Prev Next Question 657/750 - CISA.v2019-05-09

Depending on the complexity of an organization's business continuity plan (BCP), the plan may be developed as a set of more than one plan to address various aspects of business continuity and disaster recovery, in such an environment, it is essential that:

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (750q)
Question 1: What supports data transmission through split cable faciliti...
Question 2: Which of the following would be of MOST concern to an IS aud...
Question 3: Which of the following types of firewalls would BEST protect...
Question 4: Proper segregation of duties prohibits a system analyst from...
Question 5: Which of the following would be the BEST access control proc...
Question 6: Which of the following functions is performed by a virtual p...
Question 7: The use of statistical sampling procedures helps minimize:...
Question 8: Off-site data storage should be kept synchronized when prepa...
Question 9: When is regression testing used to determine whether new app...
Question 10: Who is responsible for authorizing access level of a data us...
Question 11: When using public key encryption to secure data being transm...
Question 12: Which of the following type of an IDS resides on important s...
Question 13: Which of the following would an IS auditor consider a weakne...
Question 14: To ensure compliance with a security policy requiring that p...
Question 15: An IS auditor is reviewing a software-based configuration. W...
Question 16: Which of the following is the MOST critical step in planning...
Question 17: The PRIMARY purpose of audit trails is to:...
Question 18: Which of the following malware technical fool's malware by a...
Question 19: What would an IS auditor expect to find in the console log?...
Question 20: An off-site processing facility should be easily identifiabl...
Question 21: Which of the following is a continuity plan test that uses a...
Question 22: How can minimizing single points of failure or vulnerabiliti...
Question 23: There are many types of audit logs analysis tools available ...
Question 24: An IS auditor reviewing database controls discovered that ch...
Question 25: In a public key infrastructure (PKI), the authority responsi...
Question 26: Which of the following is the BEST method for preventing the...
Question 27: What is the primary objective of a control self-assessment (...
Question 28: Which of the following comparisons are used for identificati...
Question 29: What influences decisions regarding criticality of assets?...
Question 30: The implementation of access controls FIRST requires:...
Question 31: A hub is a device that connects:...
Question 32: Which of the following statement correctly describes the dif...
Question 33: Which of the following Confidentiality, Integrity, Availabil...
Question 34: When storing data archives off-site, what must be done with ...
Question 35: The most likely error to occur when implementing a firewall ...
Question 36: Which of the following statement INCORRECTLY describes anti-...
Question 37: An organization has been recently downsized, in light of thi...
Question 38: Identify the correct sequence which needs to be followed as ...
Question 39: Function Point Analysis (FPA) provides an estimate of the si...
Question 40: Which of the following would be the GREATEST cause for conce...
Question 41: Which of the following service is a distributed database tha...
Question 42: Business process re-engineering often results in ___________...
Question 43: Upon receipt of the initial signed digital certificate the u...
Question 44: A check digit is an effective edit check to:...
Question 45: Off-site data backup and storage should be geographically se...
Question 46: Which of the following encrypt/decrypt steps provides the GR...
Question 47: Which of the following controls would be the MOST comprehens...
Question 48: Which of the following attack is also known as Time of Check...
Question 49: Which of the following should an IS auditor recommend for th...
Question 50: Which of the following term describes a failure of an electr...
Question 51: Which of the following is a benefit of a risk-based approach...
Question 52: What are trojan horse programs?...
Question 53: Which of the following will prevent dangling tuples in a dat...
Question 54: Which of the following protocol is PRIMARILY used to provide...
Question 55: The use of digital signatures:
Question 56: An efficient use of public key infrastructure (PKI) should e...
Question 57: The potential for unauthorized system access by way of termi...
Question 58: In planning an audit, the MOST critical step is the identifi...
Question 59: What is often the most difficult part of initial efforts in ...
Question 60: Who is responsible for the overall direction, costs, and tim...
Question 61: Which of the following protocol is used for electronic mail ...
Question 62: An organization is planning to replace its wired networks wi...
Question 63: An IS auditor notes that IDS log entries related to port sca...
Question 64: Which of the following is a standard secure email protection...
Question 65: A data center has a badge-entry system. Which of the followi...
Question 66: When performing a database review, an IS auditor notices tha...
Question 67: While reviewing the IT infrastructure, an IS auditor notices...
Question 68: What type of cryptosystem is characterized by data being enc...
Question 69: Which of the following systems-based approaches would a fina...
Question 70: Which of the following is a data validation edit and control...
Question 71: Which of the following processes should an IS auditor recomm...
Question 72: An organization has a mix of access points that cannot be up...
Question 73: Minimum password length and password complexity verification...
Question 74: What can be used to help identify and investigate unauthoriz...
Question 75: When installing an intrusion detection system (IDS), which o...
Question 76: After installing a network, an organization installed a vuln...
Question 77: Which of the following append themselves to files as a prote...
Question 78: Electromagnetic emissions from a terminal represent an expos...
Question 79: An IS auditor evaluating the resilience of a high-availabili...
Question 80: Which of the following is the GREATEST advantage of elliptic...
Question 81: What should regression testing use to obtain accurate conclu...
Question 82: The responsibility for authorizing access to a business appl...
Question 83: With the objective of mitigating the risk and impact of a ma...
Question 84: During the planning stage of an IS audit, the PRIMARY goal o...
Question 85: What would be the MOST effective control for enforcing accou...
Question 86: When performing an audit of access rights, an IS auditor sho...
Question 87: Which of the following is the MOST secure and economical met...
Question 88: Which of the following statement correctly describes one way...
Question 89: Which policy helps an auditor to gain a better understanding...
Question 90: Web and e-mail filtering tools are PRIMARILY valuable to an ...
