Domain 5 Questions (Doshi) Flashcards
1
Q
- An IS auditor conducting an access control review in a client-server environment discovers that all printing options are accessible by all users. In this situation, the IS auditor is MOST likely to conclude that:
1 point
A. exposure is greater, since information is available to unauthorized users.
B. operating efficiency is enhanced, since anyone can print any report at any time.
C. operating procedures are more effective, since information is easily available.
D. user friendliness and flexibility is facilitated, since there is a smooth flow of information among users. - Security administration procedures require read-only access to:
1 point
A. access control tables.
B. security log files.
C. logging options.
D. user profiles. - Which of the following would MOST effectively reduce social engineering incidents?
1 point
A. Security awareness training
B. Increased physical security measures
C. E-mail monitoring policy
D. Intrusion detection systems - Disabling which of the following would make wireless local area networks more secure against unauthorized access?
1 point
A. MAC (Media Access Control) address filtering
B. WPA (Wi-Fi Protected Access Protocol)
C. LEAP (Lightweight Extensible Authentication Protocol)
D. SSID (service set identifier) broadcasting - During an audit of a telecommunications system, the IS auditor finds that the risk of intercepting data transmitted to and from remote sites is very high. The MOST effective control for reducing this exposure is:
1 point
A. encryption.
B. callback modems.
C. message authentication.
D. dedicated leased lines. - To ensure compliance within security policy requiring that passwords be a combination of letters and numbers, the IS auditor should recommend that:
1 point
A. the company policy be changed.
B. passwords be periodically changed.
C. an automated password management tool be used.
D. security awareness training be delivered. - The PRIMARY reason for using digital signatures is to ensure data:
1 point
A. confidentiality.
B. integrity.
C. availability.
D. timeliness. - Accountability for the maintenance of appropriate security measures over information assets resides with the:
1 point
A. security administrator.
B. systems administrator.
C. data and systems owners.
D. systems operations group. - During the review of a biometrics system operation, the IS auditor should FIRST review the stage of:
1 point
A. enrollment.
B. identification.
C. verification.
D. storage. - Which of the following environmental controls is appropriate to protect computer equipment against short-term reductions in electrical power?
1 point
A. Power line conditioners
B. A surge protective device
C. An alternative power supply
D. An interruptible power supply - In the ISO/OSI model, which of the following protocols is the FIRST to establish security for the user application?
1 point
A. Session layer
B. Transport layer
C. Network layer
D. Presentation layer - Which of the following message services provides the strongest evidence that a specific action has occurred?
1 point
A. Proof of delivery
B. Nonrepudiation
C. Proof of submission
D. Message origin authentication - The FIRST step in data classification is to:
1 point
A. establish ownership.
B. perform a criticality analysis.
C. define access rules.
D. create a data dictionary. - An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the:
1 point
A. maintenance of access logs of usage of various system resources.
B. authorization and authentication of the user prior to granting access to system resources.
C. adequate protection of stored data on servers by encryption or other means.
D. accountability system and the ability to identify any terminal accessing system resources. - Which of the following concerns associated with the World Wide Web would be addressed by a firewall?
1 point
A. Unauthorized access from outside the organization
B. Unauthorized access from within the organization
C. A delay in Internet connectivity
D. A delay in downloading using File Transfer Protocol (FTP) - Which of the following ensures a sender’s authenticity and an e-mail’s confidentiality?
1 point
A. Encrypting the hash of the message with the sender’s private key and thereafter encrypting the hash of the message with the receiver’s public key
B. The sender digitally signing the message and thereafter encrypting the hash of the message with the sender’s private key
C. Encrypting the hash of the message with the sender’s private key and thereafter encrypting the message with the receiver’s public key
D. Encrypting the message with the sender’s private key and encrypting the message hash with the receiver’s public key - The IS management of a multinational company is considering upgrading its existing virtual private network (VPN) to support voice-over IP (VoIP) communications via tunneling. Which of the following considerations should be PRIMARILY addressed?
