Studied by 0 people
Looks like no one added any tags here yet for you.
You are an information system auditor of HDA Inc. Which of the following provides the MOST useful information regarding an organization‘s risk appetite and tolerance?
A. Risk assessment reports
B. Risk Register
C. Risk profile
D. Incident response plans
Risk profile
Explanation: A risk profile provides comprehensive information about an organization‘s risk appetite and tolerance. It encompasses an understanding of the organization‘s willingness to take on risks to achieve its objectives and the level of risk it can tolerate. The risk profile considers various factors such as industry norms, regulatory requirements, strategic objectives, and stakeholder expectations. It helps in setting risk management strategies, prioritizing risk responses, and aligning risk-taking decisions with the organization‘s overall goals.
You are an information system auditor of HDA Inc. You noted that a security loop was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following could be the most common cause?
A. Absence of a qualified developer
B. Absence of UAT and business sign-off procedures
C. Inadequate code review process
D. Lack of intrusion detection systems
Absence of UAT and business sign-off procedures
Explanation: UAT involves testing the application in a real-world environment with actual users to ensure it meets their requirements and performs as expected. Business sign-off procedures involve obtaining formal approval from business stakeholders, indicating their acceptance of the application‘s functionality and readiness for production. The absence of UAT and business sign-off procedures increases the risk of undetected issues or vulnerabilities remaining in the application. If the application was not adequately tested by end-users or did not receive formal approval, it could lead to the recurrence of the same issue. Without comprehensive testing and validation, it is possible that the original issue was not completely resolved, resulting in its reappearance after the release.
What is the primary objective of implementing parallel processing while a new system is being made live?
A. Reduced implementation time and cost
B. Improved system performance and scalability
C. Enhanced data security and integrity
D. To determine whether the new system will support the functional requirements
To determine whether the new system will support the functional requirements
Explanation: In the context of a new system implementation, parallel processing can be used to execute the new system alongside the existing system during a transition phase. By implementing parallel processing, organizations can evaluate and compare the performance and functionality of the new system in parallel with the existing system. This approach allows them to assess whether the new system adequately meets the functional requirements of the business. It provides an opportunity to identify any gaps or deficiencies in the new system and make necessary adjustments or enhancements before fully migrating to it.
What is the primary objective of an IT balanced scorecard?
A. To allocate IT budgets effectively
B. To ensure compliance with IT policies
C. To measure the performance of the IT
D. To manage IT projects efficiently
To measure the performance of the IT
Explanation: The primary objective of an IT balanced scorecard is to measure the performance of the IT function within an organization. It provides a comprehensive framework for evaluating and assessing various aspects of IT performance, including financial, customer, internal processes, and learning and growth perspectives.
Which of the following is the best tool to measure the performance, risks, and capabilities of an IT environment?
A. IT balanced scorecard
B. SWOT analysis
C. Root cause analysis
D. Project management software
IT balanced scorecard
Explanation: The IT balanced scorecard is a comprehensive tool used to measure the performance, risks, and capabilities of an IT environment. It provides a balanced view of various aspects of IT management, including financial, customer, internal processes, and learning and growth perspectives. The IT balanced scorecard allows organizations to track key performance indicators (KPIs) related to IT, such as system uptime, response time, customer satisfaction, security incidents, and employee training. By measuring these KPIs, organizations can assess the overall performance and identify areas for improvement within their IT environment.
You are the information system auditor of HDA Inc. You are conducting an assessment of an organization‘s vulnerability scanning system and have discovered that it is configured to use vendor default settings to identify vulnerabilities. What is your MAIN concern regarding this configuration?
A. System may generate excessive false positives, leading to alert fatigue.
B. System may not effectively detect and prevent data breaches.
C. Organization may incur additional costs for customizing the DLP system.
D. Identified vulnerabilities may not match the organization‘s risk profile.
Identified vulnerabilities may not match the organization‘s risk profile.
Explanation: The main concern in this scenario is that by relying solely on vendor default settings, the organization‘s vulnerability scanning system may not adequately align with the specific risk profile and security requirements of the organization. Customizing the vulnerability scanning system based on the organization‘s risk profile ensures that it focuses on identifying and preventing violations that are most relevant to the organization‘s specific environment and data protection needs.
You are an information system auditor of HDA Inc. You have been assigned the task of implementing a data classification program. Your first step should be:
A. To conduct a risk assessment of the organization‘s data assets.
B. To train employees on data classification policies and procedures.
C. To establish a cross-functional data classification team.
D. To ensure the availability of an approved data classification policy.
To ensure the availability of an approved data classification policy.
Explanation: When implementing a data classification program, the first step should be to ensure the availability of an approved data classification policy. This policy serves as the foundation and reference point for the entire program. It outlines the criteria, guidelines, and procedures for classifying data within the organization.
Conducting a risk assessment of the organization‘s data assets is an important step in the implementation process, but it typically follows the establishment of a data classification policy. The policy provides the framework for assessing risks and assigning appropriate classification levels to data.
Which of the following methods is considered the most effective in aligning IT with business objectives?
A. Implementing the latest technology trends
B. Hiring a skilled IT workforce
C. Developing and monitoring key performance indicators (KPIs)
D. Conducting regular IT audits
Developing and monitoring key performance indicators (KPIs)
Explanation: Aligning IT with business objectives is essential for the successful operation of an organization. By developing and monitoring key performance indicators (KPIs), businesses can effectively measure and evaluate the performance of their IT systems and processes in relation to their overall business goals. KPIs provide measurable and quantifiable metrics that reflect the progress and success of IT initiatives in contributing to the organization‘s objectives.
You are the information system auditor of HDA Inc. You are reviewing the installation of a new server. You would primarily ensure that:
A. The server hardware meets the organization‘s performance requirements.
B. The server is compatible with the existing network infrastructure.
C. The server software is properly licensed.
D. Security settings are set as per the information security policy of the organization.
Security settings are set as per the information security policy of the organization.
Explanation: As an information system auditor, one of the primary objectives during the review of a new server installation is to ensure that security settings are set in accordance with the organization‘s information security policy.
You are the information system auditor of HDA Inc. You observed employees often made mistakes and classify the data at the incorrect level. Your best recommendation would be:
A. Implement stricter data classification policies and guidelines.
B. Increase the number of data classification personnel.
C. Enhance the data classification software and tools.
D. Conduct frequent training and awareness about information classification policies.
Conduct frequent training and awareness about information classification policies.
Explanation: When data is frequently classified at the incorrect level within an organization, it indicates a lack of understanding or awareness regarding information classification policies. Conducting frequent training and raising awareness about these policies is the most effective way to improve the situation.
Which of the following is the most effective method to optimize data storage?