Question 91: Which of the following processes are performed during the de...
Question 92: Which of the following would BEST maintain the integrity of ...
Question 93: Which of the following transmission media uses a transponder...
Question 94: Who is ultimately accountable for the development of an IS s...
Question 95: The IS management of a multinational company is considering ...
Question 96: Which of the following is the protocol data unit (PDU) of ap...
Question 97: For which of the following applications would rapid recovery...
Question 98: An IS auditor should review the configuration of which of th...
Question 99: Which of the following environmental controls is appropriate...
Question 100: To prevent unauthorized entry to the data maintained in a di...
Question 101: Which of the following term in business continuity defines t...
Question 102: When conducting a penetration test of an IT system, an organ...
Question 103: A LAN administrator normally would be restricted from:...
Question 104: What are intrusion-detection systems (IDS) primarily used fo...
Question 105: Which of the following is an advantage of asymmetric crypto ...
Question 106: Which of the following would MOST effectively enhance the se...
Question 107: Which of the following is a control over component communica...
Question 108: The PRIMARY purpose of an IT forensic audit is:...
Question 109: A hacker could obtain passwords without the use of computer ...
Question 110: What is the BEST action to prevent loss of data integrity or...
Question 111: Which of the following method is recommended by security pro...
Question 112: Which of the following cryptography is based on practical ap...
Question 113: Reconfiguring which of the following firewall types will pre...
Question 114: The role of the certificate authority (CA) as a third party ...
Question 115: Applying a digital signature to data traveling in a network ...
Question 116: Which of the following are effective controls for detecting ...
Question 117: An IS auditor should recommend the use of library control so...
Question 118: In wireless communication, which of the following controls a...
Question 119: Who is responsible for providing adequate physical and logic...
Question 120: Which of the following is the PRIMARY advantage of using com...
Question 121: Which of the following would an IS auditor consider to be th...
Question 122: From a control perspective, the PRIMARY objective of classif...
Question 123: Which of the following option INCORRECTLY describes PBX feat...
Question 124: Which of the following is the MOST effective type of antivir...
Question 125: Why is a clause for requiring source code escrow in an appli...
Question 126: The FIRST step in a successful attack to a system would be:...
Question 127: What does PKI use to provide some of the strongest overall c...
Question 128: To ensure message integrity, confidentiality and non-repudia...
Question 129: A company is implementing a dynamic host configuration proto...
Question 130: Which of the following is the MOST reliable form of single f...
Question 131: Which of the following components is responsible for the col...
Question 132: To verify that the correct version of a data file was used f...
Question 133: The MOST effective biometric control system is the one:...
Question 134: Which of the following controls would BEST detect intrusion?...
Question 135: The computer security incident response team (CSIRT) of an o...
Question 136: Which of the following is the INCORRECT Layer to Protocol ma...
Question 137: A database administrator is responsible for:...
Question 138: To properly evaluate the collective effect of preventative, ...
Question 139: Which of the following is a software application that preten...
Question 140: An auditor needs to be aware of technical controls which are...
Question 141: An IS auditor inspected a windowless room containing phone s...
Question 142: How does the process of systems auditing benefit from using ...
Question 143: Whenever an application is modified, what should be tested t...
Question 144: The objective of concurrency control in a database system is...
Question 145: Mitigating the risk and impact of a disaster or business int...
Question 146: If a database is restored from information backed up before ...
Question 147: When reviewing an organization's logical access security, wh...
Question 148: ________ (fill in the blank) is/are are ultimately accountab...
Question 149: If a programmer has update access to a live system, IS audit...
Question 150: After reviewing its business processes, a large organization...
Question 151: Sending a message and a message hash encrypted by the sender...
Question 152: Which of the following presents an inherent risk with no dis...
Question 153: What type(s) of firewalls provide(s) the greatest degree of ...
Question 154: When should systems administrators first assess the impact o...
Question 155: Which of the following provides the MOST relevant informatio...
Question 156: An IS auditor should know information about different networ...
Question 157: The sender of a public key would be authenticated by a:...
Question 158: If an IS auditor observes that an IS department fails to use...
Question 159: An IS auditor finds that client requests were processed mult...
Question 160: In transport mode, the use of the Encapsulating Security Pay...
Question 161: Which of the following tests performed by an IS auditor woul...
Question 162: Which of the following attack involves sending forged ICMP E...
Question 163: An IS auditor evaluating logical access controls should FIRS...
Question 164: Users are issued security tokens to be used in combination w...
Question 165: Data edits are implemented before processing and are conside...
Question 166: The MOST important difference between hashing and encryption...
Question 167: When reviewing print systems spooling, an IS auditor is MOST...
Question 168: Which of the following is a general operating system access ...
Question 169: E-mail message authenticity and confidentiality is BEST achi...
Question 170: How often should a Business Continuity Plan be reviewed?...
Question 171: An IS auditor reviewing a database application discovers tha...
Question 172: Which of the following would normally be the MOST reliable e...
Question 173: Which of the following BEST limits the impact of server fail...
Question 174: To detect attack attempts that the firewall is unable to rec...
Question 175: Which of the following network components is PRIMARILY set u...
Question 176: An organization is using symmetric encryption. Which of the ...
Question 177: Which of the following attacks targets the Secure Sockets La...
Question 178: Sign-on procedures include the creation of a unique user ID ...
Question 179: Which of the following is a concern when data are transmitte...
Question 180: What uses questionnaires to lead the user through a series o...
Question 181: In a small organization, developers may release emergency ch...
Question 182: During the requirements definition phase for a database appl...
Question 183: What is an effective control for granting temporary access t...
Question 184: The PRIMARY goal of a web site certificate is:...