1 point
A. Reliability and quality of service (QoS)
B. Means of authentication
C. Privacy of voice transmissions
D. Confidentiality of data transmissions - When conducting a penetration test of an organization’s internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected on the network?
1 point
A. Use the IP address of an existing file server or domain controller.
B. Pause the scanning every few minutes to allow thresholds to reset.
C. Conduct the scans during evening hours when no one is logged-in.
D. Use multiple scanning tools since each tool has different characteristics. - A virtual private network (VPN) provides data confidentiality by using:
1 point
A. Secure Sockets Layer (SSL)
B. Tunnelling
C. Digital signatures
D. Phishing - Which of the following is the MOST effective technique for providing security during data transmission?
1 point
A. Communication log
B. Systems software log
C. Encryption
D. Standard protocol - During an audit of an enterprise that is dedicated to e-commerce, the IS manager states that digital signatures are used when receiving communications from customers. To substantiate this, the IS auditor must prove that which of the following is used?
1 point
A. A biometric, digitalized and encrypted parameter with the customer’s public key
B. A hash of the data that is transmitted and encrypted with the customer’s private key
C. A hash of the data that is transmitted and encrypted with the customer’s public key
D. The customer’s scanned signature encrypted with the customer’s public key - An information security policy stating that “the display of passwords must be masked or suppressed” addresses which of the following attack methods?
1 point
A. Piggybacking
B. Dumpster diving
C. Shoulder surfing
D. Impersonation - Which of the following should be a concern to an IS auditor reviewing a wireless network?
1 point
A. 128-bit-static-key WEP (Wired Equivalent Privacy) encryption is enabled.
B. SSID (Service Set IDentifier) broadcasting has been enabled.
C. Antivirus software has been installed in all wireless clients.
D. MAC (Media Access Control) access control filtering has been deployed. - Validated digital signatures in an e-mail software application will:
1 point
A. help detect spam.
B. provide confidentiality.
C. add to the workload of gateway servers.
D. significantly reduce available bandwidth. - The PRIMARY objective of Secure Sockets Layer (SSL) is to ensure:
1 point
A. only the sender and receiver are able to encrypt/decrypt the data.
B. the sender and receiver can authenticate their respective identities.
C. the alteration of transmitted data can be detected.
D. the ability to identify the sender by generating a one-time session key. - If inadequate, which of the following would be the MOST likely contributor to a denial- of-service attack?
1 point
A. Router configuration and rules
B. Design of the internal network
C. Updates to the router system software
D. Audit testing and review techniques - The MOST important difference between hashing and encryption is that hashing:
1 point
A. is irreversible.
B. output is the same length as the original message.
C. is concerned with integrity and security.
D. is the same at the sending and receiving end. - Which of the following encrypt/decrypt steps provides the GREATEST assurance of achieving confidentiality, message integrity and nonrepudiation by either sender or recipient?
1 point
A. The recipient uses his/her private key to decrypt the secret key.
B The encrypted prehash code and the message are encrypted using a secret key.
C. The encrypted prehash code is derived mathematically from the message to be sent.
D. The recipient uses the sender’s public key, verified with a certificate authority, to decrypt the prehash code. - When planning an audit of a network setup, the IS auditor should give highest priority to obtaining which of the following network documentation?
1 point
A. Wiring and schematic diagram
B. Users’ lists and responsibilities
C. Application lists and their details
D. Backup and recovery procedures - For a discretionary access control to be effective, it must:
1 point
A. operate within the context of mandatory access controls.
B. operate independently of mandatory access controls.
C. enable users to override mandatory access controls when necessary.
D. be specifically permitted by the security policy. - Which of the following would be of MOST concern to an IS auditor reviewing a VPN implementation? Computers on the network that are located:
1 point
A. on the enterprise’s facilities.
B. at the backup site.
C. in employees’ homes.
D. at the enterprise’s remote offices. - An organization can ensure that the recipients of e-mails from its employees can authenticate the identity of the sender by:
1 point
A. digitally signing all e-mail messages.
B. encrypting all e-mail messages.
C. compressing all e-mail messages.
D. password protecting all e-mail messages. - Which of the following is a general operating system access control function?