A. Implementing a robust backup system
B. Allowing unlimited email attachment sizes
C. conducting frequent employee training
D. Email attachment should not be allowed to exceed a specified limit
Email attachment should not be allowed to exceed a specified limit
Explanation: The most effective method to optimize data storage is by not allowing email attachments to exceed a specified limit. Limiting the size of email attachments helps to control the amount of storage space consumed by emails. By setting a maximum attachment size, organizations can prevent the unnecessary accumulation of large files within email systems, which can quickly consume storage resources. This strategy encourages users to adopt alternative methods for sharing large files, such as utilizing file sharing services or cloud storage solutions, thereby optimizing data storage and maintaining efficient email systems.
You are auditing the adequacy of the organization‘s privacy policy. Which of the following is the BEST source of information for you to use as a baseline?
A. Industry best practices
B. Company‘s financial statements
C. Applicable privacy regulations
D. Employee feedback
Applicable privacy regulations
Explanation: When assessing the adequacy of an organization‘s privacy policy, the best source of information for an IS auditor to use as a baseline is applicable privacy regulations. Privacy regulations, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA), provide legal requirements and standards that organizations must adhere to regarding the handling of personal information. These regulations outline the necessary safeguards, consent requirements, breach notification procedures, and other privacy-related aspects that should be included in a comprehensive privacy policy. By referring to the applicable privacy regulations, the IS auditor can ensure that the organization‘s privacy policy aligns with the legal requirements and industry standards, providing a solid foundation for privacy protection.
Industry best practices may offer additional insights, but they do not provide the same level of regulatory compliance assurance as applicable privacy regulations.
You are auditing a data center and assessing the deployment of environmental equipment. Which of the following types of environmental equipment will MOST likely be deployed below the floor tiles of a data center?
A. Water sensors
B. Fire extinguishers
C. Security cameras
D. HVAC systems
Water sensors
Explanation: One of the primary concerns in a data center is the prevention of water damage, as water can cause severe disruptions and hardware failures. To mitigate this risk, data centers often deploy water sensors below the floor tiles. These sensors are designed to detect water leaks or flooding and trigger alarms or alerts when moisture is detected. By placing water sensors below the floor tiles, any water leakage from sources like broken pipes or leaks from cooling systems can be quickly identified, allowing prompt action to prevent or minimize damage.
Which of the following audit finding should be considered as highest risk in a network audit?
A. Insufficient firewall rule documentation.
B. Weak password policies across user accounts
C. Outdated antivirus software on workstations.
D. Network device inventory is not maintained.
Network device inventory is not maintained
Explanation: The highest-risk finding among the given options is the lack of network device inventory maintenance. Maintaining an accurate inventory of network devices is crucial for effective network security management. Without an updated inventory, it becomes challenging to identify unauthorized or rogue devices connected to the network. This increases the risk of potential security breaches, unauthorized access, or compromised network infrastructure. Additionally, maintaining an inventory helps in planning, monitoring, and implementing appropriate security controls for network devices.
You are an information system auditor at HDA Inc. You want to discuss a few risks in relation to data quality. You should primarily contact :
A. Chief Financial Officer (CFO).
B. Chief Compliance Officer (CCO).
C. Information Security Team
D. Business owner.
Business owner
Explanation: The business owner holds the primary responsibility for the data and related processes within an organization. As such, they are best positioned to understand the potential impact of IT control risks on data quality and make informed decisions about accepting those risks. The business owner has a deep understanding of the business objectives, requirements, and dependencies associated with the data, enabling them to weigh the potential benefits and consequences of accepting such risks.
You are an information system auditor at HDA Inc. You are reviewing the organizations data classification scheme. You should be primarily determine that:
A. The data classification scheme is reviewed and updated regularly
B. The procedure to protect the information is documented for each type of classification
C. The data classification scheme is aligned with industry standards
D. The data classification scheme is reviewed by an external auditor
The procedure to protect the information is documented for each type of classification
Explanation: Having a documented procedure in place for protecting information based on its classification helps to ensure that the appropriate level of protection is applied to the information. This can help to prevent unauthorized access or disclosure of sensitive information, and can help to ensure that the information is protected in accordance with its level of sensitivity.
You are an information system auditor at HDA Inc. You are reviewing the organization‘s data migration procedure. Which of the following is the most important action?
A. Availability of migration audit procedure
B. Compliance with data protection regulations.
C. Documentation of project timelines.
D. Availability of a roll-back plan.
Availability of a roll-back plan
Explanation: When evaluating an organization‘s data conversion and infrastructure migration plan, the availability of a roll-back plan is the most important aspect for an IS auditor to verify. A roll-back plan outlines the procedures and steps to revert to the previous state in case the data conversion or infrastructure migration encounters issues or failures. It is a crucial risk mitigation measure that ensures business continuity and minimizes potential disruptions or data loss during the conversion or migration process. Verifying the availability of a roll-back plan demonstrates that the organization has considered the potential risks and has a contingency strategy in place to address unforeseen issues.
You are an information system auditor at HDA Inc. You are evaluating data backup procedures of the organization. Which of the following is the most important aspect to ensure availability of backup data in case of a disaster?
A. Regularly updating backup software.
B. Implementing robust access controls.
C. Frequent restoration testing.
D. Frequent patch management procedures
Frequent restoration testing.
Explanation: To ensure that a backup copy is available for the after a disaster, frequent restoration testing is the best practice. Restoration testing involves periodically testing the backup copies to verify their integrity and the ability to restore the data successfully. By conducting these tests regularly, the organization can identify any issues or discrepancies with the backup data and take corrective actions in a timely manner. This ensures that in the event of a disaster, the mission-critical data can be restored promptly without any loss or corruption.
You are an information system auditor at HDA Inc. Your IT head has requested you to suggest the best alternative for backup storage considering the shortage of backup devices. Your best recommendation would be:
A. Full backup procedure.
B. Differential backup procedure.
C. Real time backup procedure.
D. Mirror backup procedure.
Differential backup procedure
Explanation: When there is a shortage of backup devices, the best alternative for backup storage is the differential backup procedure. In a differential backup approach, only the data that has changed since the last full backup is backed up. This means that each differential backup captures all the changes made to the data since the last full backup, regardless of subsequent backups. This approach allows for a more efficient backup process and reduces the storage space required compared to a full backup procedure.
Which of the following is considered as a preventive control?
A. Implement audit procedures
B. Implement log monitoring procedures
C. Implement access review procedures
D. Implement secure data disposal procedures
Implement secure data disposal procedures
Explanation: Implementing secure data disposal procedures is a preventive control because it aims to prevent the unauthorized access or disclosure of sensitive information by properly disposing of data when it is no longer needed. By securely disposing of data, the risk of data leakage or unauthorized disclosure is reduced.
