DOSHI 4 Exam Flashcards
1
Q
- The MOST significant security concern when using flash memory (e.g., USB removable disk) is that the:
A. contents are highly volatile.
B. data cannot be backed up.
C. data can be copied.
D. device may not be compatible with other peripherals.
- In a LAN environment, which of the following minimizes the risk of data corruption during transmission?
1 point
A. Using end-to-end encryption for data communication
B. Using separate conduits for electrical and data cables
C. Using check sums for checking the corruption of data
D. Connecting the terminals using a star topology - Which of the following is an operating system access control function?
1 point
A. Logging user activities
B. Logging data communication access activities
C. Verifying user authorization at the field level
D. Changing data files - Which of the following types of transmission media provide the BEST security against unauthorized access?
1 point
A. Copper wire
B. Twisted pair
C. Fiber-optic cables
D. Coaxial cables - Which of the following exposures associated with the spooling of sensitive reports for offline printing should an IS auditor consider to be the MOST serious?
1 point
A. Sensitive data can be read by operators.
B. Data can be amended without authorization.
C. Unauthorized report copies can be printed.
D. Output can be lost in the event of system failure. - For an online transaction processing system, transactions per second is a measure of:
1 point
A. throughput.
B. response time.
C. turnaround time.
D. uptime. - Which of the following would enable an enterprise to provide its business partners access to its intranet (i.e., extranet) across the Internet?
1 point
A. Virtual private network
B. Client-server
C. Dial-in access
D. Network service provider - In a web server, a common gateway interface (CGI) is MOST often used as a(n):
1 point
A. consistent way for transferring data to the application program and back to the user.
B. computer graphics imaging method for movies and TV.
C. graphic user interface for web design.
D. interface to access the private gateway domain. - A programmer maliciously modified a production program to change data and then restored the original code. Which of the following would MOST effectively detect the malicious activity?
1 point
A. Comparing source code
B. Reviewing system log files
C. Comparing object code
D. Reviewing executable and source code integrity - In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend?
1 point
A. Automated logging of changes to development libraries
B. Additional staff to provide separation of duties
C. Procedures that verify that only approved program changes are implemented
D. Access controls to prevent the operator from making program modifications - Which of the following propagation problems do wired and wireless transmissions have in common?
1 point
A. Cross-talk
B. Shadow zones
C. Attenuation
D. Multipath interference - Which of the following LAN physical layouts is subject to total loss if one device fails?
1 point
A. Star
B. Bus
C. Ring
D. Completely connected - An IS auditor reviewing a database application discovers that the current configuration does not match the originally designed structure. Which of the following should be the IS auditor’s next action?
1 point
A. Analyze the need for the structural change.
B. Recommend restoration to the originally designed structure.
C. Recommend the implementation of a change control process.
D. Determine if the modifications were properly approved. - Which of the following operating system mechanisms checks each request by a subject (user process) to access and use an object (e.g., file, device, program) to ensure that the request complies with a security policy?
1 point
A. Address Resolution Protocol
B. Access control analyzer
C. Reference monitor
D. Concurrent monitor - Vendors have released patches fixing security flaws in their software. Which of the following should the IS auditor recommend in this situation?
1 point
A. Assess the impact of patches prior to installation.
B. Ask the vendors for a new software version with all fixes included.
C. Install the security patch immediately.
D. Decline to deal with these vendors in the future. - An IS auditor detected that several PCs connected to the Internet have a low security level that is allowing for the free recording of cookies. This creates a risk because cookies locally store:
1 point
A. information about the Internet site.
B. information about the user.
C. information for the Internet connection.
D. Internet pages. - In a TCP/IP-based network, an IP address specifies a:
1 point
A. network connection.
B. router/gateway.
C. computer in the network.
D. device on the network. - To maximize the performance of a large database in a parallel processing environment, which of the following is used for separating indexes?
1 point
A. Disk partitioning
B. Mirroring
C. Hashing
D. Duplexing - An organization has outsourced its help desk. Which of the following indicators would be the best to included in the SLA?
1 point
A. Overall number of users supported
B. Percentage of incidents solved in the first call
C. Number of incidents reported to the help desk
D. Number of agents answering the phones - Which of the following will help detect changes made by an intruder to the system log of a server?
1 point
A. Mirroring the system log on another server
B. Simultaneously duplicating the system log on a write-once disk
C. Write-protecting the directory containing the system log
D. Storing the backup of the system log offsite
(21)A company is implementing a dynamic host configuration protocol (DHCP). Given that the following conditions exist, which represents the GREATEST concern?
