Domain 4

.docx

School

University of Dhaka**We aren't endorsed by this school

Course

ACCOUNTING AUDITING

Subject

Information Systems

Date

Dec 17, 2024

Pages

Uploaded by PrivateValor11079

Question :Which of the following risks is applicable to activeRFID?A.The risk of social engineering .B.The risk of phishing.C.The risk of eavesdropping .D.The risk of malicious code .*Submit Answer :C*Correct Answer :CExplain :RFID tags are exposed to the risk of eavesdropping. It is the same as a wireless device. RFID, by its nature, is not subject to other exposure, such as social engineering, phishing, or malicious code.Question :Which of the following reports should an IS auditor verify to determine compliance with the uptime requirement defined in the SLA?A.The availability report .B.The utilization report.C.The hardware error report .D.The asset management report .*Submit Answer :B*Correct Answer :AExplain :An availability report indicates the time period during which the system is up and available for use. An IS auditor can determine downtime with the help of availability reports. Utilization reports determine the level of use of systems. A

utilization report is used to predict resource requirements. Asset management reports include an inventory of assets. Hardware error reports identify system failures and other issues.Question :Which RAID level does not improve fault tolerance?A.RAID level 0 .B.RAID level 1.C.RAID level 2 .D.RAID level 5 .*Submit Answer :A*Correct Answer :AExplain :RAID level 0 improves performance and can provide large logical drives but it does not increase redundancy. It is often used in combination with other levels to improve performance and redundancy. The purpose of RAID-0 is to combine multiple disks into one giant virtual disk.Question :A major concern associated with a hot site is?A.the timely availability of system hardware .B.the timely availability of data.C.the timely availability of electrical connections .D.the timely arrangement of ventilation and air conditioning .*Submit Answer :B*Correct Answer :BExplain :

The following components are already factored in while arranging a hot site: Theavailability of space and basic infrastructure The availability of all business applications However, for a hot site to function, it requires the following additional components: An updated data backup.Question :What is the biggest difference between disaster planning and business continuity planning?A.Disaster plans are usually specific to a department. .B.Business continuity plans are run by IT..C.Business continuity plans span department boundaries. .D.Disaster planning is an extension of facility plans. .*Submit Answer :D*Correct Answer :BExplain :Business continuity plans are focused on the processes for generating revenue. This is the biggest difference when compared to rebuilding in disaster recovery. Plans of the various departments such as IT, facilities, manufacturing, and sales may become smaller components of the final BC plan. All decisions and activities are determined by the revenue generated, not by the desires or goals of the department. The only agenda that matters is the CEO’s agenda.Question :Which of the following is of great help when determining the efficiency of preventive maintenance programs?A.The system downtime report .B.The service provider's report.C.The maintenance log .D.The preventive maintenance schedule .*Submit Answer :A

*Correct Answer :AExplain :The system downtime log indicates the effectiveness of preventive maintenanceprograms. High downtime indicates that preventive maintenance is not effective. Effective preventive maintenance should result in zero or very minimaldowntime. Other options will not directly indicate the efficiency of preventive maintenance programs.Question :Which type of network device directs packets through the Internet?A.Hubs .B.Routers.C.Repeaters .D.Modems .*Submit Answer :D*Correct Answer :BExplain :The function of network routers is to route IP packets throughout the network or the Internet. The router does not know the entire route to the destination. The router holds a routing table that simply provides the address of the next point down the path to the destination. Network routing is like a game of connect-the-dots. The data must travel sequentially from one router to the next router until itreaches the intended destination.

Question :Which of the following activities should not be conducted during peak production hours to avoid unexpecteddowntime?A.Data migration .B.Tape back-up.C.Preventive maintenance .D.Configuration of the standby router .*Submit Answer :C*Correct Answer :CExplain :Preventive maintenance should be conducted during non-peak times to avoid any downtime. Other activities may not directly impact system availability.Question :Who should be the actual leader of business continuity planning?A.Chief executive officer (CEO) .B.Chief financial officer (CFO).C.Chief information officer (CIO) .D.Chief operating officer (COO) .*Submit Answer :D*Correct Answer :AExplain :The chief executive officer (CEO) should be the actual leader of business continuity planning.The second choice is the chief operating officer (COO) as theofficial delegate of the CEO function. The CEO and COO have the agenda of generating revenue. They can force the cooperation of all others in the

organization. The CFO is the third choice. The CIO is the worst of these choices because of the CIO’s distance from revenue activities and limited scope of authority.Question :The synchronization of production source code and object code is best controlled by which of the following?A.Comparing version releases of source code and object code .B.Restricting any changes to source code.C.Restricting any access to source code and object code .D.Date-and-time stamping for source and object code .*Submit Answer :A*Correct Answer :DExplain :Date-and-time stamping for both the source code and the object code will help to ensure that the code is in sync. The other options are good practice, but they will not ensure that the source code and object code are of the same version.Question :This type of data transmission is often used to transmit video signals across the network?A.Unicasting .B.Broadcasting.C.Multicasting .D.Pinging .*Submit Answer :C*Correct Answer :CExplain :

Multicasting is used to transmit packets to multiple systems simultaneously but does not transmit to all systems. It is often used to transmit video across the network. Broadcasting is used when transmitting to all systems. nicasting is transmitting packets to a single-destination system only.Question :Which of the following is a major concern for an auditor reviewing the job scheduling process?A.High instances of emergency changes .B.A few jobs not having completed on time.C.A few jobs having been overridden by the operator .D.A job failure analysis being done by the IT manager .*Submit Answer :C*Correct Answer :CExplain :The overriding of scheduled jobs should be restricted as this can lead to unauthorized changes to programs or data. This is a major area of concern as overriding a scheduled job is only to be done by following the appropriate approval process. The other options are not as significant as overriding the schedule.Question :This address is manufactured or burned into network equipment and is totally unique?A.Domain name .B.IP.C.Media Access Control .D.Street address .*Submit Answer :B*Correct Answer :C

Explain :The 48-bit MAC address is manufactured into network equipment. Often, it is possible to override by using configuration tools. In a local area network, a 32-bit IP address is used for routing.Question :Which of the following is the greatest concern for an IS auditor reviewing the end user computing process?A.The lack of a documented end user computing policy .B.The lack of training for the end user.C.No involvement of the IT department in the development of applications .D.Applications not being subject to audit .*Submit Answer :A*Correct Answer :AExplain :End user computing refers to a system wherein a non-programmer can create their own application. This also reduces pressure on the IT department, who can concentrate on more critical and complex applications. End user computing is subject to some inherent risks. It is important that the documented policy of enduser computing should be available to address the risks. The other options are not as significant as a lack of documented policy.Question :This network is often used to provide vendors and customers limited access to corporate network services?A.Internet .B.Extranet.C.Intranet .D.Access net .

*Submit Answer :B*Correct Answer :BExplain :An extranet allows certain people limited access to corporate network services. An intranet is an internal corporate network. Access net is made up.Question :Which of the following is the greatest concern for the use of open source software?A.No payment is made to acquire open source software. .B.An organization must comply with open source software license terms..C.Open source software is vulnerable. .D.Open source software is not reliable. .*Submit Answer :B*Correct Answer :BExplain :It is very important for organizations to understand the terms of use of open source licenses and to adhere to them. An IS auditor should be more concerned about licensing compliance to avoid any legal consequences.Question :Which of the following is a list of OSI model levels from the top down?A.Application, Physical, Session, Transport, Network, Data-Link, Presentation .B.Presentation, Data-Link, Network, Transport, Session, Physical, Application.C.Application, Presentation, Session, Transport, Network, Data-Link, Physical .D.Presentation, Data-Link, Network, Transport, Session, Physical, Application .

*Submit Answer :A*Correct Answer :BExplain :It helps to remember the memory tool Please Do Not Throw Sausage Pizza Away.Question :Which of the following network diagnostics tools monitors and records network information?A.Response time report .B.Online monitor.C.Help desk report .D.Network protocol analyzers .*Submit Answer :D*Correct Answer :DExplain :Protocol analyzers are network diagnostic tools used to monitor the packets flowing along a network. They operate at the data link or network layer. Response time reports state the time taken by a system to respond to queries. Online monitors check for data transmission errors. Help desk reports provide analysis for IT support.Question :Which of the following is the most popular mediafor connecting workstations in a corporate environment?A.Coaxial .B.Shielded twisted-pair.C.Unshielded twisted-pair .D.Fiber optics .

