CISA Exam Dumps | Which of the following is the initial step in creating a firewall policy?

<< Prev Question Next Question >>

Question 144/896

Which of the following is the initial step in creating a firewall policy?

A. A cost-benefit analysis of methods for securing the applications

B. Identification of network applications to be externally accessed

C. Identification of vulnerabilities associated with network applications to be externally accessed

D. Creation of an applications traffic matrix showing protection methods

Question List (896q): Question 1: An IS auditor has audited a business continuity plan (BCP). ...; Question 2: An IS auditor reviewing the implementation of an intrusion d...; Question 3: During a review of a customer master file, an IS auditor dis...; Question 4: When preparing an audit report, the IS auditor should ensure...; Question 5: A structured walk-through test of a disaster recovery plan i...; Question 6: What can be implemented to provide the highest level of prot...; Question 7: An organization has a recovery time objective (RTO) equal to...; Question 8: A hard disk containing confidential data was damaged beyond ...; Question 9: What is an edit check to determine whether a field contains ...; Question 10: Integer overflow occurs primarily with:...; Question 11: Which of the following provides the BEST evidence of an orga...; Question 12: If the recovery time objective (RTO) increases:...; Question 13: When storing data archives off-site, what must be done with ...; Question 14: The IT balanced scorecard is a business governance tool inte...; Question 15: Who is accountable for maintaining appropriate security meas...; Question 16: A critical function of a firewall is to act as a:...; Question 17: During an application audit, an IS auditor finds several pro...; Question 18: A legacy payroll application is migrated to a new applicatio...; Question 19: When should systems administrators first assess the impact o...; Question 20: The GREATEST advantage of rapid application development (RAD...; Question 21: Which of the following recovery strategies is MOST appropria...; Question 22: Which of the following is MOST is critical during the busine...; Question 23: Which of the following is the PRIMARY purpose for conducting...; Question 24: Which of the following findings should an IS auditor be MOST...; Question 25: Codes from exploit programs are frequently reused in:...; 1 commentQuestion 26: What are used as a countermeasure for potential database cor...; Question 27: The specific advantage of white box testing is that it:...; Question 28: Which of the following procedures would BEST determine wheth...; Question 29: Which of the following is the BEST way to satisfy a two-fact...; Question 30: When planning an audit of a network setup, an IS auditor sho...; Question 31: Which of the following attack is also known as Time of Check...; Question 32: Which of the following would BEST ensure continuity of a wid...; Question 33: The final decision to include a material finding in an audit...; Question 34: TEMPEST is a hardware for which of the following purposes?...; Question 35: Which of the following should be included in a feasibility s...; Question 36: Am advantage of the use of hot sites as a backup alternative...; Question 37: Which of the following uses a prototype that can be updated ...; Question 38: Before implementing controls, management should FIRST ensure...; Question 39: The GREATEST advantage of using web services for the exchang...; Question 40: Which of the following is the most fundamental step in preve...; Question 41: An IS auditor finds that not all employees are aware of the ...; Question 42: During an implementation review of a multiuser distributed a...; Question 43: Machines that operate as a closed system can NEVER be eavesd...; Question 44: When performing a computer forensic investigation, in regard...; Question 45: Which of the following method is recommended by security pro...; Question 46: What kind of protocols does the OSI Transport Layer of the T...; Question 47: Though management has stated otherwise, an IS auditor has re...; Question 48: Which of the following types of attack works by taking advan...; Question 49: Which are the two primary types of scanner used for protecti...; Question 50: What should an IS auditor do if he or she observes that proj...; Question 51: Which of the following must exist to ensure the viability of...; Question 52: Which of the following is the GREATEST risk when storage gro...; Question 53: The decisions and actions of an IS auditor are MOST likely t...; Question 54: Documentation of a business case used in an IT development p...; Question 55: When developing a risk management program, what is the FIRST...; Question 56: What is the primary security concern for EDI environments?...; Question 57: While observing a full simulation of the business continuity...; Question 58: Which of the following type of lock uses a magnetic or embed...; Question 59: An IS auditor invited to a development project meeting notes...; Question 60: In the event of a data center disaster, which of the followi...; Question 61: A clerk changed the interest rate for a loan on a master fil...; Question 62: An efficient use of public key infrastructure (PKI) should e...; Question 63: When reviewing print systems spooling, an IS auditor is MOST...; Question 64: A core tenant of an IS strategy is that it must:...; Question 65: An IS auditor is told by IS management that the organization...; Question 66: Effective IT governance requires organizational structures a...; Question 67: When conducting a penetration test of an IT system, an organ...; Question 68: The vice president of human resources has requested an audit...; Question 69: The use of a GANTT chart can:; Question 70: Which of the following types of attack makes use of common c...; Question 71: Two-factor authentication can be circumvented through which ...; Question 72: Who is primarily responsible for storing and safeguarding th...; Question 73: What is/are used to measure and ensure proper network capaci...; Question 74: A number of system failures are occurring when corrections t...; Question 75: In addition to the backup considerations for all systems, wh...; Question 76: Database snapshots can provide an excellent audit trail for ...; Question 77: When participating in a systems-development project, an IS a...; Question 78: Which of the following is MOST likely to result from a busin...; Question 79: Which of the following public key infrastructure (PKI) eleme...; Question 80: To address an organization's disaster recovery requirements,...; Question 81: Which of the following PBX feature provides the possibility ...; Question 82: After observing suspicious activities in a server, a manager...; Question 83: Which of the following is a management technique that enable...; Question 84: Which of the following measures can effectively minimize the...; Question 85: To reduce the possibility of losing data during processing, ...; Question 86: What method might an IS auditor utilize to test wireless sec...; Question 87: The use of digital signatures:; Question 88: Which of the following controls would an IS auditor look for...; Question 89: As an outcome of information security governance, strategic ...; Question 90: What kind of testing should programmers perform following an...; Question 91: What is the BEST action to prevent loss of data integrity or...; Question 92: While evaluating software development practices in an organi...; Question 93: Which of the following systems or tools can recognize that a...; Question 94: Which of the following devices extends the network and has t...; Question 95: A LAN administrator normally would be restricted from:...; Question 96: Which of the following is a risk of cross-training?...; Question 97: Which of the following PBX feature supports shared extension...; Question 98: What can be used to gather evidence of network attacks?...; Question 99: In computer forensic which of the following describe the pro...; Question 100: Which of the following is used to evaluate biometric access ...; Question 101: Regarding a disaster recovery plan, the role of an IS audito...; Question 102: Which of the following could lead to an unintentional loss o...; Question 103: An IS auditor usually places more reliance on evidence direc...; Question 104: Establishing the level of acceptable risk is the responsibil...; Question 105: An IS auditor should be MOST concerned with what aspect of a...; Question 106: What process is used to validate a subject's identity?...; Question 107: Which of the following should an IS auditor recommend to BES...; Question 108: An IS auditor issues an audit report pointing