Question 185: Which of the following attack is MOSTLY performed by an atta...
Question 186: In an online banking application, which of the following wou...
Question 187: A critical function of a firewall is to act as a:...
Question 188: To determine who has been given permission to use a particul...
Question 189: Digital signatures require the:...
Question 190: When are benchmarking partners identified within the benchma...
Question 191: What is/are used to measure and ensure proper network capaci...
Question 192: Database snapshots can provide an excellent audit trail for ...
Question 193: An organization has created a policy that defines the types ...
Question 194: Which of the following would effectively verify the originat...
Question 195: Which of the following is protocol data unit (PDU) of transp...
Question 196: Which of the following is the BEST type of program for an or...
Question 197: The difference between a vulnerability assessment and a pene...
Question 198: What should be the GREATEST concern to an IS auditor when em...
Question 199: Which of the following transmission media is MOST difficult ...
Question 200: Which of the following would be an indicator of the effectiv...
Question 201: Which of the following is often used as a detection and dete...
Question 202: In a relational database with referential integrity, the use...
Question 203: Which of the following is the MOST important action in recov...
Question 204: Reverse proxy technology for web servers should be deployed ...
Question 205: Which of the following user profiles should be of MOST conce...
Question 206: What kind of protocols does the OSI Transport Layer of the T...
Question 207: John has been hired to fill a new position in one of the wel...
Question 208: Of the three major types of off-site processing facilities, ...
Question 209: Distributed denial-of-service (DDOS) attacks on Internet sit...
Question 210: Which of the following is BEST suited for secure communicati...
Question 211: Above almost all other concerns, what often results in the g...
Question 212: A certificate authority (CA) can delegate the processes of:...
Question 213: An organization is considering connecting a critical PC-base...
Question 214: Which of the following provide(s) near-immediate recoverabil...
Question 215: Which of the following types of firewalls provide the GREATE...
Question 216: Which of the following term in business continuity determine...
Question 217: An IS auditor observes a weakness in the tape management sys...
Question 218: Transmitting redundant information with each character or fr...
Question 219: The MAJOR advantage of the risk assessment approach over the...
Question 220: A perpetrator looking to gain access to and gather informati...
Question 221: An integrated test facility is not considered a useful audit...
Question 222: What is a risk associated with attempting to control physica...
Question 223: Which of the following types of transmission media provide t...
Question 224: Which of the following provides the strongest authentication...
Question 225: Which of the following statement correctly describes the dif...
Question 226: In an EDI process, the device which transmits and receives e...
Question 227: Which of the following attack redirects outgoing message fro...
Question 228: Naming conventions for system resources are important for ac...
Question 229: Which of the following is a distinctive feature of the Secur...
Question 230: An organization is using an enterprise resource management (...
Question 231: If an IS auditor finds evidence of risk involved in not impl...
Question 232: How is the time required for transaction processing review u...
Question 233: Why does an IS auditor review an organization chart?...
Question 234: What is a data validation edit control that matches input da...
Question 235: An IS auditor performing an independent classification of sy...
Question 236: As an IS auditor, it is very important to make sure all stor...
Question 237: Which of the following physical access controls effectively ...
Question 238: ________________ (fill in the blank) should be implemented a...
Question 239: Which of the following statement correctly describes the dif...
Question 240: In a public key infrastructure (PKI), which of the following...
Question 241: Which of the following statement correctly describes differe...
Question 242: Who assumes ownership of a systems-development project and t...
Question 243: Which of the following public key infrastructure (PKI) eleme...
Question 244: Which of the following BEST describes the necessary document...
Question 245: Which of the following potentially blocks hacking attempts?...
Question 246: Passwords should be:
Question 247: A database administrator has detected a performance problem ...
Question 248: Disabling which of the following would make wireless local a...
Question 249: Two-factor authentication can be circumvented through which ...
Question 250: Which of the following is a good control for protecting conf...
Question 251: When developing a risk-based audit strategy, an IS auditor c...
Question 252: The MOST effective control for addressing the risk of piggyb...
Question 253: An IS auditor examining the configuration of an operating sy...
Question 254: In regard to moving an application program from the test env...
Question 255: After identifying potential security vulnerabilities, what s...
Question 256: What is the most common reason for information systems to fa...
Question 257: Which of the following acts as a decoy to detect active inte...
Question 258: Which of the following penetration tests would MOST effectiv...
Question 259: The extent to which data will be collected during an IS audi...
Question 260: Which of the following type of IDS has self-learning functio...
Question 261: When reviewing the configuration of network devices, an IS a...
Question 262: Who should be responsible for network security operations?...
Question 263: A core tenant of an IS strategy is that it must:...
Question 264: What is an acceptable mechanism for extremely time-sensitive...
Question 265: A business application system accesses a corporate database ...
Question 266: A penetration test performed as part of evaluating network s...
Question 267: Which of the following is a passive attack method used by in...
Question 268: Who is responsible for implementing cost-effective controls ...
Question 269: Which of the following would prevent unauthorized changes to...
Question 270: Who is accountable for maintaining appropriate security meas...
Question 271: Identify the INCORRECT statement related to network performa...
Question 272: Which of the following PBX feature allows a PBX to be config...
Question 273: The GREATEST risk when end users have access to a database a...
Question 274: Which of the following cryptography demands less computation...
Question 275: Which of the following implementation modes would provide th...
Question 276: There are many firewall implementations provided by firewall...
Question 277: Which of the following methods of suppressing a fire in a da...
Question 278: Which of the following term related to network performance r...
Question 279: For locations 3a, 1d and 3d, the diagram indicates hubs with...
Question 280: Which of the following technique is NOT used by a preacher a...