The other options are detective controls rather than preventive controls.
You are an information system auditor of HDA Inc. A critical application of HDA was developed by a small vendor who has gone out of business. Additionally, you have noted that the code available under escrow is an old version. In this situation, what is your best recommendation?
A. Create a new application from scratch
B. Seek alternative vendors to replace the defunct vendor
C. Update the source code to the latest version available
D. Determine the business risk associated with using the older version
Determine the business risk associated with using the older version
Explanation: he best recommendation in this scenario is to determine the business risk associated with using the older version of the application‘s source code. As the small vendor is no longer in business and the available code is outdated, it is crucial to assess the potential risks involved in using the older version. This evaluation helps identify any security vulnerabilities, compatibility issues, or functional limitations that may arise from utilizing outdated code. By understanding the business risks, HDA Inc. can make informed decisions about the application, such as whether to update the code, seek alternative vendors, or develop a new application.
You are an information system auditor of HDA Inc. You have discovered that various business units within the organization have directly purchased cloud-based applications without involving the IT department. In this context, which area is of most concern?
A. Application may not be included in BCP (Business Continuity Plan)
B. Procurement policy may not be followed
C. Increased operational costs
D. Application may not support information security requirements of the IT
Application may not support information security requirements of the IT
Explanation: The area of most concern in this situation is that the purchased cloud-based applications may not support the information security requirements of the IT department. When business units directly purchase applications without IT involvement, there is a risk that the applications may not meet the necessary security standards and protocols established by the IT department. This can lead to vulnerabilities, data breaches, and unauthorized access to sensitive information.
What is the objective of a top-down maturity model?
A. To establish a hierarchy of processes within an organization
B. To identify the processes that need to be improved
C. To assess the industry level performance
D. To standardize processes across different departments
To identify the processes that need to be improved
Explanation: The objective of a top-down maturity model is to assess the maturity and effectiveness of processes within an organization and identify areas that require improvement. By using this model, organizations can evaluate their processes from a high-level perspective and drill down to specific processes or sub-processes. The primary goal is to identify areas of weakness or inefficiency, allowing organizations to focus their efforts on improving those processes.
You are an information system auditor of HDA Inc. You are currently evaluating the effectiveness of controls in the company‘s information system. In this context, which of the following options would be the MOST effective method for you to employ in order to assess the adequacy of controls?
A. Risk assessment
B. Policy review
C. Control testing
D. Incident response analysis
Control testing
Explanation: Control testing refers to the process of evaluating the implementation and functionality of controls within an information system. It involves conducting various tests and procedures to verify whether the controls are operating as intended and effectively mitigating risks. While risk assessment (option A) is an important activity in identifying and prioritizing risks, it does not directly assess the effectiveness of controls.
You are an information system auditor at HDA Inc. You are reviewing a newly acquired system for a critical process. You should be primarily concerned about:
A. Inadequate user training on the new system.
B. Lack of documentation for system configuration.
C. New system does not support the data format of the legacy system.
D. Insufficient system performance monitoring.
New system does not support the data format of the legacy system.
Explanation: When reviewing the deployment of a new automated system, finding that the new system does not support the data format of the legacy system presents the most significant risk. This finding indicates that there may be challenges in migrating or integrating the existing data from the legacy system into the new system. It can result in data loss, data corruption, or data inconsistency, which can impact business operations, decision-making, and data integrity. It may require additional effort and resources to convert or transform the data to a compatible format, leading to potential delays, cost overruns, and system performance issues.
Upon identification of data mismatch in product profitability reports produced by Guava Trading Inc’s finance and marketing department, the information systems auditor should recommend:
A. standardization of reporting tools
B. establishing and/or enhancing the data governance process
C. conducting a formal user acceptance testing for all reports before productionization
D. obtaining formal management sign-offs for all reports before productionization
establishing and/or enhancing the data governance process
Explanation: The mismatch between the product profitability report produced by the two departments of the same organization reflects an underlying weakness in how the data is created and used across the organization which is best addressed by implementing an adequate data governance process in the organization.
Jim, an information security architect with the Cocoa Exports Company, is overseeing the implementation of a remote virtual private network (VPN) in the organization. The VPN is intended to allow external system development services providers to securely participate in the extranet using public networks. Identify the most prevalent security risk with this implementation. [BFI]
A. Bank's VPN gateway could be compromised
B. Partner's VPN logon could be spoofed
C. Partner's VPN traffic could be sniffed and decrypted
D. Malicious code could spread across the network
Malicious code could spread across the network
Explanation: The most prevalent security risk with VPN implementation to allow external partners to collaborate and join the extranet is the spread of malicious code to the network. In general, VPN technology has robust controls against other listed threats.
Identify the correct option from following to ensure the confidentiality, integrity, and authenticity of a message. [BFC]
A. Encrypt the hash of the message and message with the sender's private key and the receiver's private key respectively
B. Encrypt the hash of the message and message with the sender's private key and the receiver's public key respectively
C. Encrypt the hash of the message and message with the sender's public key and the receiver's public key respectively
D. Encrypt the hash of the message and message with the sender's public key and the receiver's private key respectively
Encrypt the hash of the message and message with the sender's private key and the receiver's public key respectively
Explanation: Encryption of the hash of the message with the sender’s private key ensures message integrity and authenticity. Encryption of message with the receiver’s public key ensures confidentiality.
The system has a defined RPO of 24 hours. Identify from following a suitable restoration mechanism commensurating with the business requirement.
A. Mirroring
B. Tape restoration
C. Disk-based backups
D. Real-time replication
Tape restoration
Explanation: The tape restoration method is suitable for a system that has a recovery point objective (RPO) of 24 hours. Real-time replication, mirroring and restoration from disk-based backups are better suited for systems with a shorter RPO.
Lisa, an information systems auditor at a non-profit charitable organization, is reviewing the security of the wireless network. Identify a concerning observation from the following.
A. Media access control (MAC) address filtering used
B. Broadcasting of service set identification (SSID) enabled
C. Wi-fi protected access (WPA/WPA2) enabled
D. All wireless clients and devices have antivirus software installed
Broadcasting of service set identification (SSID) enabled
Explanation: Most concerned about an enabled SSID broadcasting since it allows a user to browse for available wireless networks and to access them without authorization. set identifier (SSID) is a unique identifier, also referred to as a network name, that acts as a password when a mobile device tries to connect to the basic service set (BSS).
Identify a relevant contract term to be included in the agreement for a third-party alternate site BCM arrangements. [BEB]
A. Round the clock guarded security
B. Total number of concurrent users (subscribers)
C. Feedback and references by other industry subscribers
D. Total number of contracted subscribers
Total number of concurrent users (subscribers)
Explanation: It is important for a subscriber to include a contract term in the agreement for a third-party alternate site BCM arrangements to limit the number of concurrent users (subscribers). This helps to address the concern about whether the vendor can sustain to the reliability of the site(s) being.