out the lack o...; Question 109: Involvement of senior management is MOST important in the de...; Question 110: Which of the following is the MOST critical step in planning...; Question 111: Which of the following functions is performed by a virtual p...; Question 112: A proposed transaction processing application will have many...; Question 113: To ensure authentication, confidentiality and integrity of a...; Question 114: Which of the following is a guiding best practice for implem...; Question 115: Which of the following terms generally refers to small progr...; Question 116: What process allows IS management to determine whether the a...; Question 117: Obtaining user approval of program changes is very effective...; Question 118: Which of the following provides the GREATEST assurance of me...; Question 119: Using the OSI reference model, what layer(s) is/are used to ...; Question 120: In the event of a disruption or disaster, which of the follo...; Question 121: In reviewing the IS short-range (tactical) plan, an IS audit...; Question 122: While designing the business continuity plan (BCP) for an ai...; Question 123: Which of the following is a telecommunication device that tr...; Question 124: What are often the primary safeguards for systems software a...; Question 125: The role of the certificate authority (CA) as a third party ...; Question 126: A control that detects transmission errors by appending calc...; Question 127: Which of the following is a concern when data are transmitte...; Question 128: ALL computer programming languages are vulnerable to command...; Question 129: IT control objectives are useful to IS auditors, as they pro...; Question 130: Which of the following BEST describes the role of a director...; Question 131: An IS auditor finds out-of-range data in some tables of a da...; Question 132: A hardware control that helps to detect errors when data are...; Question 133: Which of the following represents the GREATEST potential ris...; Question 134: Which of the following provides nonrepudiation services for ...; Question 135: Which of the following is of greatest concern when performin...; Question 136: An IS auditor reviewing an organization's IS disaster recove...; Question 137: Which of the following attack includes social engineering, l...; Question 138: An organization is disposing of a number of laptop computers...; Question 139: After a full operational contingency test, an IS auditor per...; Question 140: Which of the following malware technical fool's malware by a...; Question 141: Which of the following would an IS auditor consider a weakne...; Question 142: Failure in which of the following testing stages would have ...; Question 143: A comprehensive and effective e-mail policy should address t...; Question 144: Which of the following is the initial step in creating a fir...; Question 145: Which of the following BEST describes the concept of ""defen...; Question 146: When installing an intrusion detection system (IDS), which o...; Question 147: The PRIMARY purpose of implementing Redundant Array of Inexp...; Question 148: Which of the following would an IS auditor consider to be th...; Question 149: Which of the following is a prevalent risk in the developmen...; Question 150: In transport mode, the use of the Encapsulating Security Pay...; Question 151: The PRIMARY benefit of implementing a security program as pa...; Question 152: For which of the following applications would rapid recovery...; Question 153: Off-site data backup and storage should be geographically se...; Question 154: What influences decisions regarding criticality of assets?...; Question 155: To ensure that audit resources deliver the best value to the...; Question 156: Allowing application programmers to directly patch or change...; Question 157: "Nowadays, computer security comprises mainly "preventive"" ...; Question 158: The PRIMARY purpose of an IT forensic audit is:...; Question 159: The MOST effective control for addressing the risk of piggyb...; Question 160: Disaster recovery planning (DRP) for a company's computer sy...; Question 161: An IS auditor inspected a windowless room containing phone s...; Question 162: Data edits are implemented before processing and are conside...; Question 163: Structured programming is BEST described as a technique that...; Question 164: An IS auditor has been assigned to review IT structures and ...; Question 165: When developing a security architecture, which of the follow...; Question 166: When auditing the proposed acquisition of a new computer sys...; Question 167: During a review of a business continuity plan, an IS auditor...; Question 168: How do modems (modulation/demodulation) function to facilita...; Question 169: During the planning stage of an IS audit, the PRIMARY goal o...; Question 170: The MAIN purpose of a transaction audit trail is to:...; Question 171: Which of the following should be included in an organization...; Question 172: An IS auditor is reviewing a project to implement a payment ...; Question 173: ________________ (fill in the blank) should be implemented a...; Question 174: Which of the following can help detect transmission errors b...; Question 175: To protect a VoIP infrastructure against a denial-of-service...; Question 176: An IS auditor was hired to review e-business security. The I...; Question 177: Atomicity enforces data integrity by ensuring that a transac...; Question 178: What is a risk associated with attempting to control physica...; Question 179: A project manager of a project that is scheduled to take 18 ...; Question 180: From a control perspective, the key element in job descripti...; Question 181: An IS auditor evaluates the test results of a modification t...; Question 182: Which of the following is an effective method for controllin...; Question 183: The IS management of a multinational company is considering ...; Question 184: Which of the following is the GREATEST concern when an organ...; Question 185: Which of the following would be BEST prevented by a raised f...; Question 186: In a contract with a hot, warm or cold site, contractual pro...; Question 187: Who is ultimately responsible and accountable for reviewing ...; Question 188: Which of the following is the MOST important IS audit consid...; Question 189: Which of the following encryption methods uses a matching pa...; Question 190: Which of the following implementation modes would provide th...; Question 191: Which of the following is a program evaluation review techni...; Question 192: An IS auditor is performing an audit of a remotely managed s...; Question 193: Which of the following will replace system binaries and/or h...; Question 194: The traditional role of an IS auditor in a control self-asse...; Question 195: What type of fire-suppression system suppresses fire via wat...; Question 196: What type of BCP test uses actual resources to simulate a sy...; Question 197: An IS auditor conducting a review of disaster recovery plann...; Question 198: What is the BEST backup strategy for a large database with d...; Question 199: An organization currently using tape backups takes one full ...; Question 200: When performing an IS strategy audit, an IS auditor should r...; Question 201: Which of the following systems-based approaches would a fina...; Question 202: As updates to an online order entry system are processed, th...; Question 203: The purpose of a checksum on an amount field in an electroni...; Question 204: Human error is being HEAVILY relied upon on by which of the ...; Question 205: Which of the following technique is NOT used by a preacher a...; Question 206: Which of the following would have the HIGHEST priority in a ...; Question 207: Which of the following fire suppression systems is MOST appr...; Question 208: A hub is a device that connects:...; Question 209: Which of the following penetration tests would MOST effectiv...; Question 210: Which of the following is an advantage of prototyping?...; Question 211: A web server is attacked and compromised. Which of the follo...; Question 212: The success of control self-assessment (CSA) highly depends ...; Question 213: An organization's disaster recovery plan should address earl...; Question 214: In determining the acceptable time period for the resumption...; Question 215: An offsite information processing facility with electrical w...; Question 216: Which of the following is best suited for searching for addr...; Question 217: Which of the following would provide the highest degree of s...; Question 218: An IT steering committee should review information systems P...; Question 219: The PRIMARY objective of business continuity and disaster re...; Question 220: An example of a direct benefit to be derived from a