Question 281: Which of the following would provide the highest degree of s...
Question 282: What is the first step in a business process re-engineering ...
Question 283: What must an IS auditor understand before performing an appl...
Question 284: Which of the following is a passive attack to a network?...
Question 285: Which of the following is a form of Hybrid Cryptography wher...
Question 286: The information security policy that states 'each individual...
Question 287: Which of the following type of honey pot essentially gives a...
Question 288: As an IS auditor it is very important to understand the impo...
Question 289: Which of the following is the MOST effective control over vi...
Question 290: During Involuntary termination of an employee, which of the ...
Question 291: Which of the following is the BEST practice to ensure that a...
Question 292: Parity bits are a control used to validate:...
Question 293: Whenever business processes have been re-engineered, the IS ...
Question 294: During maintenance of a relational database, several values ...
Question 295: Which of the following attack involves slicing small amount ...
Question 296: Proper segregation of duties prevents a computer operator (u...
Question 297: Which of the following term related to network performance r...
Question 298: A data administrator is responsible for:...
Question 299: What is the BEST approach to mitigate the risk of a phishing...
Question 300: Which of the following satisfies a two-factor user authentic...
Question 301: Atomicity enforces data integrity by ensuring that a transac...
Question 302: Which of the following is used to evaluate biometric access ...
Question 303: An IS auditor should use statistical sampling and not judgme...
Question 304: Which of the following results in a denial-of-service attack...
Question 305: In a small organization, an employee performs computer opera...
Question 306: With the help of a security officer, granting access to data...
Question 307: In large corporate networks having supply partners across th...
Question 308: An organization with extremely high security requirements is...
Question 309: Which of the following is MOST directly affected by network ...
Question 310: How is risk affected if users have direct access to a databa...
Question 311: What type of approach to the development of organizational p...
Question 312: Inadequate programming and coding practices introduce the ri...
Question 313: The human resources (HR) department has developed a system t...
Question 314: Which of the following exploit vulnerabilities to cause loss...
Question 315: Run-to-run totals can verify data through which stage(s) of ...
Question 316: Why is the WAP gateway a component warranting critical conce...
Question 317: What is an edit check to determine whether a field contains ...
Question 318: Library control software restricts source code to:...
Question 319: Structured programming is BEST described as a technique that...
Question 320: Processing controls ensure that data is accurate and complet...
Question 321: The purpose of code signing is to provide assurance that:...
Question 322: Applying a retention date on a file will ensure that:...
Question 323: Which of the following is a feature of Wi-Fi Protected Acces...
Question 324: An IS auditor performing detailed network assessments and ac...
Question 325: Which of the following term related to network performance r...
Question 326: Regarding digital signature implementation, which of the fol...
Question 327: Which of the following statements regarding an off-site info...
Question 328: An organization provides information to its supply chain par...
Question 329: A sequence of bits appended to a digital document that is us...
Question 330: If senior management is not committed to strategic planning,...
Question 331: An audit charter should:
Question 332: Which of the following is widely accepted as one of the crit...
Question 333: Accountability for the maintenance of appropriate security m...
Question 334: The quality of the metadata produced from a data warehouse i...
Question 335: Which of the following translates e-mail formats from one ne...
Question 336: An IS auditor finds that, at certain times of the day, the d...
Question 337: An IS auditor reviewing wireless network security determines...
Question 338: Which of the following protocol does NOT work at Network int...
Question 339: For a discretionary access control to be effective, it must:...
Question 340: Obtaining user approval of program changes is very effective...
Question 341: The purpose of business continuity planning and disaster-rec...
Question 342: Which of the following ensures a sender's authenticity and a...
Question 343: What can be very helpful to an IS auditor when determining t...
Question 344: A call-back system requires that a user with an id and passw...
Question 345: IS management recently replaced its existing wired local are...
Question 346: Which of the following protocol does NOT work at the Applica...
Question 347: Which of the following line media would provide the BEST sec...
Question 348: The PRIMARY objective of performing a post incident review i...
Question 349: While copying files from a floppy disk, a user introduced a ...
Question 350: When conducting a penetration test of an organization's inte...
Question 351: The most common problem in the operation of an intrusion det...
Question 352: An internet-based attack using password sniffing can:...
Question 353: When participating in a systems-development project, an IS a...
Question 354: The FIRST step in managing the risk of a cyber-attack is to:...
Question 355: When protecting an organization's IT systems, which of the f...
Question 356: Time constraints and expanded needs have been found by an IS...
Question 357: To address a maintenance problem, a vendor needs remote acce...
Question 358: Within IPSEC which of the following defines security paramet...
Question 359: Which of the following attack includes social engineering, l...
Question 360: An IS auditor reviewing the implementation of an intrusion d...
Question 361: During an audit of an enterprise that is dedicated to e-comm...
Question 362: As described at security policy, the CSO implemented an e-ma...
Question 363: Which of the following is the PRIMARY safeguard for securing...
Question 364: The MOST significant security concerns when using flash memo...
Question 365: An investment advisor e-mails periodic newsletters to client...
Question 366: What are used as the framework for developing logical access...
Question 367: Who is ultimately responsible and accountable for reviewing ...
Question 368: If an IS auditor observes that individual modules of a syste...
Question 369: What often results in project scope creep when functional re...
Question 370: The MAIN reason for requiring that all computer clocks acros...
Question 371: Which of the following type of lock uses a numeric keypad or...
Question 372: The purpose of a deadman door controlling access to a comput...
Question 373: Which of the following should be of MOST concern to an IS au...
Question 374: An IS auditor reviewing an organization's data file control ...
Question 375: The use of residual biometric information to gain unauthoriz...
