L ke h s docu sha e
Ema
Upcoming SlideShare Loading in...5 × 2 of 58 Like
S ha reavS e CISA eam !"" prac#i ce $ues#i on CISA eam !"" prac#i ce $ues#i on %& Arshad A 'aved (!2 ) v ie*s CISA +evie* Courses , Sli des -ar#2 C ISA +evie* Courses , Sli des - a r #2 %I&&ad our#ada !!5 (
vie*s CISA +evie* Course Sli des , -ar#! C ISA +evie* Course Sli des , -a r #! &%I&ad our#ada !)" ) vie*s Cisa cer#ified,informa#i on,s&s#ems,... Ci sa cer#ified,i nforma#i on,s&s#ems,... %& a#een)/ !00/ ) vie*s S&%e ci sa,cer#i fied,i nforma#ion ,s&... S& %e ci sa,cer#i fied,i nforma#i on,s&... %& samd%20 ("( ( vie*s -assi ng CISA -assi ng CISA %& ani l%a%ladi 228 " vie*s CISA Summar& 1!." CISA Summar& 1 ! ." % c &hris#ianrei na 50) vie*s
Informa#i on S&s#ems Audi# 3 CISA -r... Informa#ion S&s#ems Audi# 3 CISA - r ... %& 4onald es#er 25 ! vie*s CISA , 6e% %ased Course Informa#io... CISA , 6e% %ased Course Informa#io... %& 1i dh&a Sampa#h 7 u ... !)" ( vie*s Self,Servi ng CISA S#ud& uide 9nli ne Self,Servi ng CISA S#ud& ui de 9nli ne %& s#efanhen r& !2" 5 vie*s Chap! 2"") Ci sa +evie* Course C hap 2"" ! ) Ci sa +evie* C ourse %& 4 esmond 4 evendran !"!2 5 vie*s I# audi# presen#a#i on:i cap I# audi# presen#a#i on:i cap %& Ins#i#u#e of Cos#... !5) 5 vie*s #radi#ional role of an IS audi#or in a con#rol self, Like
#hi s; Share i# *i#h &our ne#*ork
assessmen# FCSAG should %e #ha# of a facili#a#or. 2. 6ha# is #he
Share
!<(2)
Cisa ,mock:eam Ala melu
vie*s
=a%u
> ? ollo* "
!
"
"
Up loaded on @ov 20< 2"!!
ore in =usin ess < Bechno log&
" Commen#s
/ Likes
S#a#i s#i cs
@o#es
? u ll @ame
Commen# goes here. !2 hours ago 4ele#e +epl& Spam =loc k
-os#
Share your thoughts...
=e #he firs# #o commen#
Br anscrip# !. ock Eam CISAComple#e 2"" ul#iple Choice Dues#ions * i#h de#ailed solu#ions and reasoning ?9+ ?+EE ACCA
h##p k a akpa,kis # ani. % logspo# .c om
2 . !. Bhe #radi#ional role of an IS audi#or in a con#rol self,assessmen# FCSAG should %e #ha# of aFnG A. Implemen#or =. ?acili#a#orCISA 9C7 EHA C. 4eveloper 4. Sponsor Ans* er = Bhe
CISA +evie* Cours es , Slides -ar#2 I&ad
.our#ada
!
CISA +evie* Cours e Slides , -ar#! I&ad
.our#ada
!<)") vie*s
Cis a cer#ified,inform a#ion, s &s #em s ,audi#or,s #ud&, guide.()8"0)"2!520./ .a#een)/
!0<0/8 v ie*s
ore fro m User
+ecommended
CISA eam !"" prac#ice $ues #ion Ars
had
A
S&%e cis a,cer#ified,inform a#ion, s &s #em s ,audi#or,s #ud&,guide, 2nd, edi#ion,m ar,2"
'aved
!<(28 vie*s
s am d%20
primar& o%Jec #ive of a con#rol s elf,ass essmen# FCSAG program; A. Enhancemen# of #he audi#
(<"(( vie*s
responsi%ili#& =. Elimina#ion of #he audi# responsi%ili#& C. +eplacemen# of #he audi# responsi%ili#& 4. In#egri#& of #he audi# responsi%ili#& Ans* er A Audi# responsi%ili#& enhancemen# is an o%Jec#ive of a con#rol self,assessmen# FCSAG program. . IS audi#ors are 9SB likel& #o perform compliance #es#s of in#ernal con#rols if< af#er #heir ini#ial evalua#ion of #he con#rols< #he& conclude #ha# con#rol risks are *
-as s ing CISA
anil%a%ladi 2<28" vie*s
i#hin #he accep#a%le limi#s. Brue or false; A. Brue =. ?alse Ans* er A IS audi#ors are mos# likel& #o perform compliance #es #s of in#ernal con# rols if< af #er #heir ini#ial evalua#ion of #he con#r ols< #he& conclude #ha# con#rol risks are * i#hin #he accep#a%le limi#s. Bhink of i# #his * a& If an& reliance is placed on in#ernal con#r ols< #ha# reliance mus# %e valida#ed #hr ough compliance #es #ing. igh c on#rol
CISA Sum m ar& 1!." chris #ianreina 0<5) vie*s
risk resul#s in li##le reliance on in#ernal con#rols< * hich resul#s in addi#ional su%s#an#ive #es#ing. 0. As compared #o unders#anding an organiKa#ions IB process from evidence direc#l& collec#ed< ho* valua%le are prior audi# repor#s as evidence; A. Bhe same value. =. rea#er value. C. Lesser value. 4. -rior audi# repor#s are no# relevan#. h ## p k a kp,aakis # ani. %logspo# . c om ! ?9+ ?+EE ACCA
Inform a#ion S&s #em s -rep 2"!"
