ISACA 701 -800 Flashcards

1
Q

Applying a digital signature to data traveling in a network provides:

A. confidentiality and integrity.
B. security and nonrepudiation.
C. integrity and nonrepudiation.
D. confidentiality and nonrepudiation.

A

C. integrity and nonrepudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

At a hospital, medical personal carry handheld computers, which contain patient health data. These handheld computers are synchronized with PCs which transfer data from a hospital database. Which of the following would be of the most importance?

A. The handheld computers are properly protected to prevent loss of data confidentiality, in case of theft or loss.
B. The employee who deletes temporary files from the local PC, after usage, is authorized to maintain PCs.
C. Timely synchronization is ensured by policies and procedures.
D. The usage of the handheld computers is allowed by the hospital policy.

A

A. The handheld computers are properly protected to prevent loss of data confidentiality, in case of theft or loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The BEST filter rule for protecting a network from being used as an amplifier in a denial-of- service (DoS) attack is to DENY all:

A. outgoing traffic with Internet Protocol (IP) source addresses external to the network.
B. incoming traffic with discernible spoofed IP source addresses.
C. incoming traffic with IP options set.
D. incoming traffic to critical hosts.

A

A. outgoing traffic with Internet Protocol (IP) source addresses external to the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A business application system accesses a corporate database using a single ID and password embedded in a program. Which of the following would provide efficient access control over the organization’s data?

A. Introduce a secondary authentication method such as card swipe.
B. Apply role-based permissions within the application system.
C. Have users input the ID and password for each database transaction.
D. Set an expiration period for the database password embedded in the program.

A

B. Apply role-based permissions within the application system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A characteristic of User Datagram Protocol (UDP) in network communications is:

A. packets may arrive out of order.
B. increased communication latency.
C. incompatibility with packet broadcast.
D. error correction may slow down processing.

A

A. packets may arrive out of order.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A company has decided to implement an electronic signature scheme based on public key infrastructure (PKI). The user’s private key will be stored on the computer’s hard drive and protected by a password. The MOST significant risk of this approach is:

A. use of the user’s electronic signature by another person if the password is compromised.
B. forgery by using another user’s private key to sign a message with an electronic signature.
C. impersonation of a user by substitution of the user’s public key with another person’s public key.
D. forgery by substitution of another person’s private key on the computer.

A

A. use of the user’s electronic signature by another person if the password is compromised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Confidentiality of the data transmitted in a wireless local area network (WLAN) is BEST protected if the session is:

A. restricted to predefined media access control (MAC) addresses.
B. encrypted using static keys.
C. encrypted using dynamic keys.
D. initiated from devices that have encrypted storage.

A

C. encrypted using dynamic keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The cryptographic hash sum of a message is recalculated by the receiver. This is to ensure:

A. the confidentiality of the message.
B. nonrepudiation by the sender.
C. the authenticity of the message.
D. the integrity of data transmitted by the sender.

A

D. the integrity of data transmitted by the sender.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Digital signatures require the:

A. signer to have a public key and the receiver to have a private key.
B. signer to have a private key and the receiver to have a public key.
C. signer and receiver to have a public key.
D. signer and receiver to have a private key.

A

B. signer to have a private key and the receiver to have a public key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Distributed denial-of-service (DDoS) attacks on Internet sites are typically evoked by hackers using which of the following?

A. Logic bombs
B. Phishing
C. Spyware
D. Trojan horses

A

D. Trojan horses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

During a logical access controls review, an IS auditor observes that user accounts are shared. The GREATEST risk resulting from this situation is that:

A. an unauthorized user may use the ID to gain access.
B. user access management is time consuming.
C. user accountability is not established.
D. passwords are easily guessed.

