CISA Exam Dumps | An IS auditor recommends that an initial validation control be programmed into a credit card transaction

Valid CISA Dumps shared by ExamDiscuss.com for Helping Passing CISA Exam! ExamDiscuss.com now offer the newest CISA exam dumps, the ExamDiscuss.com CISA exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CISA dumps with Test Engine here:

Access CISA Dumps Premium Version
(1435 Q&As Dumps, 35%OFF Special Discount Code: freecram)

<< Prev Question Next Question >>

Question 278/803

An IS auditor recommends that an initial validation control be programmed into a credit card transaction capture application. The initial validation process would MOST likely:

A. check to ensure that the type of transaction is valid for the card type.

B. verify the format of the number entered then locate it on the database.

C. ensure that the transaction entered is within the cardholder's credit limit.

D. confirm that the card is not shown as lost or stolen on the master file.

Question List (803q): Question 1: Which of the following processes are performed during the de...; Question 2: Responsibility and reporting lines cannot always be establis...; Question 3: Which of the following user profiles should be of MOST conce...; Question 4: To affix a digital signature to a message, the sender must f...; Question 5: What process allows IS management to determine whether the a...; Question 6: The GREATEST risk when end users have access to a database a...; Question 7: In which of the following database models is the data repres...; Question 8: Which of the following is the BEST way to satisfy a two-fact...; Question 9: Which of the following is BEST suited for secure communicati...; Question 10: Which of the following should concern an IS auditor when rev...; Question 11: Which of the following environmental controls is appropriate...; Question 12: Which of the following virus prevention techniques can be im...; Question 13: What is used to develop strategically important systems fast...; Question 14: Which of the following cryptography options would increase o...; Question 15: Which of the following database controls would ensure that t...; Question 16: Which of the following is the MOST effective control over vi...; Question 17: A company has recently upgraded its purchase system to incor...; Question 18: Which of the following is the GREATEST advantage of elliptic...; Question 19: Which of the following attack is against computer network an...; Question 20: Which of the following would MOST effectively reduce social ...; Question 21: Assuming this diagram represents an internal facility and th...; Question 22: Which of the following is the MOST reliable sender authentic...; Question 23: Which of the following BEST describes the role of a director...; Question 24: Proper segregation of duties does not prohibit a quality con...; Question 25: When should plans for testing for user acceptance be prepare...; Question 26: Which of the following tests performed by an IS auditor woul...; Question 27: Transmitting redundant information with each character or fr...; Question 28: During an audit of a business continuity plan (BCP), an IS a...; Question 29: What should IS auditors always check when auditing password ...; Question 30: Which of the following would be considered an essential feat...; Question 31: The PRIMARY objective of a logical access control review is ...; Question 32: In an online banking application, which of the following wou...; Question 33: Which of the following type of network service is used by ne...; Question 34: Which of the following activities should the business contin...; Question 35: At a hospital, medical personal carry handheld computers whi...; Question 36: Which of the following layer in an enterprise data flow arch...; Question 37: What is an acceptable mechanism for extremely time-sensitive...; Question 38: Use of asymmetric encryption in an internet e-commerce site,...; Question 39: While copying files from a floppy disk, a user introduced a ...; Question 40: An IS auditor finds out-of-range data in some tables of a da...; Question 41: Change management procedures are established by IS managemen...; Question 42: How does the digital envelop work? What are the correct step...; Question 43: After an IS auditor has identified threats and potential imp...; Question 44: What should regression testing use to obtain accurate conclu...; Question 45: When a new system is to be implemented within a short time f...; Question 46: Which of the following is a dynamic analysis tool for the pu...; Question 47: Which of the following statement correctly describes the dif...; Question 48: Proper segregation of duties prevents a computer operator (u...; Question 49: Which of the following is a distinctive feature of the Secur...; Question 50: Which of the following is NOT a disadvantage of Single Sign ...; Question 51: Which of the following fire suppression systems is MOST appr...; Question 52: An IS auditor reviewing an organization's data file control ...; Question 53: Which of the following should an IS auditor review to determ...; Question 54: Which of the following layer of an enterprise data flow arch...; Question 55: Which of the following is an appropriate test method to appl...; Question 56: To ensure message integrity, confidentiality and non-repudia...; Question 57: What is the recommended initial step for an IS auditor to im...; Question 58: The responsibility for authorizing access to application dat...; Question 59: The role of the certificate authority (CA) as a third party ...; Question 60: What type of risk is associated with authorized program exit...; Question 61: Which of the following should be a concern to an IS auditor ...; Question 62: Which of the following term in business continuity defines t...; Question 63: Which of the following is the PRIMARY safeguard for securing...; Question 64: In which of the following situations is it MOST appropriate ...; Question 65: Which of the following message services provides the stronge...; Question 66: An organization can ensure that the recipients of e-mails fr...; Question 67: During an audit of the logical access control of an ERP fina...; Question 68: Which of the following statement correctly describes the dif...; Question 69: An IS auditor reviewing the implementation of an intrusion d...; Question 70: An organization has been recently downsized, in light of thi...; Question 71: In order to properly protect against unauthorized disclosure...; Question 72: Which of the following antivirus software implementation str...; Question 73: Identify the LAN topology from below diagram presented below...; Question 74: Which of the following implementation modes would provide th...; Question 75: What process is used to validate a subject's identity?...; Question 76: An IS auditor notes that IDS log entries related to port sca...; Question 77: Which of the following intrusion detection systems (IDSs) mo...; Question 78: What is used to provide authentication of the website and ca...; Question 79: Which of the following append themselves to files as a prote...; Question 80: An IS auditor should recommend the use of library control so...; Question 81: A company is implementing a dynamic host configuration proto...; Question 82: During the system testing phase of an application developmen...; Question 83: During the testing of the business continuity plan (BCP), wh...; Question 84: Which of the following would BEST maintain the integrity of ...; Question 85: Which of the following is a prevalent risk in the developmen...; Question 86: Which of the following transmission media is MOST difficult ...; Question 87: Which of the following attack is also known as Time of Check...; Question 88: Which of the following intrusion detection systems (IDSs) wi...; Question 89: An organization is disposing of a number of laptop computers...; Question 90: Once an organization has