Audi#
3 CISA
4onald es #er
CISA +ES9U+CES 1ISIB h##p k a kp,aakis # ani. %logspo# . c om
52! vie*s
. Ans* er C -rior audi# repor#s are considered of lesser value #o an IS audi#or a##emp#ing #o gain an unders#anding of an organiKa#ions IB process #han evidence direc#l& collec#ed.CISA 9C7 EHA 5. 6ha# is #he -+IA+ purpose of audi# #rails; A. Bo documen# audi#ing effor#s =. Bo correc# da#a
CISA , 6e% %as ed Cours e Inform a#ion S&s #em s of#*are
in#egri#& errors C. Bo es#a%lish accoun#a%ili#& and responsi%ili#& for processed #ransac#ions 4. Bo
1idh&a
preven# unau#horiKed ac cess #o da#a Ans * er C Bhe primar& purp ose of audi# #rails is #o es# a%lish
!<)"( vie*s
Sam pa#h
7u m
aran
accoun#a%ili#& and responsi%ili#& for processed #ransac#ions. /. o* does #he process of s&s#ems audi#ing %enefi# from using a risk,%ased approach #o audi# planning; A. Con#rols #es#ing s#ar#s earlier. =. Audi#ing resources are alloca#ed #o #he areas of highes# concern. C. Audi#ing risk is reduced. 4. Con#rols #es#ing is more #horough. Ans* er = Alloca#ion of audi#ing resources #o #he areas of highes# concern is a %enefi# of a risk,%ased approach #o audi# planning. ). Af#er an IS audi#or has iden#ified
Self ,Serving CISA S#ud& uide 9nline s
#efanhenr& !<2"5 vie*s
#hrea#s and po#en#ial impac#s< #he audi#or should A. Iden#if& and evalua#e #he eis#ing con#rols =. Conduc# a %usiness impac# anal&sis F=IAG C. +epor# on eis#ing con#rols 4. -ropose ne* con#rols
Chap! 2"") Cis a +evie* Cours e 4es m ond 4evendran
Ans* er A Af#er an IS audi#or has iden#ified #hrea#s and po#en#ial impac#s< #he audi#or should #hen
!"
iden#if& and evalua#e #he eis#ing con#rols. h##p k a kp,aakis # ani. %log spo# . c om 2 ?9+ ?+EE ACCA
I# audi#
9C7 EHA C. Con#rols risk 4. Compliance risk Ans* er A Bhe use of s#a#is#ical sampling
Ins #i#u#e of Cos # and .anagem en# - s n Accoun#an# aki #a !5<)5 v ie*s
procedures helps minim iKe de#ec#ion risk. (. 6ha# # &pe of ris k resul #s * hen an IS audi#or us es an inade$ua#e #es# procedure and concludes #ha# ma#erial errors do no# eis# * hen errors ac#uall& eis#; A. =usiness risk =. 4e#ec#ion risk C. +esidual risk 4. Inheren# risk Ans* er = 4e#ec#ion risk resul#s
pres en#a#ion: icap
*
hen an IS audi#or uses an inade$ua#e #es# procedure and concludes #ha# ma#erial errors do no# eis# * hen errors ac#uall& eis#. !". A primar& %enefi# derived from an organiKa#ion emplo&ing con#rol self, assessmen# FCSAG #echni$ues is #ha# i# can A. Iden#if& high,risk areas #ha# migh# need a de#ailed revie*
?all 2""( CISA + evie* Cours e =ill&82 885 vie*s
la#er =. +educe audi# cos#s C. +educe audi# #ime 4. Increase audi# accurac& Ans* er C A primar& %enefi# derived from an organiKa#ion emplo&ing c on#rol self, asses smen# F CSAG #ec hni$ues is #ha# i# can iden#if& high,risk areas #ha# migh# need a de#ailed revie* la#er. !!. 6ha# #&pe of approach #o #he developmen# of organiKa#ional policies is of#en driven %& risk assessmen#; A. =o##om,up =. Bop, do* n C. Comprehensive 4. In#egra#ed h ##p k a kp,aakis # ani. % logspo# .c om ?9+ ?+EE ACCA
CISA -ar#2 I&ad
.our#ada
/8) vie*s
5. Ans* er = A %o##om,up approach #o #he developmen# of organiKa#ional policies is of#en driven %&
In#roduc#ion #o
IB Audi#
risk assessmen#.CISA 9C7 EHA !2. 6ho is accoun#a%le for main#aining appropria#e securi#&
Chris @ icole Apa#
measures over informa#ion asse#s; A. 4a#a and s&s#ems o* ners =. 4a#a and s&s#ems users C. 4a#a and
!
s&s#ems cus#odians 4. 4a#a and s&s#ems audi#ors Ans* er A 4a#a and s&s#ems o* ners are accoun#a%le for main#aining appropria#e securi#& measures over informa#ion asse#s. !. -roper segrega#ion of du#ies prohi%i#s a s&s# em anal&s# from perf orming $uali#&,ass urance f unc#ions. Brue or fal se; A. Brue =. ?alse
Chap5 2"") Cis a + evie* Cours e
Ans* er A -roper segrega#ion of du#ies prohi%i#s a s&s#em anal&s# from performing $uali#&,assurance
4es m ond 4evendran
func#ions. !0. 6ha# should an IS audi#or do if he or she o%serves #ha# proJec#,approval procedures do
<0(0 vie*s
no# eis#; A. Advise senior managemen# #o inves# in proJec#, managemen# #raining for #he s#aff =. Crea#e proJec#,approval procedures for fu#ure proJec# implemen#a#ions C. Assign proJec# leaders 4. +ecommend #o managemen# #ha# formal approval procedures %e adop#ed and documen#ed Ans* er 4 If an IS audi#or o%serves #ha# proJec#,approval procedures do no# eis#< #he IS audi#or should recommend #o managemen# #ha# formal approval procedures %e adop#ed and documen#ed. !5. 6ho is ul#ima#el&
Chap/ 2"") Cis a + evie* Cours e 4es m ond 4evendran 2<(!( vie*s