A

C. user accountability is not established.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

During an access control review for a mainframe application, an IS auditor discovers user security groups without designated owners. Which of the following is the PRIMARY reason that this is a concern to the IS auditor? Without ownership there is no responsibility for:

A. updating group metadata.
B. reviewing existing user access.
C. approval of user access.
D. removing terminated users.

A

C. approval of user access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

During an audit of an enterprise that is dedicated to e-commerce, the IS manager states that digital signatures are used when receiving communications from customers. To substantiate this, an IS auditor must prove that which of the following is used?

A. A biometric, digitalized and encrypted parameter with the customer’s public key
B. A hash of the data that is transmitted and encrypted with the customer’s private key
C. A hash of the data that is transmitted and encrypted with the customer’s public key
D. The customer’s scanned signature encrypted with the customer’s public key

A

B. A hash of the data that is transmitted and encrypted with the customer’s private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

During an audit of an internally developed, web-based purchase approval application, an IS auditor discovers that all business users share a common access profile. Which of the following is the MOST important recommendation for the IS auditor to include in the report?

A. Ensure that all user activity is logged and that the logs are reviewed by management.
B. Develop additional profiles within the application to restrict user access per the job profiles.
C. Ensure that a policy exists to control what activities users can perform within the application.
D. Ensure that a virtual private network (VPN) is implemented so that users can log on to the application securely.

A

B. Develop additional profiles within the application to restrict user access per the job profiles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

During an audit of a telecommunications system, an IS auditor finds that the risk of intercepting data transmitted to and from remote sites is very high. The MOST effective control for reducing this exposure is:

A. encryption.
B. callback modems.
C. message authentication.
D. dedicated leased lines.

A

A. encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Email message authenticity and confidentiality is BEST achieved by signing the message using the:

A. sender’s private key and encrypting the message using the receiver’s public key.
B. sender’s public key and encrypting the message using the receiver’s private key.
C. receiver’s private key and encrypting the message using the sender’s public key.
D. receiver’s public key and encrypting the message using the sender’s private key.

A

A. sender’s private key and encrypting the message using the receiver’s public key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is called:

A. data integrity.
B. authentication.
C. nonrepudiation.
D. replay protection.

A

C. nonrepudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A firewall is being deployed at a new location. Which of the following is the MOST important factor in ensuring a successful deployment?

A. Reviewing logs frequently
B. Testing and validating the rules
C. Training a local administrator at the new location
D. Sharing firewall administrative duties

A

B. Testing and validating the rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The FIRST step in a successful attack to a system would be:

A. gathering information.
B. gaining access.
C. denying services.
D. evading detection.

A

A. gathering information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The GREATEST risk from an improperly implemented intrusion prevention system (IPS) is:

A. that there will be too many alerts for system administrators to verify.
B. decreased network performance due to IPS traffic.
C. the blocking of critical systems or services due to false triggers.
D. reliance on specialized expertise within the IT organization.

A

C. the blocking of critical systems or services due to false triggers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Inadequate programming and coding practices introduce the risk of:

A. phishing.
B. buffer overflow exploitation.
C. synchronize (SYN) flood.
D. brute force attacks.

A

B. buffer overflow exploitation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

In an online banking application, which of the following would BEST protect against identity theft?

A. Encryption of personal password
B. Restricting the user to a specific terminal
C. Two-factor authentication
D. Periodic review of access logs

A

C. Two-factor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

In a public key infrastructure (PKI), a registration authority:

A. verifies information supplied by the subject requesting a certificate.
B. issues the certificate after the required attributes are verified and the keys are generated.
C. digitally signs a message to achieve nonrepudiation of the signed message.
D. registers signed messages to protect them from future repudiation.

A

A. verifies information supplied by the subject requesting a certificate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

In a public key infrastructure (PKI), which of the following may be relied upon to prove that an online transaction was authorized by a specific customer?

A. Nonrepudiation
B. Encryption
C. Authentication
D. Integrity

A

A. Nonrepudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

An Internet-based attack using password sniffing can:

A. enable one party to act as if they are another party.
B. cause modification to the contents of certain transactions.
C. be used to gain access to systems containing proprietary information.
D. result in major problems with billing systems and transaction processing agreements.