Fair Lending has implemented a disaster recovery plan. Andrew, CFO of Fair Lending, wants to ensure that the implemented plan is adequate. Identify the immediate next step from the following. [AGJ]
A. Initiate the Full Operational Test
B. Initiate the Desk-based Evaluation
C. Initiate the Preparedness Test
D. Socialize with the Senior Management and Obtain Sponsorship
Initiate the Desk-based Evaluation
Explanation: The immediate next step to evaluate the adequacy of a disaster recovery plan once it has been implemented is to conduct a desk-based evaluation which is also known as a paper test. The paper test involves walking through the plan and discussion on what might happen in a particular type of service disruption with the major stakeholders. As per the best practice, the paper test precedes the preparedness test.
Identify from following that is not a valid network resiliency method.
A. Diverse routing
B. Alternative routing
C. Redundancy
D. Tape backups
Tape backups
Explanation: Tape backups are not really relevant to network resiliency.
Jim, an information security architect with the Cocoa Exports Company, is tasked to identify a suitable quantitative measure to aid in the selection of a better performing biometric device. Identify the best measure from the following.
A. False Rejection Rate
B. Estimated Error Rate
C. False Acceptance Rate
D. Equal Error Rate
Equal Error Rate (EER)
Explanation: Equal error rate (EER) is a quantitative measure combining the false acceptance rate and false rejection rate. A lower equal error rate value is a measure of higher accuracy of a biometric system.
Andrew, CFO of Fair Lending, is working on a business expansion plan to have a street presence across North America. Andrew wants to ensure the disaster recovery plan is comprehensive and provides adequate coverage in a potential business interrupting scenario. The other consideration for Andrew is to have an adequate and cost-effective evaluation method. Identify suitable evaluation methods from the following.
A. Preparedness Test
B. Full Operational Test
C. Desk-based Evaluation
D. Annual Tape Backup Recovery Test
Preparedness Test
Explanation: A preparedness test is a localized version of a full operational test, wherein actual resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the disaster recovery plan and can be a cost-effective way to gradually obtain evidence about how good the plan is whereas a full operational test is one step away from an actual service disruption and may not be cost-effective. The desk-based evaluation also called a paper test, may not be sufficient to test all necessary aspects of a disaster recovery plan.
Lorena, an information systems auditor with the Town Bank, observed an inadequate coverage of potential risks in the security policy likely arising from an inadequate security policy development process. Lorena should recommend the following. [AGD]
A. Asset identification be ensured as part of security policy development
B. Business objectives are considered while developing the security policy
C. The outcome of the risk management process be considered while developing the security policy
D. The software design decisions are made based on the security policy and guidelines
The outcome of the risk management process be considered while developing the security policy
Explanation: The outcome of the risk management process is considered while developing the security policy to ensure adequate coverage to underlying risks.
Lisa, an information systems auditor at a non-profit charitable organization, is reviewing password protection controls in the organization. Lisa is concerned that a malicious actor could steal passwords without the use of computers or programs. What is Lisa concerned about?
A. Wireshark
B. Keylogger
C. Social engineering techniques
D. Network sniffers
Social engineering techniques
Explanation: Social engineering thrives on weakness in human behavior and exploits the weaknesses. A malicious actor could deploy social engineering techniques to compromise the passwords without using a computer or a program.
Identify a valid statement about disaster recovery testing methods from the following.
A. Checklist review is about moving the systems to the alternate processing site and performing processing operations
B. Structured walk-through involves representatives from each of the functional areas coming together to go over the plan
C. Full interruption test is conducted by distributing copies of the plan to the various functional areas for review
D. Structured walk-through involves all employees who participate in the day-to-day operations coming together to practice executing the plan
Structured walk-through involves representatives from each of the functional areas coming together to go over the plan
Explanation: During the structured walk-through, the functional area representatives come together to go over the plan i.e. implement the plans on paper and review each step to assess its effectiveness, identify enhancements, constraints, and deficiencies.
Easy Micropayments wants to amend the existing outsourced services contracts to minimize costs and improve service levels. Identify from following the most useful clause for Easy Micropayments to consider introducing in the contracts to achieve the stated objective.
A. Adopt the fixed bid contract model
B. Adopt the time and material contract model
C. Penalties for non-compliance to agreed service levels
D. Gain-sharing performance bonuses
Gain-sharing performance bonuses
Explanation: Introducing gain-sharing performance bonuses may prove the best clause to introduce since it motivates the outsourced services provider to achieve the objective that may eventually help Easy Micropayments achieve its objective of minimizing costs as well as improve service levels. Changing the contract model to a fixed bid or to time and material may be helpful but the question does not include enough information to determine the best model. Implementing penalties for non-compliance is helpful only to a limited extent.
Julio, head of information technology architecture with the Palm Trading Company, thinks that transaction audit trails are essential for a well-designed system. Identify the main consideration of Julio in this case. [AJD]
A. Transaction audit trails are for information systems auditors to help them in transactions tracing
B. Transaction audit trails help to make capacity planning more accurate by providing useful data for planning
C. Transaction audit trails are essential for ensuring non-repudiation
D. Transaction audit trails help to improve the efficiency of the backup process
Transaction audit trails are essential for ensuring non-repudiation
Explanation: The main consideration for Julio to think the usefulness of transaction audit trails is that they help to determine accountability and responsibility for processed transactions, and ensuring non-repudiation.
An information systems auditor discovers that some magnetic hard drives disposed of by Guava Trading Inc were not sanitized in a manner that would reasonably ensure the data could not be recovered. In addition, the enterprise does not have a written policy on data disposal. The first step for the auditor to take:
A. Develop an appropriate data disposal policy for the organization
B. Discuss with the business unit head for their view on the data disposal practices
C. Draft an audit finding, and discuss it with the audit leader
D. Determine the sensitivity of the data on the magnetic hard drives
Determine the sensitivity of the data on the magnetic hard drives
Explanation: The immediate first step for an auditor will to determine the sensitivity of the data on inadequately disposed of disks.
Identify an optional component of the business continuity plan from the following. [WTCSFHBHYCISA]
A. Transportation plan
B. Continuity of operations plan
C. Disaster Recovery Plan
D. Business resumption plan
Transportation plan
Explanation: Mandatory components of a business continuity plan are (1) continuity of operations plan, (2) disaster recovery plan, and (3) business resumption plan. A transportation plan falls under non-mandatory or optional components.