proposed...; Question 221: Which of the following activities performed by a database ad...; Question 222: The ultimate purpose of IT governance is to:...; Question 223: Which of the following is penetration test where the penetra...; Question 224: During the audit of an acquired software package, an IS audi...; Question 225: Which of the following measures can protect systems files an...; Question 226: When should application controls be considered within the sy...; Question 227: An integrated test facility is not considered a useful audit...; Question 228: Which of the following insurance types provide for a loss ar...; Question 229: Which of the following online auditing techniques is most ef...; Question 230: In auditing a web server, an IS auditor should be concerned ...; Question 231: Which of the following is an environmental issue caused by e...; Question 232: Which of the following is the MOST important consideration w...; Question 233: An IS auditor reviewing an organization that uses cross-trai...; Question 234: Company.com has contracted with an external consulting firm ...; Question 235: You may reduce a cracker's chances of success by (choose all...; Question 236: The optimum business continuity strategy for an entity is de...; Question 237: When conducting a penetration test of an organization's inte...; Question 238: Which of the following sampling methods is MOST useful when ...; Question 239: Which of the following is the MOST important function to be ...; Question 240: Which of the following should an IS auditor use to detect du...; Question 241: Although BCP and DRP are often implemented and tested by mid...; Question 242: Talking about the different approaches to security in comput...; Question 243: What protects an application purchaser's ability to fix or c...; Question 244: Which of the following is a distinctive feature of the Secur...; Question 245: The phases and deliverables of a system development life cyc...; Question 246: Which of the following BEST characterizes a mantrap or deadm...; Question 247: Which of the following issues should be the GREATEST concern...; Question 248: To address the risk of operations staff's failure to perform...; Question 249: Which of the following is often used as a detection and dete...; Question 250: Which audit technique provides the BEST evidence of the segr...; Question 251: Whenever business processes have been re-engineered, the IS ...; Question 252: The initial step in establishing an information security pro...; Question 253: What is essential for the IS auditor to obtain a clear under...; Question 254: Which of the following internet security threats could compr...; Question 255: The BEST overall quantitative measure of the performance of ...; Question 256: A hot site should be implemented as a recovery strategy when...; Question 257: How does the process of systems auditing benefit from using ...; Question 258: An IS auditor's PRIMARY concern when application developers ...; Question 259: The cost of ongoing operations when a disaster recovery plan...; Question 260: Which of the following cryptographic systems is MOST appropr...; Question 261: Off-site data storage should be kept synchronized when prepa...; Question 262: An IS auditor selects a server for a penetration test that w...; Question 263: During a security audit of IT processes, an IS auditor found...; Question 264: An IS auditor finds that, in accordance with IS policy, IDs ...; Question 265: A medium-sized organization, whose IT disaster recovery meas...; Question 266: An IS auditor who has discovered unauthorized transactions d...; Question 267: Which of the following environmental controls is appropriate...; Question 268: An IS auditor performing detailed network assessments and ac...; Question 269: The MOST significant level of effort for business continuity...; Question 270: Which of the following statement is NOT true about Voice-Ove...; Question 271: The GREATEST risk posed by an improperly implemented intrusi...; Question 272: The MOST likely explanation for the use of applets in an Int...; Question 273: Which of the following ensures confidentiality of informatio...; Question 274: Which of the following would be MOST important for an IS aud...; Question 275: Who is responsible for providing adequate physical and logic...; Question 276: Which of the following is MOST critical for the successful i...; Question 277: Which of the following should an IS auditor review to unders...; Question 278: Function Point Analysis (FPA) provides an estimate of the si...; Question 279: Which of the following is the GREATEST risk of an inadequate...; Question 280: When reviewing an active project, an IS auditor observed tha...; Question 281: What should an organization do before providing an external ...; Question 282: An organization is implementing an enterprise resource plann...; Question 283: Normally, it would be essential to involve which of the foll...; Question 284: A manager of a project was not able to implement all audit r...; Question 285: What is a reliable technique for estimating the scope and co...; Question 286: An organization is implementing a new system to replace a le...; Question 287: Which of the following techniques would BEST help an IS audi...; Question 288: The PRIMARY purpose of a business impact analysis (BIA) is t...; Question 289: Which of the following programs would a sound information se...; Question 290: Assessing IT risks is BEST achieved by:...; Question 291: A firm is considering using biometric fingerprint identifica...; Question 292: When developing a disaster recovery plan, the criteria for d...; Question 293: Which of the following is the MOST likely reason why e-mail ...; Question 294: If senior management is not committed to strategic planning,...; Question 295: When reviewing the procedures for the disposal of computers,...; Question 296: IT governance is PRIMARILY the responsibility of the:...; Question 297: Which of the following is of greatest concern to the IS audi...; Question 298: Which of the following should be considered FIRST when imple...; Question 299: Many IT projects experience problems because the development...; Question 300: Effective IT governance will ensure that the IT plan is cons...; Question 301: In an organization, the responsibilities for IT security are...; Question 302: In computer forensics, which of the following is the process...; Question 303: At the completion of a system development project, a post pr...; Question 304: When auditing security for a data center, an IS auditor shou...; Question 305: Which of the following provide(s) near-immediate recoverabil...; Question 306: Which of the following data validation edits is effective in...; Question 307: While reviewing the business continuity plan of an organizat...; Question 308: Why does an IS auditor review an organization chart?...; Question 309: When should reviewing an audit client's business plan be per...; Question 310: Which of the following is the GREATEST risk when implementin...; Question 311: In an EDI process, the device which transmits and receives e...; Question 312: An advantage of a continuous audit approach is that it can i...; Question 313: An IS auditor who was involved in designing an organization'...; Question 314: To address a maintenance problem, a vendor needs remote acce...; Question 315: Input/output controls should be implemented for which applic...; Question 316: Which of the following attack redirects outgoing message fro...; Question 317: Identify the correct sequence which needs to be followed as ...; Question 318: Which of the following types of attack makes use of unfilter...; Question 319: Which of the following system and data conversion strategies...; Question 320: Which of the following process consist of identification and...; Question 321: Everything not explicitly permitted is forbidden has which o...; Question 322: The 'trusted systems' approach has been predominant in the d...; Question 323: Management considered two projections for its business conti...; Question 324: A manufacturing firm wants to automate its invoice payment s...; Question 325: The purpose of a deadman door controlling access to a comput...; Question 326: In a public key infrastructure, a registration authority:...; Question 327: Which of the following is the BEST information source for ma...; Question 328: An IS auditor discovers that developers have operator access...; Question 329: Which of the following is a continuity plan test that uses a...; Question 330: What is used to develop strategically important systems fast...; Question 331: An IS auditor reviewing an outsourcing contract of IT facili...; Question 332: Which of the following ensures the availability of transacti...; Question 