accoun#a%le for #he developmen# of an IS securi#& polic&; A. Bhe %oard of direc#ors =. iddle managemen# C. Securi#& adminis#ra#ors 4. @e#* ork adminis#ra#orsh## p k a ak pa,kis #ani. % logspo#. c om0 ?9+ ?+EE ACCA
ISACA
Upda#e , ISACA Cen#ral 9hio Chap#er =ill&82
/ . Ans* er A Bhe %oard of direc#ors is ul#ima#el& accoun#a%le for #he developmen# of an IS securi#&
!<88( vie*s
polic&.CISA 9C7 EHA !/. -roper s egrega#ion of du#ies norm all& does no# pr ohi%i# a LA@ adminis#ra#or from also having programming responsi%ili#ies. Brue or false; A. Brue =. ?alse Ans* er = -roper segrega#ion of du#ies normall& prohi%i#s a LA@ adminis#ra#or from also having programming responsi%ili#ies. !). A core #enan# of an IS s#ra#eg& is #ha# i# mus# A. =e inepensive =. =e pro#ec#ed as
! $ is ,audi#proces s Ala m
elu =a%u
2<22! vie*s
sensi#ive confiden#ial informa#ion C. -ro#ec# informa#ion confiden#iali#&< in#egri#&< and availa%ili#& 4. Suppor# #he %usiness o%Jec#ives of #he organiKa#ion Ans* er 4 A%ove all else< an IS s#ra#eg& mus# suppor# #he %usiness o%Jec#ives of #he organiKa#ion. !8. =a#ch con#rol reconcilia#ion is a Ffill in #he %lankG con#rol for mi#iga#ing risk of inade$ua#e segrega#ion of du#ies. A. 4e#ec#ive =. Correc#ive C. -reven#a#ive 4. Compensa#or& Ans* er 4 =a#ch con#rol reconcilia#ions is a compensa#or& con#rol for mi#iga#ing risk of inade$ua#e segrega#ion of du#ies. !(. 7e& verifica#ion is one of #he %es# con#rols for ensuring #ha# A. 4a#a is en#ered correc#l& =. 9nl& au#horiKed cr&p#ographic ke&s are used C. Inpu# is au#horiKed h##p k a ak pa,kis #ani. % logspo#. c om5 ?9+ ?+EE ACCA
h##p k a akpa,kis # ani. % logspo# .c om
) . 4. 4a#a%ase indeing is performed properl& Ans* er ACISA 9C7 EHA 7e& verifica#ion is one
) ?9+ ?+EE ACCA
of #he %es# con#rols for ensuring #ha# da#a is en#ered correc#l&. 2". If senior managemen# is no# commi##ed #o s#ra#egic planning< ho* likel& is i# #ha# a compan&s implemen#a#ion of IB * ill %e
errors #o %e de#ailed in #he console log. 2). A#omici#&
successful; A. IB canno# %e implemen#ed if senior managemen# is no# commi##ed #o s#ra#egic planning.
enforces da#a in#egri#& %& ensuring #ha# a #ransac#ion is ei#her
=. ore likel&. C. Less likel&. 4. S#ra#egic planning does no# affec# #he success of a compan&s
comple#ed in i#s en#irel& or no# a# all. A#omici#& is par# of #he
implemen#a#ion of IB. Ans* er C A compan&s implemen#a#ion of IB * ill %e less likel& #o succeed if
ACI4 #es# reference for #ransac#ion processing. Brue or
senior managemen# is no# commi##ed #o s#ra#egic planning. 2!. 6hich of #he follo* ing could lead #o an
false; A. Brue =. ?alse Ans* er A A#omici#& enforces da#a
unin#en#ional loss of confiden#iali#&; Choose #he =ESB ans* er. A. Lack of emplo&ee a* areness of a
in#egri#& %& ensuring #ha# a #ransac#ion is ei#her comple#ed in
compan&s informa#ion securi#& polic& =. ?ailure #o compl& * i#h a compan&s informa#ion securi#& polic&
i#s en#irel& or no# a# all. A#omici#& is par# of #he ACI4 #es#
C. A momen#ar& lapse of reason 4. Lack of securi#& polic& enforcemen# procedures Ans* er A Lack of
reference for #ransac#ion processing. 28. 6h& does #he IS
emplo&ee a* areness of a compan&s informa#ion securi#& polic& could lead #o an unin#en#ional loss of
audi#or of#en revie* #he s&s#em logs; A.
confiden#iali#&. 22. 6ha# #opolog& provides #he grea#es# redundanc& of rou#es and #he grea#es# ne#* ork
Bo ge# evidence of pass* ord spoofing =. Bo ge# evidence
faul# #olerance; A. A s#ar ne#* ork #opolog& =. A mesh ne#* ork #opolog& * i#h packe# for* arding
of da#a cop& ac#ivi#ies C. Bo de#ermine #he eis#ence of
ena%led a# each hos# C. A %us ne#* ork #opolog& 4. A ring ne#* ork #opolog& Ans* er =h##p k a k a ,
unau#horiKed access #o da#a %& a user or program 4. Bo ge#
pakis # ani. % logspo# .c om / ?9+ ?+EE ACCA
evidence of pass* ord
pakis # ani. % logspo# .c om
sharing Ans* er C 6hen #r&ing #o de#ermine #he eis#ence of unau#horiKed access #o da#a %& a user or program< #he IS
8 . A mesh ne#* ork #opolog& provides a poin#,#o,poin# link %e#* een ever& ne#* ork hos#. If each hos# is
audi#or * ill of#en revie* #he s&s#em logs. 2(. 6ha# is
configured #o rou#e and for* ard communica#ion< #his #opolog& provides #he grea#es# redundanc& of
essen#ial for #he IS audi#or #o o%#ain a clear unders#anding of
rou#es and #he grea#es# ne#* ork faul# #olerance.CISA 9C7 EHA 2. An IS audi#or usuall& places
ne#* ork managemen#; A. Securi#& adminis#ra#or access #o
more reliance on evidence direc#l& collec#ed. 6ha# is an eample of such evidence; A. Evidence
s&s#ems =. S&s#ems logs of all hos#s providing applica#ion
collec#ed #hrough personal o%serva#ion =. Evidence collec#ed #hrough s&s#ems logs provided %& #he organiKa#ions securi#& adminis#ra#ion C. Evidence collec#ed #hrough surve&s collec#ed from in#ernal s#aff