Blue Xylo Systems, a software development startup, intends to implement a suitable testing method to test the functional operating effectiveness of the information system without regard to any specific internal program structure. Identify from following the right testing method to meet this objective.
A. Alpha test
B. Beta test
C. Black box test
D. White box test
Black box test
Explanation: Black box testing is a test type that does not require knowledge of internal working or program logic and is usually a tool-driven testing form. It is a testing method to focus on the information system’s functional operating effectiveness without regard to any specific internal program structure.
Identify from the following the best technique to assist in project duration estimation.
A. Component-based development
B. Program evaluation and review technique (PERT) chart
C. Artificial intelligence (AI)
D. Software cost estimation
Program evaluation and review technique (PERT) chart
Explanation: Program Evaluation and Review Technique (PERT) is a project management technique used in the planning and control of system projects. A PERT chart helps in identifying the duration of the project once all the activities and the work involved are known.
Jim, an information security architect with the Cocoa Exports Company, is overseeing the implementation of an intrusion detection system (IDS) in the organization. Identify the most important aspect of IDS implementation from the following. [BFB]
A. The resilience of the IDS system
B. Placement within the enterprise network
C. Adequate threat intelligence
D. Protection against DDoS attacks
Placement within the enterprise network
Explanation: An intrusion detection system (IDS) secures networks and complements firewalls by monitoring network usage anomalies on routers and firewalls. Placement of the intrusion detection systems (IDS) within the enterprise network is most crucial amongst the available options. Improper placement of an IDS may not provide sufficient coverage of key network parts thus becoming less effective.
The firm’s in-house financial management application data is migrated to a new vendor supported off-the-shelf industry renown financial management product. Which of the following stakeholders should be primarily responsible for reviewing and signing-off on the accuracy and completeness of the data before going live?
A. Data Owner
B. Firm's Migration Project Manager
C. Internal Audit Department
D. Vendor's Implementation Manager
Data Owner
Explanation: The “data owner”, usually from the business leadership, is the rightful owner of the underlying business data – therefore is responsible for making sure the data accuracy and completeness.
Cocoa Exports is exploring an online business model to boost their revenue. Jim, an information security architect, is tasked to adequately protect the online platform’s confidentiality, authentication, non-repudiation, and integrity. Identify the best control mechanism from the following.
A. Virtual Private Network (VPN)
B. Transport Layer Security (TLS)
C. Public Key Infrastructure (PKI)
D. Secure Sockets Layer (SSL)
Public Key Infrastructure
Explanation: Public key infrastructure (PKI) provides the best overall protection ensuring confidentiality, integrity, and reliability.
The sender A sends a message to the receiver B. The message hash and the message itself is encrypted by A’s private key. Identify from the following the purpose of this encryption arrangement. [BGF]
A. Authenticity and Integrity
B. Authenticity and Privacy
C. Integrity and Privacy
D. Privacy and Nonrepudiation
Authenticity and Integrity
Explanation: Since the message can be decrypted by the sender’s public key. this method won’t ensure the privacy of the message. However, this encryption arrangement is helpful in ensuring the authenticity of the sender and the message integrity.
Their security responsibilities include authorizing access, ensuring that access rules are updated when personnel changes occur, and regularly review access rules for the data for which they are responsible. Identify the appropriate role for the abovementioned responsibility.
A. Data Users
B. Data Custodians
C. Data Owners
D. Security Administrator
Data Owners
Explanation: The mentioned responsibility falls under the remit of data owners. Data owners are usually business leaders responsible for using information for running and controlling the business. Data custodians are people responsible for storing and safeguarding the data and include IT personnel. Data users include the user communities with access levels authorized by the data owners. Security administrators have the responsibility to provide physical and logical security for data, software, and hardware.
An information systems auditor, while reviewing the IT strategic plan, should ensure that the plan:
A. identifies and addresses the required operational controls
B. recognizes the need and incorporates cutting edge technology
C. a long-term plan describing how IT resources will contribute to the enterprise’s strategic objectives
D. clearly sets out project management practices
a long-term plan describing how IT resources will contribute to the enterprise’s strategic objectives
Explanation: IT strategic plan is a long-term plan (i.e. three to five-year horizon) in which business and IT management cooperatively describe how IT resources will contribute to the enterprise’s strategic objectives (goals).
Identify the correct answer from the following to be included in an organization’s information systems security policy? [ACE]
A. Relevant software security features
B. Criteria for access authorization
C. Inventory of key IT resources to be secured
D. Identity of sensitive security features
Criteria for access authroization
Explanation: The security policy provides the broad framework of security including a definition of those authorized to grant access and the basis for granting the access. Other choices are more detailed and are likely candidates for inclusion in standards/procedures.
Identify the correct feature of a digital signature from below that confirms the authorizer of a transaction or sender of a message unrefutably.
A. Nonrepudiation
B. Confidentiality
C. Encryption
D. Authorization
E. Integrity
F. Authentication
Nonrepudiation
Explanation: The feature that ensures undeniability is called nonrepudiation. Digital signatures are used to sign the transactions to confirm the authorization which cannot be denied later.
Biometrics is a security technique used in modern systems and implementations to verify identity by analyzing a unique physical attribute of an individual such as a handprint. Identify a valid example of a biometric replay attack from the following.
A. Use in multi-factor authentication (MFA) to authorize access
B. Using a copy of the impression left on the thumbprint scanner
C. Use of stolen biometric information to launch a brute force
D. Use of shoulder surfing to gain unauthorized access
Using a copy of the impression left on the thumbprint scanner
Explanation: A biometric replay attack is carried out using residual biometric information such as a thumb impression on a biometric scanner.
The information system auditor discovers that both the technology and accounting functions are being performed by the same user of the financial system during a compliance audit of a small local cooperative bank. Identify the best supervisor review control from the following:
A. Database table dump containing audit trails of date/time of each transaction
B. Daily summary of number of transactions and sum total of value of each transaction
C. User account administration report
D. Computer log files that show individual transactions in the financial system
Computer log files that show individual transactions in the financial system
Explanation: While other supervisory review controls are important, the most important in this situation is to review the computer log files that show individual transactions in the financial system
Manuel, CFO at Evergreen Bank, has requested reviewing and updating business continuity plans (BCP) as needed. As part of this exercise business impact analysis (BIA) is also being reviewed and re-validated. Identify from following the primary purpose of BIA in business continuity planning.
A. Identify business and operational continuity impacting events
B. Ensuring adequate coverage to diverse operations resumption requirements
C. Senior management emphasis on physical and logical security
D. Emphasize information security and data privacy requirements
Identify business and operational continuity impacting events
Explanation: Business impact analysis (BIA) is a key step in the business continuity strategy development and implementation of countermeasures, known as the business continuity plan (BCP) altogether. BIA identifies business and operational continuity impacting events that are then used in the development of an effective business continuity plan (BCP).