333: Which of the following is a dynamic analysis tool for the pu...; Question 334: Who is ultimately accountable for the development of an IS s...; Question 335: What increases encryption overhead and cost the most?...; Question 336: A sender of an e-mail message applies a digital signature to...; Question 337: A local area network (LAN) administrator normally would be r...; Question 338: While copying files from a floppy disk, a user introduced a ...; Question 339: Which of the following should be the MOST important criterio...; Question 340: An IS auditor should be concerned when a telecommunication a...; Question 341: In the process of evaluating program change controls, an IS ...; Question 342: When developing a risk-based audit strategy, an IS auditor c...; Question 343: Active radio frequency ID (RFID) tags are subject to which o...; Question 344: Which of the following should be of MOST concern to an IS au...; Question 345: Why is the WAP gateway a component warranting critical conce...; Question 346: When using a digital signature, the message digest is comput...; Question 347: An IS auditor is assigned to perform a post implementation r...; Question 348: A check digit is an effective edit check to:...; Question 349: The difference between a vulnerability assessment and a pene...; Question 350: An organization is migrating from a legacy system to an ente...; Question 351: Users are issued security tokens to be used in combination w...; Question 352: Which of the following would be the BEST method for ensuring...; Question 353: An IS auditor reviewing the key roles and responsibilities o...; Question 354: Which of the following ensures a sender's authenticity and a...; Question 355: Functional acknowledgements are used:...; Question 356: Responsibility for the governance of IT should rest with the...; Question 357: What supports data transmission through split cable faciliti...; Question 358: Applying a digital signature to data traveling in a network ...; Question 359: An IS auditor notes that IDS log entries related to port sca...; Question 360: When using an integrated test facility (ITF), an IS auditor ...; Question 361: An organization has a number of branches across a wide geogr...; Question 362: Which of the following would impair the independence of a qu...; Question 363: An IS auditor conducting a review of disaster recovery plann...; Question 364: Host Based ILD&P primarily addresses the issue of:...; Question 365: Which of the following is a mechanism for mitigating risks?...; Question 366: What should IS auditors always check when auditing password ...; Question 367: A long-term IS employee with a strong technical background a...; Question 368: Which of the following is the MOST reliable form of single f...; Question 369: Information for detecting unauthorized input from a terminal...; Question 370: What must an IS auditor understand before performing an appl...; Question 371: Which of the following antispam filtering techniques would B...; Question 372: Run-to-run totals can verify data through which stage(s) of ...; Question 373: Disabling which of the following would make wireless local a...; Question 374: During an audit, an IS auditor notes that an organization's ...; Question 375: The PRIMARY objective of Secure Sockets Layer (SSL) is to en...; Question 376: A top-down approach to the development of operational polici...; Question 377: Which of the following is the MOST reliable sender authentic...; Question 378: Which of the following will BEST ensure the successful offsh...; Question 379: A lower recovery time objective (RTO) results in:...; Question 380: When reviewing IS strategies, an IS auditor can BEST assess ...; Question 381: Which of the following is a substantive test?...; Question 382: During an exit interview, in cases where there is disagreeme...; Question 383: After completing the business impact analysis (BIA), what is...; Question 384: The network of an organization has been the victim of severa...; Question 385: The human resources (HR) department has developed a system t...; Question 386: An IS auditor who is reviewing incident reports discovers th...; Question 387: What is the recommended initial step for an IS auditor to im...; Question 388: Of the following alternatives, the FIRST approach to develop...; Question 389: What is the lowest level of the IT governance maturity model...; Question 390: Back Orifice is an example of:; Question 391: The PRIMARY goal of a web site certificate is:...; Question 392: What can be very helpful to an IS auditor when determining t...; Question 393: An IS auditor finds that a system under development has 12 l...; Question 394: A disaster recovery plan for an organization's financial sys...; Question 395: An IS auditor reviewing an accounts payable system discovers...; Question 396: During a postimplementation review of an enterprise resource...; Question 397: The development of an IS security policy is ultimately the r...; Question 398: What topology provides the greatest redundancy of routes and...; Question 399: To minimize the cost of a software project, quality manageme...; Question 400: Which of the following method should be recommended by secur...; Question 401: Which of the following is the key benefit of control self-as...; Question 402: Disaster recovery planning (DRP) addresses the:...; Question 403: Which of the following aspects of symmetric key encryption i...; Question 404: Which of the following provides the best evidence of the ade...; Question 405: Any changes in systems assets, such as replacement of hardwa...; Question 406: Which of the following tasks should be performed FIRST when ...; Question 407: If an IS auditor observes that an IS department fails to use...; Question 408: Which of the following is an advantage of an integrated test...; Question 409: When reviewing a project where quality is a major concern, a...; Question 410: During an audit, an IS auditor notices that the IT departmen...; Question 411: The most common reason for the failure of information system...; Question 412: Which of the following should be the MOST important consider...; Question 413: Fourth-Generation Languages (4GLs) are most appropriate for ...; Question 414: Which of the following situations would increase the likelih...; Question 415: When reviewing an intrusion detection system (IDS), an IS au...; Question 416: An advantage in using a bottom-up vs. a top-down approach to...; Question 417: The rate of change in technology increases the importance of...; Question 418: Test and development environments should be separated. True ...; Question 419: A poor choice of passwords and transmission over unprotected...; Question 420: Which of the following would be the MOST significant audit f...; Question 421: An audit charter should:; Question 422: Above almost all other concerns, what often results in the g...; Question 423: When reviewing input controls, an IS auditor observes that, ...; Question 424: Which of the following represents the GREATEST risk created ...; Question 425: The quality of the metadata produced from a data warehouse i...; Question 426: Is it appropriate for an IS auditor from a company that is c...; Question 427: An IS auditor reviewing a proposed application software acqu...; Question 428: Which of the following is a practice that should be incorpor...; Question 429: Which of the following would help to ensure the portability ...; Question 430: Of the three major types of off-site processing facilities, ...; Question 431: Which of the following message services provides the stronge...; Question 432: The MOST effective control for reducing the risk related to ...; Question 433: When protecting an organization's IT systems, which of the f...; Question 434: Who is responsible for restricting and monitoring access of ...; Question 435: "Under the concept of ""defense in depth"", subsystems shoul...; Question 436: The MOST effective biometric control system is the one:...; Question 437: Which of the following is a benefit of using callback device...; Question 438: A substantive test to verify that tape library inventory rec...; Question 439: Which of the following would an IS auditor consider to be th...; Question 440: During the development of an application, the quality assura...; Question 441: What often results in project scope creep when functional re...; Question 442: How is the risk of improper file access affected upon implem...; Question 443: Which of the following is the PRIMARY objective of an IT per...; Question 444: A sequence of bits appended to a digital document that is us...; Question 445: The majority of software vulnerabilities result from a few k...; Question 446: When is regression testing used to determine whether new