*Submit Answer :D*Correct Answer :CExplain :The most popular media is UTP, or unshielded twisted-pair. STP, or shielded twistedpair, is more resistant to electronic noise and may be used in a shop environment. Coaxial cable is no longer used for connecting workstations. Fiber-optic cable is often used for interconnecting servers.Question :Which of the following is the most important consideration when ensuring system availability during the change management process?A.A documented procedure for sound change management .B.The change management procedure being followed consistently.C.Change only being authorized by the IT manager .D.User acceptance testing being properly documented .*Submit Answer :B*Correct Answer :BExplain :The most important control for ensuring system availability is a sound change management procedure that is followed consistently. Changes are required to be authorized by business managers also, not only by IT managers. User acceptance testing will not have any direct impact on system availability.Question :This protocol is layer 3 routable and is the backbone of the Internet?

A.IP .B.OSI.C.TCP .D.NetBIOS .*Submit Answer :C*Correct Answer :AExplain :Internet Protocol (IP) is the major routable protocol. Transmission Control Protocol (TCP) is used on top of IP to provide reliable sessions. User Datagram Protocol (UDP) is connectionless without delivery confirmation. NetBIOS is not a routable protocol. The OSI model is used to explain network communications.Question :Which of the following is a major concern for an IS auditor reviewing a thirdparty SLA?A.A transition clause on the expiry of the contract not being included .B.. An escalation matrix for service deficiency not being included.C.A late payment clause not being included .D.Details of the service provider's Single Point of Contact (SPOC) not being defined .*Submit Answer :A*Correct Answer :AExplain :In the absence of a transition clause, service providers may not provide appropriate support upon the expiry or termination of the contract. They may not make relevant data or applications available to the organization. This may

impact the continuity of the outsourced process. This would be the greatest risk as compared to the other options.Question :What type of network firewall is often the simplest to implement but has the worst logging capabilities?A.Proxy .B.Application.C.Packet-filtering .D.Adaptive .*Submit Answer :B*Correct Answer :CExplain :A router can be configured as a simple packet-filtering firewall by using an access control list. Packets are filtered based on the source address, destination address, and type of service. The problem is that packet filters have poor logging and the filter rules may be too broad to be effective. Packet filters do not support complex rules using if-then statements.Question :An auditor sees certain indications that an organization is using unlicensed software. What should be theauditor's first step?A.Report the indications in the audit report .B.Verifying the software through testing.C.Discuss the issue with auditee management .D.Recommend the immediate uninstallation of the software .*Submit Answer :B*Correct Answer :B

Explain :By gathering additional evidence, you first need to confirm if the software is unlicensed. Without appropriate audit evidence, the other options may not be feasible.Question :What does the third layer of the OSI model equate to in the TCP/IP model?A.Network .B.Data-Link.C.Transport .D.Internet .*Submit Answer :A*Correct Answer :DExplain :The third layer of the OSI model is the Network layer. Use the memory tool of Nor Do I Throw Apples to remember the layers of the TCP/IP model. The third layer of the TCP/IP model is the Internet layer.Question :An IS auditor is reviewing help desk activities. Which of the following is an area of major concern?A.The help desk team not being able to close a few calls .B.End users not being informed about the closure of resolved incidents.C.The help desk team not operating 24 hours a day .D.The help desk team not having been provided with dedicated phone Lines .*Submit Answer :B*Correct Answer :B

Explain :It is very important that end users are advised about the resolution of a logged incident. Incidents should be regarded as closed only when this is confirmed by the end user. The help desk is not expected to operate 24 hours a day. The other options are not as significant as option B.Question :At which layer of the OSI model does a gateway operate?A.Layer 3 .B.Layer 5.C.Layer 6 .D.Layer 7 .*Submit Answer :B*Correct Answer :DExplain :According to ISACA, the gateway operates at application layer 7 in the OSI model. The function of the gateway is to convert data contained in one protocol into data used by a different protocol. An example is an SNA PC-to-mainframe gateway converting ASCII to mainframe Extended Binary Coded Decimal Interchange Code (EBCDIC).Question :. Which of the following is a major concern for anIS auditor reviewing a thirdparty agreement?A.A "right to audit" clause not being included .B.A penalty clause for adverse performance not being included.C.The agreement with no mention of poor performance for negative performance .D.The service provider's liability limitation clause not being included .

*Submit Answer :A*Correct Answer :AExplain :The absence of a "right to audit" clause would prevent the organization from determining the security arrangement of the service provider. The organization would not have any assurance about contractual and legal compliance from the service provider. The other options are not as significant as this one. Option D, in fact, exposes the service provider's liability to an unlimited extent and that is not a concern for the service receiver.Question :Which of the following network topologies provides a redundant path for communication?A.Fiber-optic .B.Star.C.Ring .D.Bus .*Submit Answer :B*Correct Answer :CExplain :The ring topology provides two paths for communication. If the ring is damaged,the data can be transmitted in the other direction through the undamaged segment. The most common implementation of a ring topology is IBM Token Ring and looped fiber-optic rings used by the telephone company to connect thecentral office wiring centers.

Question :Which of the following provides assurance of database referential integrity?A.Foreign key .B.Secondary key.C.Table definition .D.Domain key .*Submit Answer :A*Correct Answer :AExplain :Referential integrity refers to the integrity and correctness of data within a related table. The primary key and its associated foreign key must be consistent. Changes to the primary key must be applied to associated foreign keys. Referential integrity will prevent users from adding records in a foreign table. At the same time, users cannot delete primary keys if related records are available in foreign tables.Question :What is the purpose of the Address Resolution Protocol (ARP)?A.Find the IP address .B.Find the mailing address.C.Find the MAC address .D.Find the domain name .*Submit Answer :A*Correct Answer :CExplain :

The Address Resolution Protocol (ARP) is used when you have an IP address and need to find the MAC address. Reverse ARP (RARP) is used going in the other direction, when you have a MAC address that needs the IP address.Question :Which of the following is the best corrective control for problems related to corrupted data in a database?A.Stringent access control .B.Concurrency control.C.Restore procedure .D.System audit .*Submit Answer :C*Correct Answer :CExplain :The restore procedure is the corrective control of all the options here. The restore procedure helps to restore databases to their latest archived version. All other options are either preventive or detective controls.Question :What is the security issue regarding packet analyzers?A.Viewing passwords .B.Special training.C.Purchase cost .D.Only for auditor’s use .*Submit Answer :A*Correct Answer :AExplain :

Network protocol analyzers, also known as sniffers, can view clear-text passwords being transmitted across the network. The sniffer can decode packets being transmitted and is useful for troubleshooting network protocol problems.Question :Which of the following is the best evidence in terms of determining that disaster recovery procedures satisfy requirements?A.Benchmarking with industry good practices .B.Approval from senior management.C.Tabletop exercises involving the procedures .D.Documented responsibilities of recovery team members .*Submit Answer :C*Correct Answer :CExplain :A tabletop exercise involves all the key members who will go through the plan and determine whether procedures satisfy requirements. Gaps, if any, are identified and addressed to make the DRP adequate and effective as regards business requirements.Question :Which of the following is an implementation of the demilitarized zone concept?A.Dedicated processor and a multiprocessor system .B.Screened subnet.C.Bastion host on the network .D.Dedicated subnet for internal users .*Submit Answer :D*Correct Answer :B

Explain :The screened subnet off of a firewall is also known as the demilitarized zone (DMZ). The DMZ concept is based on a military concept of providing a semiprotected transfer area. Data is relayed from the DMZ to external users. Data is also transferred from the DMZ to internal users by some method to ensure data integrity.Question :A major concern associated with a warm site is?A.the timely availability of system hardware .B.the timely availability of space.C.the timely availability of electrical connections .D.the timely arrangement of ventilation and air conditioning .*Submit Answer :B*Correct Answer :AExplain :Space, electrical connections, and ventilation and AC arrangements have already been provisioned prior to setting up a warm site. However, it does not have all the requisite hardware devices set up in order to facilitate the resumption of services. Hence, the timely availability of hardware is a greater concern.Question :Which of the following protocols is likely to be used for monitoring the health of the network?A.OSI .B.SNMP.C.SMTP .D.RIP .

*Submit Answer :C*Correct Answer :BExplain :The Simple Network Management Protocol (SNMP) is frequently used to monitor the health of the network in conjunction with a Network anagement System (NMS) such as HP Open- View. The security of the SNMP configuration on each device can be a concern for the auditor. SNMP can be used in a malicious fashion to paint a picture of the network’s design.Question :Which of the following is the primary concern forchanging the database vendor?A.Data integrity .B.Data availability.C.Data normalization .D.Data confidentiality .*Submit Answer :A*Correct Answer :AExplain :The major concern when it comes to data migration from one vendor to another vendor is the integrity of data and ensuring that the data is migrated completely, correctly, and accurately. The other options may not be directly impacted by data migration.

