...
- Question 526: Which of the following functions should be performed by the ...
- Question 527: An off-site processing facility should be easily identifiabl...
- Question 528: Digital signatures require the sender to "sign" the data by ...
- Question 529: Which of the following should be of MOST concern to an IS au...
- Question 530: Over the long term, which of the following has the greatest ...
- Question 531: Which of the following is BEST characterized by unauthorized...
- Question 532: The knowledge base of an expert system that uses questionnai...
- Question 533: Which of the following is the BEST audit procedure to determ...
- Question 534: Which of the following type of honey pot essentially gives a...
- Question 535: Which of the following type of lock uses a numeric keypad or...
- Question 536: Which of the following could lead to an unintentional loss o...
- Question 537: An IS auditor evaluates the test results of a modification t...
- Question 538: The MAJOR advantage of the risk assessment approach over the...
- Question 539: Which of the following statement correctly describes differe...
- Question 540: Which of the following is an advantage of asymmetric crypto ...
- Question 541: An IS auditor is performing an audit of a remotely managed s...
- Question 542: Which of the following biometrics methods provides the HIGHE...
- Question 543: An IS auditor is using a statistical sample to inventory the...
- Question 544: Which of the following would an IS auditor consider to be th...
- Question 545: An IS auditor evaluating logical access controls should FIRS...
- Question 546: Identify the LAN topology from below diagram presented below...
- Question 547: An IS auditor is told by IS management that the organization...
- Question 548: Java applets and ActiveX controls are distributed executable...
- Question 549: Proper segregation of duties prohibits a system analyst from...
- Question 550: Library control software restricts source code to:...
- Question 551: Which of the following type of computer has highest processi...
- Question 552: What determines the strength of a secret key within a symmet...
- Question 553: Which of the following would be the MOST secure firewall sys...
- Question 554: Which of the following is NOT a true statement about public ...
- Question 555: IS auditors are MOST likely to perform compliance tests of i...
- Question 556: Which of the following BEST ensures the integrity of a serve...
- Question 557: Which of the following attack involves slicing small amount ...
- Question 558: Which of the following is the PRIMARY purpose for conducting...
- Question 559: What is an effective control for granting temporary access t...
- Question 560: Which of the following is best suited for searching for addr...
- Question 561: Which of the following statement INCORRECTLY describes devic...
- Question 562: As an IS auditor it is very important to understand software...
- Question 563: Which of the following is the MOST critical and contributes ...
- Question 564: A sequence of bits appended to a digital document that is us...
- Question 565: Whenever business processes have been re-engineered, the IS ...
- Question 566: A benefit of quality of service (QoS) is that the:...
- Question 567: IS management recently replaced its existing wired local are...
- Question 568: Which of the following hardware devices relieves the central...
- Question 569: Which of the following statement is NOT true about smoke det...
- Question 570: The reason a certification and accreditation process is perf...
- Question 571: When performing a database review, an IS auditor notices tha...
- Question 572: COBIT 5 separates information goals into three sub-dimension...
- Question 573: John has been hired to fill a new position in one of the wel...
- Question 574: What can ISPs use to implement inbound traffic filtering as ...
- Question 575: For which of the following applications would rapid recovery...
- Question 576: Neural networks are effective in detecting fraud because the...
- Question 577: The BEST filter rule for protecting a network from being use...
- Question 578: An IS auditor should review the configuration of which of th...
- Question 579: For locations 3a, 1d and 3d, the diagram indicates hubs with...
- Question 580: In the course of performing a risk analysis, an IS auditor h...
- Question 581: Which of the following is a benefit of a risk-based approach...
- Question 582: Which of the following forms of evidence for the auditor wou...
- Question 583: In an IS audit of several critical servers, the IS auditor w...
- Question 584: An organization is using symmetric encryption. Which of the ...
- Question 585: A call-back system requires that a user with an id and passw...
- Question 586: Which of the following statement INCORRECTLY describes Async...
- Question 587: Which of the following statement INCORRECTLY describes circu...
- Question 588: An IS auditor is reviewing access to an application to deter...
- Question 589: A company has implemented a new client-server enterprise res...
- Question 590: Which of the following provides the BEST single-factor authe...
- Question 591: An IS auditor's PRIMARY concern when application developers ...
- Question 592: During a logical access controls review, an IS auditor obser...
- Question 593: Which of the following is an environmental issue caused by e...
- Question 594: The GREATEST advantage of using web services for the exchang...
- Question 595: How is risk affected if users have direct access to a databa...
- Question 596: In large corporate networks having supply partners across th...
- Question 597: During an IS audit, auditor has observed that authentication...
- Question 598: Which of the following is a feature of Wi-Fi Protected Acces...
- Question 599: An IS auditor who has discovered unauthorized transactions d...
- Question 600: During a security audit of IT processes, an IS auditor found...
- Question 601: Which of the following type of an IDS resides on important s...
- Question 602: Which of the following are effective in detecting fraud beca...
- Question 603: Which of the following term related to network performance r...
- Question 604: What is used to develop strategically important systems fast...