Frank, an information security analyst at Micro Lending Inc, has been tasked to classify enterprise information assets. Identify from following the primary control objective for this classification.
A. Establish information assets access controls guidelines
B. Ensure all information assets have the same level of rigorous access controls
C. Input to a risk assessment performed by the management and auditors
D. Determine information assets be insured
Establish information assets access controls guidelines
Explanation: Information asset classification helps to establish information assets access controls guidelines in the firm. Information assets need to have access control based on the sensitivity and criticality of systems and data in order to meet business objectives and regulatory requirements.
Bily is an information systems auditor at Easy Micropayments. The organization has been recently downsized. In addition, an organizational restacking exercise has also taken place. Identify Bily’s primary focus in a logical access controls review initiated soon after this event.
A. The auditor is concerned about all system access is authorized and appropriate for an individual's role and responsibilities considering the leavers/movers in the organization
B. The auditor wants to ensure that the management has authorized appropriate access for all newly-hired individuals
C. The auditor wants to ensure that the existing process of access authorization forms, that is used to grant or modify access to individuals, remains operational
D. The auditor wants to ensure that only the system administrators have the authority to grant or modify access to individuals
The auditor is concerned about all system access is authorized and appropriate for an individual's role and responsibilities considering the leavers/movers in the organization
Explanation: The auditor’s primary focus will be test logical access control to ensure that access for all leavers have been revoked and those who have changed is concerned about all system access is authorized and appropriate for an individual’s role and responsibilities considering the leavers/movers in the organization would have increased significantly due to the downsizing and restacking exercises.
Lorena, an information systems auditor with the Town Bank, conducted a review of the bank’s core banking system and observed anomalous data attributes in some accounting tables. Identify the most effective control that the IT department implements to avoid such anomalies in the future.
A. Implement sample review by IT department
B. Implement database integrity constraints
C. Implement logging controls for all tables
D. Implement before-and-after image reporting
Implement database integrity constraints
Explanation: Database integrity constraints are automated and preventive controls to ensure the integrity of the data attributes, tables, and the entire database. The constraints can help to validate the data against the predefined master data, against the predefined ruleset and the tables against each other for referential integrity.
Blue Xylo Systems, a software development startup, intends to implement a suitable testing method to test the effectiveness of software program logic and determine the procedural accuracy of a program’s specific logic paths. Identify from following the right testing method to meet this objective. [BIG]
A. Black box test
B. Structured walkthrough
C. White box test
D. Paper test
White box test
Explanation: White box testing is a test type that focuses on the effectiveness of software program logic and uses test data to determine the procedural accuracy of a program’s specific logic paths.
Identify the correct option from the following that uses test data as part of a comprehensive test of program controls for ongoing accurate operation of the system.
A. Base-Case System Evaluation (BCSE)
B. System Integration Test
C. Parallel Run
D. Test Data
Base-Case System Evaluation (BCSE)
Explanation: Base case system evaluation (BCSE) uses a standardized body of data created for testing purposes. Users normally establish the data. Base cases validate production application systems and test the ongoing accurate operation of the system.
The Federal Information Processing Standards (FIPS) are primarily for use by (choose all that apply):
A. All non-military government agencies
B. US government contractors
C. A private and public colleges in the US
D. All military government agencies
All non-military government agencies &
US government contractors
Explanation: Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal government for use by all nonmilitary government agencies and by government contractors. Many FIPS standards are modified versions of standards used in the wider community.
Most trojan horse programs are spread through:
A. e-mails.
B. MS Office.
C. Word template.
D. MP3.
e-mails
Explanation: Most trojan horse programs are spread through e-mails. Some earlier trojan horse programs were bundled in “”Root Kits””. For example, the Linux Root Kit version 3 (lrk3) which was released in December 96 had tcp wrapper trojans included and enhanced in the kit. Portable devices that run Linux can also be affected by trojan horse. The Trojan.Linux.JBellz Trojan horse runs as a malformed mp3 file.
One major improvement in WPA over WEP is the use of a protocol which dynamically changes keys as the system is used. What protocol is this?
A. EKIP
B. TKIP
C. OKIP
D. SKIP
E. RKIP
TKIP
Explanation: Wi-Fi Protected Access (WPA / WPA2) is a class of systems to secure wireless computer networks. It implements the majority of the IEEE 802.11i standard, and is designed to work with all wireless network interface cards (but not necessarily with first generation wireless access points). One major improvement in WPA over WEP is the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys as the system is used.
Which of the following are examples of tools for launching Distributed DoS Attack (choose all that apply):
A. TFN
B. TFN2K
C. Trin00
D. Tripwire
E. Stacheldracht
TFN
TFN2K
Trin00
Stacheldracht
Explanation: Distributed DoS Attack is a network-based attack from many servers used remotely to send packets. Examples of tools for conducting such attack include TFN, TFN2K, Trin00, Stacheldracht, and variants. The best defense is to make sure all systems patches are up-to-date. Also make sure your firewalls are configured appropriately.
To install backdoors, hackers generally prefer to use:
A. either Trojan horse or eavedropper.
B. either eavedropper or computer worm.
C. either Trojan horse or computer worm.
D. either Tripwire or computer virus.
either Trojan horse or computer worm
Explanation: A backdoor is a method of bypassing normal authentication procedures. Many computer manufacturers used to preinstall backdoors on their systems to provide technical support for customers. Hackers typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors, hackers prefer to use either Trojan horse or computer worm.
Gimmes often work through:
A. email attachment
B. SMS
C. news
D. file download
E. IRC chat
email attachment
Explanation: Gimmes take advantage of curiosity or greed to deliver malware. Also known as a Trojan Horse, gimmes can arrive as an email attachment promising anything. The recipient is expected to give in to the need to the program and open the attachment. In addition, many users will blindly click on any attachments they receive that seem even mildly legitimate.
Default permit is only a good approach in an environment where:
A. security threats are serious and severe.
B. security threats are non-existent or negligible.
C. security threats are non-negligible.
D. users are trained.
security threats are non-existent or negligible
Explanation: Everything not explicitly permitted is forbidden (default deny) improves security at a cost in functionality. This is a good approach if you have lots of security threats. On the other hand, Everything not explicitly forbidden is permitted (default permit) allows greater functionality by sacrificing security. This is only a good approach in an environment where security threats are non- existent or negligible.
Which of the following is a tool you can use to simulate a big network structure on a single computer?
A. honeyd
B. honeytube
C. honeymoon
D. honeytrap
honeyd
Explanation: honeyd is a GPL licensed software you can use to simulate a big network structure on a single computer.