finished the business process reeng...; Question 91: Who is accountable for maintaining appropriate security meas...; Question 92: What would be the MOST effective control for enforcing accou...; Question 93: Which of the following is a feature of an intrusion detectio...; Question 94: Which of the following term related to network performance r...; Question 95: An IS auditor notes that patches for the operating system us...; Question 96: A virtual private network (VPN) provides data confidentialit...; Question 97: During a postimplementation review of an enterprise resource...; Question 98: Which of the following attack best describe "Computer is the...; Question 99: Which of the following is a practice that should be incorpor...; Question 100: Which of the following exposures associated with the spoolin...; Question 101: Which of the following provides the framework for designing ...; Question 102: Which of the following statement correctly describes the dif...; Question 103: Which of the following layer of an enterprise data flow arch...; Question 104: During the requirements definition phase of a software devel...; Question 105: How does the process of systems auditing benefit from using ...; Question 106: An IS auditor reviewing digital rights management (DRM) appl...; Question 107: Digital signatures require the sender to "sign" the data by ...; Question 108: Which of the following processes should an IS auditor recomm...; Question 109: Who is mainly responsible for protecting information assets ...; Question 110: An IS auditor performing a telecommunication access control ...; Question 111: Which of the following device in Frame Relay WAN technique i...; Question 112: Which of the following would be the BEST method for ensuring...; Question 113: In a relational database with referential integrity, the use...; Question 114: Which of the following line media would provide the BEST sec...; Question 115: An IS auditor who has discovered unauthorized transactions d...; Question 116: Which of the following provides nonrepudiation services for ...; Question 117: Which of the following is the MOST reasonable option for rec...; Question 118: As compared to understanding an organization's IT process fr...; Question 119: In an online transaction processing system, data integrity i...; Question 120: IS management recently replaced its existing wired local are...; Question 121: Which of the following statement correctly describes one way...; Question 122: What protects an application purchaser's ability to fix or c...; Question 123: During a human resources (HR) audit, an IS auditor is inform...; Question 124: Which of the following layer of an enterprise data flow arch...; Question 125: When reviewing an implementation of a VoIP system over a cor...; Question 126: In an EDI process, the device which transmits and receives e...; Question 127: Which of the following is NOT a true statement about public ...; Question 128: Which of the following ACID property in DBMS requires that e...; Question 129: Which of the following term in business continuity determine...; Question 130: During a business continuity audit an IS auditor found that ...; Question 131: Which of the following is MOST critical when creating data f...; Question 132: If an IS auditor finds evidence of risk involved in not impl...; Question 133: Which of the following are effective in detecting fraud beca...; Question 134: An organization has a mix of access points that cannot be up...; Question 135: Which of the following PBX feature allows a PBX to be config...; Question 136: An IS auditor noted that an organization had adequate busine...; Question 137: There are several types of penetration tests depending upon ...; Question 138: As described at security policy, the CSO implemented an e-ma...; Question 139: Which of the following must exist to ensure the viability of...; Question 140: When reviewing system parameters, an IS auditor's PRIMARY co...; Question 141: Confidentiality of the data transmitted in a wireless LAN is...; Question 142: Which of the following layer of an enterprise data flow arch...; Question 143: Which of the following type of an IDS resides on important s...; Question 144: Which of the following acts as a decoy to detect active inte...; Question 145: An IS auditor has audited a business continuity plan (BCP). ...; Question 146: When installing an intrusion detection system (IDS), which o...; Question 147: Which of the following term describes a failure of an electr...; Question 148: Which of the following is a type of computer network used fo...; Question 149: After installing a network, an organization installed a vuln...; Question 150: Which testing approach is MOST appropriate to ensure that in...; Question 151: Which of the following methods of providing telecommunicatio...; Question 152: Test and development environments should be separated. True ...; Question 153: Which of the following term related to network performance r...; Question 154: Which of the following is the MOST effective type of antivir...; Question 155: What determines the strength of a secret key within a symmet...; Question 156: Which of the following is an advantage of the top-down appro...; Question 157: Which of the following would be BEST prevented by a raised f...; Question 158: Which of the following is a benefit of using callback device...; Question 159: By evaluating application development projects against the c...; Question 160: Which of the following cryptography demands less computation...; Question 161: When auditing a disaster recovery plan for a critical busine...; Question 162: To address an organization's disaster recovery requirements,...; Question 163: When two or more systems are integrated, input/output contro...; Question 164: In the 2c area of the diagram, there are three hubs connecte...; Question 165: An organization has a number of branches across a wide geogr...; Question 166: In addition to the backup considerations for all systems, wh...; Question 167: Which of the following concerns associated with the World Wi...; Question 168: Which of the following is the BEST audit procedure to determ...; Question 169: An existing system is being extensively enhanced by extracti...; Question 170: Which of the following is best suited for searching for addr...; Question 171: Identify the correct sequence of Business Process Reengineer...; Question 172: To detect attack attempts that the firewall is unable to rec...; Question 173: Which of the following help(s) prevent an organization's sys...; Question 174: Accountability for the maintenance of appropriate security m...; Question 175: IS management has decided to install a level 1 Redundant Arr...; Question 176: Disaster recovery planning (DRP) addresses the:...; Question 177: Which of the following controls would be MOST effective in e...; Question 178: Which of the following statement INCORRECTLY describes circu...; Question 179: The specific advantage of white box testing is that it:...; Question 180: Who is primarily responsible for storing and safeguarding th...; Question 181: For locations 3a, 1d and 3d, the diagram indicates hubs with...; Question 182: Which of the following is the MOST reliable form of single f...; Question 183: During an IS audit, one of your auditor has observed that so...; Question 184: Input/output controls should be implemented for which applic...; Question 185: Organizations should use off-site storage facilities to main...; Question 186: Users are issued security tokens to be used in combination w...; Question 187: Which of the following functions should be performed by the ...; Question 188: Which of the following is a general operating system access ...; Question 189: Which of the following is a technique that could be used to ...; Question 190: An organization's disaster recovery plan should address earl...; Question 191: Which of the following is an environmental issue caused by