1 point
A. Creating database profiles
B. Verifying user authorization at a field level
C. Creating individual accountability
D. Logging database access activities for monitoring access violation - Electromagnetic emissions from a terminal represent an exposure because they:
1 point
A. affect noise pollution.
B. disrupt processor functions.
C. produce dangerous levels of electric current.
D. can be detected and displayed. - To detect attack attempts that the firewall is unable to recognize, the IS auditor should recommend placing a network intrusion detection system (IDS) between the:
1 point
A. firewall and the organization’s network.
B. Internet and the firewall.
C. Internet and the web server.
D. web server and the firewall. - Which of the following is BEST suited for secure communications within a small group?
1 point
A. Key distribution center
B. Certification authority
C. Web of trust
D. Kerberos - An IS auditor doing penetration testing during an audit of Internet connections would:
1 point
A. evaluate configurations.
B. examine security settings.
C. ensure virus-scanning software is in use.
D. use tools and techniques that are available to a hacker - E-mail message authenticity and confidentiality is BEST achieved by signing the message using the:
1 point
A. sender’s private key and encrypting the message using the receiver’s public key.
B. sender’s public key and encrypting the message using the receiver’s private key.
C. receiver’s private key and encrypting the message using the sender’s public key.
D. receiver’s public key and encrypting the message using the sender’s private key. - Which of the following is the MOST effective type of antivirus software?
1 point
A. Scanners
B. Active monitors
C. Integrity checkers
D. Vaccines - Which of the following encryption techniques will BEST protect a wireless network from a man-in-the-middle attack?
1 point
A. 128-bit wired equivalent privacy (WEP)
B. MAC-based pre-shared key (PSK)
C. Randomly generated pre-shared key (PSK)
D. Alphanumeric service set identifier (SSID) - Which of the following append themselves to files as a protection against viruses?
1 point
A. Behavior blockers
B. Cyclical redundancy checkers (CRCs)
C. Immunizers
D. Active monitors - Transmitting redundant information with each character or frame to facilitate detection and correction of errors is called a:
1 point
A. feedback error control.
B. block sum check.
C. forward error control.
D. cyclic redundancy check. - Which of the following is a technique that could be used to capture network user passwords?
1 point
A. Encryption
B. Sniffing
C. Spoofing
D. Data destruction - Which of the following implementation modes would provide the GREATEST amount of security for outbound data connecting to the Internet?
1 point
A. Transport mode with authentication header (AH) plus encapsulating security payload (ESP)
B. Secure Sockets Layer (SSL) mode
C. Tunnel mode with AH plus ESP
D. Triple-DES encryption mode - When a PC that has been used for the storage of confidential data is sold on the open market, the:
1 point
A. hard disk should be demagnetized.
B. hard disk should be mid-level formatted.
C. data on the hard disk should be deleted.
D. data on the hard disk should be defragmented. - Which of the following would BEST maintain the confidentiality of data transmitted over a network?
1 point
A. Data are encrypted before transmission.
B. A hash is appended to all messages.
C. Network devices are hardened.
D. Cables are secured. - What method might an IS auditor utilize to test wireless security at branch office locations?
1 point
A. War dialing
B. Social engineering
C. War driving
D. Password cracking - The review of router access control lists should be conducted during a(n):
1 point
A. environmental review.
B. network security review.
C. business continuity review.
D. data integrity review. - The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is:
1 point
A. data integrity.
B. authentication.
C. nonrepudiation.
D. replay protection. - An IS auditor reviewing wireless network security determines that the Dynamic Host Configuration Protocol is disabled at all wireless access points. This practice:
1 point
A. reduces the risk of unauthorized access to the network.
B. is not suitable for small networks.
C. automatically provides an IP address to anyone.
D. increases the risks associated with Wireless Encryption Protocol (WEP). - Which of the following physical access controls would provide the highest degree of security over unauthorized access?