services C. A graphical map of #he ne#* ork #opolog& 4. Adminis#ra#or access #o s&s#ems Ans* er C h ##p k a k a , pakis # ani. % logspo# .c om 8 ?9+ ?+EE
4. Evidence collec#ed #hrough #ransac#ion repor#s provided %& #he organiKa#ions IB adminis#ra#ion Ans* er A An IS audi#or usuall& places more reliance on evidence direc#l& collec#ed< such as #hrough personal o%serva#ion. 20. 6ha# kind of pro#ocols does #he 9SI Branspor# La&er of #he BC-Ipro#ocol s ui#e provide #o ensure relia%le c ommunica#ion; A . @onc onnec#ion,orien# ed pro#ocol s =. Connec#ion,orien#ed pro#ocols C. Session,orien#ed pro#ocols 4. @onsession,orien#ed pro#ocols Ans* er = Bhe #ranspor# la&er of #he BC-I- pro#ocol sui#e provides for connec#ion,orien#ed pro#ocols #o ensure relia%le communica#ion. 25. o* is #he #ime re$uired for #ransac#ion processing revie* usuall& affec#ed %& properl& implemen#ed Elec#ronic 4a#a In#erface FE4IG; A. E4I usuall& decreases #he #ime necessar& for revie* . =. E4I usuall& increases #he #ime necessar& for revie* . C. Canno# %e de#ermined. 4. E4I does no# affec# #he #ime necessar& for revie* . Ans* er A Elec#ronic da#a in#erface FE4IG suppor#s in#ervendor communica#ion * hile decreasing #he #ime necessar& for revie* %ecause i# is usuall& configured #o readil& iden#if& errors re$uiring follo* ,up. h##p k a kp,aakis # ani. % logspo# .c om
ACCA
Audi#
-roces s < Audi# -rocedures < Audi# -lanning< Audi#ing
Advance =us ines s Cons ul#ing
S&%e.Cis a.Cer#ified.Inform a#ion.S&s #e
/2<2/2 vie*s
gues #)d/)c( !/<20/ v ie*s
6elcom e #o cis a !"! s um m er 'enni 4avis
Lund
()" vie*s
Cis a 3 cis m people s of# audi# plans ic $s Sa#is h Apparala
(22 vie*s Chap 2"") Cis a +evie* Cours e 4es m ond 4evendran 2<"(0 vie*s
C*i s &lla%us cis a,fall,2"! ,lund JenlundC6I )(( vie*s
Ch2 2""( cis a as ruls ani"(
Inform aciMn Cer#ificaciMn &
!<002 vie*s
?orm aciMn CISA 2"!0 ES ISACA .adrid
S#eps in
2/" vie*s
kin Jalm ko#hari(2
i#
audi#
!<"!2 vie*s
des 4es m ond 4evendran
Bhe S#a#us of IB
2<!! vie*s
Bim o#h&2!2
Audi#
Educa#ion
(/0 vie*s
!" . A graphical in#erface #o #he map of #he ne#* ork #opolog& is essen#ial for #he IS audi#or #o o%#ain a clear unders#anding of ne#* ork managemen#. ". o* is risk affec#ed if users have direc# access #o a
Cis a !"! s um m er s &lla%us
da#a%ase a# #he s&s#em level;CISA 9C7 EHA A. +isk of unau#horiKed access increases< %u# risk of
'enni 4avis
un#racea%le changes #o #he da#a%ase decreases. =. +isk of unau#horiKed and un#racea%le changes #o #he
/// vie*s
Lund
da#a%ase increases. C. +isk of unau#horiKed access decreases< %u# risk of un#racea%le changes #o #he da#a%ase increases. 4. +isk of unau#horiKed and un#racea%le changes #o #he da#a%ase decreases. Ans* er = If users have direc# access #o a da#a%ase a# #he s&s#em level< risk of unau#horiKed and un#racea%le changes #o #he da#a%ase increases. !. 6ha# is #he mos# common purpose of a vir#ual priva#e ne#* ork implemen#a#ion; A. A vir#ual priva#e ne#* ork F1-@G helps #o secure access %e#* een an en#erprise and
Sa aug"( %&rne m cees hie !
i#s par#ners * hen communica#ing over an o#her* ise unsecured channel such as #he In#erne#. =. A vir#ual priva#e ne#* ork F1-@G helps #o secure access %e#* een an en#erprise and i#s par#ners * hen communica#ing over a dedica#ed B! connec#ion. C. A vir#ual priva#e ne#* ork F1-@G helps #o secure access * i#hin an en#erprise * hen communica#ing over a dedica#ed B! connec#ion
%e#* een ne#* ork s egmen#s * i# hin #he s ame facili#&. 4. A vir #ual priva#e ne#* ork F1-@G hel ps #o
Chap#er 0
secure access %e#* een an en#erprise and i#s par#ners * hen communica#ing over a * ireless connec#ion.
.+ick&
Ans* er A A vir#ual priva#e ne#* ork F1-@G helps #o secure access %e#* een an en#erprise and i#s
2<85 vie*s
par#ners * hen communic a#ing over an o#her* ise unsecured channel suc h as #he In#erne#. 2. 6ha# %enefi# does using c apaci#&,m oni#oring sof #* are #o moni#or us age pa##erns and #rends provide #o managemen#; Choose #he =ESB ans* er. A. Bhe sof#* are can d&namicall& readJus# ne#* ork #raffic capa%ili#ies %ased upon curren# usage. =. Bhe sof#* are produces nice repor#s #ha# reall& impress managemen#. C. I# allo* s users #o properl& alloca#e resources and ensure con#inuous efficienc& of
IS Audi# and In#ernal Con#rols =hara#h +ao )!0 vie*s
opera#ions. 4. I# allo* s managemen# #o properl& alloca#e resources and ensure con#inuous efficienc& of opera#ions. Ans* er 4 Using capaci#&,moni#oring sof#* are #o moni#or usage pa##erns and #rends
Audi#
proces s hem
ena%les managemen# #o properl& alloca#e resour ces and ensure con#inuous eff icienc & of opera#ions.