1 point
A. Most employees use laptops.
B. A packet filtering firewall is used.
C. The IP address space is smaller than the number of PCs.
D. Access to a network port is not restricted. - A review of wide area network (WAN) usage discovers that traffic on one communication line between sites, synchronously linking the master and standby database, peaks at 96 percent of the line capacity. The IS auditor should conclude that:
1 point
A. analysis is required to determine if a pattern emerges that results in a service loss for a short period of time.
B. WAN capacity is adequate for the maximum traffic demands since saturation has not been reached.
C. the line should immediately be replaced by one with a larger capacity to provide approximately 85 percent saturation.
D. users should be instructed to reduce their traffic demands or distribute them across all service hours to flatten bandwidth consumption - Which of the following would an IS auditor expect to find in a console log?
1 point
A. Names of system users
B. Shift supervisor identification
C. System errors
D. Data edit errors - An IS auditor is reviewing the database administration (DBA) function to ascertain whether adequate provision has been made for controlling data. The IS auditor should determine that the:
1 point
A. function reports to data processing operations.
B. responsibilities of the function are well defined.
C. database administrator is a competent systems programmer.
D. audit software has the capability of efficiently accessing the database. - Which of the following BEST limits the impact of server failures in a distributed environment?
1 point
A. Redundant pathways
B. Clustering
C. Dial backup lines
D. Standby power - In large corporate networks having supply partners across the globe, network traffic may continue to rise. The infrastructure components in such environments should be scalable. Which of the following firewall architectures limits future scalability?
1 point
A. Appliances
B. Operating system-based
C. Host-based
D. Demilitarized - In an EDI process, the device which transmits and receives electronic documents is the:
1 point
A. communications handler.
B. EDI translator.
C. application interface.
D. EDI interface. - Which of the following can be used to verify output results and control totals by matching them against the input data and control totals?
1 point
A. Batch header forms
B. Batch balancing
C. Data conversion error corrections
D. Access controls over print spools - Which of the following is the MOST effective method for dealing with the spreading of a network worm that exploits a vulnerability in a protocol?
1 point
A. Install the vendor’s security fix for the vulnerability.
B. Block the protocol traffic in the perimeter firewall.
C. Block the protocol traffic between internal network segments.
D. Stop the service until an appropriate security fix is installed. - Which of the following controls will detect MOST effectively the presence of bursts of errors in network transmissions?
1 point
A. Parity check
B. Echo check
C. Block sum check
D. Cyclic redundancy check - Which of the following is the MOST critical when evaluating the delivery of IT services?
1 point
Option 1
A. Tools used to record and analyze incidents
B. Service level agreements negotiated by all appropriate parties
C. Capacity management tools
D. Problem management - Java applets and ActiveX controls are distributed executable programs that execute in the background of a web browser client. This practice is considered reasonable when:
1 point
A. a firewall exists.
B. a secure web connection is used.
C. the source of the executable is certain.
D. the host web site is part of the organization. - The objective of concurrency control in a database system is to:
1 point
A. restrict updating of the database to authorized users.
B. prevent integrity problems, when two processes attempt to update the same data at the same time.
C. prevent inadvertent or unauthorized disclosure of data in the database.
D. ensure the accuracy, completeness and consistency of data. - A referential integrity constraint consists of:
1 point
A. ensuring the integrity of transaction processing.
B. ensuring that data are updated through triggers.
C. ensuring controlled user updates to the database.
D. rules for designing tables and queries. - Which of the following would be considered an essential feature of a network management system?
1 point
A. A graphical interface to map the network topology
B. Capacity to interact with the Internet to solve the problems
C. Connectivity to a help desk for advice on difficult issues
D. An export facility for piping data to spreadsheets - An organization is moving its application maintenance in-house from an outside source. Which of the following should be the main concern of an IS auditor?
1 point
A. Regression testing
B. Job scheduling
C. User manuals
D. Change control procedures - Which of the following translates e-mail formats from one network to another, so the message can travel through all the networks?
1 point
A. Gateway
B. Protocol converter
C. Front-end communication processor
D. Concentrator/multiplexor - Utilizing audit software to compare the object code of two programs is an audit technique used to test program:
1 point
A. logic.
B. changes.
C. efficiency.
D. computations. - Which of the following devices extends the network and has the capacity to store frames and act as a storage and forward device?
1 point
A. Router
B. Bridge
C. Repeater
D. Gateway - When reviewing the implementation of a LAN, the IS auditor should FIRST review the:
1 point
A. node list.
B. acceptance test report.
C. network diagram.
D. user’s list. - The FIRST step in managing the risk of a cyberattack is to:
1 point
A. assess the vulnerability impact.
B. evaluate the likelihood of threats.
C. identify critical information assets.
D. estimate potential damage. - Which of the following is the MOST effective means of determining which controls are functioning properly in an operating system?