1 point
A. Bolting door lock
B. Cipher lock
C. Electronic door lock
D. Fingerprint scanner - A hacker could obtain passwords without the use of computer tools or programs through the technique of:
1 point
A. social engineering.
B. sniffers.
C. back doors.
D. Trojan horses. - A MAJOR risk of using single sign-on (SSO) is that it:
1 point
A. has a single authentication point.
B. represents a single point of failure.
C. causes an administrative bottleneck.
D. leads to a lockout of valid users. - An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking?
1 point
A. An application-level gateway
B. A remote access server
C. A proxy server
D. Port scanning - Which of the following controls would BEST detect intrusion?
1 point
A. User ids and user privileges are granted through authorized procedures.
B. Automatic logoff is used when a workstation is inactive for a particular period of time.
C. Automatic logoff of the system after a specified number of unsuccessful attempts.
D. Unsuccessful logon attempts are monitored by the security administrator. - The MOST effective control for addressing the risk of piggybacking is:
1 point
A. a single entry point with a receptionist.
B. the use of smart cards.
C. a biometric door lock.
D. a deadman door. - Which of the following is the MOST important objective of data protection?
1 point
A. Identifying persons who need access to information
B. Ensuring the integrity of information
C. Denying or authorizing access to the IS system
D. Monitoring logical accesses - Which of the following is the MOST effective control over visitor access to a data center?
1 point
A. Visitors are escorted.
B. Visitor badges are required.
C. Visitors sign in.
D. Visitors are spot-checked by operators. - A TCP/IP-based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted?
1 point
A. Work is completed in tunnel mode with IP security using the nested services of authentication header (AH) and encapsulating security payload (ESP).
B. A digital signature with RSA has been implemented.
C. Digital certificates with RSA are being used.
D. Work is being completed in TCP services. - A manufacturer has been purchasing materials and supplies for its business through an e-commerce application. Which of the following should this manufacturer rely on to prove that the transactions were actually made?
1 point
A. Reputation
B. Authentication
C. Encryption
D. Nonrepudiation - The PRIMARY goal of a web site certificate is:
1 point
A. authentication of the web site that will be surfed.
B. authentication of the user who surfs through that site.
C. preventing surfing of the web site by hackers.
D. the same purpose as that of a digital certificate. - An IS auditor performing an independent classification of systems should consider a situation where functions could be performed manually at a tolerable cost for an extended period of time as:
1 point
A. critical.
B. vital.
C. sensitive.
D. noncritical. - The use of residual biometric information to gain unauthorized access is an example of which of the following attacks?
1 point
A. Replay
B. Brute-force
C. Cryptographic
D. Mimic - Which of the following controls would be the MOST comprehensive in a remote access network with multiple and diverse subsystems?
1 point
A. Proxy server
B. Firewall installation
C. Network administrator
D. Password implementation and administration - Confidentiality of the data transmitted in a wireless LAN is BEST protected, if the session is:
1 point
A. restricted to predefined MAC addresses.
B. encrypted using static keys.
C. encrypted using dynamic keys.
D. initiated from devices that have encrypted storage. - An IS auditor has identified the lack of an authorization process for users of an application. The IS auditor’s main concern should be that:
1 point
A. more than one individual can claim to be a specific user.
B. there is no way to limit the functions assigned to users.
C. user accounts can be shared.
D. users have a need-to-know privilege. - Which of the following cryptographic systems is MOST appropriate for bulk data encryption and small devices such as smart cards?
1 point
A. DES
B. AES
C. Triple DES
D. RSA - The MOST important key success factor in planning a penetration test is:
1 point
A. the documentation of the planned testing procedure.
B. scheduling and deciding on the timed length of the test.
C. the involvement of the management of the client organization.
D. the qualifications and experience of staff involved in the test. - Which of the following is the MOST reliable sender authentication method?
1 point
A. Digital signatures
B. Asymmetric cryptography
C. Digital certificates
D. Message authentication code - Applying a digital signature to data traveling in a network provides:
1 point
A. confidentiality and integrity.
B. security and nonrepudiation.
C. integrity and nonrepudiation.
D. confidentiality and nonrepudiation. - Which of the following Internet security threats could compromise integrity?
1 point
A. Theft of data from the client
B. Exposure of network configuration information
C. A Trojan horse browser
D. Eavesdropping on the net - Which of the following is the MOST effective control when granting temporary access to vendors?