a#ha&ani#h&
h## p k a kp,aakis # ani.% log spo# . c om ( ?9+ ?+EE ACCA
!<8) vie*s
h##p k a kp,aakis # ani.% log spo# . c om !! . . 6ha# can %e ver& helpful #o an IS audi#or * hen de#ermining #he efficac& of a s&s#ems
or upda#e #he same informa#ion. 5. 6ha# increases
main#enance program; Choose #he =ESB ans* er. A. @e#* ork,moni#oring sof#* areCISA 9C7
encr&p#ion overhead and cos# #he mos#; A. A long s&mme#ric
EHA =. A s&s#em do* n#ime log C. Adminis#ra#ion ac#ivi#& repor#s 4. elp,desk u#iliKa#ion #rend
encr&p#ion ke& =. A long as&mme#ric encr&p#ion ke& C. A
repor#s Ans* er = A s&s#em do* n#ime log can %e ver& helpful #o an IS audi#or * hen de#ermining #he
long Advance Encr&p#ion S#andard FAESG ke& 4. A long
efficac& of a s&s#ems main#enance program. 0. 6ha# are used as a coun#ermeasure for po#en#ial
4a#a Encr&p#ion S#andard F4ESG ke& Ans* er = A long
da#a%ase corrup#ion * hen #* o processes a##emp# #o simul#aneousl& edi# or upda#e #he same
as&mme#ric encr&p#ion ke& Fpu%lic ke& encr&p#ionG increases
informa#ion; Choose #he =ESB ans* er. A. +eferen#ial in#egri#& con#rols =. @ormaliKa#ion con#rols C.
encr&p#ion overhead and cos#. All o#her ans* ers are single
Concurrenc& con#rols 4. +un,#o,run #o#als Ans* er A Concurrenc& con#rols are used as a
shared s&mme#ric ke&s. /. 6hich of #he follo* ing %es#
coun#ermeasure for po#en#ial da#a%ase corrup#ion * hen #* o processes a##emp# #o simul#aneousl& edi#
charac#eriKes N* ormsN; A. alicious programs #ha# can run independen#l& and can propaga#e * i#hou# #he aid of a carrier
program s uch as email = . -rogr amming code er rors #ha# c ause a progr am #o r epea#edl& dump da#a C. alicious programs #ha# re$uire #he aid of a carrier program such as email h## p k a k a ,
-roces s us Audi# SI Ars Pne
@ ga#o
)5( vie*s
pakis # ani. % logspo# .c om !" ?9+ ?+EE ACCA
h##p k a akpa,kis # ani. % logspo# .c om
!2 . 4. alicious programs #ha# mas$uerade as common applica#ions such as screensavers or macro, ena%led 6ord documen#s Ans* er ACISA 9C7 EHA 6orms are malicious programs #ha# can run independen#l& and can propaga#e * i#hou# #he aid of a carrier program such as email. ). 6ha# is an ini#ial s#ep in crea#ing a proper fire* all polic&; A. Assigning access #o users according #o #he principle
Checklis # for Inform a#ion S&s #em s Audi#
A5.A4 =5ABBI
2<)20 v ie*s
of leas# privilege =. 4e#ermining appropria#e fire* all hard* are and sof#* are C. Iden#if&ing ne#* ork applica#ions such as mail< * e%< or ?B- servers 4. Configuring fire* all access rules Ans* er C Iden#if&ing ne#* ork applica#ions such as mail< * e%< or ?B- servers #o %e e#ernall& accessed is an ini#ial s#ep in crea#ing a proper fire* all polic&. 8. 6ha# #&pe of cr&p#os&s#em is charac#eriKed %& da#a
Audi#ing In
Com pu#er Environ m en# -res en#a#ion Sako
.a&rick
5/<("0 v ie*s
%eing encr &p#ed %& #he s ender usin g #he rec ipien#s pu%lic ke&< and #he da#a #hen %eing decr&p#ed using #he recipien#s priva#e ke&; A. 6i#h pu%lic,ke& encr&p#ion< or s&mme#ric encr&p#ion =. 6i#h pu%lic,ke& encr&p#ion< or as&mme#ric encr&p#ion C. 6i#h shared,ke& encr&p#ion< or s&mme#ric encr&p#ion 4. 6i#h shared,ke& encr&p#ion< or as&mme#ric encr&p#ion Ans* er = 6i#h pu%lic ke& encr&p#ion or as&mme#ric encr&p#ion< da#a is encr&p#ed %& #he sender using #he recipien#s pu%lic ke&O #he da#a is #hen decr&p#ed using #he recipien#s priva#e ke&. (. o* does #he SSL ne#* ork pro#ocol provide confiden#iali#&; A. Bhrough s&mme#ric encr&p#ion such as +SA =.
Bhrough as&mme#ric encr&p#io n such as 4a#a
Encr&p#ion S#andard< or 4ES C. Bhrough as&mme#ric encr&p#ion such as Advanced Encr&p#ion S#andard< or AES 4. Bhrough s&mme#ric encr&p#ion such as 4a#a Encr&p#ion S#andard< or 4ES Ans* er 4 Bhe SSL pro#ocol provides confiden#iali#& #hrough s&mme#ric encr&p#ion such as 4a#a Encr&p#ion S#andard< or 4ES. h ##p k a kp,aakis # ani. % logspo# .c om !! ?9+ ?+EE ACCA