e...; Question 192: When should reviewing an audit client's business plan be per...; Question 193: The BEST way to minimize the risk of communication failures ...; Question 194: An advantage of a continuous audit approach is that it can i...; Question 195: Which of the following would be the MOST secure firewall sys...; Question 196: Which of the following is widely accepted as one of the crit...; Question 197: Time constraints and expanded needs have been found by an IS...; Question 198: Which of the following data validation edits is effective in...; Question 199: During a logical access controls review, an IS auditor obser...; Question 200: An IS auditor is performing a network security review of a t...; Question 201: Which of the following level in CMMI model focuses on proces...; Question 202: In which of the following database model is the data organiz...; Question 203: What method might an IS auditor utilize to test wireless sec...; Question 204: A structured walk-through test of a disaster recovery plan i...; Question 205: Which of the following testing method examines the functiona...; Question 206: Which of the following is the MOST important objective of da...; Question 207: The PRIMARY objective of business continuity and disaster re...; Question 208: Who is responsible for restricting and monitoring access of ...; Question 209: The PRIMARY goal of a web site certificate is:...; Question 210: Which of the following is a passive attack to a network?...; Question 211: The computer security incident response team (CSIRT) of an o...; Question 212: Which of the following statement INCORRECTLY describes anti-...; Question 213: The PRIMARY objective of Secure Sockets Layer (SSL) is to en...; Question 214: Which of the following would MOST effectively enhance the se...; Question 215: Which of the following procedures would MOST effectively det...; Question 216: Disaster recovery planning (DRP) for a company's computer sy...; Question 217: An efficient use of public key infrastructure (PKI) should e...; Question 218: An integrated test facility is not considered a useful audit...; Question 219: Structured programming is BEST described as a technique that...; Question 220: Why is the WAP gateway a component warranting critical conce...; Question 221: When reviewing input controls, an IS auditor observes that, ...; Question 222: The MOST important success factor in planning a penetration ...; Question 223: Which of the following term related to network performance r...; Question 224: The most common problem in the operation of an intrusion det...; Question 225: An IS auditor reviewing a database application discovers tha...; Question 226: Am advantage of the use of hot sites as a backup alternative...; Question 227: Which of the following attack involves sending forged ICMP E...; Question 228: Which of the following provides the MOST relevant informatio...; Question 229: Which of the following is the MOST critical step in planning...; Question 230: Over the long term, which of the following has the greatest ...; Question 231: To prevent IP spoofing attacks, a firewall should be configu...; Question 232: The MOST effective control for reducing the risk related to ...; Question 233: While reviewing the IT infrastructure, an IS auditor notices...; Question 234: A data center has a badge-entry system. Which of the followi...; Question 235: Vendors have released patches fixing security flaws in their...; Question 236: Security administration procedures require read-only access ...; Question 237: During which of the following phases in system development w...; Question 238: Which of the following controls would be the MOST comprehens...; Question 239: A technical lead who was working on a major project has left...; Question 240: During Involuntary termination of an employee, which of the ...; Question 241: A digital signature contains a message digest to:...; Question 242: ISO 9126 is a standard to assist in evaluating the quality o...; Question 243: Which of the following procedures would BEST determine wheth...; Question 244: If inadequate, which of the following would be the MOST like...; Question 245: Who is responsible for implementing cost-effective controls ...; Question 246: As an IS auditor it is very important to understand the impo...; Question 247: When reviewing the configuration of network devices, an IS a...; Question 248: Who is responsible for the overall direction, costs, and tim...; Question 249: When transmitting a payment instruction, which of the follow...; Question 250: An organization is implementing a new system to replace a le...; Question 251: Which of the following is of greatest concern to the IS audi...; Question 252: Which of the following attacks could capture network user pa...; Question 253: The purpose of a deadman door controlling access to a comput...; Question 254: What type of approach to the development of organizational p...; Question 255: An IS auditor doing penetration testing during an audit of i...; Question 256: Of the following alternatives, the FIRST approach to develop...; Question 257: During an audit of a telecommunications system, an IS audito...; Question 258: Batch control reconciliation is a _____________________ (fil...; Question 259: Which of the following provides the GREATEST assurance of me...; Question 260: What are trojan horse programs?...; Question 261: Private Branch Exchange(PBX) environment involves many secur...; Question 262: The MAIN criterion for determining the severity level of a s...; Question 263: Which of the following attack could be avoided by creating m...; Question 264: The BEST overall quantitative measure of the performance of ...; Question 265: In a public key infrastructure (PKI), which of the following...; Question 266: An IS auditor finds that, at certain times of the day, the d...; Question 267: What is a risk associated with attempting to control physica...; Question 268: During an application audit, an IS auditor finds several pro...; Question 269: Which of the following statement is NOT true about Voice-Ove...; Question 270: Which of the following would be of MOST concern to an IS aud...; Question 271: Which of the following statement correctly describes differe...; Question 272: IS management has decided to rewrite a legacy customer relat...; Question 273: Which of the following type of a computer network covers a l...; Question 274: A company undertakes a business process reengineering (BPR) ...; Question 275: A database administrator is responsible for:...; Question 276: An offsite information processing facility:...; Question 277: Which of the following type of lock uses a magnetic or embed...; Question 278: An IS auditor recommends that an initial validation control ...; Question 279: The purpose of code signing is to provide assurance that:...; Question 280: Which of the following statement INCORRECTLY describes netwo...; Question 281: Which of the following would BEST support 24/7 availability?...; Question 282: The MAIN reason for requiring that all computer clocks acros...; Question 283: The Secure Sockets Layer (SSL) protocol addresses the confid...; Question 284: Which of the following PBX feature provides the possibility ...; Question 285: An IS auditor reviewing access controls for a client-server ...; Question 286: Which of the following is the INCORRECT Layer to Protocol ma...; Question 287: Which of the following is an example of a passive attack ini...; Question 288: When reviewing procedures for emergency changes to programs,...; Question 289: Which of the following would prevent unauthorized changes to...; Question 290: An information security policy stating that 'the display of ...; Question 291: The logical exposure associated with the use of a checkpoint...; Question 292: Business Continuity Planning (BCP) is not defined as a prepa...; Question 293: E-mail message authenticity and confidentiality is BEST achi...; Question 294: A live