Question 376: Which of the following cryptographic systems is MOST appropr...
Question 377: Which of the following is the dominating objective of BCP an...
Question 378: When reviewing a digital certificate verification process, w...
Question 379: An advantage of a continuous audit approach is that it can i...
Question 380: What is the MOST effective method of preventing unauthorized...
Question 381: Which of the following method should be recommended by secur...
Question 382: An accuracy measure for a biometric system is:...
Question 383: Which of the following BEST describes the role of a director...
Question 384: Organizations should use off-site storage facilities to main...
Question 385: Which of the following fire suppression systems is MOST appr...
Question 386: During an audit of a telecommunications system, an IS audito...
Question 387: Private Branch Exchange(PBX) environment involves many secur...
Question 388: The decisions and actions of an IS auditor are MOST likely t...
Question 389: When reviewing system parameters, an IS auditor's PRIMARY co...
Question 390: In RFID technology which of the following risk could represe...
Question 391: Which of the following is the most fundamental step in preve...
Question 392: Which of the following would provide the BEST protection aga...
Question 393: What process is used to validate a subject's identity?...
Question 394: To determine how data are accessed across different platform...
Question 395: The PRIMARY objective of a logical access control review is ...
Question 396: IT operations for a large organization have been outsourced....
Question 397: When auditing a proxy-based firewall, an IS auditor should:...
Question 398: Key verification is one of the best controls for ensuring th...
Question 399: An IS auditor selects a server for a penetration test that w...
Question 400: Why does the IS auditor often review the system logs?...
Question 401: Proper segregation of duties normally does not prohibit a LA...
Question 402: Input/output controls should be implemented for which applic...
Question 403: During the testing of the business continuity plan (BCP), wh...
Question 404: An intentional or unintentional disclosure of a password is ...
Question 405: Which of the following would be the BEST method for ensuring...
Question 406: Which of the following term related to network performance r...
Question 407: Which of the following type of computer is a large, general ...
Question 408: When should application controls be considered within the sy...
Question 409: Which of the following ensures confidentiality of informatio...
Question 410: As an auditor it is very important to ensure confidentiality...
Question 411: Which key is used by the sender of a message to create a dig...
Question 412: Which of the following type of computer has highest processi...
Question 413: A number of system failures are occurring when corrections t...
Question 414: To affix a digital signature to a message, the sender must f...
Question 415: A review of wide area network (WAN) usage discovers that tra...
Question 416: Which of the following can degrade network performance?...
Question 417: Which of the following term in business continuity determine...
Question 418: What should an organization do before providing an external ...
Question 419: To protect a VoIP infrastructure against a denial-of-service...
Question 420: What is used to provide authentication of the website and ca...
Question 421: What is a callback system?
Question 422: Which of the following internet security threats could compr...
Question 423: Which of the following BEST reduces the ability of one devic...
Question 424: Which of the following type of lock uses a magnetic or embed...
Question 425: An IS auditor doing penetration testing during an audit of i...
Question 426: The application systems of an organization using open-source...
Question 427: Which of the following is the MOST effective method for deal...
Question 428: Which of the following provides the GREATEST assurance of me...
Question 429: An IS auditor is reviewing the remote access methods of a co...
Question 430: Which of the following is best suited for searching for addr...
Question 431: The MOST effective control for reducing the risk related to ...
Question 432: Which of the following would be the MOST secure firewall sys...
Question 433: Allowing application programmers to directly patch or change...
Question 434: Which of the following uses a prototype that can be updated ...
Question 435: The reliability of an application system's audit trail may b...
Question 436: How do modems (modulation/demodulation) function to facilita...
Question 437: Which of the following do digital signatures provide?...
Question 438: Which of the following functionality is NOT performed by the...
Question 439: Which of the following would be BEST prevented by a raised f...
Question 440: Which of the following controls would provide the GREATEST a...
Question 441: Which of the following network configuration options contain...
Question 442: The BEST filter rule for protecting a network from being use...
Question 443: Which of the following typically focuses on making alternati...
Question 444: An IS auditor conducting an access control review in a clien...
Question 445: An IS auditor is performing an audit of a remotely managed s...
Question 446: What is the recommended initial step for an IS auditor to im...
Question 447: When should reviewing an audit client's business plan be per...
Question 448: Which of the following biometrics has the highest reliabilit...
Question 449: Which of the following is an example of the defense in-depth...
Question 450: What can be implemented to provide the highest level of prot...
Question 451: Which of the following tests is an IS auditor performing whe...
Question 452: A PRIMARY benefit derived from an organization employing con...
Question 453: An IS auditor has completed a network audit. Which of the fo...
Question 454: What can be used to gather evidence of network attacks?...
Question 455: Using the OSI reference model, what layer(s) is/are used to ...
Question 456: COBIT 5 separates information goals into three sub-dimension...
Question 457: An IS auditor performing a telecommunication access control ...
Question 458: Which of the following manages the digital certificate life ...
Question 459: In a public key infrastructure, a registration authority:...
Question 460: Which of the following PBX feature provides the possibility ...
Question 461: IS management has decided to rewrite a legacy customer relat...
Question 462: Although BCP and DRP are often implemented and tested by mid...
Question 463: When using a universal storage bus (USB) flash drive to tran...
Question 464: An information security policy stating that 'the display of ...
Question 465: A programmer maliciously modified a production program to ch...
Question 466: When should plans for testing for user acceptance be prepare...
Question 467: What are often the primary safeguards for systems software a...
Question 468: The database administrator (DBA) suggests that DB efficiency...
Question 469: During an IS audit, auditor has observed that authentication...
Question 470: In order to properly protect against unauthorized disclosure...