app...; Question 447: An IS auditor is evaluating a corporate network for a possib...; Question 448: During the requirements definition phase of a software devel...; Question 449: Which of the following is an object-oriented technology char...; Question 450: Which of the following is the MOST secure and economical met...; Question 451: Who should be responsible for network security operations?...; Question 452: Which of the following is BEST characterized by unauthorized...; Question 453: Which of the following would an IS auditor use to determine ...; Question 454: What is an initial step in creating a proper firewall policy...; Question 455: An IS auditor interviewing a payroll clerk finds that the an...; Question 456: During an audit of an enterprise that is dedicated to e-comm...; Question 457: The MOST important reason for an IS auditor to obtain suffic...; Question 458: What is the key distinction between encryption and hashing a...; Question 459: What are trojan horse programs?...; Question 460: What is a primary high-level goal for an auditor who is revi...; Question 461: A decision support system (DSS):...; Question 462: In an organization where an IT security baseline has been de...; Question 463: Which of the following would BEST support 24/7 availability?...; Question 464: The reason for establishing a stop or freezing point on the ...; Question 465: Which of the following types of testing would determine whet...; Question 466: What is often the most difficult part of initial efforts in ...; Question 467: The MOST likely explanation for a successful social engineer...; Question 468: Which of the following tests is an IS auditor performing whe...; Question 469: An IS auditor is assigned to audit a software development pr...; Question 470: Why is a clause for requiring source code escrow in an appli...; Question 471: In an IS audit of several critical servers, the IS auditor w...; Question 472: The PRIMARY purpose for meeting with auditees prior to forma...; Question 473: An IS auditor is reviewing access to an application to deter...; Question 474: When developing a formal enterprise security program, the MO...; Question 475: Which of the following types of data validation editing chec...; Question 476: Distributed denial-of-service (DDOS) attacks on Internet sit...; Question 477: Which of the following provides the BEST single-factor authe...; Question 478: Which of the following is BEST suited for secure communicati...; Question 479: Which of the following biometrics has the highest reliabilit...; Question 480: To gain an understanding of the effectiveness of an organiza...; Question 481: Who is ultimately responsible for providing requirement spec...; Question 482: An organization has just completed their annual risk assessm...; Question 483: How is the time required for transaction processing review u...; Question 484: When reviewing a digital certificate verification process, w...; Question 485: Proper segregation of duties normally does not prohibit a LA...; Question 486: While conducting an audit of a service provider, an IS audit...; Question 487: An IS auditor identifies that reports on product profitabili...; Question 488: A primary benefit derived from an organization employing con...; Question 489: Who assumes ownership of a systems-development project and t...; Question 490: What would an IS auditor expect to find in the console log?...; Question 491: As a driver of IT governance, transparency of IT's cost, val...; Question 492: Integrating business continuity planning (BCP) into an IT pr...; Question 493: An organization's IS audit charter should specify the:...; Question 494: When implementing an IT governance framework in an organizat...; Question 495: The MAJOR advantage of the risk assessment approach over the...; Question 496: What process uses test data as part of a comprehensive test ...; Question 497: To provide protection for media backup stored at an offsite ...; Question 498: Which of the following provides the MOST relevant informatio...; Question 499: Which of the following is the MOST critical and contributes ...; Question 500: An intentional or unintentional disclosure of a password is ...; Question 501: Online banking transactions are being posted to the database...; Question 502: Proper segregation of duties prohibits a system analyst from...; Question 503: A company uses a bank to process its weekly payroll. Time sh...; Question 504: A virtual private network (VPN) provides data confidentialit...; Question 505: An organization has contracted with a vendor for a turnkey s...; Question 506: When identifying an earlier project completion time, which i...; Question 507: Which of the following exploit vulnerabilities to cause loss...; Question 508: A call-back system requires that a user with an id and passw...; Question 509: A disaster recovery plan for an organization should:...; Question 510: When performing a review of the structure of an electronic f...; Question 511: Which of the following would MOST effectively control the us...; Question 512: The PRIMARY objective of testing a business continuity plan ...; Question 513: At the end of the testing phase of software development, an ...; Question 514: A company has implemented a new client-server enterprise res...; Question 515: While reviewing sensitive electronic work papers, the IS aud...; Question 516: Proper segregation of duties prevents a computer operator (u...; Question 517: An IS auditor recommends that an initial validation control ...; Question 518: Which of the following would effectively verify the originat...; Question 519: During an audit of a business continuity plan (BCP), an IS a...; Question 520: What is the MOST prevalent security risk when an organizatio...; Question 521: Which of the following would be the BEST population to take ...; Question 522: What is often assured through table link verification and re...; Question 523: In planning an audit, the MOST critical step is the identifi...; Question 524: Which of the following does a lack of adequate security cont...; Question 525: The reason a certification and accreditation process is perf...; Question 526: Which of the following is MOST critical when creating data f...; Question 527: Organizations should use off-site storage facilities to main...; Question 528: When an employee is terminated from service, the MOST import...; Question 529: A live test of a mutual agreement for IT system recovery has...; Question 530: An offsite information processing facility having electrical...; Question 531: To minimize costs and improve service levels an outsourcer s...; Question 532: During which of the following phases in system development w...; Question 533: What control detects transmission errors by appending calcul...; Question 534: When a new system is to be implemented within a short time f...; Question 535: In the context of effective information security governance,...; Question 536: When selecting audit procedures, an IS auditor should use pr...; Question 537: The output of the risk management process is an input for ma...; Question 538: During an IS audit, one of your auditor has observed that so...; Question 539: Use of asymmetric encryption in an internet e-commerce site,...; Question 540: During Involuntary termination of an employee, which of the ...; Question 541: Why does the IS auditor often review the system logs?...; Question 542: Which of the following physical access controls effectively ...; Question 543: When evaluating the collective effect of preventive, detecti...; Question 544: Which of the following are effective in detecting fraud beca...; Question 545: Once an organization has finished the business process reeng...; Question 546: Which of the following would an IS auditor consider the MOST...; Question 547: A malicious code that changes itself with each file it infec...; Question 548: An advantage of using sanitized live transactions in test da...; Question 549: What is the most common purpose of a virtual private network...; Question 550: Change control for business application systems being develo...; Question 551: What are intrusion-detection systems (IDS) primarily used fo...; Question 552: Facilitating telecommunications continuity by providing redu...; Question 553: An organization having a number of offices across a wide geo...; Question 554: Proper segregation of duties does not prohibit a quality con...; Question 555: Which of the following can degrade network performance?...; Question 556: Which of the following methods of encryption has been proven...; Question 557: An off-site processing facility should be easily identifiabl...; Question 558: The use of statistical sampling procedures helps minimize:...; Question 559: The MAJOR advantage