1 point
A. Consulting with the vendor
B. Reviewing the vendor installation guide
C. Consulting with the system programmer
D. Reviewing the system generation parameters - By establishing a network session through an appropriate application, a sender transmits a message by breaking it into packets, but the packets may reach the receiver out of sequence. Which OSI layer addresses the out-of-sequence message through segment sequencing?
1 point
A. Network layer
B. Session layer
C. Application layer
D. Transport layer - Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network?
1 point
A. The use of diskless workstations
B. Periodic checking of hard drives
C. The use of current antivirus software
D. Policies that result in instant dismissal if violated - A benefit of quality of service (QoS) is that the:
1 point
A. entire network’s availability and performance will be significantly improved.
B. telecom carrier will provide the company with accurate service-level compliance reports.
C. participating applications will have guaranteed service levels.
D. communications link will be supported by security controls to perform secure online transactions. - An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100 meters long. Which of the following could be caused by the length of the cable?
1 point
A. Electromagnetic interference (EMI)
B. Cross-talk
C. Dispersion
D. Attenuation - Which of the following is the BEST control to detect internal attacks on IT resources?
1 point
A. Checking of activity logs
B. Reviewing firewall logs
C. Implementing a security policy
D. Implementing appropriate segregation of duties - One of the purposes of library control software is to allow:
1 point
A. programmers access to production source and object libraries.
B. batch program updating.
C. operators to update the control library with the production version before testing is completed.
D. read-only access to source code. - The BEST way to minimize the risk of communication failures in an e-commerce environment would be to use:
1 point
A. compression software to minimize transmission duration.
B. functional or message acknowledgments.
C. a packet-filtering firewall to reroute messages.
D. leased asynchronous transfer mode lines. - Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized?
1 point
A. Release-to-release source and object comparison reports
B. Library control software restricting changes to source code
C. Restricted access to source code and object code
D. Date and time-stamp reviews of source and object code - IS management has recently informed the IS auditor of its decision to disable certain referential integrity controls in the payroll system to provide users with a faster report generator. This will MOST likely increase the risk of:
1 point
A. data entry by unauthorized users.
B. a nonexistent employee being paid.
C. an employee receiving an unauthorized raise.
D. duplicate data entry by authorized users. - Which of the following is MOST directly affected by network performance monitoring tools?
1 point
A. Integrity
B. Availability
C. Completeness
D. Confidentiality - The database administrator has decided to disable certain normalization controls in the database management system (DBMS) software to provide users with increased query performance. This will MOST likely increase the risk of:
1 point
A. loss of audit trails.
B. redundancy of data.
C. loss of data integrity.
D. unauthorized access to data. - Which of the following network components is PRIMARILY set up to serve as a security measure by preventing unauthorized traffic between different segments of the network?
1 point
A. Firewalls
B. Routers
C. Layer 2 switches
D. VLANs - In a client-server system, which of the following control techniques is used to inspect activity from known or unknown users?
1 point
A. Diskless workstations
B. Data encryption techniques
C. Network monitoring devices
D. Authentication systems - The most likely error to occur when implementing a firewall is:
1 point
A. incorrectly configuring the access lists.
B. compromising the passwords due to social engineering.
C. connecting a modem to the computers in the network.
D. inadequately protecting the network and server from virus attacks. - IT operations for a large organization have been outsourced. An IS auditor reviewing the outsourced operation should be MOST concerned about which of the following findings?
1 point
A. The outsourcing contract does not cover disaster recovery for the outsourced IT operations.
B. The service provider does not have incident handling procedures.
C. Recently a corrupted database could not be recovered because of library management problems.
D. Incident logs are not being reviewed. - A network diagnostic tool that monitors and records network information is a(n):
1 point
A. online monitor.
B. downtime report.
C. help desk report.
D. protocol analyzer. - In regard to moving an application program from the test environment to the production environment, the BEST control would be provided by having the:
1 point
A. application programmer copy the source program and compiled object module to the production libraries.
B. application programmer copy the source program to the production libraries and then have the production control group compile the program.
C. production control group compile the object module to the production libraries using the source program in the test environment.
D. production control group copy the source program to the production libraries and then compile the program. - To evaluate the referential integrity of a database, an IS auditor should review the:
1 point
A. composite keys.
B. indexed fields.
C. physical schema.
D. foreign keys. - A critical function of a firewall is to act as a:
1 point
A. special router that connects the Internet to a LAN.
B. device for preventing authorized users from accessing the LAN.
C server used to connect authorized users to private, trusted network resources.