Question 471: What determines the strength of a secret key within a symmet...
Question 472: A technical lead who was working on a major project has left...
Question 473: Establishing data ownership is an important first step for w...
Question 474: What is an initial step in creating a proper firewall policy...
Question 475: Which of the following is NOT a disadvantage of Single Sign ...
Question 476: Batch control reconciliation is a _____________________ (fil...
Question 477: Which of the following attack best describe "Computer is the...
Question 478: What is the MOST prevalent security risk when an organizatio...
Question 479: Security administration procedures require read-only access ...
Question 480: Which of the following statement INCORRECTLY describes Async...
Question 481: What is a reliable technique for estimating the scope and co...
Question 482: An IS auditor should carefully review the functional require...
Question 483: Overall business risk for a particular threat can be express...
Question 484: Neural networks are effective in detecting fraud because the...
Question 485: Which of the following would be considered an essential feat...
Question 486: Which of the following provides the framework for designing ...
Question 487: An IS auditor finds that a DBA has read and write access to ...
Question 488: Which of the following would prevent accountability for an a...
Question 489: An IS auditor examining a biometric user authentication syst...
Question 490: Which of the following is an environmental issue caused by e...
Question 491: The goal of an information system is to achieve integrity, a...
Question 492: When evaluating the collective effect of preventive, detecti...
Question 493: How does the SSL network protocol provide confidentiality?...
Question 494: An IS auditor should be MOST concerned with what aspect of a...
Question 495: An IS auditor analyzing the audit log of a database manageme...
Question 496: Who is responsible for restricting and monitoring access of ...
Question 497: Which of the following is the BEST way to handle obsolete ma...
Question 498: What benefit does using capacity-monitoring software to moni...
Question 499: In which of the following transmission media it is MOST diff...
Question 500: Which of the following is the MOST reliable sender authentic...
Question 501: There are several types of penetration tests depending upon ...
Question 502: Which of the following is a benefit of using callback device...
Question 503: What is often assured through table link verification and re...
Question 504: An organization having a number of offices across a wide geo...
Question 505: During an IS audit, one of your auditor has observed that so...
Question 506: An IS auditor reviewing the key roles and responsibilities o...
Question 507: The BEST way to minimize the risk of communication failures ...
Question 508: What type of BCP test uses actual resources to simulate a sy...
Question 509: Which of the following transmission media is LEAST vulnerabl...
Question 510: Who is ultimately responsible for providing requirement spec...
Question 511: Ensuring that security and control policies support business...
Question 512: Which of the following is an example of a passive attack ini...
Question 513: The IS auditor learns that when equipment was brought into t...
Question 514: The feature of a digital signature that ensures the sender c...
Question 515: Which of the following process consist of identification and...
Question 516: When reviewing a hardware maintenance program, an IS auditor...
Question 517: Which of the following would MOST effectively reduce social ...
Question 518: The Secure Sockets Layer (SSL) protocol addresses the confid...
Question 519: During a security audit of IT processes, an IS auditor found...
Question 520: When auditing security for a data center, an IS auditor shou...
Question 521: Which of the following fire-suppression methods is considere...
Question 522: Which of the following protocols would be involved in the im...
Question 523: An IS auditor usually places more reliance on evidence direc...
Question 524: Which of the following concerns associated with the World Wi...
Question 525: Which of the following is protocol data unit (PDU) of networ...
Question 526: Which of the following are effective in detecting fraud beca...
Question 527: Which of the following should concern an IS auditor when rev...
Question 528: Which of the following statement correctly describes differe...
Question 529: An IS auditor has identified the lack of an authorization pr...
Question 530: Which of the following sampling methods is MOST useful when ...
Question 531: If inadequate, which of the following would be the MOST like...
Question 532: In what way is a common gateway interface (CGI) MOST often u...
Question 533: isk analysis is not always possible because the IS auditor i...
Question 534: Which of the following biometrics methods provides the HIGHE...
Question 535: Which of the following functions should be performed by the ...
Question 536: Which of the following device in Frame Relay WAN technique i...
Question 537: Vendors have released patches fixing security flaws in their...
Question 538: An IS auditor is evaluating management's risk assessment of ...
Question 539: Of the three major types of off-site processing facilities, ...
Question 540: Which of the following best characterizes "worms"?...
Question 541: What is the most common purpose of a virtual private network...
Question 542: What is the primary security concern for EDI environments?...
Question 543: What should an IS auditor do if he or she observes that proj...
Question 544: The MAIN criterion for determining the severity level of a s...
Question 545: Which of the following is protocol data unit (PDU) of data a...
Question 546: Which of the following intrusion detection systems (IDSs) mo...
Question 547: The vice president of human resources has requested an audit...
Question 548: What is the key distinction between encryption and hashing a...
Question 549: The MOST significant level of effort for business continuity...
Question 550: Which of the following will help detect changes made by an i...
Question 551: An IS auditor is reviewing access to an application to deter...
Question 552: Which of the following provides the BEST single-factor authe...
Question 553: Which of the following cryptography options would increase o...
Question 554: Which of the following statement correctly describes the dif...
Question 555: An IS auditor needs to consider many factors while evaluatin...
Question 556: Which of the following is BEST characterized by unauthorized...
Question 557: During the audit of a database server, which of the followin...
Question 558: An organization's IS audit charter should specify the:...
Question 559: Which of the following term in business continuity defines t...
Question 560: A TCP/IP-based environment is exposed to the Internet. Which...
Question 561: Which of the following would be the BEST overall control for...
Question 562: A web server is attacked and compromised. Which of the follo...
Question 563: The logical exposure associated with the use of a checkpoint...
Question 564: Digital signatures require the sender to "sign" the data by ...