of a component-based development approac...; Question 560: The management of an organization has decided to establish a...; Question 561: Which of the following IT governance best practices improves...; Question 562: Which of the following translates e-mail formats from one ne...; Question 563: Whenever an application is modified, what should be tested t...; Question 564: When segregation of duties concerns exists between IT suppor...; Question 565: Which of the following attacks targets the Secure Sockets La...; Question 566: The most common problem in the operation of an intrusion det...; Question 567: The editing/validation of data entered at a remote site woul...; Question 568: An auditor needs to be aware of technical controls which are...; Question 569: The potential for unauthorized system access by way of termi...; Question 570: During a business continuity audit an IS auditor found that ...; Question 571: During the design of a business continuity plan, the busines...; Question 572: A retail outlet has introduced radio frequency identificatio...; Question 573: Which of the following attack is MOSTLY performed by an atta...; Question 574: During the review of a biometrics system operation, an IS au...; Question 575: An IS auditor is performing an audit of a network operating ...; Question 576: Which of the following potentially blocks hacking attempts?...; Question 577: Parity bits are a control used to validate:...; Question 578: Which of the following refers to an anomalous condition wher...; Question 579: The Secure Sockets Layer (SSL) protocol addresses the confid...; Question 580: How can minimizing single points of failure or vulnerabiliti...; Question 581: The FIRST step in a successful attack to a system would be:...; Question 582: Who is responsible for authorizing access level of a data us...; Question 583: When auditing a disaster recovery plan for a critical busine...; Question 584: When implementing an application software package, which of ...; Question 585: A transaction journal provides the information necessary for...; Question 586: The PRIMARY purpose of audit trails is to:...; Question 587: What is a data validation edit control that matches input da...; Question 588: An IS auditor is reviewing the physical security measures of...; Question 589: The MOST likely effect of the lack of senior management comm...; Question 590: What is the BEST approach to mitigate the risk of a phishing...; Question 591: Which of the following would contribute MOST to an effective...; Question 592: An IS auditor finds that conference rooms have active networ...; Question 593: Which of the following would be the MOST cost-effective reco...; Question 594: When reviewing an organization's strategic IT plan an IS aud...; Question 595: Security should ALWAYS be an all or nothing issue....; Question 596: During the review of a web-based software development projec...; Question 597: Key verification is one of the best controls for ensuring th...; Question 598: An IS auditor is reviewing a project that is using an Agile ...; Question 599: Authentication techniques for sending and receiving data bet...; Question 600: A database administrator is responsible for:...; Question 601: After identifying potential security vulnerabilities, what s...; Question 602: An IS auditor should expect which of the following items to ...; Question 603: Which of the following audit techniques would BEST aid an au...; Question 604: To affix a digital signature to a message, the sender must f...; Question 605: Which of the following disaster recovery/continuity plan com...; Question 606: Validated digital signatures in an e-mail software applicati...; Question 607: To optimize an organization's business contingency plan (BCP...; Question 608: In an online transaction processing system, data integrity i...; Question 609: During a change control audit of a production system, an IS ...; Question 610: Data flow diagrams are used by IS auditors to:...; Question 611: The advantage of a bottom-up approach to the development of ...; Question 612: When developing a business continuity plan (BCP), which of t...; Question 613: A PRIMARY benefit derived from an organization employing con...; Question 614: The use of residual biometric information to gain unauthoriz...; Question 615: During the collection of forensic evidence, which of the fol...; Question 616: Which of the following would be the GREATEST cause for conce...; Question 617: What can ISPs use to implement inbound traffic filtering as ...; Question 618: To prevent IP spoofing attacks, a firewall should be configu...; Question 619: Which of the following is an advantage of the top-down appro...; Question 620: Who is responsible for the overall direction, costs, and tim...; Question 621: A computer system is no more secure than the human systems r...; Question 622: To detect attack attempts that the firewall is unable to rec...; Question 623: Which of the following statement correctly describes the dif...; Question 624: The PRIMARY objective of an audit of IT security policies is...; Question 625: Which of the following is normally a responsibility of the c...; Question 626: A company has recently upgraded its purchase system to incor...; Question 627: The responsibilities of a disaster recovery relocation team ...; Question 628: What type of risk is associated with authorized program exit...; Question 629: When auditing third-party service providers, an IS auditor s...; Question 630: A company has decided to implement an electronic signature s...; Question 631: As part of the business continuity planning process, which o...; Question 632: An IS auditor performing a review of the backup processing f...; Question 633: An IS auditor should use statistical sampling and not judgme...; Question 634: Which of the following encryption techniques will BEST prote...; Question 635: E-mail traffic from the Internet is routed via firewall-1 to...; Question 636: Which of the following types of attack almost always require...; Question 637: To aid management in achieving IT and business alignment, an...; Question 638: Due to changes in IT, the disaster recovery plan of a large ...; Question 639: An organization has a mix of access points that cannot be up...; Question 640: How is risk affected if users have direct access to a databa...; Question 641: Which of the following is an appropriate test method to appl...; Question 642: An IS auditor is reviewing an IT security risk management pr...; Question 643: Which of the following statement INCORRECTLY describes anti-...; Question 644: Which of the following is the BEST way to handle obsolete ma...; Question 645: The IS auditor learns that when equipment was brought into t...; Question 646: The extent to which data will be collected during an IS audi...; Question 647: A data administrator is responsible for:...; Question 648: Which of the following is the PRIMARY advantage of using com...; Question 649: A financial services organization is developing and document...; Question 650: When an organization is outsourcing their information securi...; Question 651: An IS auditor finds that user acceptance testing of a new sy...; Question 652: During a disaster recovery test, an IS auditor observes that...; Question 653: What can be used to help identify and investigate unauthoriz...; Question 654: An IS auditor can verify that an organization's business con...; Question 655: An IS auditor reviewing access controls for a client-server ...; Question 656: Following best practices, formal plans for implementation of...; Question 657: Which of the following methods of suppressing a fire in a da...; Question 658: Buffer overflow aims primarily at corrupting:...; Question 659: Which of the following would normally be the MOST reliable e...; Question 660: A company undertakes a business process reengineering (BPR) ...; Question 661: An IS auditor attempting to determine whether access to prog...; Question 662: Rather than simply reviewing the adequacy of access control,...; Question 663: In a public key infrastructure (PKI), the authority responsi...; Question 664: An IS auditor reviewing an organization's IT strategic plan ...; Question 665: Processing controls ensure that data is accurate and complet...; Question 666: An IS auditor is evaluating management's risk assessment of ...; Question 667: Which of the following fire-suppression methods is considere...; Question 668: The waterfall life cycle model of software development is mo...; Question 669: Which of the following type of lock uses a numeric keypad or...; Question 670: IS management recently replaced its existing wired local are...; Question 671: When should an application-level edit check to verify that a...; Question 672: When should