1 point
. Vendor access corresponds to the service level agreement (SLA).
B User accounts are created with expiration dates and are based on services provided.
C. Administrator access is provided for a limited period.
D. User IDs are deleted when the work is completed. - Which of the following provides the GREATEST assurance of message authenticity?
1 point
A. The prehash code is derived mathematically from the message being sent.
B. The prehash code is encrypted using the sender’s private key.
C. The prehash code and the message are encrypted using the secret key.
D. The sender attains the recipient’s public key and verifies the authenticity of its digital certificate with a certificate authority. - Which of the following public key infrastructure (PKI) elements provides detailed descriptions for dealing with a compromised private key?
1 point
A. Certificate revocation list (CRL)
B. Certification practice statement (CPS)
C. Certificate policy (CP)
D. PKI disclosure statement (PDS) - An IS auditor should be MOST concerned with what aspect of an authorized honeypot?
1 point
A. The data collected on attack methods.
B. The information offered to outsiders on the honeypot.
C. The risk that the honeypot could be used to launch further attacks on the organization’s infrastructure.
D. The risk that the honeypot would be subject to a distributed denial-of-service attack. - Which of the following BEST restricts users to those functions needed to perform their duties?
1 point
A. Application level access control
B. Data encryption
C. Disabling floppy disk drives
D. Network monitoring device - Which of the following satisfies a two-factor user authentication?
1 point
A. Iris scanning plus fingerprint scanning
B. Terminal ID plus global positioning system (GPS)
C. A smart card requiring the user’s PIN
D. User ID along with password - Which of the following is the PRIMARY safeguard for securing software and data within an information processing facility?
1 point
A. Security awareness
B. Reading the security policy
C. Security committee
D. Logical access controls - Which of the following functions is performed by a virtual private network (VPN)?
1 point
A. Hiding information from sniffers on the net
B. Enforcing security policies
C. Detecting misuse or mistakes
D. Regulating access - Two-factor authentication can be circumvented through which of the following attacks?
1 point
A. Denial-of-service
B. Man-in-the-middle
C. Key logging
D. Brute-force - The Allow All Access Control Policy:
1 point
A. Allows selected traffic and denies rest all traffic.
B. Denies selected traffic and allows rest all traffic.
C. Is frequently used for granting access from un- trusted network to an external System.
D. Traffic is allowed as per discretion of application owner.
82 The most robust access control policy is the Default Deny Access Control Policy. This policy:
1 point
A. Allows selected traffic and denies rest all traffic.
B. Denies selected traffic and allows rest all traffic.
C. Is frequently used for granting access from a trusted network to an external Systems.
D. Traffic is allowed as per discretion of application owner.
(83)To prevent unauthorized entry to database of critical application, an IS auditor should recommend:
1 point
A. Online terminals are placed in restricted areas.
B. CCTV camera to be placed above terminals.
C. ID cards be required to gain access to online terminals.
D. Online access to be blocked after a specified number of unsuccessful attempts.
(84) IS auditor is reviewing general IT controls of an organisation. Which of the following should concern him?
1 point
A. LAN connections are easily in the facility to connect laptops to the network.
B. Two factor authentication is mandatory of access of critical applications.
C. Stand-alone terminals with password protection are located in insecure locations.
D. Terminals are located within the facility in small clusters under the supervision of an administrator.
(85)Which among the below is the First step in implementation of access control list:
1 point
A. a categorization of IS resources.
B. the grouping of IS resources.
C. implementation of access control rules.
D. creating inventory of available IS resources.
(86)IS auditor is reviewing security of a payroll application. Which of the following should concern him?
1 point
A. Role-based access to users.
B. Hardening of systems where application runs.
C. The ability of users to access and modify the database directly
D. Two factor authentication for access.
(87)For effective access control, proper naming conventions for system resources are essential because they:
1 point
A. ensures that resource names are as per their utility.
B. access rules can be structured and better managed.
C. ensures that user access to resources is clearly identified.
D. ensures that international standard for naming is maintained.
(88) An IS auditor has been asked to recommend effective control for providing temporary access rights to outsourced vendors. Which of the following is the MOST effective control?