Question :What does the designation of N-1 best represent?A.Need for additional equipment .B.Number of routers.C.Meshed network .D.Number of links .*Submit Answer :B*Correct Answer :CExplain :The N-1 designation is frequently used to represent a fully meshed network.Question :What is the objective of code signing?A.Ensuring that software has not subsequently modified .B.Ensuring smooth integration with other code-signed systems.C.Ensuring the integrity of the private key .D.Ensuring the availability of the system .*Submit Answer :A*Correct Answer :AExplain :The objective of code signing is to provide assurance that code is generated from a reputable source and that the code has not been modified after being signed. Code signing will not provide assurance with respect to any other options. The process employs the use of a hash function to determine the integrity and authenticity of the code.

Question :What is the difference between a router and a switch?A.Both operate at layer 2; the router routes traffic, and the switch connects various users to the network. .B.Both operate at layer 3; the router routes traffic, and the switch connects various users to the network..C.They operate at OSI layer 3 and layer 2, respectively. .D.They operate at OSI layer 2 and layer 3, respectively. .*Submit Answer :D*Correct Answer :CExplain :The network router operates at layer 3 for the purpose of directing traffic across the network to other subnets. The network switch operates at layer 2 to provide Data-Link services between the computers in the same subnet. A router connects different subnets.Question :An arrangement for routing information via an alternative medium, such as copper or fiber optics coaxial cables, is known as?A.a bridge .B.diverse routing.C.alternative routing .D.a gateway .*Submit Answer :B*Correct Answer :BExplain :

Alternative routing is a method of routing the information through alternative cables, such as copper or fiber optic cables. Diverse routing is a method of routing information through split or duplicate cables. Bridges and gateways are used for network extensions.Question :Which type of network cabling is relatively immune to interference, difficult to tap, and can run extendeddistances?A.Coaxial .B.Shielded twisted-pair.C.Unshielded twisted-pair .D.Fiber-optic .*Submit Answer :D*Correct Answer :DExplain :Fiber-optic cable can transmit signals for several miles. The primary issue regarding fiber optics is the cost and special handling to prevent damage. Fiber-optic cable can be tapped by using special tools and skills; however, the processis relatively difficult for most individuals.Question :Which of the following best establishes accountability for personnel when it comes to emergency change?A.Granting production access to individual IDs as and when required .B.The use of a generic firefighter ID for emergency changes.C.The use of dedicated personnel to carry out emergency changes .D.Pre-authorization for emergency changes .*Submit Answer :A

*Correct Answer :AExplain :The best process to use to establish accountability is the use of individual IDs. When a change is complete, access can be removed. Generic IDs do not establish accountability. It is not cost-effective to employ dedicated resources for only emergency changes. Emergency changes require immediate action and obtaining prior authorization may not be feasible.Question :Which type of memory is used to permanently record programs on solid-state chips and retains the data even after power is turned off?A.Random access memory .B.Read-only memory.C.Flash memory .D.Optical memory .*Submit Answer :B*Correct Answer :BExplain :Solid-state integrated circuits implementing read-only memory (ROM) will provide permanent storage of data, regardless of electrical power. ROM is programmed by burning electrical connections inside the integrated circuit (IC) chip. Optical memory is not a solid-state process. Flash memory can be erased and reprogrammed. Random access memory (RAM) is volatile and will be erasedwhen power is turned off.Question :What is the auditor’s interest concerning SNMP community information?

A.Community strings are actually passwords, and the private password can write changes to the device configuration or force a reboot. .B.Network-attached devices should be configured into individual communities for separation of duties..C.Security is nonexistent in the first two versions of the SNMP protocol. .D.Operations staff should use SNMP to monitor the network and to provide early notification of problems or of information indicating that incident response is needed. .*Submit Answer :A*Correct Answer :AExplain :SNMP community strings are actually passwords. The word public in the community string allows any network device running SNMP with a matching password such as the word public to read configuration settings off the other device. The private community string also uses a simple match to allow any device with the password (word) private to write configuration changes to the device or force it to reboot.Question :Which of the following should be considered before activating an organization's BCP?A.A period of outage .B.The source of the outage.C.The cause of the outage .D.The type of outage .*Submit Answer :A*Correct Answer :AExplain :

Activation of the BCP should be primarily based on the maximum period during which business functions can survive before the outage could threaten the attainment of business objectives. The other options are not key factors when activating the BCP.Question :The ________ network topology provides a redundant path to transmit data?A.Bus .B.Star.C.Chain .D.Ring .*Submit Answer :B*Correct Answer :DExplain :The ring topology provides a redundant path for communications. Common examples include the older IBM Token Ring and the modern fiber-optic rings (SONET) used to connect central offices (local exchanges) for the telephone company. The ring topology is extremely popular in fiber-optic networks, where traffic is simultaneously transmitted to different directions (counterrotating transmission) around the same ring for maximum reliability.Question :Which is these is the best method of determining the availability of updated security patches for critical servers?A.Verify the patch update process .B.Manually verify each critical server.C.Review the change management log .D.An automated tool to verify the availability of updated patches .*Submit Answer :D

*Correct Answer :DExplain :An automated tool can be used to generate reports for the availability of security update patches in each of the critical servers. The other options may not be as efficient and effective as automated tools.Question :Which of the following statements is false concerning the communication circuits used in wide area networking?A.Switched virtual circuits (SVCs) may use different routes to reach the destination. .B.Digital circuit-switched lines are dedicated between locations..C.Packet-switched circuits are charged according to distance. .D.Circuit-switched lines allow the user to transmit any amount of data. .*Submit Answer :D*Correct Answer :CExplain :Circuit-based communication lines such as T1 and T3 are billed according to distance traveled. Almost all high-speed lines in use today are digital. Circuit-switched lines are dedicated connections between locations, with billing based on the distance between the locations. Circuit switching is more expensive but has some security advantages. Conversely, packet-based lines such as framerelay are billed according to the amount of data sent, without regard to the distance traveled. The Internet uses packet switching to span the globe.

Question :An arrangement for just electricity and HVAC is available in?A.a cold site .B.a mobile site.C.a reciprocal agreement .D.a warm site .*Submit Answer :C*Correct Answer :AExplain :In a cold site arrangement, only space and basic infrastructure, such as electricity and HVAC, is required. The cost of maintaining a cold site is low compared to hot or warm sites. A cold site is the most cost-effective solution for a non-critical system. No communication systems or computers are made available in cold sites.Question :The architecture of a computer with a single central processing unit (CPU) contains which of the following points that represents the biggest area of interest to the auditor?A.Time-sharing is used to service the different processing tasks one at a time. .B.An upgrade to a multiprocessor system should be justified to improve response times..C.System control software is halted between processing tasks. .D.A pipeline design should be implemented to minimize system idle time. .*Submit Answer :B*Correct Answer :CExplain :

The computer’s central processing unit (CPU) operates in time-sharing mode by using interrupts to start and stop the processing of requests (tasks). In computers with a single CPU, internal system controls such as security software are constantly started and stopped as the CPU switches back and forth between different tasks. A multiprocessor system allows the security software to be run in dedicated mode on a dedicated CPU without any interruptions, which improves overall system security.Question :What is the first step after the replacement of hardware?A.Sync the hardware with the hot site .B.Updating the IT asset inventory.C.Identify and assess the vulnerability .D.Conduct risk assessment .*Submit Answer :B*Correct Answer :BExplain :Updating the IT assets should be the first step. Once the inventory is updated, the other options can be followed.Question :Which of the following RAID implementations is designed for the disk array to be configured into one large virtual disk partition using high-speed asynchronous data transfer?A.RAID-1 .B.RAID-7.C.RAID-5 .D.RAID-6 .*Submit Answer :A

*Correct Answer :BExplain :RAID level 7 is designed to allow several high-speed disks (disk array) to be configured as one large virtual drive partition using asynchronous transfer mode.Question :Which of the following is ideal for implementing a hot site as a recovery strategy?A.A low disaster tolerance .B.A high RTO.C.A high RPO .D.A high disaster tolerance .*Submit Answer :A*Correct Answer :AExplain :Disaster tolerance indicates the tolerance level of the organization to accept thenon-availability of IT facilities. A hot site is recommended when disaster tolerance is low and systems should be made available as soon as possible.Question :Even with advanced security software running on the network, which of the following OSI layers represents the vulnerability to subversion created by hardware port access?A.OSI layer 1 .B.OSI layer 2.C.OSI layer 3 .D.OSI layer 7 .