A

C. be used to gain access to systems containing proprietary information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

In transport mode, the use of the Encapsulating Security Payload (ESP) protocol is advantageous over the Authentication Header (AH) protocol because it provides:

A. connectionless integrity.
B. data origin authentication.
C. antireplay service.
D. confidentiality.

A

D. confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

In wireless communication, which of the following controls allows the receiving device to verify that the received communications have not been altered in transit?

A. Device authentication and data origin authentication
B. Wireless intrusion detection (IDS) and prevention systems (IPS)
C. The use of cryptographic hashes
D. Packet headers and trailers

A

C. The use of cryptographic hashes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

An IS auditor discovers that the configuration settings for password controls are more stringent for business users than for IT developers. Which of the following is the BEST action for the IS auditor to take?

A. Determine whether this is a policy violation and document it.
B. Document the observation as an exception.
C. Recommend that all password configuration settings be identical.
D. Recommend that logs of IT developer access are reviewed periodically.

A

A. Determine whether this is a policy violation and document it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

An IS auditor discovers that uniform resource locators (URLs) for online control self-assessment questionnaires are sent using URL shortening services. The use of URL shortening services would MOST likely increase the risk of which of the following attacks?

A. Internet Protocol (IP) spoofing
B. Phishing
C. Structured query language (SQL) injection
D. Denial-of-service (DoS)

A

B. Phishing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

An IS auditor examining a biometric user authentication system establishes the existence of a control weakness that would allow an unauthorized individual to update the centralized database on the server that is used to store biometric templates. Of the following, which is the BEST control against this risk?

A. Kerberos
B. Vitality detection
C. Multimodal biometrics
D. Before-image/after-image logging

A

A. Kerberos

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

An IS auditor finds that a database administrator (DBA) has read and write access to production data. The IS auditor should:

A. accept the DBA access as a common practice.
B.assess the controls relevant to the DBA function.
C. recommend the immediate revocation of the DBA access to production data.
D. review user access authorizations approved by the DBA.

A

B. assess the controls relevant to the DBA function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

An IS auditor finds that conference rooms have active network ports. Which of the following is MOST important to ensure?

A. The corporate network is using an intrusion prevention system (IPS).
B. This part of the network is isolated from the corporate network.
C. A single sign-on has been implemented in the corporate network.
D. Antivirus software is in place to protect the corporate network.

A

B. This part of the network is isolated from the corporate network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

An IS auditor is reviewing an organization’s controls over email encryption. The company’s policy states that all sent email must be encrypted to protect the confidentiality of the message because the organization shares nonpublic information through email. To ensure that personnel are complying with the policy, an IS auditor must be sure the message is:

A. encrypted with the sender’s private key and decrypted with the sender’s public key.
B. encrypted with the recipient’s private key and decrypted with the sender’s private key.
C. encrypted with the sender’s private key and decrypted with the recipient’s private key.
D. encrypted with the recipient’s public key and decrypted with the recipient’s private key.

A

D. encrypted with the recipient’s public key and decrypted with the recipient’s private key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

An IS auditor is reviewing a software-based firewall configuration. Which of the following represents the GREATEST vulnerability? The firewall software:

A. is configured with an implicit deny rule as the last rule in the rule base.
B. is installed on an operating system with default settings.
C. has been configured with rules permitting or denying access to systems or networks.
D. is configured as a virtual private network (VPN) endpoint.

A

B. is installed on an operating system with default settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

An IS auditor is reviewing system access and discovers an excessive number of users with privileged access. The IS auditor discusses the situation with the system administrator, who states that some personnel in other departments need privileged access and management has approved the access. Which of the following would be the BEST course of action for the IS auditor?

A. Determine whether compensating controls are in place.
B. Document the issue in the audit report.
C. Recommend an update to the procedures.
D. Discuss the issue with senior management.