test of a mutual agreement for IT system recovery has...; Question 295: Which of the following attack occurs when a malicious action...; Question 296: The technique used to ensure security in virtual private net...; Question 297: Which of the following presents an inherent risk with no dis...; Question 298: Distributed denial-of-service (DDOS) attacks on Internet sit...; Question 299: A PRIMARY benefit derived from an organization employing con...; Question 300: Which of the following transmission media is LEAST vulnerabl...; Question 301: An IS auditor reviewing an accounts payable system discovers...; Question 302: Rather than simply reviewing the adequacy of access control,...; Question 303: When developing a disaster recovery plan, the criteria for d...; Question 304: When planning an audit of a network setup, an IS auditor sho...; Question 305: A lower recovery time objective (RTO) results in:...; Question 306: Which of the following service is a distributed database tha...; Question 307: Which of the following provides the BEST single-factor authe...; Question 308: During the review of a biometrics system operation, an IS au...; Question 309: Which of the following ensures a sender's authenticity and a...; Question 310: A disaster recovery plan for an organization should:...; Question 311: Which of the following layer of an OSI model responsible for...; Question 312: What should be the GREATEST concern to an IS auditor when em...; Question 313: Which of the following satisfies a two-factor user authentic...; Question 314: When evaluating the controls of an EDI application, an IS au...; Question 315: An IS auditor inspected a windowless room containing phone s...; Question 316: Digital signatures require the:...; Question 317: When performing an IS strategy audit, an IS auditor should r...; Question 318: Which of the following components is responsible for the col...; Question 319: Which of the following uses a prototype that can be updated ...; Question 320: The GREATEST advantage of rapid application development (RAD...; Question 321: Which of the following types of transmission media provide t...; Question 322: Which of the following statement correctly describes differe...; Question 323: An IS auditor observes a weakness in the tape management sys...; Question 324: When should application controls be considered within the sy...; Question 325: Which of the following tasks should be performed FIRST when ...; Question 326: An organization is using an enterprise resource management (...; Question 327: Which of the following network configuration options contain...; Question 328: Which of the following protocol is PRIMARILY used to provide...; Question 329: Which of the following is a control over component communica...; Question 330: IS management is considering a Voice-over Internet Protocol ...; Question 331: Which of the following systems or tools can recognize that a...; Question 332: In a contract with a hot, warm or cold site, contractual pro...; Question 333: A review of wide area network (WAN) usage discovers that tra...; Question 334: Which of the following is a network diagnostic tool that mon...; Question 335: Identify the correct sequence of Business Process Reengineer...; Question 336: Which of the following is the MOST effective control when gr...; Question 337: Which of the following biometrics methods provides the HIGHE...; Question 338: What type of risk results when an IS auditor uses an inadequ...; Question 339: An organization is using symmetric encryption. Which of the ...; Question 340: Which of the following layer from an enterprise data flow ar...; Question 341: A hot site should be implemented as a recovery strategy when...; Question 342: Proper segregation of duties prohibits a system analyst from...; Question 343: Which of the following can degrade network performance?...; Question 344: Which of the following internet security threats could compr...; Question 345: The difference between a vulnerability assessment and a pene...; Question 346: A company has implemented a new client-server enterprise res...; Question 347: An IS auditor examining the configuration of an operating sy...; Question 348: Which of the following type of computer is a large, general ...; Question 349: Which of the following would impair the independence of a qu...; Question 350: Which of the following represents the GREATEST potential ris...; Question 351: An IS auditor performing an independent classification of sy...; Question 352: Which of the following statement correctly describes the dif...; Question 353: The feature of a digital signature that ensures the sender c...; Question 354: To ensure authentication, confidentiality and integrity of a...; Question 355: In a client-server architecture, a domain name service (DNS)...; Question 356: Identify the correct sequence which needs to be followed as ...; Question 357: An advantage in using a bottom-up vs. a top-down approach to...; Question 358: An organization has recently installed a security patch, whi...; Question 359: The MOST effective biometric control system is the one:...; Question 360: What is often assured through table link verification and re...; Question 361: Sending a message and a message hash encrypted by the sender...; Question 362: Management considered two projections for its business conti...; Question 363: Which of the following is the BEST method for preventing the...; Question 364: When reviewing a hardware maintenance program, an IS auditor...; Question 365: Which of the following is the MOST important action in recov...; Question 366: Regarding a disaster recovery plan, the role of an IS audito...; Question 367: Which of the following protocol uses serial interface for co...; Question 368: Which of the following attack is MOSTLY performed by an atta...; Question 369: What can be implemented to provide the highest level of prot...; Question 370: Which of the following layer of an enterprise data flow arch...; Question 371: A number of system failures are occurring when corrections t...; Question 372: Which of the following statements regarding an off-site info...; Question 373: Which of the following BEST limits the impact of server fail...; Question 374: The objective of concurrency control in a database system is...; Question 375: An IS auditor performing an application maintenance audit wo...; Question 376: Which of the following physical access controls effectively ...; Question 377: A firm is considering using biometric fingerprint identifica...; Question 378: Which of the following is of greatest concern when performin...; Question 379: Which of the following controls would provide the GREATEST a...; Question 380: Which of the following is protocol data unit (PDU) of data a...; Question 381: Which of the following is the dominating objective of BCP an...; Question 382: Which of the following layer of an OSI model controls dialog...; Question 383: Which of the following is a project management technique for...; Question 384: The MOST likely explanation for a successful social engineer...; Question 385: Which of the following BEST reduces the ability of one devic...; Question 386: The MOST important difference between hashing and encryption...; Question 387: If a database is restored from information backed up before ...; Question 388: The GREATEST benefit in implementing an expert system is the...; Question 389: An organization provides information to its supply chain par...; Question 390: Which of the following layer of an enterprise data flow arch...; Question 391: The PRIMARY purpose of audit trails is to:...; Question 392: Which of the following would be the MOST significant audit f...; Question 393: Which of the following Confidentiality, Integrity, Availabil...; Question 394: Which of the following statement INCORRECTLY describes packe...; Question 395: As an IS auditor it is very important to understand software...; Question 396: Which of the