*Submit Answer :A*Correct Answer :AExplain :The OSI model can be used to help identify and map areas of strength and weakness in the network controls. Network security software runs in the layers above the physical network, at OSI layer 1. Physical access can subvert network security. This is why physical controls are required. Proper controls will include acombination of administrative, physical, and technical safeguards.Question :For an online transaction processing system's database, what is the integrity of transactions maintained by?A.Tagging and tracking control .B.Commitment and rollback control.C.Access review control .D.Log monitoring control .*Submit Answer :B*Correct Answer :BExplain :Commitment and rollback control ensures that a transaction is completed entirely or not at all. In the case of disruption, if a transaction cannot be fully completed, then partial updates are rolled back so that the database returns to its prior state. This ensures the integrity of a transaction.

Question :In network communications, the ________ transmission sends a single data packet to multiple addresses for applications such as Internet-based television?A.Broadcast .B.Multicast.C.Visicast .D.Unicast .*Submit Answer :A*Correct Answer :BExplain :Multicasting is used to efficiently send a single transmission to multiple addresses.Question :Which of the following is the best control for configuration changes??A.An adequate audit trail .B.Adequate training of personnel.C.Adequate documentation for configuration management .D.An adequate process of approval and review for critical changes .*Submit Answer :D*Correct Answer :DExplain :It is very important to follow the process of approval and review for changes. It ensures proper authorization for critical changes and also enforces separation ofduties. It prevents unauthorized changes by any single employee. The other

options serve as good controls, but option D is considered the best for processing configuration changes.Question :Which of the following network protocols uses the MAC address to find a computer’s IP address?A.Domain Name System (DNS) protocol .B.Reverse Domain Name System (RDNS) protocol.C.Reverse Address Resolution Protocol (RARP) .D.Address Resolution Protocol (ARP) .*Submit Answer :D*Correct Answer :CExplain :Address Resolution Protocol (ARP) is used when the IP address is known, to find the computer’s MAC address. ARP is used just like a telephone directory to use aname to find a street address. A different protocol, called Reverse Address Resolution Protocol (RARP), is used when you know the MAC address and need to find the corresponding IP address. RARP works like a pay-telephone directory listing street addresses and enabling you to look up the name of a resident (person).Question :The Internet Protocol (IP) contains a special feature for separating different types of communication between network addresses. What is this feature called?A.Software port .B.Hardware port.C.Dynamic Host Configuration Protocol .D.Virtual Communication Protocol .*Submit Answer :C

*Correct Answer :AExplain :Software ports, also known as sockets or buffers, are used to create an orderly communications flow between programs. These software ports are analogous to individual post office mailboxes; each box has a special destination and purpose.Question :As part of a BIA, which of the following is identified first?A.The risk applicable to critical business processes .B.The critical business processes to prioritize recovery.C.The resources required for recovery .D.Threats applicable to critical business processes .*Submit Answer :B*Correct Answer :BExplain :The identification of a critical business process is the first step to determining the priority of recovery. Once critical processes have been identified, the recovery strategy and process can be defined.Question :Default settings are used by vendors to help users get the system up and running. What is the auditor’s primary area of interest regarding default settings?A.Saves time and money for the user .B.Represents the manufacturer’s recommended settings.C.Well-known settings published by the vendor .D.Reduces support headaches, which increases operational uptime .*Submit Answer :C

*Correct Answer :CExplain :Beware of default settings on computers and network devices. Default settings are published on the Internet and in service manuals. The default settings benefit a vendor by reducing customer support and presenting the image that the vendor’s product is easy to use. Unfortunately, the use of default settings creates a security nightmare. This information is frequently used by hackers to compromise a system. The most cost-effective technique for providing security is to change the default settings to use a unique setting at every opportunity.Question :With respect to disaster recovery costs, which ofthe following statements is correct?A.Downtime costs decrease over time .B.Downtime costs increase over time.C.Downtime costs are time-neutral .D.Downtime costs are related to the RPO .*Submit Answer :B*Correct Answer :BExplain :Downtime costs include a loss of sales, idle resources, salaries, and suchlike. Downtime costs increase over time. The earlier the recovery, the lower the downtime costs. Downtime costs are not related to the RPO, but recovery costs are.

Question :At which OSI layer does software encryption and decryption occur?A.OSI layer 7 .B.OSI layer 6.C.OSI layer 5 .D.OSI layer 4 .*Submit Answer :C*Correct Answer :AExplain :Software encryption and decryption occur in OSI layer 7, the problem-solving Application layer. Encryption in layer 7 prevents the Presentation layer (layer 6) from exposing the secrets. The new IP security (IPsec) uses layer 7 application gateways to perform the encryption and decryption prior to transmitting the packets on the OSI Network layer (layer 3). Auditors use the OSI model to help decode confusing and overlapping concepts in the network design.Question :Which of the following is a major concern for an IS auditor reviewing a thirdparty agreement?A.A "right to audit" clause not being included .B.A penalty clause for adverse performance not being included.C.The agreement with no mention of poor performance for negative performance .D.The service provider's liability limitation clause not being included .*Submit Answer :A*Correct Answer :AExplain :

The absence of a "right to audit" clause would prevent the organization from determining the security arrangement of the service provider. The organization would not have any assurance about contractual and legal compliance from the service provider. The other options are not as significant as this one. Option D, in fact, exposes the service provider's liability to an unlimited extent and that is not a concern for the service receiver.Question :The ________ can be poisoned by a hacker to prevent the computer from converting computer names into network addresses.?A.Address Resolution Protocol (ARP) .B.Reverse Address Resolution Protocol (RARP).C.Border Gateway Protocol (BGP) .D.Domain Name System (DNS) .*Submit Answer :A*Correct Answer :DExplain :The Domain Name System (DNS) protocol is used to associate computer names such as magic, development2, and www.certtest.com to their corresponding IP addresses. The original design of DNS did not include any real provisions for security. Secure DNS (S-DNS) uses access lists and twofactor authentication with digital certificates to help thwart hackers’ attempts to poison the DNS server, or substitutes a fake DNS server that points to the wrong computers.Question :Which of the following indicates an RTO?A.The extent of acceptable system downtime .B.The extent of minimum business objectives.C.The extent of acceptable data loss .D.The extent of crisis management insurance .

*Submit Answer :A*Correct Answer :AExplain :The RTO is a measure of the user's tolerance to system downtime. In other words, the RTO is the extent of acceptable system downtime. For example, an RTO of 2 hours indicates that an organization will not be overly impacted if its system is down for up to 2 hours.Question :Which of the following best describes ad hoc networks?A.Dynamic connection of remote devices .B.Fixed connection of devices.C.Active Device HOst Communication .D.Wireless connection using a static configuration .*Submit Answer :A*Correct Answer :AExplain :Ad hoc networks are a dynamic grouping of devices in ever-changing configurations. Imagine the wireless devices connecting via Bluetooth when you enter a coffee shop, client’s office, or your own automobile. As you move thoughyour activities each day, the configuration of this overall network is changing. Ad hoc means unstructured and ever changing.Question :Which of the following is considered a critical component in network management?A.Proxy troubleshooting .

B.Topological structure.C.Change and configuration management .D.Network monitoring tools .*Submit Answer :B*Correct Answer :CExplain :Configuration management is considered one of the key components in network management. It determines the network functionality both internally and externally. It ensures that the setup and management of the network are done properly. The other options, though important, are not as critical as change and configuration management.Question :Except for the older plain old telephone service (POTS) lines, what is the primary issue of remote access over telephone company circuits?A.The cost of service may be expensive. .B.The available bandwidth may be too slow..C.A remote-access circuit is always active to accept communication. .D.Remote access servers (RASs) may be used to create a dial-up modem pool. .*Submit Answer :D*Correct Answer :CExplain :cDigital high-speed circuits (for example, ISDN, T1, T3, frame relay, ATM, and DSL) are always on (live) by design. If you attempt to turn off (or disable) a high-speed digital circuit, the telephone company will disable the circuit for several

days. The original plain old telephone service (POTS) disconnected your equipment from the hacker’s reach when you hung up the phone line. Digital circuits never allow the user to “hang up the receiver” and therefore are never disconnected. Firewalls are required on digital high-speed circuits because the hacker could attack 24 hours a day.Question :What is the objective of library control software?A.Providing assurance that program changes are authorized .B.Providing assurance that program changes are tested.C.Providing assurance that areas are automatically moved to production .D.Providing assurance that only developers can access a program .*Submit Answer :B*Correct Answer :AExplain :A program stored in a library can be accessed only by authorized users. Also, it has provisions for reviewing and approving software changes. Library control software ensures that only authorized changes are allowed.Question :Why are firewalls used with OSI layer 7 (Application layer) proxies?A.Firewalls operate at the network layer by using filters based on to-from addressing. .B.Proxies perform the request on the user’s behalf without granting direct access..C.Firewalls close communication ports to prevent access. .D.Proxies grant direct Internet access without the need of a firewall. .*Submit Answer :C*Correct Answer :B