1 point
A. Penalty clause in service level agreement (SLA).
B User accounts are created as per defined role (least privilege) with expiration dates.
C. Full access is provided for a limited period.
D. Vendor Management to be given right to delete Ids when work is completed.
(89) The major risk for lack of an authorization process for users of an application would be:
1 point
A. many users can claim to be a specific user.
B. there is no way to limit role based access.
C. Sharing of user accounts.
D. principle of least privilege can be assured. .
(90) IS auditor is reviewing physical controls for data centre. For visitor access to data centre, most effective control he should recommend is that:
1 point
A. Escort policy for every visitor.
B. Issuance of visitor badge
C. Proper sign in procedure for visitors.
D. Security Checks procedure for every visitor.
(91)In public key encryption (asymmetric encryption) to secure message confidentiality:
1 point
A. encryption is done by private key and decryption is done by public key.
B. encryption is done by public key and decryption is done by private key.
C. both the key used to encrypt and decrypt the data are public.
D. both the key used to encrypt and decrypt the data are private.
(92)In public key encryption (asymmetric encryption) to authenticate the sender of the message:
1 point
A. hash of the message to be encrypted by sender’s private key and decryption is done by sender’s public key.
B. hash of the message to be encrypted by sender’s public key and decryption is done by sender’s private key.
C. hash of the message to be encrypted by receiver’s private key and decryption is done by receiver’s public key.
D. hash of the message to be encrypted by receiver’s public key and decryption is done by receiver’s private key.
(93)In public key encryption (asymmetric encryption) to ensure integrity of the message:
1 point
A. hash of the message to be encrypted by sender’s private key and decryption is done by sender’s public key.
B. hash of the message to be encrypted by sender’s public key and decryption is done by sender’s private key.
C. hash of the message to be encrypted by receiver’s private key and decryption is done by receiver’s public key.
D. hash of the message to be encrypted by receiver’s public key and decryption is done by receiver’s private key.
(94)Which of the following ensures confidentiality of the message & also authenticity of the sender of the message?
1 point
A. Encrypting the hash of the message with the sender’s private key and thereafter encrypting the message with the receiver’s public key.
B. Encrypting the hash of message with the sender’s private key and thereafter encrypting the message with the receiver’s private key.
C. Encrypting the hash of the message with the receiver’s public key and thereafter encrypting the message with the sender’s private key.
D. Encrypting the hash of the message with the receiver’s public key and thereafter encrypting the message with the sender’s public key.
(95)Message authenticity and confidentiality is BEST achieved by encrypting hash of the message using the:
1 point
A. sender’s private key and encrypting the message using the receiver’s public key.
B. sender’s public key and encrypting the message using the receiver’s private key.
C. receiver’s private key and encrypting the message using the sender’s public key.
D. receiver’s public key and encrypting the message using the sender’s private key.
(96) An IS auditor is reviewing access control policy of an organisation. Which of the following is the BEST basis for determining the appropriate levels of information resource protection?
1 point
A. Classification of Information Assets
B. Data owner
C. Threat Assessment
D. Cost of Information Assets
(97) An IS auditor is reviewing access control policy of an organisation. Which of the following is responsible for authorizing access rights to production data and systems?
1 point
A. Process owner
B. Data owner
C. Data custodian
D. security administrator
(98)From control perspective, access to application data should be given by:
1 point
A. database administrator
B. data custodian
C. data owner
D. security administrator
(99)An IS auditor is reviewing data classification policy of an organisation. From a control perspective, the PRIMARY objective of classifying information assets is to:
1 point
A. ensure that all assets are insured against losses.
B. to assist in risk assessment
C. establish appropriate access control guidelines
D. ensure all information assets have access controls
(100)In co-ordination with database administrator, granting access to data is the responsibility of:
1 point
A. data owners
B. system engineer
C. security officer
D. librarians
A
.