A

A. Determine whether compensating controls are in place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the:

A. maintenance of access logs of usage of various system resources.
B. authorization and authentication of the user prior to granting access to system resources.
C. adequate protection of stored data on servers by encryption or other means.
D. accountability system and the ability to identify any terminal accessing system resources.

A

B. authorization and authentication of the user prior to granting access to system resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

An IS auditor performing detailed network assessments and access control reviews should FIRST:

A. determine the points of entry.
B. evaluate users’ access authorization.
C. assess users’ identification and authorization.
D. evaluate the domain-controlling server configuration.

A

A. determine the points of entry.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

An IS auditor reviewing access controls for a client-server environment should FIRST:

A. evaluate the encryption technique.
B. identify the network access points.
C. review the identity management system.
D. review the application level access controls.

A

B. identify the network access points.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

An IS auditor reviewing the implementation of an intrusion detection system (IDS) should be MOST concerned if:

A. IDS sensors are placed outside of the firewall.
B. a behavior-based IDS is causing many false alarms.
C. a signature-based IDS is weak against new types of attacks.
D. the IDS is used to detect encrypted traffic.

A

D. the IDS is used to detect encrypted traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

An IS auditor reviewing wireless network security determines that the Dynamic Host Configuration Protocol (DHCP) is disabled at all wireless access points. This practice:

A. reduces the risk of unauthorized access to the network.
B. is not suitable for small networks.
C. automatically provides an IP address to anyone.
D. increases the risk associated with Wireless Encryption Protocol (WEP).

A

A. reduces the risk of unauthorized access to the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. Which of the following is MOST important?

A. The tools used to conduct the test
B. Certifications held by the IS auditor
C. Permission from the data owner of the server
D. An intrusion detection system (IDS) is enabled

A

C. Permission from the data owner of the server

42
Q

The IS management of a multinational company is considering upgrading its existing virtual private network (VPN) to support Voice- over Internet Protocol (VoIP) communication via tunneling. Which of the following considerations should be PRIMARILY addressed?

A. Reliability and quality of service (QoS)
B. Means of authentication
C. Privacy of voice transmissions
D. Confidentiality of data transmissions

A

A. Reliability and quality of service (QoS)

43
Q

IS management recently replaced its existing wired local area network (LAN) with a wireless infrastructure to accommodate the increased use of mobile devices within the organization. This will increase the risk of which of the following attacks?

A. Port scanning
B. Back door
C. Man-in-the-middle
D. War driving

A

D. War driving

44
Q

A laptop computer belonging to a company database administrator (DBA) and containing a file of production database passwords has been stolen. What should the organization do FIRST?

A. Send a report to the IS audit department.
B. Change the name of the DBA account.
C. Suspend the DBA account.
D. Change the database password

A

D. Change the database password

45
Q

The MOST common problem in the operation of an intrusion detection system (IDS) is:

A. the detection of false positives.
B. receiving trap messages.
C. reject-error rates.
D. denial-of-service (DoS) attacks.

A

A. the detection of false positives.

46
Q

An online stock trading firm is in the process of implementing a system to provide secure email exchange with its customers. What is the BEST option to ensure confidentiality, integrity and nonrepudiation?

A. Symmetric key encryption
B. Digital signatures
C. Message digest algorithms
D. Digital certificates

A

D. Digital certificates

47
Q

An organization can ensure that the recipients of emails from its employees can authenticate the identity of the sender by:

A. digitally signing all email messages.
B. encrypting all email messages.
C. compressing all email messages.
D. password protecting all email messages.

A

A. digitally signing all email messages.

48
Q

An organization has experienced a large amount of traffic being re- routed from its Voice-over Internet Protocol (VoIP) packet network. The organization believes it is a victim of eavesdropping. Which of the following could result in eavesdropping of VoIP traffic?