Explain :Proxies are used to perform the request on a user’s behalf without granting direct access. User requests may be from a live user or from another software program. The proxy may check the formatting and nature of the request to determine whether it is acceptable for processing. Requests that are uncharacteristic or outside the normal behavior are discarded as hacker attacks.Question :What should be the next step of an IS auditor who finds that the DBA has read and write access to production data?A.Recommend for the immediate revocation of rights .B.Analyze the justification of the DBA's rights.C.Review the logs related to the DBA's activities .D.Accept the current process as a common practice .*Submit Answer :B*Correct Answer :BExplain :The first step will be to analyze the justification and review the relevant controls for DBA activities.Question :Which of the following acronyms refer to the expected level of service during recovery?A.RTO .B.SDO.C.RPO .D.ITO .*Submit Answer :C

*Correct Answer :BExplain :The service delivery objective (SDO) illustrates the expected level of service during recovery. The organization may have several SDO targets based on the different phases of recovery. RTO is the recovery time objective, and RPO is the recovery point objective. ITO is a distracter.Question :An organization's DRP has been modified due to a change in IT processes. However, the new plan has not been tested. Which of the following is the primary risk?A.The inability to recover from catastrophic service disruption .B.The plan may require further recovery resources.C.The plan may be difficult to implement .D.Downtime costs may increase .*Submit Answer :A*Correct Answer :AExplain :If a modified DRP is not tested for its adequacy and effectiveness, a plan may not enable the organization to recover from the disaster. This is the primary risk associated with an untested plan.Question :A critical success factor is defined as which of the following?A.A measure or score of efficiency .B.An asset to be planned.C.Something that must occur perfectly every time .D.A factor that is calculated for insurance purposes .

*Submit Answer :D*Correct Answer :CExplain :A critical success factor is also known as a showstopper. Critical success factors must go right every time in order for recovery to be successful. A key performance indicator (KPI) is a numerical score.Question :What does an IS auditor refer to a data flow diagram for?A.Understanding the data flow and storage .B.Identification of key controls.C.Understanding the data classification scheme .D.Understanding the data definitions .*Submit Answer :A*Correct Answer :AExplain :A data flow diagram is ideally used to understand how data is flowing and wheredata is stored. It helps an IS auditor to understand the input, processing, and output of data. A classification policy helps to understand data classification schemes. A data dictionary is used to understand data definitions.Question :Which of these is the most significant issue to consider regarding insurance coverage?A.Salvage may be dictated rather than replacement. .B.Premiums may be very expensive..C.Coverage must include all business assets. .D.Insurance can pay for all the costs of recovery. .

*Submit Answer :D*Correct Answer :AExplain :The insurance company may dictate salvage to save money. Salvage will increase the delay before recovery. Any replacement purchases by the organization may not be covered under reimbursement.Question :The most reliable method for determining the success of a disaster recovery effort is?A.a tabletop test .B.a data restoration test.C.a paper test .D.a unit test .*Submit Answer :C*Correct Answer :BExplain :Successful data restoration is regarded as a success of disaster recovery efforts.The most reliable method would be to restore a backup to a system. Other tests will not be able to determine the success of disaster recovery efforts.Question :The ultimate obstacles to business continuity arethreats that may include which of the following?A.Natural disasters .B.Missed targets.C.Loss of profit .D.All of the above .

*Submit Answer :D*Correct Answer :DExplain :The concerns in business continuity include natural disasters, missed targets, and loss of profit. The goal of continuity is to ensure that important targets are not missed and revenue is not interrupted.Question :What is the first step in the implementation of access control?A.Group IT assets .B.Categorize IT assets.C.Implement an access control list .D.Creating an inventory of IT assets .*Submit Answer :D*Correct Answer :DExplain :The first step for the implementation of an access control rule is to create a list of IT assets as an inventory. This will be followed by categorization and grouping.Question :When planning team assignments, it is more important to remember that?A.Nobody should hold more than one team assignment. .B.The number of people or number of teams is not as important as making sureall the duties are performed..C.A single key person can be assigned to all teams for consistency. .

D.The number of duties is the same for each team. .*Submit Answer :C*Correct Answer :BExplain :The most important point to remember when planning team assignments is thatall the duties are performed, regardless of the number of people. In major incidents, the organization may need to hire hundreds of extra personnel to ensure that all the duties are performed.Question :With respect to information security, the most important inclusion in the BCP is?A.the level of information security requirements during a business recovery process .B.the requirement for information security resources.C.the change management structure for information security .D.the information security budget .*Submit Answer :A*Correct Answer :AExplain :It is important that the BCP contains the level of information security that is required when the business recovery process is in place. The information security level may be the same, or lower, or higher, compared with what is required during normal business operations.

Question :What is the principal reason you might use a hotsite?A.Expensive, but already configured for our use .B.May not be available during a crisis.C.Expensive, but we will have to install and configure new equipment .D.Expensive and prevents us from using other warm or cold site alternatives .*Submit Answer :B*Correct Answer :AExplain :The hot site is expensive but offers a better chance for recovery because it is already configured for use and ready to go.Question :A DRP should primarily cover?A.recovery site information .B.crisis management team information.C.test procedures .D.the prioritization of processes and assets .*Submit Answer :D*Correct Answer :DExplain :It is very important to prioritize the functions that need to be recovered at the earliest possible juncture for the organization's survival. The DRP should cover prioritized business functions.Question :What does the term MAO stand for?A.Minimum acceptable outage .B.Maximum acceptable outage.

C.Minimum available on-hand .D.Maximum available overnight .*Submit Answer :B*Correct Answer :BExplain :MAO is the maximum acceptable outage that can occur before critical deadlines are missed or recovery is no longer feasible because of the amount of time lapsed. May be referred to as maximum tolerable downtime (MTD).Question :Which of the following is the primary concern forchanging the database vendor?A.Data integrity .B.Data availability.C.Data normalization .D.Data confidentiality .*Submit Answer :A*Correct Answer :AExplain :The major concern when it comes to data migration from one vendor to another vendor is the integrity of data and ensuring that the data is migrated completely, correctly, and accurately. The other options may not be directly impacted by data migration.Question :In business continuity, why it is important to replicate every process?A.To ensure 100 percent full operational capabilities .

B.Market pressures.C.Not important, only select processes will continue .D.To protect the company reputation .*Submit Answer :A*Correct Answer :CExplain :Only critical processes will continue. The other processes will be interrupted while the organization focuses efforts to restore critical processes. Plans will sequence recovery by using service delivery objectives (SDOs), recovery point objectives (RPOs), and recovery time objectives (RTOs). A noncritical process might be shut down and never restarted.Question :What is the most effective way to gauge the design effectiveness of a change management process?A.A sample test of change requests .B.A sample test of change authorization.C.Interviewing the staff .D.Conducting an end-to-end walk-through of the change management Process .*Submit Answer :D*Correct Answer :DExplain :To determine design effectiveness most effectively, you should understand the end-to-end process of change control management. This observation is the best way to ensure that the process is effectively designed. The other options are notas effective as having a process walk-through.

Question :Name one of the purposes of creating the business continuity plan?A.To maximize the number of decisions made during an incident .B.To minimize decisions needed during a crisis.C.To lower business insurance premiums .D.To provide guidance for federal regulations .*Submit Answer :B*Correct Answer :BExplain :The plan minimizes decisions needed during the crisis. Possible options would have been researched and decisions made in advance by management. The recovery staff is expected to follow the directions contained in the plan.Question :The effectiveness of a BCP can be evaluated by reviewing?A.the involvement of various stakeholders .B.plan test results.C.employee awareness regarding the plan .D.offsite controls .*Submit Answer :B*Correct Answer :BExplain :Test results will provide reasonable assurances regarding the effectiveness of the BCP. It will provide objective evidence regarding the adequacy or otherwise of the existing BCP. The other options will not assist directly in assessing the effectiveness of the BCP.

Question :What does the acronym EOC represent?A.Emergency Office Complex .B.Evacuate Office Center.C.Emergency Offensive Controls .D.Emergency Operations Center .*Submit Answer :B*Correct Answer :DExplain :The EOC is the Emergency Operations Center, staffed by the emergency management team during a crisis.Question :Which of the following is a major concern for an IS auditor reviewing an SLA for storing sensitive customer data with a third-party cloud provider?A.The service level escalation matrix not being documented .B.The cloud provider reserving the right to access data for certain processes.C.The bulk data upload process not being defined .D.Backup responsibility being with the customer organization .*Submit Answer :B*Correct Answer :BExplain :The organization must review regulations as there may be regulatory restrictions on accessing and utilizing sensitive customer data with the consent of the customer. Also, the organization must determine that appropriate controlsare applied to protect customer data.

