CISA : Certified Information Systems Auditor : Part 125
-
What process allows IS management to determine whether the activities of the organization differ from the planned or expected levels?
- Business impact assessment
- Risk assessment
- IS assessment methods
- Key performance indicators (KPIs)
Explanation:
IS assessment methods allow IS management to determine whether the activities of the organization differ from the planned or expected levels. -
When should reviewing an audit client’s business plan be performed relative to reviewing an organization’s IT strategic plan?
- Reviewing an audit client’s business plan should be performed before reviewing an organization’s IT strategic plan.
- Reviewing an audit client’s business plan should be performed after reviewing an organization’s IT strategic plan.
- Reviewing an audit client’s business plan should be performed during the review of an organization’s IT strategic plan.
- Reviewing an audit client’s business plan should be performed without regard to an organization’s IT strategic plan.
Explanation:
Reviewing an audit client’s business plan should be performed before reviewing an organization’s IT strategic plan. -
Allowing application programmers to directly patch or change code in production programs increases risk of fraud. True or false?
- True
- False
Explanation:
Allowing application programmers to directly patch or change code in production programs increases risk of fraud. -
Who should be responsible for network security operations?
- Business unit managers
- Security administrators
- Network administrators
- IS auditors
Explanation:
Security administrators are usually responsible for network security operations. -
Proper segregation of duties does not prohibit a quality control administrator from also being responsible for change control and problem management. True or false?
- True
- False
Explanation:
Proper segregation of duties does not prohibit a quality-control administrator from also being responsible for change control and problem management. -
What can be implemented to provide the highest level of protection from external attack?
- Layering perimeter network protection by configuring the firewall as a screened host in a screened subnet behind the bastion host
- Configuring the firewall as a screened host behind a router
- Configuring the firewall as the protecting bastion host
- Configuring two load-sharing firewalls facilitating VPN access from external hosts to internal hosts
Explanation:
Layering perimeter network protection by configuring the firewall as a screened host in a screened subnet behind the bastion host provides a higher level of protection from external attack than all other answers. -
The directory system of a database-management system describes:
- The access method to the data
- The location of data AND the access method
- The location of data
- Neither the location of data NOR the access method
Explanation:
The directory system of a database-management system describes the location of data and the access method. -
How is the risk of improper file access affected upon implementing a database system?
- Risk varies.
- Risk is reduced.
- Risk is not affected.
- Risk is increased.
Explanation:
Improper file access becomes a greater risk when implementing a database system. -
In order to properly protect against unauthorized disclosure of sensitive data, how should hard disks be sanitized?
- The data should be deleted and overwritten with binary 0s.
- The data should be demagnetized.
- The data should be low-level formatted.
- The data should be deleted.
Explanation:
To properly protect against unauthorized disclosure of sensitive data, hard disks should be demagnetized before disposal or release. -
When reviewing print systems spooling, an IS auditor is MOST concerned with which of the following vulnerabilities?
- The potential for unauthorized deletion of report copies
- The potential for unauthorized modification of report copies
- The potential for unauthorized printing of report copies
- The potential for unauthorized editing of report copies
Explanation:
When reviewing print systems spooling, an IS auditor is most concerned with the potential for unauthorized printing of report copies. -
Why is the WAP gateway a component warranting critical concern and review for the IS auditor when auditing and testing controls enforcing message confidentiality?
- WAP is often configured by default settings and is thus insecure.
- WAP provides weak encryption for wireless traffic.
- WAP functions as a protocol-conversion gateway for wireless TLS to Internet SSL.
- WAP often interfaces critical IT systems.
Explanation:
Functioning as a protocol-conversion gateway for wireless TLS to Internet SSL, the WAP gateway is a component warranting critical concern and review for the IS auditor when auditing and testing controls that enforce message confidentiality -
Proper segregation of duties prevents a computer operator (user) from performing security administration duties. True or false?
- True
- False
Explanation:
Proper segregation of duties prevents a computer operator (user) from performing security administration duties. -
How do modems (modulation/demodulation) function to facilitate analog transmissions to enter a digital network?
- Modems convert analog transmissions to digital, and digital transmission to analog.
- Modems encapsulate analog transmissions within digital, and digital transmissions within analog.
- Modems convert digital transmissions to analog, and analog transmissions to digital.
- Modems encapsulate digital transmissions within analog, and analog transmissions within digital.
Explanation:
Modems (modulation/demodulation) convert analog transmissions to digital, and digital transmissions to analog, and are required for analog transmissions to enter a digital network. -
Which of the following are effective in detecting fraud because they have the capability to consider a large number of variables when trying to resolve a problem?
- Expert systems
- Neural networks
- Integrated synchronized systems
- Multitasking applications
Explanation:
Neural networks are effective in detecting fraud because they have the capability to consider a large number of variables when trying to resolve a problem. -
What supports data transmission through split cable facilities or duplicate cable facilities?
- Diverse routing
- Dual routing
- Alternate routing
- Redundant routing
Explanation:
Diverse routing supports data transmission through split cable facilities, or duplicate cable facilities. -
What type(s) of firewalls provide(s) the greatest degree of protection and control because both firewall technologies inspect all seven OSI layers of network traffic?
- A first-generation packet-filtering firewall
- A circuit-level gateway
- An application-layer gateway, or proxy firewall, and stateful-inspection firewalls
- An application-layer gateway, or proxy firewall, but not stateful-inspection firewalls
Explanation:
An application-layer gateway, or proxy firewall, and stateful-inspection firewalls provide the greatest degree of protection and control because both firewall technologies inspect all seven OSI layers of network traffic. -
Which of the following can degrade network performance?
- Superfluous use of redundant load-sharing gateways
- Increasing traffic collisions due to host congestion by creating new collision domains
- Inefficient and superfluous use of network devices such as switches
- Inefficient and superfluous use of network devices such as hubs
Explanation:
Inefficient and superfluous use of network devices such as hubs can degrade network performance. -
Which of the following provide(s) near-immediate recoverability for time-sensitive systems and transaction processing?
- Automated electronic journaling and parallel processing
- Data mirroring and parallel processing
- Data mirroring
- Parallel processing
Explanation:
Data mirroring and parallel processing are both used to provide near- immediate recoverability for time-sensitive systems and transaction processing. -
What is an effective control for granting temporary access to vendors and external support personnel?
- Creating user accounts that automatically expire by a predetermined date
- Creating permanent guest accounts for temporary use
- Creating user accounts that restrict logon access to certain hours of the day
- Creating a single shared vendor administrator account on the basis of least-privileged access
Explanation:
Creating user accounts that automatically expire by a predetermined date is an effective control for granting temporary access to vendors and external support personnel. -
Which of the following help(s) prevent an organization’s systems from participating in a distributed denial-of-service (DDoS) attack?
- Inbound traffic filtering
- Using access control lists (ACLs) to restrict inbound connection attempts
- Outbound traffic filtering
- Recentralizing distributed systems
Explanation:
Outbound traffic filtering can help prevent an organization’s systems from participating in a distributed denial-of-service (DDoS) attack.
Subscribe
0 Comments
Newest