D. proxy server to increase the speed of access to authorized users. - An IS auditor needs to link his/her microcomputer to a mainframe system that uses binary synchronous data communications with block data transmission. However, the IS auditor’s microcomputer, as presently configured, is capable of only asynchronous ASCII character data communications. Which of the following must be added to the IS auditor’s computer to enable it to communicate with the mainframe system?
1 point
A. Buffer capacity and parallel port
B. Network controller and buffer capacity
C. Parallel port and protocol conversion
D. Protocol conversion and buffer capability - When reviewing a firewall, which of the following should be of MOST concern to an IS auditor?
1 point
A. A well-defined security policy
B Implementation of a firewall with the latest and most secure algorithm
C. The effectiveness of the firewall in enforcing the security policy
D. The security of the platform in which the firewall resides - Which of the following controls would provide the GREATEST assurance of database integrity?
1 point
A. Audit log procedures
B. Table link/reference checks
C. Query/table access time checks
D. Rollback and rollforward database features - Which of the following protocols would be involved in the implementation of a router and an interconnectivity device monitoring system?
1 point
A. Simple Network Management Protocol
B. File Transfer Protocol
C. Simple Mail Transfer Protocol
D. Telnet - Which of the following is the BEST method for preventing exploitation of system vulnerabilities?
1 point
A. Log monitoring
B. Virus protection
C. Intrusion detection
D. Patch management - Which of the following reports should an IS auditor use to check compliance with a service level agreement’s (SLA) requirement for uptime?
1 point
A. Utilization reports
B. Hardware error reports
C. System logs
D. Availability reports - A programmer, using firecall IDs, as provided in the manufacture’s manual, gained access to the production environment and made an unauthorized change. Which of the following could have prevented this from happening?
1 point
A. Deactivation
B. Monitoring
C. Authorization
D. Resetting - A Ping command is used to measure:
1 point
A. attenuation.
B. throughput,
C. delay distortion.
D. latency. - The method of routing traffic through split-cable facilities or duplicate-cable facilities is called:
1 point
A. alternative routing.
B. diverse routing.
C. redundancy.
D. circular routing. - Which of the following line media would provide the BEST security for a telecommunication network?
1 point
A. Broadband network digital transmission
B. Baseband network
C. Dial-up
D. Dedicated lines - An organization has outsourced IT operations to a service provider. The organization’s IS auditor makes the following observations: • Key servers located at the outsourcing organization are about to be moved to the service provider.• Critical systems are backed up, but recovery is inefficient.• Disaster recovery is not covered by the outsourcing contract.• The service provider backs up data to the building next to it.Which of the following should the IS auditor recommend be done immediately?
1 point
A. Improve the backup of critical systems.
B. Delay moving the servers.
C. Incorporate disaster recovery in the contract.
D. Back up data to a location further away from the service provider. - During an audit of the tape management system at a data center, an IS auditor discovered that parameters are set to bypass or ignore the labels written on tape header records. The IS auditor also determined that effective staging and job setup procedures were in place. In this situation, the IS auditor should conclude that the:
1 point
A. tape headers should be manually logged and checked by the operators.
B. staging and job setup procedures are not appropriate compensating controls.
C. staging and job setup procedures compensate for the tape label control weakness.
D. tape management system parameters must be set to check all labels. - Which of the following is the GREATEST risk related to the monitoring of audit logs?
1 point
A. Logs are not backed up periodically.
B. Routine events are recorded.
C. Procedures for enabling logs are not documented.
D. Unauthorized system actions are recorded but not investigated - Which of the following would an IS auditor consider to be the MOST helpful when evaluating the effectiveness and adequacy of a computer preventive maintenance program?
1 point
A. A system downtime log
B. Vendors’ reliability figures
C. Regularly scheduled maintenance log
D. A written preventive maintenance schedule - Which of the following would be the MOST secure firewall system?
1 point
A. Screened-host firewall
B. Screened-subnet firewall
C. Dual-homed firewall
D. Stateful-inspection firewall - Which of the following is a control over component communication failure/errors?
1 point
A. Restricting operator access and maintaining audit trails
B. Monitoring and reviewing system engineering activity
C. Providing network redundancy
D. Establishing physical barriers to the data transmitted over the network - Which of the following BEST ensures the integrity of a server’s operating system?
1 point
A. Protecting the server in a secure location
B. Setting a boot password
C. Hardening the server configuration
D. Implementing activity logging - Reconfiguring which of the following firewall types will prevent inward downloading of files through the File Transfer Protocol (FTP)?