Question :News media attention should be?A.Directed to a single designated spokesperson .B.Used to create awareness of the crisis and warn the public.C.Restricted to prevent any information from being released .D.Allowed full access to interview staff .*Submit Answer :B*Correct Answer :AExplain :All inquires and statements should be from the designated public nformation officer (PIO), the spokesperson for the organization. The PIO uses predefined scripts to deliver messages that have been vetted to ensure a positive image forthe organization.Question :Which of the following is the most critical for the IS auditor when reviewing the DRP of an organization having limited IT resources?A.A test has not been conducted to ensure the adequacy of resources to recover from a disaster .B.The DRP was approved more than a year ago.C.Security requirements are not included in the DRP .D.A test has not been conducted for backup restoration .*Submit Answer :D*Correct Answer :AExplain :

The most critical risk is the absence of testing, which would help to identify the gaps in the DRP. Backup testing should be done as part of an overall DRP test. The other options are not as important as the lack of an overall DRP test.Question :Continuity planners can create BC plans without the business impact analysis (BIA) process when?A.Business impact analysis is not required. .B.Management already dictated all the key processes to be used..C.Not possible; critical processes constantly change. .D.Risk assessment is acceptable. .*Submit Answer :D*Correct Answer :CExplain :It is not possible to create business continuity plans without a current business impact analysis (BIA). The BIA will identify critical processes and their dependencies. The critical processes will change as the business changes with new products and customers.Question :A review of the change management process indicates that the process is not fully documented and also that some migration processes failed. What should the next step for the IS auditor be?A.Trying to get further information about the findings through root cause analysis. .B.Report the findings to the audit committee of the board..C.Recommend reframing the change management process. .D.Recommend discontinuing the migration process until the change management process is documented. .*Submit Answer :A

*Correct Answer :AExplain :Before recommending any action, an IS auditor should gain assurance that the deficiencies noted can be attributed to the failure of the change management process rather than some other process failure.Question :What should signal that the business continuity plan needs to be updated?A.Time and market conditions .B.Personnel changes.C.Significant changes in business objectives or direction .D.All of the above .*Submit Answer :C*Correct Answer :DExplain :The plan should be reviewed quarterly and updated at least annually. Updates should occur after each test, changes in personnel, or changes in business direction. Plans are often updated for changes in key customers and products.Question :The most reliable evidence with respect to disaster recovery preparedness of an organization is?A.the availability of a DRP .B.the availability of an alternate site for disaster recovery.C.the results of DRP tests and exercises .D.the approval of senior management in relation to the DRP .*Submit Answer :A

*Correct Answer :CExplain :Tests and exercises are the most reliable evidence to determine the adequacy and effectiveness of an organization's DRP. The test results help to identify the gaps, if any, and to improve the plan by addressing those gaps. The other options are not as important as tests and exercises.Question :What is the best example of why plan testing is important?A.To prove that the plan worked the first time .B.To find and correct problems.C.To show the team that is not pulling their own weight .D.To verify that everyone shows up at the recovery site .*Submit Answer :B*Correct Answer :BExplain :Plans are tested to train the staff in carrying out their work. The intention is to find problems and correct any mistakes. A secondary benefit is to demonstrate improvement in the response and recovery efforts.Question :An IS auditor notes that the IT department has not updated a new patch for an application because other security controls are in place. What should the recommendation of the auditor be?A.The overall risk should be analyzed before any recommendation is made. .B.Implement firewall rules..C.Implement an intrusion detection system. .D.Provide adequate training to the system administrator. .

*Submit Answer :A*Correct Answer :AExplain :The first step is to analyze the overall risk, and then appropriate steps can be taken to address the risk.Question :What are the best examples of vital records and media?A.Specialized forms, financial records, how-to manuals, backup tapes .B.Past annual reports, last year’s cancelled checks, vacation forms, HR policies.C.Preferred vendor lists, personal desk files, extra blank paper for copy machine .D.Customer lists, office supplies, maintenance manuals, corporate seal .*Submit Answer :B*Correct Answer :AExplain :Financial records and backup tapes are extremely important. How-to manuals will help aid the recovery effort.Question :For successful development of the BCP, the mostimportant aspect is?A.the involvement of the process owner .B.the involvement of the DBA.C.the involvement of the head of IT .D.the involvement of the Board of Directors .

*Submit Answer :A*Correct Answer :AExplain :Process owner involvement is very important in identifying critical processes, their dependencies, and the required level of the RTO. The other options are notas important as process owner involvement.Question :Which of the following should be considered when setting your business continuity strategy?A.Recovery time objectives .B.Alternate sites available.C.Testing time available at alternate sites .D.All of the above .*Submit Answer :A*Correct Answer :DExplain :The strategy will be selected based on information obtained during the risk assessment and business impact analysis. All options should be considered when selecting the business continuity strategy.Question :What is the process to activate the business continuity plan?A.Members of the organization call the recovery site to activate. .B.Management designates decision criteria and appoints authorized personnel..C.The facility manager receives a severe threat warning. .D.The senior manager on duty makes the decision. .

*Submit Answer :B*Correct Answer :BExplain :The purpose of planning is to establish decision criteria in advance. After the criteria are met, the plan will be activated by the appointed personnel. The alternate site invocation process allows a preauthorized manager to activate thealternate site. Invocation of the alternate site will cost money and should occur only when it is required.Question :Which of the following is the best control for configuration changes?A.An adequate audit trail .B.Adequate training of personnel.C.Adequate documentation for configuration management .D.An adequate process of approval and review for critical changes .*Submit Answer :D*Correct Answer :DExplain :It is very important to follow the process of approval and review for changes. It ensures proper authorization for critical changes and also enforces separation ofduties. It prevents unauthorized changes by any single mployee. The other options serve as good controls, but option D is considered the best for processing configuration changes.Question :What is the fundamental difference between disaster recovery and business continuity?

A.Disaster recovery is focused on natural disasters; business continuity deals with manmade events. .B.Business continuity is focused on ensuring that none of the services are interrupted; disaster recovery deals with restoring services..C.Disaster recovery is focused on rebuilding; business continuity deals with revenue to continue in the market. .D.Business continuity is focused on protecting the IT investment; disaster recovery applies to the entire organization. .*Submit Answer :B*Correct Answer :CExplain :Business continuity is intended to ensure that critical processes are restored in atimely manner and that revenue is not interrupted. With revenue, the organization will acquire the money necessary to survive.Question :The aim of an IS auditor in interviewing key stakeholders to determine their understanding of the BCP is?A.to determine the simplicity of the BCP .B.to determine the effectiveness of the BCP.C.to determine the adequacy of the BCP .D.to determine the organization's ability to respond in the event of a Disaster .*Submit Answer :A*Correct Answer :AExplain :Interviewing the key personnel to determine their understanding of the BCP will help the auditor to evaluate the clarity and simplicity of the BCP. Merely

interviewing will not facilitate a determination of the effectiveness, adequacy, orability of an organization.Question :What indicators are used to identify the anticipated level of recovery and loss at a given point in time?A.RPO and RTO .B.RTO and SDO.C.RPO and ITO .D.SDO and IRO .*Submit Answer :A*Correct Answer :AExplain :The recovery point objective (RPO) indicates the fallback position and duration of loss that has occurred. A valid RPO example is to recover by using backup data from last night’s backup tape, meaning the more recent transactions have been lost. The recovery time objective (RTO) indicates a point in time that the restored data should be available for the user to access.Question :Which of the following is the main objective of service level management?A.Documenting, monitoring, and managing agreed-upon service parameters .B.Complying with regulatory requirements.C.Minimizing the cost of a service .D.Timely technology upgrades .*Submit Answer :A*Correct Answer :A

Explain :The main objective of service level management is to document and monitor theservice parameters. Service level management does not necessarily support other objectives.Question :What are the five phases of business continuity planning according to ISACA? (Select the answer showing the correct phases and order.)?A.Analyze business impact, develop strategy, develop plan, plan testing, implement .B.Analyze business impact, develop plan, implement, plan testing, write the plan.C.Analyze business impact, write the plan, test strategy, develop plan, implement .D.Analyze business impact, develop strategy, develop plan, implement, plan testing .*Submit Answer :A*Correct Answer :DExplain :Notice that business impact is always the first step. Then criteria are selected to guide the strategy selection. A detailed plan is written using the strategy. The written plan is then implemented. After implementation, the plan and staff are tested for effectiveness. The plan is revised, and then the testing and maintenance cycle begins.Question :The appropriate method for testing a BCP is?A.an interface test .B.a paper test.C.a system test .D.a unit test .