following would an IS auditor consider to be th...; Question 397: When developing a business continuity plan (BCP), which of t...; Question 398: E-mail traffic from the Internet is routed via firewall-1 to...; Question 399: Which of the following cryptography is based on practical ap...; Question 400: Which of the following statement INCORRECTLY describes Async...; Question 401: After discovering a security vulnerability in a third-party ...; Question 402: Which of the following would be the BEST overall control for...; Question 403: An IS auditor should carefully review the functional require...; Question 404: An offsite information processing facility with electrical w...; Question 405: Which of the following method is recommended by security pro...; Question 406: Which of the following is a sophisticated computer based swi...; Question 407: Which of the following would help to ensure the portability ...; Question 408: The MAJOR advantage of a component-based development approac...; Question 409: Which of the following is a software application that preten...; Question 410: An IS auditor performing a review of the backup processing f...; Question 411: Using the OSI reference model, what layer(s) is/are used to ...; Question 412: Which of the following type of lock uses a numeric keypad or...; Question 413: Which of the following biometrics has the highest reliabilit...; Question 414: As an IS auditor it is very important to understand software...; Question 415: To determine which users can gain access to the privileged s...; Question 416: An IS auditor reviewing the key roles and responsibilities o...; Question 417: An IS auditor finds that a DBA has read and write access to ...; Question 418: Which of the following is the MOST important criterion when ...; Question 419: Which of the following is a ITU-T standard protocol suite fo...; Question 420: Which of the following protocol is developed jointly by VISA...; Question 421: Which of the following layer of an OSI model ensures that me...; Question 422: Which of the following is the BEST way to handle obsolete ma...; Question 423: Ensuring that security and control policies support business...; Question 424: To ensure compliance with a security policy requiring that p...; Question 425: COBIT 5 separates information goals into three sub-dimension...; Question 426: An organization has implemented a disaster recovery plan. Wh...; Question 427: Identify the WAN message switching technique being used from...; Question 428: Which of the following provide(s) near-immediate recoverabil...; Question 429: Which of the following is the MOST critical and contributes ...; Question 430: An off-site processing facility should be easily identifiabl...; Question 431: When conducting a penetration test of an organization's inte...; Question 432: Off-site data backup and storage should be geographically se...; Question 433: Which of the following is the BEST type of program for an or...; Question 434: In computer forensic which of the following describe the pro...; Question 435: Which of the following devices extends the network and has t...; Question 436: Applying a retention date on a file will ensure that:...; Question 437: An organization is considering connecting a critical PC-base...; Question 438: A penetration test performed as part of evaluating network s...; Question 439: Which of the following software development methods is based...; Question 440: The PRIMARY objective of service-level management (SLM) is t...; Question 441: The PRIMARY purpose of a business impact analysis (BIA) is t...; Question 442: To develop a successful business continuity plan, end user i...; Question 443: Which of the following provides the BEST evidence of an orga...; Question 444: Which of the following is the MOST robust method for disposi...; Question 445: Functionality is a characteristic associated with evaluating...; Question 446: When reviewing print systems spooling, an IS auditor is MOST...; Question 447: Which of the following protocol does NOT work at the Applica...; Question 448: An IS auditor evaluating the resilience of a high-availabili...; Question 449: Which of the following testing method examines internal stru...; Question 450: In transport mode, the use of the Encapsulating Security Pay...; Question 451: Which of the following would effectively verify the originat...; Question 452: Which of the following comparisons are used for identificati...; Question 453: An IS auditor analyzing the audit log of a database manageme...; Question 454: What can be used to gather evidence of network attacks?...; Question 455: What is a callback system?; Question 456: Network Data Management Protocol (NDMP) technology should be...; Question 457: During the development of an application, the quality assura...; Question 458: In auditing a web server, an IS auditor should be concerned ...; Question 459: Most access violations are:; Question 460: Which of the following is the INCORRECT "layer - protocol" m...; Question 461: As an auditor it is very important to ensure confidentiality...; Question 462: An IS auditor examining a biometric user authentication syst...; Question 463: Which of the following is the MOST important consideration w...; Question 464: The information security policy that states 'each individual...; Question 465: An IS auditor performing detailed network assessments and ac...; Question 466: A financial institution that processes millions of transacti...; Question 467: Which of the following technique is used for speeding up net...; Question 468: Which of the following exposures could be caused by a line g...; Question 469: If a database is restored using before-image dumps, where sh...; Question 470: Which of the following system and data conversion strategies...; Question 471: Which significant risk is introduced by running the file tra...; Question 472: As an IS auditor, it is very important to make sure all stor...; Question 473: During an audit, an IS auditor notes that an organization's ...; Question 474: As updates to an online order entry system are processed, th...; Question 475: The use of statistical sampling procedures helps minimize:...; Question 476: Which of the following type of a computer network is a WAN t...; Question 477: Which of the following would provide the BEST protection aga...; Question 478: An IS auditor is reviewing a software-based configuration. W...; Question 479: Which of the following is a standard secure email protection...; Question 480: Which of the following is an advantage of asymmetric crypto ...; Question 481: Which of the following disaster recovery/continuity plan com...; Question 482: The PRIMARY objective of performing a postincident review is...; Question 483: Who is ultimately responsible for providing requirement spec...; Question 484: Which of the following is NOT a component of IPSec?...; Question 485: A data administrator is responsible for:...; Question 486: Which of the following types of firewalls provide the GREATE...; Question 487: When should systems administrators first assess the impact o...; Question 488: Which of the following protocol is used for electronic mail ...; Question 489: Which of the following should be the MOST important criterio...; Question 490: Which of the following level in CMMI model focuses on proces...; Question 491: A core tenant of an IS strategy is that it must:...; Question 492: In RFID technology which of the following risk could represe...; Question 493: In which of the following transmission media it is MOST diff...; Question 494: The GREATEST advantage of using web services for the exchang...; Question 495: Which of the following is a passive attack method used by in...; Question 496: Which of the following would an IS auditor consider a weakne...; Question 497: What is the most common reason for information systems to fa...; Question 498: The FIRST step in managing the risk of a cyber-attack is to:...; Question 