1 point
A. Circuit gateway
B. Application gateway
C. Packet filter
D. Screening router - Checking for authorized software baselines is an activity addressed within which of the following?
1 point
A. Project management
B. Configuration management
C. Problem management
D. Risk management - An independent software program that connects two otherwise separate applications sharing computing resources across heterogeneous technologies is known as:
1 point
A. middleware.
B. firmware.
C. application software.
D. embedded systems. - Which of the following is a control to detect an unauthorized change in a production environment?
1 point
A. Denying programmers access to production data
B. Requiring change requests to include benefits and costs
C. Periodically comparing control and current object and source programs
D. Establishing procedures for emergency changes - To share data in a multivendor network environment, it is essential to implement program-to-program communication. With respect to program-to-program communication features, that can be implemented in this environment, which of the following makes implementation and maintenance difficult?
1 point
A. User isolation
B. Controlled remote access
C. Transparent remote access
D. The network environments - An IS auditor evaluating the resilience of a high-availability network should be MOST concerned if:
1 point
A. the setup is geographically dispersed.
B. the network servers are clustered in a site.
C. a hot site is ready for activation.
D. diverse routing is implemented for the network. - Which of the following types of firewalls would BEST protect a network from an Internet attack?
1 point
A. Screened subnet firewall
B. Application filtering gateway
C. Packet filtering router
D. Circuit-level gateway - An organization is negotiating a service level agreement (SLA) with a vendor. Which of the following should occur FIRST?
1 point
A. Develop a feasibility study.
B. Check for compliance with corporate policies.
C. Draft the service level penalties.
D. Draft the service level requirements. - Which of the following applet intrusion issues poses the GREATEST risk of disruption to an organization?
1 point
A. A program that deposits a virus on a client machine
B. Applets recording keystrokes and, therefore, passwords
C. Downloaded code that reads files on a client’s hard drive
D. Applets opening connections from the client machine - Which of the following is widely accepted as one of the critical components in networking management?
1 point
A. Configuration management
B. Topological mappings
C. Application of monitoring tools
D. Proxy server trouble shooting - Which of the following is MOST important when assessing services provided by an Internet service provider (ISP)?
1 point
A. Performance reports generated by the ISP
B. The service level agreement (SLA)
C. Interviews with the provider
D. Interviews with other clients of the ISP - When reviewing system parameters, an IS auditor’s PRIMARY concern should be that:
1 point
A. they are set to meet security and performance requirements.
B. changes are recorded in an audit trail and periodically reviewed.
C. changes are authorized and supported by appropriate documents.
D. access to parameters in the system is restricted. - Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them?
1 point
A. A neural network
B. Database management software
C. Management information systems
D. Computer-assisted audit techniques - Which of the following reports is a measure of telecommunication transmissions and determines whether transmissions are completed accurately?
1 point
A. Online monitor reports
B. Downtime reports
C. Help desk reports
D. Response-time reports - Web and e-mail filtering tools are PRIMARILY valuable to an organization because they:
1 point
A. protect the organization from viruses and nonbusiness materials.
B. maximize employee performance.
C. safeguard the organization’s image.
D. assist the organization in preventing legal issues - The database administrator (DBA) suggests that DB efficiency can be improved by denormalizing some tables. This would result in:
1 point
A. loss of confidentiality.
B. increased redundancy.
C. unauthorized accesses.
D. application malfunctions. - Which of the following should be done by an IS auditor when a source code comparison indicates modifications were made?
1 point
A. Determine whether modifications were authorized.
B. Update the control copy of the source code.
C. Manually review the source code.
D. Insert remarks in the source code describing the modifications. - Utility programs that assemble software modules needed to execute a machine instruction application program version are:
1 point
A. text editors.
B. program library managers.
C. linkage editors and loaders.
D. debuggers and development aids. - In a database management system (DBMS), the location of data and the method of accessing the data are provided by the:
1 point
A. data dictionary.
B. metadata.
C. directory system.
D. data definition language. - The interface that allows access to lower- or higher-level network services is called:
1 point
A. firmware.
B. middleware.
C. X.25 interface.
D. utilities. - Which of the following is a control over database administration activities?
1 point
A. A database checkpoint to restart processing after a system failure
B. Database compression to reduce unused space
C. Supervisory review of access logs
D. Backup and recovery procedures to ensure database availability
A
.
2
Q
- An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls?
A. Allow changes to be made only with the DBA user account.
B. Make changes to the database after granting access to a normal user account
C. Use the DBA user account to make changes, log the changes and review the change log the following day.
A
z