Question 565: What can ISPs use to implement inbound traffic filtering as ...
Question 566: Which of the following is penetration test where the penetra...
Question 567: Which of the following is the unique identifier within and I...
Question 568: Which of the following is the INCORRECT "layer - protocol" m...
Question 569: Which of the following is a dynamic analysis tool for the pu...
Question 570: Which of the following exposures could be caused by a line g...
Question 571: Which of the following statement is NOT true about Voice-Ove...
Question 572: IS management is considering a Voice-over Internet Protocol ...
Question 573: In a client-server architecture, a domain name service (DNS)...
Question 574: The use of a GANTT chart can:
Question 575: The FIRST step in data classification is to:...
Question 576: Which of the following term related to network performance r...
Question 577: Authentication techniques for sending and receiving data bet...
Question 578: There are many known weaknesses within an Intrusion Detectio...
Question 579: E-mail traffic from the Internet is routed via firewall-1 to...
Question 580: What process allows IS management to determine whether the a...
Question 581: In the 2c area of the diagram, there are three hubs connecte...
Question 582: An IS auditor is reviewing the physical security measures of...
Question 583: What are used as a countermeasure for potential database cor...
Question 584: The GREATEST risk posed by an improperly implemented intrusi...
Question 585: A malicious code that changes itself with each file it infec...
Question 586: In a client-server system, which of the following control te...
Question 587: Which of the following BEST characterizes a mantrap or deadm...
Question 588: Which of the following controls would be MOST effective in e...
Question 589: Which of the following database controls would ensure that t...
Question 590: A sender of an e-mail message applies a digital signature to...
Question 591: Which of the following attack could be avoided by creating m...
Question 592: What is essential for the IS auditor to obtain a clear under...
Question 593: Which of the following provides nonrepudiation services for ...
Question 594: What topology provides the greatest redundancy of routes and...
Question 595: Which of the following can help detect transmission errors b...
Question 596: An IS auditor is evaluating a corporate network for a possib...
Question 597: Change management procedures are established by IS managemen...
Question 598: Which of the following is a technique that could be used to ...
Question 599: While designing the business continuity plan (BCP) for an ai...
Question 600: How does the digital envelop work? What are the correct step...
Question 601: The technique used to ensure security in virtual private net...
Question 602: Active radio frequency ID (RFID) tags are subject to which o...
Question 603: Java applets and ActiveX controls are distributed executable...
Question 604: Which of the following is the INCORRECT "layer - protocol da...
Question 605: Which of the following hardware devices relieves the central...
Question 606: Which of the following message services provides the stronge...
Question 607: Proper segregation of duties does not prohibit a quality con...
Question 608: A control that detects transmission errors by appending calc...
Question 609: The MOST important success factor in planning a penetration ...
Question 610: Which of the following is a ITU-T standard protocol suite fo...
Question 611: What is a common vulnerability, allowing denial-of-service a...
Question 612: An IS auditor is assigned to perform a post implementation r...
Question 613: Which of the following BEST restricts users to those functio...
Question 614: Which of the following is NOT a true statement about public ...
Question 615: Which of the following INCORRECTLY describes the layer funct...
Question 616: Which of the following is the BEST way to satisfy a two-fact...
Question 617: Which of the following applet intrusion issues poses the GRE...
Question 618: When using a digital signature, the message digest is comput...
Question 619: Rather than simply reviewing the adequacy of access control,...
Question 620: Diskless workstation is an example of:...
Question 621: The initial step in establishing an information security pro...
Question 622: Which of the following INCORRECTLY describes the layer funct...
Question 623: When performing an IS strategy audit, an IS auditor should r...
Question 624: Which of the following is a program evaluation review techni...
Question 625: Which of the following attack occurs when a malicious action...
Question 626: Business Continuity Planning (BCP) is not defined as a prepa...
Question 627: When selecting audit procedures, an IS auditor should use pr...
Question 628: An IS auditor is performing a network security review of a t...
Question 629: Which of the following is a guiding best practice for implem...
Question 630: During what process should router access control lists be re...
Question 631: Network environments often add to the complexity of program-...
Question 632: Which of the following attack is against computer network an...
Question 633: While evaluating logical access control the IS auditor shoul...
Question 634: An organization has recently installed a security patch, whi...
Question 635: Which are the two primary types of scanner used for protecti...
Question 636: The traditional role of an IS auditor in a control self-asse...
Question 637: Which of the following is an effective method for controllin...
Question 638: To ensure that audit resources deliver the best value to the...
Question 639: Which of the following is a sophisticated computer based swi...
Question 640: What kind of testing should programmers perform following an...
Question 641: Which of the following protocol is developed jointly by VISA...
Question 642: What is used as a control to detect loss, corruption, or dup...
Question 643: In which of the following RFID risks competitor potentially ...
Question 644: IS auditors are MOST likely to perform compliance tests of i...
Question 645: Test and development environments should be separated. True ...
Question 646: When reviewing the implementation of a LAN, an IS auditor sh...
Question 647: The PRIMARY objective of Secure Sockets Layer (SSL) is to en...
Question 648: When auditing third-party service providers, an IS auditor s...
Question 649: After an IS auditor has identified threats and potential imp...
Question 650: A company has decided to implement an electronic signature s...
Question 651: During an audit of the logical access control of an ERP fina...
Question 652: Which of the following functionality is NOT supported by SSL...
Question 653: What is a primary high-level goal for an auditor who is revi...
Question 654: Which of the following is of greatest concern to the IS audi...
Question 655: The PRIMARY advantage of a continuous audit approach is that...
Question 656: What type of risk results when an IS auditor uses an inadequ...