499: Which of the following encryption techniques will BEST prote...; Question 500: The FIRST step in data classification is to:...; Question 501: Why does an IS auditor review an organization chart?...; Question 502: Which of the following term related to network performance r...; Question 503: What is/are used to measure and ensure proper network capaci...; Question 504: An offsite information processing facility having electrical...; Question 505: Which of the following antispam filtering techniques would B...; Question 506: When performing a database review, an IS auditor notices tha...; Question 507: Which of the following ACID property in DBMS ensures that th...; Question 508: Which of the following is the BEST method for determining th...; Question 509: Passwords should be:; Question 510: When using a digital signature, the message digest is comput...; Question 511: When reviewing an intrusion detection system (IDS), an IS au...; Question 512: In regard to moving an application program from the test env...; Question 513: When using an integrated test facility (ITF), an IS auditor ...; Question 514: Which of the following INCORRECTLY describes the layer funct...; Question 515: Which of the following database model allow many-to-many rel...; Question 516: Which of the following is an estimation technique where the ...; Question 517: What should an organization do before providing an external ...; Question 518: After a full operational contingency test, an IS auditor per...; Question 519: At the end of the testing phase of software development, an ...; Question 520: Which of the following is the MOST effective method for deal...; Question 521: Which of the following ensures the availability of transacti...; Question 522: An IS auditor should review the configuration of which of th...; Question 523: An IS auditor should be MOST concerned with what aspect of a...; Question 524: Which policy helps an auditor to gain a better understanding...; Question 525: Which of the following transmission media uses a transponder...; Question 526: To determine if unauthorized changes have been made to produ...; Question 527: Who is responsible for authorizing access level of a data us...; Question 528: When auditing security for a data center, an IS auditor shou...; Question 529: John has been hired to fill a new position in one of the wel...; Question 530: Which of the following should be included in a feasibility s...; Question 531: When using public key encryption to secure data being transm...; Question 532: Parity bits are a control used to validate:...; Question 533: The PRIMARY reason for using digital signatures is to ensure...; Question 534: Which of the following is protocol data unit (PDU) of transp...; Question 535: The purpose of business continuity planning and disaster-rec...; Question 536: Which of the following would prevent accountability for an a...; Question 537: After implementation of a disaster recovery plan, pre-disast...; Question 538: What kind of testing should programmers perform following an...; Question 539: Which of the following term in business continuity determine...; Question 540: When using a universal storage bus (USB) flash drive to tran...; Question 541: Which of the following software development methodology uses...; Question 542: When performing an audit of access rights, an IS auditor sho...; Question 543: During maintenance of a relational database, several values ...; Question 544: Which of the following PBX feature supports shared extension...; Question 545: During the audit of a database server, which of the followin...; Question 546: Which of the following attack includes social engineering, l...; Question 547: Within IPSEC which of the following defines security paramet...; Question 548: Which of the following BEST ensures the integrity of a serve...; Question 549: While reviewing the business continuity plan of an organizat...; Question 550: Which of the following protocol does NOT work at Network int...; Question 551: What supports data transmission through split cable faciliti...; Question 552: When performing an audit of a client relationship management...; Question 553: Which of the following type of network service maps Domain N...; Question 554: What are intrusion-detection systems (IDS) primarily used fo...; Question 555: Which of the following controls would BEST detect intrusion?...; Question 556: Which of the following protocols would be involved in the im...; Question 557: Which of the following would MOST effectively control the us...; Question 558: Which of the following functionality is NOT performed by the...; Question 559: Applying a digital signature to data traveling in a network ...; Question 560: The application systems of an organization using open-source...; Question 561: In a small organization, an employee performs computer opera...; Question 562: What uses questionnaires to lead the user through a series o...; Question 563: Which of the following recovery strategies is MOST appropria...; Question 564: While designing the business continuity plan (BCP) for an ai...; Question 565: The IS management of a multinational company is considering ...; Question 566: Which of the following statement is NOT true about smoke det...; Question 567: The most likely error to occur when implementing a firewall ...; Question 568: Which of the following is the GREATEST concern when an organ...; Question 569: Which of the following public key infrastructure (PKI) eleme...; Question 570: Validated digital signatures in an e-mail software applicati...; Question 571: Reconfiguring which of the following firewall types will pre...; Question 572: Which of the following attack involves slicing small amount ...; Question 573: An auditor needs to be aware of technical controls which are...; Question 574: Which of the following term in business continuity determine...; Question 575: How often should a Business Continuity Plan be reviewed?...; Question 576: The traditional role of an IS auditor in a control self-asse...; Question 577: Doing which of the following during peak production hours co...; Question 578: An IS auditor has completed a network audit. Which of the fo...; Question 579: In which of the following RFID risks competitor potentially ...; Question 580: Which of the following type of IDS has self-learning functio...; Question 581: To provide protection for media backup stored at an offsite ...; Question 582: Which of the following types of firewalls would BEST protect...; Question 583: From a control perspective, the PRIMARY objective of classif...; Question 584: A call-back system requires that a user with an id and passw...; Question 585: What is the MOST effective method of preventing unauthorized...; Question 586: How can minimizing single points of failure or vulnerabiliti...; Question 587: A business application system accesses a corporate database ...; Question 588: During what process should router access control lists be re...; Question 589: The use of residual biometric information to gain unauthoriz...; Question 590: An IS auditor is reviewing the remote access methods of a co...; Question 591: The goal of an information system is to achieve integrity, a...; Question 592: The MOST significant level of effort for business continuity...; Question 593: Which of the following functionality is NOT supported by SSL...; Question 594: Which of the following is MOST directly affected by network ...; Question 595: Which of the following type of computer has highest processi...; Question 596: Due to changes in IT, the disaster recovery plan of a large ...; Question 597: Off-site data storage should be kept synchronized when prepa...; Question 598: Above almost all other concerns, what often results in the g...; Question 599: Which of the following device in Frame Relay WAN technique i...; Question 600: An installed Ethernet cable run in an unshielded twisted pai...; Question 601: Online banking