! . 0". 6ha# are used as #he frame* ork for developing logical access con#rols; A. Informa#ion s&s#ems securi#& policies =. 9rganiKa#ional securi#& policiesCISA 9C7 EHA C. Access Con#rol Lis#s FACLG 4. 9rganiKa#ional char#s for iden#if&ing roles and responsi%ili#ies Ans* er A Informa#ion s&s#ems securi#& policies ar e used as #he frame* ork for developing l ogical acc ess con#rols . 0!. 6hich of #he follo* ing are effec#ive con#rols for de#ec#ing duplica#e #ransac#ions such as pa&men#s made or received; A. Concurrenc& con#rols =. +easona%leness checks C. Bime s#amps 4. +eferen#ial in#egri#& con#rols Ans* er C Bime s#amps are an effec#ive con#rol for de#ec#ing duplica#e #ransac#ions such as pa&men#s made or received. 02. 6hich of #he follo* ing is a good con#rol for pro#ec#ing confiden#ial da#a residing on a -C; A. -ersonal fire* all =. ?ile encapsula#ion C. ?ile encr&p#ion 4. os#,%ased in#rusion de#ec#ion Ans* er C ?ile encr&p#ion is a good con#rol for pro#ec#ing confiden#ial da#a residing on a -C. 0. 6hich of #he follo* ing is a guiding %es# prac#ice for implemen#ing logical access con#rols; A. Implemen#ing #he =i%a In#egri#& odel =. Access is gran#ed on a leas#,privilege %asis< per #he organiKa#ions da#a o* ners C. Implemen#ing #he Bake,ran# access con#rol model 4. Classif&ing da#a according #o #he su%Jec#s re$uiremen#s Ans* er = h##p k a ak pa,kis # ani. %log spo# . c om !2 ?9+ ?+EE ACCA
h##p k a kp,aakis # ani. % logspo#. c om
!0 . Logical access con#rols should %e revie* ed #o ensure #ha# access is gran#ed on a leas#,privilege %asis< per #he organiKa#ions da#a o* ners. 00. 6ha# does -7I us e #o provide some of #he s#r onges# overall con#rol over da#a confiden#iali#&
In#ernal audi# proced ure %havikJari*ala 5<)! vie*s
#ransac#ions; A. A com%ina#ion of pu%lic,ke& cr&p#ograph& and digi#al cer#ifica#es and #* o,fac#or au#hen#ica#ion =. A com%ina#ion of pu%lic,ke& cr&p#ograph& and #* o,fac#or au#hen#ica#ion C. A com%ina#ion of pu%lic,ke& cr&p#ograph& and digi#al cer#ifica#es 4. A com%ina#ion of digi#al cer#ifica#es and #* o,fac#or au#hen#ica#ion Ans* er C -7I uses a com%ina#ion of pu%lic,ke& cr&p#ograph& and digi#al cer#ifica#es #o provide some of #he s#ronges# overall con#rol over da#a confiden#iali#&< relia%ili#&< and in#egri#& for In#erne# #ransac#ions. 05. 6hich of #he follo* ing do digi#al signa#ures provide; A. Au#hen#ica#ion and in#egri#& of da#a =. Au#hen#ica#ion and confiden#iali#& of da#a C. Confiden#iali#& and in#egri#& of da#a 4. Au#hen#ica#ion and availa%ili#& of da#a Ans* er A Bhe primar& purpose of digi#al signa#ures is #o provide au#hen#ica#ion and in#egri#& of da#a. 0/. +egarding digi#al signa#ure implemen#a#ion< * hich of #he follo* ing ans* ers is correc#; A. A digi#al signa#ure is crea#ed %& #he sender #o prove message in#egri#& %& encr&p#ing #he message * i#h #he senders priva#e ke&. Upon receiving #he da#a< #he recipien# can decr&p# #he da#a using #he senders pu%lic ke&. =. A digi#al signa#ure is crea#ed %& #he sender #o prove message in#egri#& %& encr&p#ing #he message * i#h #he recipien#s pu%lic ke&. Upon receiving #he da#a< #he recipien# can decr&p# #he da#a using #he recipien#s pu%lic ke&. C. A digi #al signa#ure i s c rea#ed %& #he s ender #o pr ove mess age in#egri#& %& ini#iall& using a hashing algori#hm #o produce a hash value or message diges# from #he en#ire message con#en#s. Upon receiving #he da#a< #he recipien# can independen#l& crea#e i#. 4. A digi#al signa#ure is crea#ed %& #he sender #o prove message in#egri#& %& encr&p#ing #he message * i#h #he senders pu%lic ke&. Upon receiving #he da#a< #he recipien# can decr&p# #he da#a using #he recipien#s priva#e ke&. Ans* er C h## p k a ak pa,kis #ani. % logspo#. c om! ?9+ ?+EE ACCA
con#rols are of#en #he primar& safeguards for
s&s#ems sof#* are and da#a. 0(. 6hich of #he follo* ing is of#en used as a de#ec#ion and de#erren# con#rol agains# In#erne# a##acks; A. one&po#s =. CCB1 C. 1-@ 4. 1LA@ Ans* er A one&po#s are of#en used as a de#ec#ion and de#erren# con#rol agains# In#erne# a##acks. 5". 6hich of #he follo* ing =ESB charac#eriKes a man#rap or deadman door< * hich is used as a de#erren# con#rol for #he vulnera%ili#& of pigg&%acking; A. A moni#ored dou%le,door* a& en#r& s&s#emh##p k a k a , pakis # ani. % logspo# . c om !0 ?9+ ?+EE ACCA
h##p k a akpa,kis # ani. % logspo# .c om
!/ . =. A moni#ored #urns#ile en#r& s&s#em C. A moni#ored door* a& en#r& s&s#em 4. A one,* a& door #ha# does no# allo* ei# af#er en#r&CISA 9C7 EHA Ans* er A A moni#ored dou%le,door* a& en#r& s&s#em< also referred #o as a man#rap or deadman door< is used as a de#erren# con#rol for #he vulnera%ili#& of pigg&%acking. 5!. 6hich of #he follo* ing is an effec#ive me#hod for con#rolling do* nloading of files via ?B-; Choose #he =ESB ans* er. A. An applica#ion,la&er ga#e* a&< or pro& fire* all< %u# no# s#a#eful inspec#ion fire* alls =. An applica#ion,la&er ga#e* a&< or pro& fire* all C. A circui#,level ga#e* a& 4. A firs#,genera#ion packe#,fil#ering fire* all Ans* er = Applica#ion,la&er ga#e* a&s< or pro& fire* alls< are an effec#ive me#hod for con#rolling do* nloading of files via ?B-. =ecause ?B- is an 9SI applica#ion,la&er pro#ocol< #he mos# effec#ive fire* all needs #o %e capa%le of inspec#ing #hrough #he applica#ion la&er. 52. 