Question 657: Depending on the complexity of an organization's business co...
Question 658: Confidentiality of the data transmitted in a wireless LAN is...
Question 659: A virtual private network (VPN) provides data confidentialit...
Question 660: Which of the following controls will MOST effectively detect...
Question 661: Doing which of the following during peak production hours co...
Question 662: A hardware control that helps to detect errors when data are...
Question 663: Which of the following is MOST likely to result from a busin...
Question 664: An IS auditor notes that patches for the operating system us...
Question 665: Which of the following data validation edits is effective in...
Question 666: Which of the following intrusion detection systems (IDSs) wi...
Question 667: Who is primarily responsible for storing and safeguarding th...
Question 668: Which of the following statement is NOT true about smoke det...
Question 669: Which of the following types of data validation editing chec...
Question 670: Which of the following PBX feature supports shared extension...
Question 671: An IS auditor has imported data from the client's database. ...
Question 672: Which of the following should be a concern to an IS auditor ...
Question 673: An organization can ensure that the recipients of e-mails fr...
Question 674: The directory system of a database-management system describ...
Question 675: What method might an IS auditor utilize to test wireless sec...
Question 676: Which of the following is MOST is critical during the busine...
Question 677: In computer forensics, which of the following is the process...
Question 678: Which of the following is a feature of an intrusion detectio...
Question 679: Which of the following term in business continuity determine...
Question 680: In computer forensic which of the following describe the pro...
Question 681: Which of the following virus prevention techniques can be im...
Question 682: Which of the following is a network diagnostic tool that mon...
Question 683: Which of the following BEST ensures the integrity of a serve...
Question 684: Assuming this diagram represents an internal facility and th...
Question 685: Which of the following methods of providing telecommunicatio...
Question 686: Which of the following encryption techniques will BEST prote...
Question 687: How is the risk of improper file access affected upon implem...
Question 688: Which of the following is a substantive test?...
Question 689: Which of the following help(s) prevent an organization's sys...
Question 690: An IS auditor should expect the responsibility for authorizi...
Question 691: To determine if unauthorized changes have been made to produ...
Question 692: When planning an audit of a network setup, an IS auditor sho...
Question 693: When reviewing an intrusion detection system (IDS), an IS au...
Question 694: When reviewing procedures for emergency changes to programs,...
Question 695: What increases encryption overhead and cost the most?...
Question 696: What should IS auditors always check when auditing password ...
Question 697: An IS auditor reviewing access controls for a client-server ...
Question 698: A firm is considering using biometric fingerprint identifica...
Question 699: The responsibility for authorizing access to application dat...
Question 700: Use of asymmetric encryption in an internet e-commerce site,...
Question 701: The MOST likely explanation for a successful social engineer...
Question 702: An IS auditor finds that conference rooms have active networ...
Question 703: During the review of a biometrics system operation, an IS au...
Question 704: After observing suspicious activities in a server, a manager...
Question 705: Which of the following is the MOST effective control when gr...
Question 706: A firewall is being deployed at a new location. Which of the...
Question 707: An offsite information processing facility having electrical...
Question 708: In the course of performing a risk analysis, an IS auditor h...
Question 709: In an IS audit of several critical servers, the IS auditor w...
Question 710: What type of fire-suppression system suppresses fire via wat...
Question 711: Which of the following antivirus software implementation str...
Question 712: Which of the following is the BEST audit procedure to determ...
Question 713: Which of the following exposures associated with the spoolin...
Question 714: Fourth-Generation Languages (4GLs) are most appropriate for ...
Question 715: During a logical access controls review, an IS auditor obser...
Question 716: Which of the following is the MOST likely reason why e-mail ...
Question 717: Company.com has contracted with an external consulting firm ...
Question 718: Which of the following antispam filtering techniques would B...
Question 719: Which significant risk is introduced by running the file tra...
Question 720: When reviewing an implementation of a VoIP system over a cor...
Question 721: The security level of a private key system depends on the nu...
Question 722: The network of an organization has been the victim of severa...
Question 723: Which of the following technique is used for speeding up net...
Question 724: The PRIMARY reason for using digital signatures is to ensure...
Question 725: A digital signature contains a message digest to:...
Question 726: As compared to understanding an organization's IT process fr...
Question 727: While planning an audit, an assessment of risk should be mad...
Question 728: Which of the following device in Frame Relay WAN technique i...
Question 729: What protects an application purchaser's ability to fix or c...
Question 730: To prevent IP spoofing attacks, a firewall should be configu...
Question 731: What is an effective countermeasure for the vulnerability of...
Question 732: When should an application-level edit check to verify that a...
Question 733: Which of the following should an IS auditor review to determ...
Question 734: Validated digital signatures in an e-mail software applicati...
Question 735: Any changes in systems assets, such as replacement of hardwa...
Question 736: An IS auditor is using a statistical sample to inventory the...
Question 737: Which of the following statement INCORRECTLY describes devic...
Question 738: Which of the following devices extends the network and has t...
Question 739: Which type of major BCP test only requires representatives f...
Question 740: Receiving an EDI transaction and passing it through the comm...
Question 741: A transaction journal provides the information necessary for...
Question 742: An installed Ethernet cable run in an unshielded twisted pai...
Question 743: What is used to develop strategically important systems fast...
Question 744: The BEST overall quantitative measure of the performance of ...
Question 745: Which of the following could lead to an unintentional loss o...
Question 746: An IS auditor reviewing digital rights management (DRM) appl...
Question 747: What type of risk is associated with authorized program exit...
Question 748: In auditing a web server, an IS auditor should be concerned ...
Question 749: Over the long term, which of the following has the greatest ...
Question 750: Which of the following is of greatest concern when performin...