transactions are being posted to the database...; Question 602: The MAIN purpose for periodically testing offsite facilities...; Question 603: The PRIMARY purpose of implementing Redundant Array of Inexp...; Question 604: Which of the following process consist of identification and...; Question 605: Which of the following would be the BEST access control proc...; Question 606: Which of the following is an example of the defense in-depth...; Question 607: An IS auditor conducting an access control review in a clien...; Question 608: The reliability of an application system's audit trail may b...; Question 609: The use of object-oriented design and development techniques...; Question 610: Which of the following layer of an enterprise data flow arch...; Question 611: To determine how data are accessed across different platform...; Question 612: Which of the following method should be recommended by secur...; Question 613: If a programmer has update access to a live system, IS audit...; Question 614: Which of the following type of a computer network are variat...; Question 615: Which of the following types of data validation editing chec...; Question 616: Which of the following is the INCORRECT "layer - protocol da...; Question 617: After reviewing its business processes, a large organization...; Question 618: Authentication techniques for sending and receiving data bet...; Question 619: Which of the following is the most fundamental step in preve...; Question 620: Which of the following is an implementation risk within the ...; Question 621: To verify that the correct version of a data file was used f...; Question 622: Normally, it would be essential to involve which of the foll...; Question 623: Identify the INCORRECT statement related to network performa...; Question 624: A certificate authority (CA) can delegate the processes of:...; Question 625: A disaster recovery plan for an organization's financial sys...; Question 626: Who is responsible for providing adequate physical and logic...; Question 627: In what way is a common gateway interface (CGI) MOST often u...; Question 628: A database administrator has detected a performance problem ...; Question 629: Which of the following type of a computer network covers a b...; Question 630: Naming conventions for system resources are important for ac...; Question 631: Which of the following technique is NOT used by a preacher a...; Question 632: Which of the following is protocol data unit (PDU) of networ...; Question 633: Which of the following backup techniques is the MOST appropr...; Question 634: There are many types of audit logs analysis tools available ...; Question 635: Upon receipt of the initial signed digital certificate the u...; Question 636: The waterfall life cycle model of software development is mo...; Question 637: Diskless workstation is an example of:...; Question 638: Which of the following is the BEST practice to ensure that a...; Question 639: Which of the following INCORRECTLY describes the layer funct...; Question 640: An accuracy measure for a biometric system is:...; Question 641: The database administrator (DBA) suggests that DB efficiency...; Question 642: Which of the following should be of PRIMARY concern to an IS...; Question 643: What is the BEST backup strategy for a large database with d...; Question 644: An organization has outsourced its help desk. Which of the f...; Question 645: Which of the following should be of MOST concern to an IS au...; Question 646: Which of the following manages the digital certificate life ...; Question 647: Which of the following is a concern when data are transmitte...; Question 648: Which of the following property of the core date warehouse l...; Question 649: The potential for unauthorized system access by way of termi...; Question 650: Which of the following is a feature of Wi-Fi Protected Acces...; Question 651: An IS auditor finds that client requests were processed mult...; Question 652: An IS auditor has identified the lack of an authorization pr...; Question 653: Which of the following cryptographic systems is MOST appropr...; Question 654: A company uses a bank to process its weekly payroll. Time sh...; Question 655: Who is ultimately accountable for the development of an IS s...; Question 656: IT operations for a large organization have been outsourced....; Question 657: A clerk changed the interest rate for a loan on a master fil...; Question 658: Allowing application programmers to directly patch or change...; Question 659: Which of the following ACID property in DBMS means that once...; Question 660: During a disaster recovery test, an IS auditor observes that...; Question 661: In which of the following WAN message transmission technique...; Question 662: Electromagnetic emissions from a terminal represent an expos...; Question 663: Which of the following malware technical fool's malware by a...; Question 664: The cost of ongoing operations when a disaster recovery plan...; Question 665: While evaluating logical access control the IS auditor shoul...; Question 666: Depending on the complexity of an organization's business co...; Question 667: Which of the following term related to network performance r...; Question 668: Two-factor authentication can be circumvented through which ...; Question 669: When reviewing an organization's approved software product l...; Question 670: Which of the following attack redirects outgoing message fro...; Question 671: Which of the following functions is performed by a virtual p...; Question 672: The frequent updating of which of the following is key to th...; Question 673: Which of the following ensures confidentiality of informatio...; Question 674: Which of the following network components is PRIMARILY set u...; Question 675: Sign-on procedures include the creation of a unique user ID ...; Question 676: Which of the following type of network service stores inform...; Question 677: To determine who has been given permission to use a particul...; Question 678: Which of the following statements pertaining to IPSec is inc...; Question 679: Identify the network topology from below diagram presented b...; Question 680: Which of the following is a form of Hybrid Cryptography wher...; Question 681: An organization currently using tape backups takes one full ...; Question 682: Minimum password length and password complexity verification...; Question 683: Which of the following reports should an IS auditor use to c...; Question 684: Business units are concerned about the performance of a newl...; Question 685: In the event of a data center disaster, which of the followi...; Question 686: There are many firewall implementations provided by firewall...; Question 687: Which of the following would be an indicator of the effectiv...; Question 688: Reverse proxy technology for web servers should be deployed ...; Question 689: An IS auditor should expect the responsibility for authorizi...; Question 690: When auditing third-party service providers, an IS auditor s...; Question 691: Which of the following results in a denial-of-service attack...; Question 692: In which of the following WAN message transmission technique...; Question 693: Web and e-mail filtering tools are PRIMARILY valuable to an ...; Question 694: When reviewing the procedures for the disposal of computers,...; Question 695: An organization has a recovery time objective (RTO) equal to...; Question 696: Proper segregation of duties normally does not prohibit a LA...; Question 697: Which of the following will prevent dangling tuples in a dat...; Question 698: Which of the following encrypt/decrypt steps provides the GR...; Question 699: Following best practices, formal plans for implementation of...; Question 700: If the recovery time objective (RTO) increases:...; Question 701: During an IS audit, auditor has observed that authentication...; Question 702: During an audit of an enterprise that is dedicated to e-comm...; Question 