plans for testing for user acceptance be prepare...; Question 673: Which of the following are effective controls for detecting ...; Question 674: After implementation of a disaster recovery plan, pre-disast...; Question 675: Which of the following statement is NOT true about smoke det...; Question 676: Which of the following is a data validation edit and control...; Question 677: Ideally, stress testing should be carried out in a:...; Question 678: What is the PRIMARY purpose of audit trails?...; Question 679: An organization with extremely high security requirements is...; Question 680: Which of the following is the MOST important element for the...; Question 681: Which of the following is the MOST robust method for disposi...; Question 682: Which of the following are designed to detect network attack...; Question 683: Which of the following reduces the potential impact of socia...; Question 684: The frequent updating of which of the following is key to th...; Question 685: Depending on the complexity of an organization's business co...; Question 686: The PRIMARY advantage of a continuous audit approach is that...; Question 687: To properly evaluate the collective effect of preventative, ...; Question 688: An IS auditor conducting a review of software usage and lice...; Question 689: What are used as the framework for developing logical access...; Question 690: What type of risk results when an IS auditor uses an inadequ...; Question 691: While conducting an audit, an IS auditor detects the presenc...; Question 692: Which of the following intrusion detection systems (IDSs) wi...; Question 693: An investment advisor e-mails periodic newsletters to client...; Question 694: If a programmer has update access to a live system, IS audit...; Question 695: To support an organization's goals, an IS department should ...; Question 696: Which of the following is the BEST performance criterion for...; Question 697: Default permit is only a good approach in an environment whe...; Question 698: What type of approach to the development of organizational p...; Question 699: In which of the following situations is it MOST appropriate ...; Question 700: Of the three major types of off-site processing facilities, ...; Question 701: Which of the following protocol is developed jointly by VISA...; Question 702: An IS auditor should carefully review the functional require...; Question 703: Which of the following is a characteristic of timebox manage...; Question 704: The BEST method for assessing the effectiveness of a busines...; Question 705: At a hospital, medical personal carry handheld computers whi...; Question 706: The MAIN purpose for periodically testing offsite facilities...; Question 707: What does PKI use to provide some of the strongest overall c...; Question 708: Batch control reconciliation is a _____________________ (fil...; Question 709: An organization has an integrated development environment (I...; Question 710: The GREATEST benefit in implementing an expert system is the...; Question 711: In wireless communication, which of the following controls a...; Question 712: When transmitting a payment instruction, which of the follow...; Question 713: Which of the following should be a concern to an IS auditor ...; Question 714: After the merger of two organizations, multiple self-develop...; Question 715: An IS auditor reviewing the risk assessment process of an or...; Question 716: There are several types of penetration tests depending upon ...; Question 717: In the course of performing a risk analysis, an IS auditor h...; Question 718: When are benchmarking partners identified within the benchma...; Question 719: Establishing data ownership is an important first step for w...; Question 720: A financial institution that processes millions of transacti...; Question 721: During the system testing phase of an application developmen...; Question 722: An offsite information processing facility:...; Question 723: What is an effective control for granting temporary access t...; Question 724: What determines the strength of a secret key within a symmet...; Question 725: When assessing the design of network monitoring controls, an...; Question 726: Sending a message and a message hash encrypted by the sender...; Question 727: With the objective of mitigating the risk and impact of a ma...; Question 728: An IS auditor has imported data from the client's database. ...; Question 729: What is used as a control to detect loss, corruption, or dup...; Question 730: Which of the following option INCORRECTLY describes PBX feat...; Question 731: An organization can ensure that the recipients of e-mails fr...; Question 732: Which of the following is the dominating objective of BCP an...; Question 733: Which testing approach is MOST appropriate to ensure that in...; Question 734: To assist an organization in planning for IT investments, an...; Question 735: The risks associated with electronic evidence gathering woul...; Question 736: IS management has decided to install a level 1 Redundant Arr...; Question 737: E-mail message authenticity and confidentiality is BEST achi...; Question 738: Which of the following encrypt/decrypt steps provides the GR...; Question 739: Attack amplifier is often being HEAVILY relied upon on by wh...; Question 740: The PRIMARY reason an IS auditor performs a functional walkt...; Question 741: Which of the following is a benefit of a risk-based approach...; Question 742: What is an effective countermeasure for the vulnerability of...; Question 743: Which of the following is by far the most common prevention ...; Question 744: Many organizations require an employee to take a mandatory v...; Question 745: Which of the following would BEST provide assurance of the i...; Question 746: ________ (fill in the blank) is/are ultimately accountable f...; Question 747: The MAJOR consideration for an IS auditor reviewing an organ...; Question 748: Which of the following should an IS auditor review to determ...; Question 749: Overall business risk for a particular threat can be express...; Question 750: With respect to business continuity strategies, an IS audito...; Question 751: Which of the following is the MOST important objective of da...; Question 752: After initial investigation, an IS auditor has reasons to be...; Question 753: Mitigating the risk and impact of a disaster or business int...; Question 754: Responsibility and reporting lines cannot always be establis...; Question 755: When two or more systems are integrated, input/output contro...; Question 756: Which of the following provides the strongest authentication...; Question 757: Which of the following BEST describes the necessary document...; Question 758: What type(s) of firewalls provide(s) the greatest degree of ...; Question 759: The purpose of business continuity planning and disaster-rec...; Question 760: To develop a successful business continuity plan, end user i...; Question 761: While evaluating logical access control the IS auditor shoul...; Question 762: An IS auditor evaluating logical access controls should FIRS...; Question 763: The use of object-oriented design and development techniques...; Question 764: The BEST method of proving the accuracy of a system tax calc...; Question 765: What is an acceptable mechanism for extremely time-sensitive...; Question 766: What is the first step in a business process re-engineering ...; Question 767: An IS auditor has been asked to participate in project initi...; Question 768: An organization is using symmetric encryption. Which of the ...; Question 769: Which of the following kinds of function are particularly vu...; Question 770: If inadequate, which of the following would be the MOST like...; Question 771: Which of the following risks could result from inadequate so...; Question 772: Which of the following is the BEST method for determining th...; Question 773: Which of the following is a passive attack to a network?...; Question 774: What uses questionnaires to lead the user through a series o...; Question 775: Ensuring that security and control policies support business...; Question 776: In an audit of an inventory application, which approach woul...; Question 777: The PRIMARY objective of implementing corporate governance b...; Question 778: What is a callback system?; Question 779: The BEST filter rule for protecting a network from being use...; Question 780: A benefit of open system architecture is that it:...; Question 781: Which of the following goals would you expect to find in an ...; Question 782: Functionality is a characteristic associated with evaluating...; Question 783: How does the SSL network protocol provide confidentiality?...; Question 784: In a public key infrastructure (PKI), which of the following...; Question 