*Submit Answer :B*Correct Answer :BExplain :A paper test is an appropriate method for testing a BCP. It is also known as a desk-based evaluation. In this type of test, key employees have a walkthrough of the BCP and identify any weaknesses in the plan, thereby providing an opportunity to improve it.Question :Which of the following best fits the description ofrequires some assembly and can be operational within days?A.Redundant site .B.Warm site.C.Hot site .D.Cold site .*Submit Answer :D*Correct Answer :BExplain :A warm site is a building preconfigured with utility services and may hold some equipment. Hardware will usually need to be shipped in and assembled. Telephone circuits will need to be switched over to the warm site and data loaded from backup tapes. Recovery time is measured in days.Question :Which of the following is the best option for patch management to ensure that a new patch will not impact system processing?

A.A patch should be tested prior to updating. .B.A user should be trained in the patch updating process..C.A patch should be applied immediately and post-implementation testing should be carried out. .D.A documented patch management process should be available. .*Submit Answer :A*Correct Answer :AExplain :It is very important to test a patch before its implementation because patches may impact other systems and operations.Question :What priority would the BC/DR planner at a manufacturing company place upon warranty repair services for clients during a recovery?A.Core process .B.Discretionary process.C.Critical function .D.Supporting process .*Submit Answer :C*Correct Answer :BExplain :Providing warranty repair services is discretionary and would be discontinued during recovery. Core processes, such as sales, generate direct revenue. Supporting processes such as invoicing also help the core process bring in money. Everything else may be discontinued or shut down during recovery.

Question :Which of the following should be frequently updated for continued effectiveness of the DRP?A.The contact details of key staff members .B.Asset inventory.C.The roles and responsibilities of key staff members .D.Procedures for conducting tests .*Submit Answer :A*Correct Answer :AExplain :The most important requirement as regards the continued effectiveness of the DRP is the updated list of employees who have key responsibilities in relation to the disaster recovery procedure. The other options, although important, are not as important as an updated contact list.Question :When can a warm site be used for recovery?A.When the downtime is acceptable to the business without breaching any legal requirements .B.When it’s not profitable to operate a hot site.C.When the recovery is of high priority .D.When the actual recovery exceeds the recovery time objective .*Submit Answer :C*Correct Answer :AExplain :The warm site is acceptable to the business when the downtime is cceptable without breaching any legal requirements. Making a profit is not the reason for using a warm site.

Question :How is existing database integrity best assured?A.Log monitoring .B.Table link checks.C.Query time checks .D.Rollback features .*Submit Answer :D*Correct Answer :BExplain :A table link check helps to identify table linking errors, such as incomplete or inaccurate content in a database. It provides assurance about the integrity of a database. Log monitoring may indicate some events; however, table link checks provide reliable assurance about integrity. Query time checks help to improve database performance. Rollback and roll forward help in recovering from disruption but do not help to check the integrity of existing database content.Question :Which of the following methods of testing BC/DR plans is not acceptable?A.Desktop .B.Modular.C.Full interruption .D.Unannounced .*Submit Answer :C*Correct Answer :DExplain :

Unannounced testing is not acceptable because of the potential to create additional harm. Some people are not able to deal with the extra stress or may exercise the wrong response and create a real emergency.Question :An organization has changed the vendor maintaining critical applications. In the new contract, the incident resolution time has been modified. Which of the following is a major concern?A.The impact of the modification is not considered in the disaster recovery document .B.The impact of the modification is not considered when determining the recovery point objective.C.The application owners are not aware of the modification .D.The old service provider does not agree with the new resolution time .*Submit Answer :C*Correct Answer :CExplain :The major risk in this scenario is that application owners are not aware of the modification. This can have serious repercussions on critical business processes.Options A and B are important but not as critical as option C.Question :Media updates and announcements should be ________ during the event.?A.From the CEO when new events occur .B.From the local disaster relief official in charge.C.From the PIO at regular intervals .D.From a senior manager or company officer .*Submit Answer :C*Correct Answer :C

Explain :All media updates and announcements should be handled by the public information officer (PIO) during the event. This is necessary to prevent misinformation or confusion. Providing information at regular intervals helps promote trust and confidence.Question :Which of the following documents will help the most in developing a BCP?A.An external audit report .B.A risk assessment.C.A resource analysis .D.A gap analysis .*Submit Answer :B*Correct Answer :BExplain :A risk assessment document will help in developing a BCP. It helps to understand the risks to business processes. It is recommended to review the BCP for its adequacy every time a risk assessment is conducted to ensure that the BCP is aligned with the organization's latest risk assessment.Question :What is the best method for testing the effectiveness of specific recovery procedures?A.Ask the participants their opinion of the exercise .B.Observe the procedure as it’s being executed.C.Time the procedure’s execution and compare it to the RTO .D.Follow the manufacturer/vendor’s recommended procedures .*Submit Answer :A

*Correct Answer :CExplain :The best method from the options provided is to compare the elapsed time to execute the procedure against their stated recovery time objective (RTO). Participant opinions are important for buy-in; however, some opinions may be too optimistic or too pessimistic. Observing the procedure being executed will help determine its odds of being successfully completed. What really matters is that recovery occurs within its specific time window since other processes are depending on it.Question :Which of the following areas is of most concern to an IS auditor?A.The responsibility for declaring a disaster is not defined .B.The disaster level is considered on the basis of damaged functions and not onthe basis of duration.C.A BCP document was reviewed and approved more than 1 year ago .D.The difference between a disaster and an incident is not documented .*Submit Answer :A*Correct Answer :AExplain :It is very important to make a key employee responsible for declaring a disaster.If a disaster is not declared by anyone, the BCP would not be invoked and thereby threaten the continuity of the business.Question :Who is the incident commander?A.First person on the scene even if it’s a five-year-old child .

B.Manager or executive of the organization.C.Member of the police or fire department .D.A person with special training .*Submit Answer :D*Correct Answer :AExplain :The first person on the scene is the incident commander, even if it’s a five-year-old child calling the police, ambulance, or fire department. The person on the scene directs all efforts until relieved by a more qualified person. Anyone can bean incident commander, and no special training is needed.Question :In the case of a separate BCP for each department, which of the following areas should be reconciled first?A.A version control .B.An evacuation plan.C.An approval authority .D.An offsite facility .*Submit Answer :B*Correct Answer :BExplain :The protection of human life should be the main objective of any BCP. It is important to reconcile the evacuation plan for each department's BCP to ensure that they are aligned in terms of the safety and security of staff and clients.

Question :How does the term oversubscription relate to theresponse plans in business continuity and disaster recovery?A.Too much insurance coverage with overlapping policies. .B.Using the same site for hot, warm, and cold recovery..C.More customers than the site can handle. .D.Transportation is not available to the site. .*Submit Answer :A*Correct Answer :CExplain :Oversubscription relates to the vendor overselling services to more ustomers than the recovery site can handle. To eliminate an oversubscription problem, the price consequences of failure and total cost of leasing an alternate site for 60 days can be used to help justify a cooperative venture to buy a dedicated site. The cooperative venture allows cost sharing with another organization, if both can use the site simultaneously.Question :For effective implementation of the BCP, it should be?A.stored in a secure offsite facility .B.communicated to the appropriate personnel.C.approved by senior management .D.hosted on an organization's intranet .*Submit Answer :B*Correct Answer :BExplain :

Implementation of the BCP will only be effective if appropriate personnel are informed regarding it. The other options are not as important as communicating BCP arrangements to concerned employees.Question :What is the objective of the strategy planning phase?A.Select a vendor offering the best solution .B.Pick a response to cover every situation.C.Identify time windows and minimum service .D.Satisfy all the stakeholders’ interests to their satisfaction .*Submit Answer :C*Correct Answer :CExplain :The principle objective in strategy planning is to identify the available time window and minimum service necessary for recovery. This discussion should never involve a vendor or a specific product. The goal is to force the development of a well-defined specification, and then later look for solutions that fit that specification. Vendors and products are never, never, never a strategy.Question :Which of the following is the best control againstunauthorized changes to a database after office hours?A.Changes only being made with DBA user accounts .B.Changes only being made with application owner accounts.C.Using the DBA account to make changes and then reviewing the logs for the change the next day .D.Using the application owner account to make changes and then reviewing the logs for the change the next day .*Submit Answer :C

*Correct Answer :CExplain :A database should only be changed using a DBA account. Furthermore, any changes made after office hours should be appropriately reviewed and approvedthe next day.Question :Which of the following is not a recommended criterion for invocation of the BC/DR plan?A.Financial loss .B.Duration of outage is unknown.C.Cost of activation .D.Scope of problem cannot be determined .*Submit Answer :D*Correct Answer :CExplain :Cost of activating is not an acceptable criterion for invocation of the BC/DR plan.The plan should always be activated if the conditions are met. Conditions requiring invocation of the plan include estimated financial loss, duration of outage, and the inability to determine the loss or scope of impact.Question :Which of the following additional functions should not be performed by DBAs?A.Maintenance of the database activity log .B.Conducting table link error test.C.Implementing backup and recovery procedures .D.Using database optimization tools .