- Question 605: During the planning stage of an IS audit, the PRIMARY goal o...
- Question 606: Which of the following is widely accepted as one of the crit...
- Question 607: An advantage in using a bottom-up vs. a top-down approach to...
- Question 608: Which of the following would be the BEST method for ensuring...
- Question 609: Change management procedures are established by IS managemen...
- Question 610: What is the recommended initial step for an IS auditor to im...
- Question 611: Which of the following transmission media uses a transponder...
- Question 612: Which of the following is the MOST effective method for deal...
- Question 613: An information security policy stating that 'the display of ...
- Question 614: During which of the following phases in system development w...
- Question 615: An IS auditor observes a weakness in the tape management sys...
- Question 616: Which of the following is an object-oriented technology char...
- Question 617: What process is used to validate a subject's identity?...
- Question 618: What can be very helpful to an IS auditor when determining t...
- Question 619: Of the three major types of off-site processing facilities, ...
- Question 620: What supports data transmission through split cable faciliti...
- Question 621: The PRIMARY objective of performing a postincident review is...
- Question 622: Database snapshots can provide an excellent audit trail for ...
- Question 623: A TCP/IP-based environment is exposed to the Internet. Which...
- Question 624: In which of the following WAN message transmission technique...
- Question 625: Establishing data ownership is an important first step for w...
- Question 626: Which of the following is a guiding best practice for implem...
- Question 627: Which of the following types of testing would determine whet...
- Question 628: Which of the following statement correctly describes one way...
- Question 629: Which of the following is the INCORRECT "layer - protocol" m...
- Question 630: When evaluating the collective effect of preventive, detecti...
- Question 631: Test and development environments should be separated. True ...
- Question 632: A proposed transaction processing application will have many...
- Question 633: Which of the following term in business continuity determine...
- Question 634: An audit charter should:
- Question 635: What is the MOST effective method of preventing unauthorized...
- Question 636: Which of the following is the unique identifier within and I...
- Question 637: What is a callback system?
- Question 638: Identify the correct sequence of Business Process Reengineer...
- Question 639: Which of the following is an advantage of the top-down appro...
- Question 640: An advantage of using sanitized live transactions in test da...
- Question 641: Which of the following device in Frame Relay WAN technique i...
- Question 642: Which of the following online auditing techniques is most ef...
- Question 643: What is used as a control to detect loss, corruption, or dup...
- Question 644: Which of the following best characterizes "worms"?...
- Question 645: Which of the following is the PRIMARY safeguard for securing...
- Question 646: What often results in project scope creep when functional re...
- Question 647: An IS auditor should recommend the use of library control so...
- Question 648: An organization has outsourced its help desk. Which of the f...
- Question 649: As described at security policy, the CSO implemented an e-ma...
- Question 650: What topology provides the greatest redundancy of routes and...
- Question 651: During the system testing phase of an application developmen...
- Question 652: When should an application-level edit check to verify that a...
- Question 653: When reviewing the configuration of network devices, an IS a...
- Question 654: To verify that the correct version of a data file was used f...
- Question 655: Which of the following functionality is NOT supported by SSL...
- Question 656: What must an IS auditor understand before performing an appl...
- Question 657: A decision support system (DSS):...
- Question 658: Which of the following cryptography is based on practical ap...
- Question 659: A LAN administrator normally would be restricted from:...
- Question 660: Disabling which of the following would make wireless local a...
- Question 661: Which of the following is a benefit of using callback device...
- Question 662: The BEST way to minimize the risk of communication failures ...
- Question 663: A hardware control that helps to detect errors when data are...
- Question 664: Which of the following is an advantage of an integrated test...
- Question 665: Which of the following is NOT a disadvantage of Single Sign ...
- Question 666: What is often assured through table link verification and re...
- Question 667: If a programmer has update access to a live system, IS audit...
- Question 668: As an auditor it is very important to ensure confidentiality...
- Question 669: While planning an audit, an assessment of risk should be mad...
- Question 670: Which of the following is of greatest concern to the IS audi...
- Question 671: There are many known weaknesses within an Intrusion Detectio...
- Question 672: Which of the following can degrade network performance?...
- Question 673: Which of the following attacks could capture network user pa...
- Question 674: After identifying potential security vulnerabilities, what s...
- Question 675: Which of the following is the most fundamental step in preve...
- Question 676: Which of the following comparisons are used for identificati...
- Question 677: Assuming this diagram represents an internal facility and th...
- Question 678: What is an initial step in creating a proper firewall policy...
- Question 679: Active radio frequency ID (RFID) tags are subject to which o...
- Question 680: Which of the following malware technical fool's malware by a...
- Question 681: When reviewing procedures for emergency changes to programs,...
- Question 682: Which of the following process consist of identification and...
- Question 683: Which of the following would be considered an essential feat...
- Question 684: Which of the following is a passive attack method used by in...
- Question 685: Which of the following processes are performed during the de...
- Question 686: Which of the following exposures could be caused by a line g...
- Question 687: During the review of a web-based software development projec...
- Question 688: If an IS auditor observes that an IS department fails to use...
- Question 689: What is the primary security concern for EDI environments?...