785: By evaluating application development projects against the c...; Question 786: An organization has outsourced its wide area network (WAN) t...; Question 787: There are several methods of providing telecommunications co...; Question 788: After an IS auditor has identified threats and potential imp...; Question 789: Which of the following would MOST likely indicate that a cus...; Question 790: Which of the following is the MOST important action in recov...; Question 791: Which of the following refers to the proving of mathematical...; Question 792: Which of the following processes are performed during the de...; Question 793: To ensure an organization is complying with privacy requirem...; Question 794: The sender of a public key would be authenticated by a:...; Question 795: What is used to provide authentication of the website and ca...; Question 796: Which of the following attack involves sending forged ICMP E...; Question 797: What should regression testing use to obtain accurate conclu...; Question 798: Business units are concerned about the performance of a newl...; Question 799: An IS steering committee should:...; Question 800: A team conducting a risk analysis is having difficulty proje...; Question 801: A data center has a badge-entry system. Which of the followi...; Question 802: A penetration test performed as part of evaluating network s...; Question 803: Which of the following best characterizes "worms"?...; Question 804: Library control software restricts source code to:...; Question 805: An IS auditor is using a statistical sample to inventory the...; Question 806: Which of the following would be the MOST effective audit tec...; Question 807: An organization is considering connecting a critical PC-base...; Question 808: Which of the following is an implementation risk within the ...; Question 809: Which of the following backup techniques is the MOST appropr...; Question 810: An IS auditor performing a review of an application's contro...; Question 811: The knowledge base of an expert system that uses questionnai...; Question 812: If an IS auditor observes that individual modules of a syste...; Question 813: Which of the following would prevent accountability for an a...; Question 814: Which of the following attack occurs when a malicious action...; Question 815: An integrated test facility is considered a useful audit too...; Question 816: A firewall is being deployed at a new location. Which of the...; Question 817: An IS auditor is reviewing a software-based configuration. W...; Question 818: Which of the following attack is against computer network an...; Question 819: Which of the following controls would be the MOST comprehens...; Question 820: Which of the following PBX feature allows a PBX to be config...; Question 821: Which of the following term describes a failure of an electr...; Question 822: Who is responsible for implementing cost-effective controls ...; Question 823: Which of the following activities should the business contin...; Question 824: As compared to understanding an organization's IT process fr...; Question 825: Which of the following is MOST likely to result from a busin...; Question 826: Which of the following should an IS auditor review to gain a...; Question 827: An IS auditor noted that an organization had adequate busine...; Question 828: When reviewing the IT strategic planning process, an IS audi...; Question 829: Business process re-engineering often results in ___________...; Question 830: An appropriate control for ensuring the authenticity of orde...; Question 831: Upon receipt of the initial signed digital certificate the u...; Question 832: From a risk management point of view, the BEST approach when...; Question 833: Network ILD&P are typically installed:...; Question 834: A large chain of shops with electronic funds transfer (EFT) ...; Question 835: If a database is restored from information backed up before ...; Question 836: An organization has outsourced its help desk activities. An ...; Question 837: Which of the following protocol is PRIMARILY used to provide...; Question 838: Which of the following is the GREATEST risk to the effective...; Question 839: The activation of an enterprise's business continuity plan s...; Question 840: An accuracy measure for a biometric system is:...; Question 841: IS management is considering a Voice-over Internet Protocol ...; Question 842: Which of the following is a function of an IS steering commi...; Question 843: Which of the following is the MOST effective control over vi...; Question 844: Which of the following is an attribute of the control self-a...; Question 845: A perpetrator looking to gain access to and gather informati...; Question 846: What is a common vulnerability, allowing denial-of-service a...; Question 847: Which of the following is the MOST important criterion when ...; Question 848: Which of the following is a passive attack method used by in...; Question 849: Which of the following is the most important element in the ...; Question 850: Which of the following network configuration options contain...; Question 851: Which of the following is the MOST reasonable option for rec...; Question 852: The directory system of a database-management system describ...; Question 853: With respect to the outsourcing of IT services, which of the...; Question 854: An IS auditor reviewing wireless network security determines...; Question 855: An organization is planning to replace its wired networks wi...; Question 856: If an IS auditor finds evidence of risk involved in not impl...; Question 857: Which of the following attack could be avoided by creating m...; Question 858: Which of the following is a sophisticated computer based swi...; Question 859: Digital signatures require the sender to "sign" the data by ...; Question 860: COBIT 5 separates information goals into three sub-dimension...; Question 861: Which of the following hardware devices relieves the central...; Question 862: Which of the following help(s) prevent an organization's sys...; Question 863: An organization has implemented a disaster recovery plan. Wh...; Question 864: Which of the following terms refers to systems designed to d...; Question 865: Which type of major BCP test only requires representatives f...; Question 866: Which of the following would provide the BEST protection aga...; Question 867: What type of cryptosystem is characterized by data being enc...; Question 868: isk analysis is not always possible because the IS auditor i...; Question 869: Why is one-time pad not always preferable for encryption (ch...; Question 870: In order to properly protect against unauthorized disclosure...; Question 871: An IS auditor reviews an organizational chart PRIMARILY for:...; Question 872: Which of the following do digital signatures provide?...; Question 873: Corrective action has been taken by an auditee immediately a...; Question 874: Which of the following typically focuses on making alternati...; Question 875: What benefit does using capacity-monitoring software to moni...; Question 876: Confidentiality of the data transmitted in a wireless LAN is...; Question 877: What is the most common reason for information systems to fa...; Question 878: Which of the following is a good control for protecting conf...; Question 879: During an IS audit, auditor has observed that authentication...; Question 880: Before implementing an IT balanced scorecard, an organizatio...; Question 881: Which of the following should be of MOST concern to an IS au...; Question 882: Network Data Management Protocol (NDMP) technology should be...; Question 883: Network environments often add to the complexity of program-...; Question 884: While planning an audit, an assessment of risk should be mad...; Question 885: IS auditors are MOST likely to perform compliance tests of i...; Question 886: If a database is restored using before-image dumps, where sh...; Question 887: Which of the following BEST supports the prioritization of n...; Question 888: Which of the following Confidentiality, Integrity, Availabil...; Question 889: When planning to add personnel to tasks imposing time constr...; Question 890: Which of the following forms of evidence for the auditor wou...; Question 891: IS management has decided to rewrite a legacy customer relat...; Question 892: Private Branch Exchange(PBX) environment involves many secur...; Question 893: Which of the following biometrics methods provides the HIGHE...; Question 894: What is the primary objective of a control self-assessment (...; Question 895: Over the long term, which of the following has the greatest ...; Question 896: Regarding digital signature implementation, which of the fol...

Question 144/896

LEAVE A REPLY

Download PDF File