A. Corruption of the Address Resolution Protocol (ARP) cache in Ethernet switches
B. Use of a default administrator password on the analog phone switch
C. Deploying virtual local area networks (VLANs) without enabling encryption
D. End users having access to software tools such as packet sniffer applications

A

A. Corruption of the Address Resolution Protocol (ARP) cache in Ethernet switches

49
Q

An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking?

A. An application-level gateway
B. A remote access server
C. A proxy server
D. Port scanning

A

A. An application-level gateway

50
Q

An organization is planning to replace its wired networks with wireless networks. Which of the following would BEST secure the wireless network from unauthorized access?

A. Implement Wired Equivalent Privacy (WEP).
B. Permit access to only authorized media access control (MAC) addresses.
C. Disable open broadcast of service set identifiers (SSID).
D. Implement Wi-Fi Protected Access (WPA) 2.

A

D. Implement Wi-Fi Protected Access (WPA) 2.

51
Q

An organization stores and transmits sensitive customer information within a secure wired network. It has implemented an additional wireless local area network (WLAN) to support general-purpose staff computing needs. A few employees with WLAN access have legitimate business reasons for also accessing customer information. Which of the following represents the BEST control to ensure separation of the two networks?

A. Establish two physically separate networks.
B. Implement virtual local area network (VLAN) segmentation.
C. Install a dedicated router between the two networks.
D.Install a firewall between the networks.

A

D. Install a firewall between the networks.

52
Q

Over the long term, which of the following has the greatest potential to improve the security incident response process?

A. A walk-through review of incident response procedures
B. Post event reviews by the incident response team
C. Ongoing security training for users
D. Documenting responses to an incident

A

B. Post event reviews by the incident response team

53
Q

A perpetrator looking to gain access to and gather information about encrypted data being transmitted over the network would use:

A. eavesdropping.
B. spoofing.
C. traffic analysis.
D. masquerading.

A

C. traffic analysis.

54
Q

The potential for unauthorized system access by way of terminals or workstations within an organization’s facility is increased when:

A. connecting points are available in the facility to connect laptops to the network.
B. users take precautions to keep their passwords confidential.
C. terminals with password protection are located in insecure locations.
D. terminals are located within the facility in small clusters under the supervision of an administrator.

A

A. connecting points are available in the facility to connect laptops to the network.

55
Q

The PRIMARY goal of a web site certificate is:

A. authentication of the web site that will be surfed.
B. authentication of the user who surfs through that site.
C. preventing surfing of the web site by hackers.
D. the same purpose as that of a digital certificate.

A

A. authentication of the web site that will be surfed.

56
Q

The role of the certificate authority (CA) as a third party is to:

A. provide secured communication and networking services based on certificates.
B. host a repository of certificates with the corresponding public and secret keys issued by that CA.
C. act as a trusted intermediary between two communication partners.
D. confirm the identity of the entity owning a certificate issued by that CA.

A

D. confirm the identity of the entity owning a certificate issued by that CA.

57
Q

The technique used to ensure security in virtual private networks (VPNs) is:

A. encapsulation.
B. wrapping.
C. transforming.
D. hashing.

A

A. encapsulation.

58
Q

This question refers to the following diagram. Internet –> Firewall 1 –> Mail Gateway –> Firewall-2
–> IDS
Email traffic from the Internet is routed via firewall-1 to the mail gateway. Mail is routed from the mail gateway, via firewall-2, to the mail recipients in the internal network. Other traffic is not allowed. For example, the firewalls do not allow direct traffic from the Internet to the internal network. The intrusion detection system (IDS) detects traffic for the internal network that did not originate from the mail gateway. The FIRST action triggered by the IDS should be to:

A. alert the appropriate staff.
B. create an entry in the log.
C. close firewall-2.
D. close firewall-1.

A

B. create an entry in the log

59
Q

This question refers to the following diagram.
To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the:

A. firewall and the organization’s network.
B. Internet and the firewall.
C. Internet and the web server.
D. web server and the firewall.