Integer overflow occurs primarily with:
A. input verifications
B. debug operations
C. output formatting
D. string formatting
E. arithmetic operations
arithmetic operations
Explanation: An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is larger than can be represented within the available storage space. On some processors the result saturates – once the maximum value is reached attempts to make it larger simply return the maximum result.
Which of the following types of attack makes use of unfiltered user input as the format string parameter in the printf() function of the C language?
A. format string vulnerabilities
B. command injection
C. buffer overflows
D. code injection
E. integer overflow
format string vulnerabilities
Explanation: Format string attacks are a new class of vulnerabilities recently discovered. It can be used to crash a program or to execute harmful code. The problem stems from the use of unfiltered user input as the format string parameter in certain C functions that perform formatting, such as printf(). A malicious user may use the %s and %x format tokens, among others, to print data from the stack or possibly other locations in memory. One may also write arbitrary data to arbitrary locations using the %n format token.
What should be done to determine the appropriate level of audit coverage for an organization’s IT environment?
A. define an effective system upgrade methodology.
B. determine the company's quarterly budget requirement.
C. calculate the company's yearly budget requirement.
Ddefine an effective network implementation methodology.
E. define an effective assessment methodology.
define an effective assessment methodology
Explanation: To determine the appropriate level of audit coverage for the organization’s IT environment, you must define an effective assessment methodology and provide objective information to prioritize the allocation of audit resources properly.
Effective transactional controls are often capable of offering which of the following benefits (choose all that apply):
A. shortened contract cycle times
B. reduced administrative and material costs
C. enhanced procurement decisions
D. diminished legal risk
all of the options
Explanation: Transactional systems provide a baseline necessary to measure and monitor contract performance and provide a method for appraising efficiency against possible areas of exposure. Effective transactional controls reduce administrative and material costs, shorten contract cycle times, enhance procurement decisions, and diminish legal risk.
The PRIMARY purpose of implementing Redundant Array of Inexpensive Disks (RAID) level 1 in a file server is to:
A. ensure availability of data.
B. provide user authentication.
C. achieve performance improvement.
D. ensure the confidentiality of data.
ensure availability of data
Explanation: AID level 1 provides disk mirroring. Data written to one disk are also written to another disk. Users in the network access data in the first disk; if disk one fails, the second disk takes over. This redundancy ensures the availability of data. RAID level 1 does not improve performance, has no relevance to authentication and does nothing to provide for data confidentiality.
Which of the following terms is used more generally for describing concealment routines in a malicious program?
A. trojan horse
B. worm
C. rootkits
D. virus
E. spyware
rootkits
Explanation: Rootkits can prevent a malicious process from being reported in the process table, or keep its files from being read. Originally, a rootkit was a set of tools installed by a human attacker on a Unix system where the attacker had gained administrator access. Today, the term is used more generally for concealment routines in a malicious program.
Iptables is based on which of the following frameworks?
A. NetDoom
B. NetCheck
C. Netfilter
D. NetSecure
Netfilter
Explanation: ipchains is a free software based firewall running on earlier Linux. It is a rewrite of ipfwadm but is superseded by iptables in Linux 2.4 and above. Iptables controls the packet filtering and NAT components within the Linux kernel. It is based on Netfilter, a framework which provides a set of hooks within the Linux kernel for intercepting and manipulating network packets.
Which of the following is a good time frame for making changes to passwords?
A. every 30 to 45 days
B. every 180 to 365 days
C. every 10 to 20 days
D. every 90 to 120 days
every 90 to 120 days
Explanation: Passwords are the first defensive line in protecting your data and information. A good password has mixed-case alphabetic characters, numbers, and symbols. Make sure to use a password that is at least eight or more characters. You may want to run a “”password cracker”” program periodically, and require users to immediately change any easily cracked passwords. In any case ask them to change their passwords every 90 to 120 days.
Why is it not preferable for a firewall to treat each network frame or packet in isolation?
A. Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet.
B. Such a firewall is too complicated to maintain.
C. Such a firewall offers poor compatibility.
D. Such a firewall is CPU hungry.
E. Such a firewall is costly to setup.
Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet.
Explanation: A stateless firewall treats each network frame or packet in isolation. Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet.
Which of the following refers to an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer?
A. integer misappropriation
B. code injection
C. buffer overflow
D. format string vulnerabilities
buffer overflow
Explanation: A buffer overflow is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data.
Which of the following is not a good tactic to use against hackers?
A. Enticement
B. Entrapment
Entrapment
Explanation: Enticement occurs after somebody has gained unlawful access to a system and then subsequently lured to a honey pot. Entrapment encourages the commitment of unlawful access. The latter is not a good tactic to use as it involves encouraging someone to commit a crime.
Cisco IOS based routers perform basic traffic filtering via which of the following mechanisms?
A. stateful inspection
B. datagram scanning
C. state checking
D. link progressing
E. access lists
access lists
Explanation: In addition to deploying stateful firewall, you may setup basic traffic filtering on a more sophisticated router. As an example, on a Cisco IOS based router you may use ip access lists (ACL) to perform basic filtering on the network edge. Note that if they have denied too much traffic, something is obviously being too restrictive and you may want to reconfigure them.
Buffer overflow aims primarily at corrupting:
A. network firewall
B. system memory
C. disk storage
D. system processor
system memory
Explanation: A buffer overflow is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data.
Which of the following software tools is often used for stealing money from infected PC owner through taking control of the modem?
A. System patcher
B. T1 dialer
C. Porn dialer
D. T3 dialer
E. War dialer
Porn dialer
Explanation: One way of stealing money from infected PC owner is to take control of the modem and dial an expensive toll call. Dialer such as porn dialer software dials up a premium-rate telephone number and leave the line open, charging the toll to the infected user.
The ‘trusted systems’ approach has been predominant in the design of:
A. the IBM AS/400 series
B. the SUN Solaris series
C. many earlier Microsoft OS products
D. most OS products in the market
many earlier Microsoft OS products
Explanation: The ‘trusted systems’ approach has been predominant in the design of many Microsoft OS products, due to the long-standing Microsoft policy of emphasizing functionality and ‘ease of use’.
What is wrong with a Black Box type of intrusion detection system?
A. you cannot test it
B. you cannot examine its internal workings from outside.
C. you cannot tune it
D. you cannot patch it
you cannot examine its internal workings from outside
Explanation: An intrusion detection system should to able to run continually without human supervision. The system must be reliable enough to allow it to run in the background of the system being observed.However, it should not be a black box, because you want to ensure its internal workings are examinable from outside.
With Deep packet inspection, which of the following OSI layers are involved?