6hich of #he follo* ing provides #he s#ronges# au#hen#ica#ion for ph&sical access con#rol; A. Sign,in logs =. 4&namic pass* ords C. 7e& verifica#ion 4. =iome#rics Ans* er 4 =iome#rics can %e used #o provide ecellen# ph&sical access con#rol. 5. 6ha# is an effec#ive coun#ermeasure for #he vulnera%ili#& of da#a en#r& opera#ors po#en#iall& leaving #heir c ompu#ers * i#hou# logging off ; Choose #he =E SB ans * er. A. Emplo&ee securi#& a* areness #raining =. Adminis#ra#or aler#s C. Screensaver pass* ords 4. Close supervision Ans* er C h##p k a kpakis#ani.%logs a , po#.com !5 ?9+ ?+EE ACCA
da#a in#egri#&. 4. Encr&p#ion algori#hms are no# irreversi%le. Ans* er = A ke& dis#inc#ion %e#* een encr&p#ion and hashing algori#hms is #ha# hashing algori#hms are irreversi%le. 5/. 6hich of #he follo* ing is =ESB charac#eriKed %& unau#horiKed modifica#ion of da#a %efore or during s&s#ems da#a en#r&; A. 4a#a diddling =. Skimming C. 4a#a corrup#ion 4. Salami a##ack Ans* er A 4a#a diddling involves modif&ing
da#a %efore or during s&s#ems da#a en#r&. 5). 6hich of #he follo* ing is used #o evalua#e %iome#ric ac cess con#rols ; A. ?A+ =. EE+ C. E++ h## p k a kp,aakis # ani. % logspo#. c om !/ ?9+ ?+EE ACCA
#o s&s#ems; A. S&s#ems securi#&
adminis#ra#ors =. 4a#a cus#odians C. 4a#a o* ners 4. Informa#ion s&s#ems audi#ors Ans* er C 4a#a o* ners are ul#ima#el& responsi%le and accoun#a% le for revie* ing user access #o s&s#ems. 5(. Es#a%lishing da#a o* nership is an impor#an# firs# s#ep for * hich of #he follo* ing processes; Choose #he =ESB ans* er. A. Assigning user access privileges =. 4eveloping organiKa#ional securi#& policies C. Crea#ing roles and responsi%ili#ies 4. Classif&ing da#a Ans* er 4 Bo properl& implemen# da#a classifica#ion< es#a%lishing da#a o* nership is an impor#an# firs# s#ep. /". 6hich of #he follo* ing is 9SB is cri#ical during #he %usiness impac# assessmen# phase of %usiness con#inui#& planning; A. End,user involvemen# =. Senior managemen# involvemen# C. Securi#& adminis#ra#ion involvemen# 4. IS audi#ing involvemen# Ans* er A End,user involvemen# is cri#ical during #he %usiness impac# assessmen# phase of %usiness con#inui#& planning. /!. 6ha# #&pe of =C- #es# uses ac#ual resources #o simula#e a s&s#em crash and valida#e #he plans effec#iveness; h##p k a kp,aakis # ani. % logspo# .c om !) ?9+ ?+EE ACCA
#&picall& focuses on
making al#erna#ive processes and resources availa%le for #ransac#ion processing. /. 6hich #&pe of maJor =C- #es# onl& re$uires represen#a#ives from each opera#ional area #o mee# #o revie* #he plan; A. -arallel =. -reparedness C. 6alk,#horough 4. -aper Ans* er C 9f #he #hree maJor #&pes of =C#es#s Fpaper< * alk,#hrough< and preparednessG< a * alk,#hrough #es# re$uires onl& #ha# represen#a#ives from each opera#ional area mee# #o revie* #he plan. /0. 6ha# influences decisions regarding cri#icali#& of asse#s; A. Bhe %usiness cri#icali#& of #he da#a #o %e pro#ec#ed =. In#ernal corpora#e poli#ics C. Bhe %usiness cri#icali#& of #he da#a #o %e pro#ec#ed< and #he scope of #he impac# upon #he organiKa#ion as a * hole 4. Bhe %usiness impac# anal&sis h ##p k a k a , pakis # ani. % logspo# . c om !8 ?9+ ?+EE ACCA
/(. Al#hough =C- and 4+- are of#en implemen#ed and #es#ed %& middle managemen# and end users< #he ul#ima#e responsi%ili#& and accoun#a%ili#& for #he plans remain * i#h eecu#ive managemen#< such as #he
. Ffill,in,#he,%lankG A. Securi#& adminis#r a#or =. S&s#ems audi#or C. =oard
of direc#ors 4. ?inancial audi#or Ans* er C Al#hough =C- and 4+- are of#en implemen#ed and #es#ed %& middle managemen# and end users< #he ul#ima#e responsi%ili#& and accoun#a%ili#& for #he plans r emain * i#h eecu# ive managemen#< s uch as #he %oard of direc#or s. )". 9%#aining user approval of program changes is ver& effec#ive for con#rolling applica#ion changes and main#enance. Brue or false; A. Brue =. ?alse Ans* er A 9%#aining user approval of program changes is ver& effec#ive for con#rolling applica#ion changes and main#enance. )!. Li%rar& con#rol sof#* are res#ric#s source code #o A. +ead,
onl& access h## p k a kp,aakis # ani. % logspo# . c om 2" ?9+ ?+EE ACCA
ica#ions or s&s#ems Ans* er =
6henever an applica#ion is modified< #he en#ire program< including an& in#erface s&s#ems * i#h o#her applica#ions or s&s#ems< should %e #es#ed #o de#ermine #he full impac# of #he change. )/. Bhe $uali#& of #he me#ada#a produced from a da#a * arehouse is
in #he * arehouses design.