*Submit Answer :not answered*Correct Answer :AExplain :Maintenance of the database activity logs should be done by a separate team. This will help to protect logs related to DBA activities. This will ensure the appropriate segregation of duties. The other options are generally performed by the DBA as part of their normal job function.Question :Which of these is the primary output from the business impact analysis (BIA)?A.Identification of alternate revenue opportunities .B.Analysis of dependencies and areas of overreliance.C.High-level understanding of definitions .D.Low-level blueprint of the business process .*Submit Answer :A*Correct Answer :DExplain :A low-level blueprint (or schematic) of the business process is the primary output from the business impact analysis (BIA). If performed correctly, the BIA will provide high-quality supporting detail for the other possible answer choices.Question :What does concurrency control help to do in a database?A.Prevent unauthorized access to data .B.Prevent integrity issues during simultaneous updates by multiple users.C.Ensure the confidentiality of data .D.Prevent unauthorized modification of data .

*Submit Answer :B*Correct Answer :BExplain :Concurrency control manages simultaneous operations in DBMSes and ensures that there are no conflicts. Concurrency control ensures that the integrity of data remains intact. It will not directly impact other options.Question :Which of the following definitions is the best example of an RTO?A.Target point of optimum data recovery .B.Target time for the user to be processing again.C.Target service level at a particular point in time .D.Target for recovery to be completed .*Submit Answer :A*Correct Answer :BExplain :The recovery time objective (RTO) is the deadline for when the user must be processing again. IT is expected to have completed the necessary level of technical recovery. The user is able to resume processing work unless that RTO has failed.Question :The prime objective of the BCP is?A.to provide assurances to stakeholders regarding business continuity .B.to comply with regulatory requirements.C.to arrange for an alternate site to meet the RTO .D.to manage risk while recovering from a disaster .

*Submit Answer :D*Correct Answer :DExplain :The objective of the BCP process is to manage and mitigate the risk of disaster so that the continuity of business operations can be ensured.Question :At a minimum, when should the BIA be updated and the BC/DR plan be exercised (tested)?A.Semiannually .B.Annually.C.When resources allow .D.Every two years .*Submit Answer :B*Correct Answer :BExplain :Every organization should exercise the BC/DR plan at least once per year. Some regulations, such as Gramm-Leach-Bliley, require live recovery exercises at leastonce every 90 days (quarterly). The BIA should be updated at least annually or whenever a change occurs to the strategy, the organizational structure, or the business process protected by the plan.Question :Data is copied from a backup server to the production server. Which of the following is the best way to ensure that no unauthorized software moves to the production server?

A.Reviewing changes in software version control .B.Conducting a full backup.C.Carrying out a backup process manually .D.Reviewing the backup server log .*Submit Answer :A*Correct Answer :AExplain :Software version control will help to address this issue. An IS auditor should review the version of the software that is moved to production. This will help to determine that only the updated version is transferred to the production server.Question :Which of the following is the best compensatory control where developers themselves release emergency changes directly to production?A.Changes should be logged and approved on the next business day .B.Developers should only be allowed to do changes during office hours.C.Second-level approval is required before a change is released .D.Changes should be deployed only in the presence of the user .*Submit Answer :A*Correct Answer :AExplain :Options B, C, and D are not feasible for releasing emergency changes. The best compensatory control is to log all such changes and subsequently approve thosechanges.

Question :An organization has changed the vendor maintaining critical applications. In the new contract, the incident resolution time has been modified. Which of the following is a major concern?A.The impact of the modification is not considered in the disaster recovery document .B.The impact of the modification is not considered when determining the recovery point objective.C.The application owners are not aware of the modification .D.The old service provider does not agree with the new resolution time .*Submit Answer :C*Correct Answer :CExplain :The major risk in this scenario is that application owners are not aware of the modification. This can have serious repercussions on critical business processes.Options A and B are important but not as critical as option C.Question :Which of the following is a major concern in a change management process?A.Different configurations for the test and production systems .B.The non-availability of manual change management records.C.The non-availability of a configuration management database .D.Inadequate training of the personnel involved .*Submit Answer :C*Correct Answer :CExplain :

The configuration management database is used to monitor configuration assetsand their dependencies. Its absence may result in incorrect approvals and configuration. Also, dependencies may be ignored during configuration. The other options are not as significant as option C.Question :Which of the following is the first approach in developing a disaster recovery strategy?A.To assess whether all threats can be completely removed .B.To assess whether resiliency can be established for critical information assets.C.To assess whether the RTO can be minimized .D.To assess whether the costs of recovery can be minimized .*Submit Answer :B*Correct Answer :BExplain :Resilient information assets are able to withstand the disaster and thereby prevent the problem. Preventive control is always better than corrective control.Minimizing the RTO and cost comes into play at a later stage of the disaster recovery strategy. It is not practical to remove all the threats that an organization faces.Question :An auditor's first step when suspecting the occurrence of an incident should be?A.to switch off the system .B.to do nothing and verify the effectiveness of the incident response team.C.to conduct a detailed investigation of the incident .D.to report the incident to management immediately .*Submit Answer :C

*Correct Answer :DExplain :It is most important that the auditor should report the details of the incident to management immediately. Auditors should not switch off the system directly as this may impact the evidence. Let the IT expert work on the solution.Question :Which one of the following technologies would provide the most automation of an inventory control process in a cost-effective manner??A.IPS .B.WiFi.C.RFID .D.Ethernet .*Submit Answer :C*Correct Answer :CExplain :Radio Frequency IDentification (RFID) technology is a cost-effective way to trackitems around a facility. While Wi-Fi could be used for the same purpose, it wouldbe much more expensive to implement.Question :What type of attack is shown in the following figure??

A.SYN flood .B.Ping flood.C.Smurf .D.Fraggle .*Submit Answer :C*Correct Answer :AExplain :In a SYN flood attack, the attacker sends a large number of SYN packets to a system but does not respond to the SYN/ACK packets, attempting to overwhelm the attacked system’s connection state table with half-open connections.Question :Tom is responding to a recent security incident and is seeking information on the approval process for a recent modification to a system’s security settings. Where would he most likely find this information??A.Change log .B.System log.C.Security log .

D.Application log .*Submit Answer :B*Correct Answer :AExplain :The change log contains information about approved changes and the change management process. While other logs may contain details about the change’s effect, the audit trail for change management would be found in the change log.Question :Referring to the following figure, what technology is shown that provides fault tolerance for the database servers??A.Failover cluster .B.UPS.C.Tape backup .D.Cold site .*Submit Answer :C

*Correct Answer :AExplain :The illustration shows an example of a failover cluster, where DB1 and DB2 are both configured as database servers. At any given time, only one will function asthe active database server, while the other remains ready to assume responsibility if the first one fails. While the environment may use UPS, tape backup, and cold sites as disaster recovery and business continuity controls, they are not shown in the diagram.Question :What type of evidence consists entirely of tangible items that may be brought into a court of law??A.Documentary evidence .B.Parol evidence.C.Testimonial evidence .D.Real evidence .*Submit Answer :A*Correct Answer :DExplain :Real evidence consists of things that may actually be brought into a courtroom as evidence. For example, real evidence includes hard disks, weapons, and items containing fingerprints. Documentary evidence consists of written items that may or may not be in tangible form. Testimonial evidence is verbal testimony given by witnesses with relevant information. The parol evidence rule says that when an agreement is put into written form, the written document is assumed to contain all the terms of the agreement.

Question :Which one of the following might a security teamuse on a honeypot system to consume an attacker’s time while alerting administrators??A.Honeynet .B.Pseudoflaw.C.Warning banner .D.Darknet .*Submit Answer :A*Correct Answer :BExplain :A pseudoflaw is a false vulnerability in a system that may attract an attacker. A honeynet is a network of multiple honeypots that creates a more sophisticated environment for intruders to explore. A darknet is a segment of unused network address space that should have no network activity and, therefore, may be easily used to monitor for illicit activity. A warning banner is a legal tool used to notify intruders that they are not authorized to access a system.Back To HomeSubscribe to know ourevery single updatesSubscribe NowOnline Courses Exam- Learn Anything, On Your Schedule HomeCourseCart PageCheckoutContact Us

Popular InstructorsBlogMy CoursesMy ProfileInstructor DashboardCertificate CenterQuizQuiz ResultTerms of PolicyFeedbackLogOut