A

A. firewall and the organization’s network.

60
Q

To prevent Internet Protocol (IP) spoofing attacks, a firewall should be configured to drop a packet if:

A. the source routing field is enabled.
B. it has a broadcast address in the destination field.
C. a reset flag (RST) is turned on for the Transmission Control Protocol (TCP) connection.
D. dynamic routing is used instead of static routing.

A

A. the source routing field is enabled.

61
Q

To protect a Voice-over Internet Protocol (VoIP) infrastructure against a denial-of-service (DoS) attack, it is MOST important to secure the:

A. access control servers.
B. session border controllers.
C. backbone gateways.
D. intrusion detection system (IDS).

A

B. session border controllers.

62
Q

Two-factor authentication can be circumvented through which of the following attacks?

A. Denial-of-service
B. Man-in-the-middle
C. Key logging
D. Brute force

A

B. Man-in-the-middle

63
Q

The use of digital signatures:

A. requires the use of a one- time password generator.
B. provides encryption to a message.
C. validates the source of a message.
D. ensures message confidentiality.

A

C. validates the source of a message.

64
Q

Validated digital signatures in an email software application will:

A. help detect spam.
B. provide confidentiality.
C. add to the workload of gateway servers.
D. significantly reduce available bandwidth.

A

A. help detect spam.

65
Q

A web server is attacked and compromised. Which of the following should be performed FIRST to handle the incident?

A. Dump the volatile storage data to a disk.
B. Run the server in a fail-safe mode.
C. Disconnect the web server from the network.
D. Shut down the web server.

A

C. Disconnect the web server from the network.

66
Q

What is the MOST prevalent security risk when an organization implements remote virtual private network (VPN) access to its network?

A. Malicious code could be spread across the network.
B. The VPN logon could be spoofed.
C. Traffic could be sniffed and decrypted.
D. The VPN gateway could be compromised.

A

A. Malicious code could be spread across the network.

67
Q

What method might an IS auditor utilize to test wireless security at branch office locations?

A. War dialing
B. Social engineering
C. War driving
D. Password cracking

A

C. War driving

68
Q

What would be the MOST effective control for enforcing accountability among database users accessing sensitive information?

A. Implement a log management process.
B. Implement a two-factor authentication.
C. Use table views to access sensitive data.
D. Separate database and application servers.

A

A. Implement a log management process.

69
Q

When installing an intrusion detection system (IDS), which of the following is MOST important?

A. Properly locating it in the network architecture
B. Preventing denial-of-service (DoS) attacks
C. Identifying messages that need to be quarantined
D. Minimizing the rejection errors

A

A. Properly locating it in the network architecture

70
Q

When planning an audit of a network setup, an IS auditor should give HIGHEST priority to obtaining which of the following network documentation?

A. Wiring and schematic diagram
B. Users’ lists and responsibilities
C. Application lists and their details
D. Backup and recovery procedures

A

A. Wiring and schematic diagram

71
Q

When protecting an organization’s IT systems, which of the following is normally the next line of defense after the network firewall has been compromised?

A. Personal firewall
B. Antivirus programs
C. Intrusion detection system (IDS)
D. Virtual local area network (VLAN) configuration

A

C. Intrusion detection system (IDS)

72
Q

When reviewing a digital certificate verification process, which of the following findings represents the MOST significant risk?

A. There is no registration authority (RA) for reporting key compromises.
B. The certificate revocation list (CRL) is not current.
C. Digital certificates contain a public key that is used to encrypt messages and verify digital signatures.
D. Subscribers report key compromises to the certificate authority (CA).

A

B. The certificate revocation list (CRL) is not current.

73
Q

When reviewing an intrusion detection system (IDS), an IS auditor should be MOST concerned about which of the following?