703: A sequence of bits appended to a digital document that is us...; Question 704: Which of the following is the MOST secure and economical met...; Question 705: Which of the following would contribute MOST to an effective...; Question 706: Who should be responsible for network security operations?...; Question 707: What is an effective control for granting temporary access t...; Question 708: Why is a clause for requiring source code escrow in an appli...; Question 709: An IS auditor needs to consider many factors while evaluatin...; Question 710: Which of the following term in business continuity defines t...; Question 711: Which of the following types of testing would determine whet...; Question 712: Which of the following would be the MOST cost-effective reco...; Question 713: An IS auditor conducting a review of disaster recovery plann...; Question 714: Which of the following type of honey pot essentially gives a...; Question 715: The responsibility for authorizing access to a business appl...; Question 716: As part of the business continuity planning process, which o...; Question 717: Identify the network topology from below diagram presented b...; Question 718: An IS auditor reviewing database controls discovered that ch...; Question 719: Neural networks are effective in detecting fraud because the...; Question 720: Which of the following aspects of symmetric key encryption i...; Question 721: In a public key infrastructure, a registration authority:...; Question 722: In a small organization, developers may release emergency ch...; Question 723: Which of the following methods of suppressing a fire in a da...; Question 724: Which key is used by the sender of a message to create a dig...; Question 725: To properly evaluate the collective effect of preventative, ...; Question 726: The security level of a private key system depends on the nu...; Question 727: Active radio frequency ID (RFID) tags are subject to which o...; Question 728: Which of the following applet intrusion issues poses the GRE...; Question 729: The GREATEST risk posed by an improperly implemented intrusi...; Question 730: During the review of a web-based software development projec...; Question 731: Which of the following would an IS auditor consider to be th...; Question 732: Which of the following layer in in an enterprise data flow a...; Question 733: Which of the following software development methodology is a...; Question 734: Which of the following layer of the OSI model provides a sta...; Question 735: A perpetrator looking to gain access to and gather informati...; Question 736: Which of the following BEST restricts users to those functio...; Question 737: Java applets and ActiveX controls are distributed executable...; Question 738: Which of the following is the unique identifier within and I...; Question 739: Which of the following should an IS auditor recommend for th...; Question 740: The reason a certification and accreditation process is perf...; Question 741: Which of the following is the protocol data unit (PDU) of ap...; Question 742: An IS auditor reviewing wireless network security determines...; Question 743: In a client-server system, which of the following control te...; Question 744: After identifying potential security vulnerabilities, what s...; Question 745: A programmer maliciously modified a production program to ch...; Question 746: The MOST significant security concerns when using flash memo...; Question 747: When reviewing a digital certificate verification process, w...; Question 748: An IS auditor reviewing a proposed application software acqu...; Question 749: Which of the following will help detect changes made by an i...; Question 750: A TCP/IP-based environment is exposed to the Internet. Which...; Question 751: After completing the business impact analysis (BIA), what is...; Question 752: When reviewing the implementation of a LAN, an IS auditor sh...; Question 753: A hard disk containing confidential data was damaged beyond ...; Question 754: Receiving an EDI transaction and passing it through the comm...; Question 755: To prevent unauthorized entry to the data maintained in a di...; Question 756: Which are the two primary types of scanner used for protecti...; Question 757: A benefit of quality of service (QoS) is that the:...; Question 758: An IS auditor is reviewing a project that is using an Agile ...; Question 759: The MOST likely explanation for the use of applets in an Int...; Question 760: An IS auditor should know information about different networ...; Question 761: Inadequate programming and coding practices introduce the ri...; Question 762: Disabling which of the following would make wireless local a...; Question 763: Which of the following issues should be the GREATEST concern...; Question 764: What is a common vulnerability, allowing denial-of-service a...; Question 765: An IS auditor finds that user acceptance testing of a new sy...; Question 766: With the help of a security officer, granting access to data...; Question 767: Which of the following ACID property ensures that transactio...; Question 768: Which of the following option INCORRECTLY describes PBX feat...; Question 769: The MOST effective control for addressing the risk of piggyb...; Question 770: An IS auditor is reviewing the physical security measures of...; Question 771: Which of the following statement INCORRECTLY describes devic...; Question 772: An investment advisor e-mails periodic newsletters to client...; Question 773: Which of the following findings should an IS auditor be MOST...; Question 774: Which of the following fire-suppression methods is considere...; Question 775: An internet-based attack using password sniffing can:...; Question 776: Which of the following is penetration test where the penetra...; Question 777: Which of the following layer of an OSI model encapsulates pa...; Question 778: For a discretionary access control to be effective, it must:...; Question 779: An IS auditor conducting a review of disaster recovery plann...; Question 780: Mitigating the risk and impact of a disaster or business int...; Question 781: Which of the following is the GREATEST risk when storage gro...; Question 782: From a risk management point of view, the BEST approach when...; Question 783: An organization has created a policy that defines the types ...; Question 784: What should an IS auditor do if he or she observes that proj...; Question 785: In large corporate networks having supply partners across th...; Question 786: Which of the following controls will MOST effectively detect...; Question 787: An organization has contracted with a vendor for a turnkey s...; Question 788: What type of fire-suppression system suppresses fire via wat...; Question 789: An organization is migrating from a legacy system to an ente...; Question 790: The directory system of a database-management system describ...; Question 791: An organization with extremely high security requirements is...; Question 792: In computer forensics, which of the following is the process...; Question 793: Which of the following layer of an OSI model transmits and r...; Question 794: How do modems (modulation/demodulation) function to facilita...; Question 795: The implementation of access controls FIRST requires:...; Question 796: Which of the following is MOST likely to result from a busin...; Question 797: IT best practices for the availability and continuity of IT ...; Question 798: When auditing a proxy-based firewall, an IS auditor should:...; Question 799: When reviewing an organization's logical access security, wh...; Question 800: Which of the following tests is an IS auditor performing whe...; Question 801: A hacker could obtain passwords without the use of computer ...; Question 802: How is the risk of improper file access affected upon implem...; Question 803: During the requirements definition phase for a database appl...

Question 278/803

LEAVE A REPLY

Download PDF File