A. Layer 3 through Layer 7
B. Layer 2 through Layer 7
C. Layer 3 through Layer 6
D. Layer 2 through Layer 5
E. Layer 2 through Layer 6
Layer 2 through Layer 7
Explanation: Deep packet inspection (DPI) is a form of computer network packet filtering that examines the data part of a through-passing packet, searching for non- protocol compliance or predefined criteria to decide if the packet can pass. DPI devices have the ability to look at Layer 2 through Layer 7 of the OSI model.
In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as:
A. trojannets
B. botnets
C. wormnets
D. spynets
E. rootnets
botnets
Explanation: In order to coordinate the activity of many infected computers, attackers ave used coordinating systems known as botnets. In a botnet, the malware or malbot logs in to an Internet Relay Chat channel or other chat system. The attacker can then give instructions to all the infected systems simultaneously.
Under the concept of “”defense in depth””, subsystems should be designed to:
A. fail secure
B. react to attack
C. react to failure
D. fail insecure
fail secure
Explanation: With “defense in depth”, more than one subsystem needs to be compromised to compromise the security of the system and the information it holds. Subsystems should default to secure settings, and wherever possible should be designed to “ail secure rather than fail insecure
In a botnet, malbot logs into a particular type of system for making coordinated attack attempts. What type of system is this?
A. SMS system
B. Chat system
C. Email system
D. Log system
E. Kernel system
Chat system
Explanation: In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as botnets. In a botnet, the malware or malbot logs in to an Internet Relay Chat channel or other chat system. The attacker can then give instructions to all the infected systems simultaneously.
Back Orifice is an example of:
A. a virus.
B. a backdoor that takes the form of an installed program.
C. a legitimate remote control software.
D. an eavesdropper.
Explanation: A backdoor may take the form of an installed program (e.g., Back Orifice) or could be in the form of an existing “legitimate” program, or executable file. A specific form of backdoors are rootkits, which replaces system binaries and/or hooks into the function calls of the operating system to hide the presence of other programs, users, services and open ports.
Which of the following are often considered as the first defensive line in protecting a typical data and information environment?
A. certificates
B. password
C. biometrics
D. security token
password
Explanation: Passwords are the first defensive line in protecting your data and information. Your users need to be made aware of what a password provides them and what can be done with their password. They also need to be made aware of the things that make up a good password versus a bad password.
Screening router inspects traffic through examining:
A. virus payload
B. message header.
C. attachment type
D. message content
message header
Explanation: The simplest and almost cheapest type of firewall is a packet filter that stops messages with inappropriate network addresses. It usually consists of a screening router and a set of rules that accept or reject a message based on information in the message header.
If a database is restored using before-image dumps, where should the process begin following an interruption?
A. After the last transaction
B. As the last transaction before the latest checkpoint
C. As the first transaction after the latest checkpoint
D. Before the last transaction
Before the last transaction
Explanation: If before images are used, the last transaction in the dump will not have updated the database prior to the dump being taken. The last transaction will not have updated the database and must be reprocessed. Program checkpoints are irrelevant in this situation.
Which of the following terms refers to systems designed to detect and prevent the unauthorized transmission of information from the computer systems of an organization to outsiders?
A. ILP&C
B. ILR&D
D. ILD&P
E. ICT&P
ILD&P
Explanation: Information Leakage Detection and Prevention (ILD&P) is a computer security term referring to systems designed to detect and prevent the unauthorized transmission of information from the computer systems of an organization to outsiders. Network ILD&P are gateway-based systems installed on the organization’s internet network connection and analyze network traffic to search for unauthorized information transmissions. Host Based ILD&P systems run on end-user workstations to monitor and control access to physical devices and access information before it has been encrypted.
What would be the major purpose of rootkit?
A. to encrypt files for system administrators.
B. to corrupt files for system administrators.
C. to hijack system sessions.
D. to hide evidence from system administrators.
to hide evidence from system administrators.
Explanation: rootkit originally describes those recompiled Unix tools that would hide any trace of the intruder. You can say that the only purpose of rootkit is to hide evidence from system administrators so there is no way to detect malicious special privilege access attempts.
Which of the following is by far the most common prevention system from a network security perspective?
A. Hardened OS
B.Firewall
C. Intrusion Prevention System (IPS)
D. Intrusion Detection System (IDS)
E. Tripwire
Firewall
Explanation: User account access controls and cryptography can protect systems files and data, respectively. On the other hand, firewalls are by far the most common prevention systems from a network security perspective as they can shield access to internal network services, and block certain kinds of attacks through packet filtering.
Everything not explicitly permitted is forbidden has which of the following kinds of tradeoff?
A. it improves functionality at a cost in security.
B. it improves performance at a cost in functionality.
C. it improves security at a cost in system performance.
D. it improves security at a cost in functionality.
it improves security at a cost in functionality.
Explanation: Everything not explicitly permitted is forbidden (default deny) improves security at a cost in functionality. This is a good approach if you have lots of security threats. On the other hand, Everything not explicitly forbidden is permitted (default permit) allows greater functionality by sacrificing security. This is only a good approach in an environment where security threats are non- existent or negligible.
Which of the following refers to a method of bypassing normal system authentication procedures?
A. trojan horse
B. backdoor
C. virus
D. rootkits
E. worm
backdoor
Explanation: A backdoor is a method of bypassing normal authentication procedures. Many computer manufacturers used to preinstall backdoors on their systems to provide technical support for customers. Hackers typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors, hackers prefer to use either Trojan horse or computer worm.
Which of the following BEST describes the concept of “defense in depth”?
A. more than one subsystem needs to be compromised to compromise the security of the system and the information it holds.
B. multiple firewalls are implemented.
C. intrusion detection and firewall filtering are required.
D. multiple firewalls and multiple network OS are implemented.
more than one subsystem needs to be compromised to compromise the security of the system and the information it holds.
Explanation: With ”defense in depth”, more than one subsystem needs to be compromised to compromise the security of the system and the information it holds. Subsystems should default to secure settings, and wherever possible should be designed to “fail secure” rather than “fail insecure”
Which of the following types of attack often take advantage of curiosity or greed to deliver malware?
A. Soft coding
B. Tripwire
C. Gimmes
D. Pretexting
E. Icing
Gimmes
Explanation: Gimmes take advantage of curiosity or greed to deliver malware. Also known as a Trojan Horse, gimmes can arrive as an email attachment promising anything. The recipient is expected to give in to the need to the program and open the attachment. In addition, many users will blindly click on any attachments they receive that seem even mildly legitimate.
Pretexting is an act of:
A. social engineering
B. eavedropping
C. DoS
D. soft coding
E. hard coding
social engineering
Explanation: Pretexting is the act of creating and using an invented scenario to persuade a target to release information or perform an action and is usually done over the telephone. It is more than a simple lie as it most often involves some prior research or set up and the use of pieces of known information.
Note 
Flashcard (33)