A. Number of nonthreatening events identified as threatening
B. Attacks not being identified by the system
C. Reports/logs being produced by an automated tool
D. Legitimate traffic being blocked by the system

A

B. Attacks not being identified by the system

74
Q

When using a digital signature, the message digest is computed:

A. only by the sender.
B. only by the receiver.
C. by both the sender and the receiver.
D. by the certificate authority (CA).

A

C. by both the sender and the receiver.

75
Q

When using public key encryption to secure data being transmitted across a network:

A. both the key used to encrypt and decrypt the data are public.
B. the key used to encrypt is private, but the key used to decrypt the data is public.
C. the key used to encrypt is public, but the key used to decrypt the data is private.
D. both the key used to encrypt and decrypt the data are private.

A

C. the key used to encrypt is public, but the key used to decrypt the data is private.

76
Q

Which of the following anti-spam filtering techniques would BEST prevent a valid, variable-length email message containing a heavily-weighted spam keyword from being labeled as spam?

A. Heuristic (rule-based)
B. Signature-based
C. Pattern matching
D. Bayesian (statistical)

A

D. Bayesian (statistical)

77
Q

Which of the following BEST describes the role of a directory server in a public key infrastructure (PKI)?

A. Encrypts the information transmitted over the network
B. Makes other users’ certificates available to applications
C. Facilitates the implementation of a password policy
D. Stores certificate revocation lists (CRLs)

A

B. Makes other users’ certificates available to applications

78
Q

Which of the following controls would BEST detect intrusion?

A. User IDs and user privileges are granted through authorized procedures.
B. Automatic logoff is used when a workstation is inactive for a particular period of time.
C. Automatic logoff of the system occurs after a specified number of unsuccessful attempts.
D. Unsuccessful logon attempts are monitored by the security administrator.

A

D. Unsuccessful logon attempts are monitored by the security administrator.

79
Q

Which of the following controls would be the MOST comprehensive in a remote access network with multiple and diverse subsystems?

A. Proxy server
B. Firewall installation
C. Demilitarized zone (DMZ)
D. Virtual private network (VPN)

A

D. Virtual private network (VPN)

80
Q

Which of the following findings would be of GREATEST concern to an IS auditor during a review of logical access to an application?

A. Some developers have update access to production data.
B. The file storing the application ID password is in cleartext in the production code.
C. The change control team has knowledge of the application ID password.
D. The application does not enforce the use of strong passwords.

A

B. The file storing the application ID password is in cleartext in the production code.

81
Q

Which of the following functions is performed by a virtual private network (VPN)?

A. Hiding information from sniffers on the net
B. Enforcing security policies
C. Detecting misuse or mistakes
D. Regulating access

A

A. Hiding information from sniffers on the net

82
Q

Which of the following intrusion detection systems (IDSs) will MOST likely generate false alarms resulting from normal network activity?

A. Statistical-based
B. Signature-based
C. Neural network
D. Host-based

A

A. Statistical-based

83
Q

Which of the following is a control that can be implemented if application programmers are allowed to move programs into the production environment in a small organization?

A. Independent post implementation testing
B. Independent review of the changed program
C. Independent review of user requirements
D. Independent review of user acceptance

A

B. Independent review of the changed program

84
Q

Which of the following is an effective preventive control to ensure that a database administrator (DBA) complies with the custodianship of the enterprise’s data?

A. Exception reports
B. Segregation of duties (SoD)
C. Review of access logs and activities
D. Management supervision

A

B. Segregation of duties (SoD)

85
Q

Which of the following is a passive attack to a network?

A. Message modification
B. Masquerading
C. Denial-of-service (DoS)
D. Traffic analysis

A

D. Traffic analysis

86
Q

Which of the following is BEST suited for secure communications within a small group?

A. Key distribution center
B. Certificate authority (CA)
C. Web of trust
D. Kerberos Authentication System

A

C. Web of trust

87
Q

Which of the following is the BEST control over a guest wireless ID that is given to vendor staff?