- Question 690: Which of the following type of computer is a large, general ...
- Question 691: In planning an audit, the MOST critical step is the identifi...
- Question 692: When auditing a proxy-based firewall, an IS auditor should:...
- Question 693: A virtual private network (VPN) provides data confidentialit...
- Question 694: The application systems of an organization using open-source...
- Question 695: Which of the following type of a computer network covers a b...
- Question 696: Which of the following would provide the BEST protection aga...
- Question 697: Which of the following ensures confidentiality of informatio...
- Question 698: When reviewing the implementation of a LAN, an IS auditor sh...
- Question 699: In which of the following database models is the data repres...
- Question 700: During the testing of the business continuity plan (BCP), wh...
- Question 701: A substantive test to verify that tape library inventory rec...
- Question 702: Authentication techniques for sending and receiving data bet...
- Question 703: Identify the network topology from below diagram presented b...
- Question 704: Which of the following would be an indicator of the effectiv...
- Question 705: Which of the following is penetration test where the penetra...
- Question 706: Which of the following system and data conversion strategies...
- Question 707: Which of the following would prevent accountability for an a...
- Question 708: The quality of the metadata produced from a data warehouse i...
- Question 709: Who is ultimately responsible for providing requirement spec...
- Question 710: Which are the two primary types of scanner used for protecti...
- Question 711: Functional acknowledgements are used:...
- Question 712: Which of the following should be a concern to an IS auditor ...
- Question 713: What type of cryptosystem is characterized by data being enc...
- Question 714: An IS auditor reviews an organizational chart PRIMARILY for:...
- Question 715: Which of the following reports should an IS auditor use to c...
- Question 716: To affix a digital signature to a message, the sender must f...
- Question 717: Any changes in systems assets, such as replacement of hardwa...
- Question 718: What does PKI use to provide some of the strongest overall c...
- Question 719: Which of the following user profiles should be of MOST conce...
- Question 720: Which of the following is the MOST critical step in planning...
- Question 721: In what way is a common gateway interface (CGI) MOST often u...
- Question 722: Which of the following statements pertaining to IPSec is inc...
- Question 723: The use of statistical sampling procedures helps minimize:...
- Question 724: During maintenance of a relational database, several values ...
- Question 725: What kind of protocols does the OSI Transport Layer of the T...
- Question 726: An IS auditor performing a review of an application's contro...
- Question 727: Which of the following systems-based approaches would a fina...
- Question 728: Which of the following can help detect transmission errors b...
- Question 729: What should IS auditors always check when auditing password ...
- Question 730: Which of the following will help detect changes made by an i...
- Question 731: What is a reliable technique for estimating the scope and co...
- Question 732: An organization is implementing a new system to replace a le...
- Question 733: Which of the following INCORRECTLY describes the layer funct...
- Question 734: Company.com has contracted with an external consulting firm ...
- Question 735: Which of the following network components is PRIMARILY set u...
- Question 736: Which of the following devices extends the network and has t...
- Question 737: A database administrator is responsible for:...
- Question 738: Which of the following PBX feature provides the possibility ...
- Question 739: The phases and deliverables of a system development life cyc...
- Question 740: Which of the following types of firewalls would BEST protect...
- Question 741: What uses questionnaires to lead the user through a series o...
- Question 742: While evaluating logical access control the IS auditor shoul...
- Question 743: Which of the following satisfies a two-factor user authentic...
- Question 744: What is a primary high-level goal for an auditor who is revi...
- Question 745: What are intrusion-detection systems (IDS) primarily used fo...
- Question 746: A web server is attacked and compromised. Which of the follo...
- Question 747: Diskless workstation is an example of:...
- Question 748: In a public key infrastructure (PKI), which of the following...
- Question 749: An IS auditor notes that patches for the operating system us...
- Question 750: What type(s) of firewalls provide(s) the greatest degree of ...
- Question 751: An organization provides information to its supply chain par...
- Question 752: Which of the following type of IDS has self-learning functio...
- Question 753: A malicious code that changes itself with each file it infec...
- Question 754: During the development of an application, the quality assura...
- Question 755: Atomicity enforces data integrity by ensuring that a transac...
- Question 756: The computer security incident response team (CSIRT) of an o...
- Question 757: Which of the following is an advantage of prototyping?...
- Question 758: Digital signatures require the:...
- Question 759: Which of the following term in business continuity determine...
- Question 760: To prevent IP spoofing attacks, a firewall should be configu...
- Question 761: Which of the following attack includes social engineering, l...
- Question 762: An IS auditor reviewing a database application discovers tha...
- Question 763: Which of the following term related to network performance r...
- Question 764: Although BCP and DRP are often implemented and tested by mid...
- Question 765: Which of the following typically focuses on making alternati...
- Question 766: When installing an intrusion detection system (IDS), which o...
- Question 767: What is an effective countermeasure for the vulnerability of...
- Question 768: Failure in which of the following testing stages would have ...
- Question 769: An IS auditor is reviewing the remote access methods of a co...
- Question 770: How is the risk of improper file access affected upon implem...