A. Assignment of a renewable user ID which expires daily
B. A write-once log to monitor the vendor’s activities on the system
C. Utilization of a user ID format similar to that used by employees
D. Ensuring that wireless network encryption is configured properly

A

A. Assignment of a renewable user ID which expires daily

88
Q

Which of the following is the BEST control to mitigate the risk of pharming attacks to an Internet banking application?

A. User registration and password policies
B. User security awareness
C. Use of intrusion detection/intrusion prevention systems (IDSs/IPSs)
D. Domain name system (DNS) server security hardening

A

D. Domain name system (DNS) server security hardening

89
Q

Which of the following is the MOST effective type of antivirus software to detect an infected application?

A. Scanners
B. Active monitors
C. Integrity checkers
D. Vaccines

A

C. Integrity checkers

90
Q

Which of the following is the MOST important action in recovering from a cyberattack?

A. Activating an incident response team
B. Hiring cyber forensic investigators
C. Executing a business continuity plan (BCP)
D. Preserving evidence

A

A. Activating an incident response team

91
Q

Which of the following is the MOST secure and economical method for connecting a private network over the Internet in a small- to medium- sized organization?

A. Virtual private network (VPN)
B. Dedicated line
C. Leased line
D. Integrated services digital network (ISDN)

A

A. Virtual private network (VPN)

92
Q

Which of the following message services provides the STRONGEST evidence that a specific action has occurred?

A. Proof of delivery
B. Nonrepudiation
C. Proof of submission
D. Message origin authentication

A

B. Nonrepudiation

93
Q

Which of the following potentially blocks hacking attempts?

A. Intrusion detection system (IDS)
B. Honeypot system
C. Intrusion prevention system (IPS)
D. Network security scanner

A

C. Intrusion prevention system (IPS)

94
Q

Which of the following provides the MOST relevant information for proactively strengthening security settings?

A. Bastion host
B. Intrusion detection system (IDS)
C. Honeypot
D. Intrusion prevention system

A

C. Honeypot

95
Q

Which of the following public key infrastructure (PKI) elements provides detailed descriptions for dealing with a compromised private key?

A. Certificate revocation list (CRL)
B. Certification practice statement (CPS)
C. Certificate policy (CP)
D. PKI disclosure statement (PDS)

A

B. Certification practice statement (CPS)

96
Q

Which of the following should an IS auditor recommend for the protection of specific sensitive information stored in the data warehouse?

A. Implement column- and row- level permissions
B. Enhance user authentication via strong passwords
C. Organize the data warehouse into subject matter- specific databases
D. Log user access to the data

A

A. Implement column- and row- level permissions

97
Q

Which of the following types of penetration tests effectively evaluates the incident handling and response capability of the system administrator?

A. Targeted testing
B. Internal testing
C. Double-blind testing
D. External testing

A

C. Double-blind testing

98
Q

Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure (PKI) with digital certificates for its business-to-consumer transactions via the Internet?

A. Customers are widely dispersed geographically, but the certificate authorities (CAs) are not.
B. Customers can make their transactions from any computer or mobile device.
C. The CA has several data processing subcenters to administer certificates.
D. The organization is the owner of the CA.

A

D. The organization is the owner of the CA.

99
Q

Which of the following would effectively verify the originator of a transaction?

A. Using a secret password between the originator and the receiver
B. Encrypting the transaction with the receiver’s public key
C. Using a portable document format (PDF) to encapsulate transaction content
D. Digitally signing the transaction with the source’s private key

A

D. Digitally signing the transaction with the source’s private key

100
Q

Which of the following would MOST effectively enhance the security of a challenge-response based authentication system?

A. Selecting a more robust algorithm to generate challenge strings
B. Implementing measures to prevent session hijacking attacks
C. Increasing the frequency of associated password changes
D. Increasing the length of authentication strings

A

B. Implementing measures to prevent session hijacking attacks