Choose #he =ESB ans* er. A. 9f#en hard #o de#ermine %ecause #he da#a is derived from a he#erogeneous da#a environmen# =. Bhe mos# impor#an# considera#ion C. Independen# of #he $uali#& of #he * arehoused da#a%ases 4. 9f secondar& impor#ance #o da#a * arehouse con#en# Ans* er = Bhe $uali#& of #he me#ada#a produced from a da#a * arehouse is #he mos# impor#an# considera#ion in #he * arehouses design. )). ?unc#ion -oin# Anal&sis F?-AG provides an es#ima#e of #he siKe of an informa#ion s&s#em %ased onl& on #he num%er and complei#& of a s&s#ems inpu#s and ou#pu#s. Brue or false; A. Brue =. ?alse Ans* er = ?unc#ion poin# anal&sis F?-AG provides an es#ima#e of #he siKe of an informa#ion s&s#em %ased on #he num%er and complei#& of a s&s#ems inpu#s< ou#pu#s< and files. )8. 6ho assumes o* nership of a s&s#ems,developmen# proJec# and #he resul#ing s&s#em; A. User managemen# =. -roJec# s#eering commi##ee C. IB managemen# h##p k a kp,aakis # ani. % logspo#. c om 22 ?9+ ?+EE ACCA
audi#or should recommend #o managemen# #ha# formal documen#ed policies %e developed and implemen#ed. 4. Bhe audi#or should a# leas# documen# #he informal s#andards and policies< and #es# for compliance. ?ur#hermore< #he IS audi#or should crea#e formal documen#ed policies #o %e implemen#ed. Ans* er C If an IS audi#or o%serves #ha# an IS depar#men# fails #o use formal documen#ed me#hodologies<
policies< and s#andards < #he audi#or should a# leas# doc umen# #he inf ormal s#andar ds and policies < and #es# for compliance. ?ur#hermore< #he IS audi#or should recommend #o managemen# #ha# formal documen#ed policies %e developed and implemen#ed. 80. 6ha# of#en resul#s in proJec# scope creep * hen func#ional re$uiremen#s are no# defined as * ell as #he& could %e; A. Inade$ua#e sof#* are %aselining =. Insufficien# s#ra#egic planning C. Inaccura#e resource alloca#ion 4. -roJec# dela&s Ans* er A h## p k a kp,aakis # ani. % logs po#. c om 20 ?9+ ?+EE ACCA
Ffill in #he
%lankG is are are ul#ima# el& acc oun#a%le for # he func#i onali#&< relia%ili#&< and secur i#& * i#hin I B governance. Choose #he =ESB ans* er. A. 4a#a cus#odians =. Bhe %oard of direc#ors and eecu#ive officers C. IB s ecuri#& admin is#ra#ion 4. =usiness uni# managers Ans* er = Bhe %oard of direc#ors and eecu#ive officers are ul#ima#el& accoun#a%le for #he func#ionali#&< relia%ili#&< and securi#& * i#hin IB governance. 88. 6ha# can %e used #o help iden#if& and inves#iga#e unau#horiKed #ransac#ions; Choose #he =ESB ans* er. A. -os#mor#em revie* =. +easona%leness checks C. 4a#a,mining #echni$ues h##p k a kpakis#ani.%logs a , po#.com 25 ?9+ ?+EE ACCA
risk
anal&sis is no# al* a&s possi%le %ecause #he IS audi#or is a##emp#ing #o calcula#e risk using non$uan#ifia%le #hrea#s and po#en#ial losses . In #his even#< a
risk asses smen# is
more appropria#e. ?ill in #he %lanks. A. Duan#i#a#iveO $uali#a#ive =. Duali#a#iveO $uan#i#a#ive C. +esidualO su%Jec#ive 4. Duan#i#a#iveO su%Jec#ive Ans* er A Duan#i#a#ive risk anal&sis is no# al* a&s possi%le %ecause # he IS audi#or is a##emp#ing #o calcula#e risk using non$uan#ifia%le #hrea#s and po#en#ial losses. In #his even#< a $uali#a#ive risk assessmen# is more appropria#e. (!. 6ha# mus# an IS audi#or unders#and %efore performing an applica#ion audi#; Choose # he =ESB ans* er. A. B he po#en#ial %usines s impac # of applica#ion risks. =. Applica#ion risks mus# firs# %e iden#ified. C. +ela#ive %usiness processes. 4. +elevan# applica#ion risks. Ans* er C An IS audi#or mus# firs# unders#and rela#ive %usiness proces ses %efore perf orming an applica#ion audi#. h##p k a akpa,kis # ani. % logspo#. c om2/ ?9+ ?+EE ACCA
par#ners are iden#ified i n #he researc h s#age of #he %enchmarki ng proces s. ((. A chec k digi# is an effec#ive edi# check #o A. 4e#ec# da#a,#ranscrip#ion errors
=. 4e#ec# da#a,#ransposi#ion and
#ranscrip#ion errors C. 4e#ec# da#a, #ransposi#ion< #ranscrip#ion< and su%s#i#u#ion errors 4. 4e#ec# da#a,#ranspo si#ion errors Ans* er = h## p k a kp,aakis # ani.% logspo# . c om 28 ?9+ ?+EE ACCA
h## p k a kp,aakis # ani.% log spo# . c om " . A check digi# is an effec#ive edi# check #o de#ec# da#a,#ransposi#io n and #ranscrip#ion errors. !"". -ari#& %i#s are a con#rol used #o valida#eCISA 9C7 EHA A. 4a#a au#hen#ica#ion =. 4a#a comple#eness C. 4a#a source 4. 4a#a accurac& Ans* er = -ari#& %i#s are a con#rol used #o valida#e da#a comple#eness. !"!. An IS audi#or is using a s#a#is#ical sample #o inven#or& #he #ape li%rar&. 6ha# #&pe of #es# * ould #his %e considered; A.Su%s#an#ive =. Compliance C. In#egra#ed 4. Con#inuous audi# Ans* er A Using a s#a#is#ical sample #o inven#or& #he #ape li%rar& is an eample of a su%s#an#ive #es#. !"2. 6hich of #he follo* ing * ould preven# accoun#a%ili#& for an ac#ion performed< #hus allo* ing nonrepudia#ion; A. -roper au#hen#ica#ion =. -roper iden#ifica#ion A@4 au#hen#ica#ion C. -roper iden#ifica#ion 4. -roper iden#ifica#ion< au#hen#ica#ion< A@4 au#horiKa#ion Ans* er = If proper iden#ifica#ion and au#hen#ica#ion are no# performed during access con#rol< no accoun#a%ili#& can eis# for an& ac#ion performed. !". 6hich of #he follo* ing is #he 9SB cri#ical s#ep in planning an audi#; A. Implemen#ing a prescri%ed audi#ing frame* ork such as C9=IB =. Iden#if&ing curren# con#rols C. Iden#if&ing high,risk audi# #arge#s 4. Bes#ing con#rols h ##p k a k a , pakis # ani. % logspo# . c om 2( ?9+ ?+EE ACCA
h##p k a kp,aakis # ani. % logspo#. c om
! . Ans* er C In planning an audi#< #he mos# cri#ical s#ep is iden#if&ing #he areas of high risk.CISA 9C7 EHA !"0. Bo properl& evalua#e #he collec#ive effec# of preven#a#ive< de#ec#ive< or correc#ive con#rols * i#hin a process< an IS audi#or should %e a* are of * hich of #he follo* ing; Choose #he =ESB ans* er. A. Bhe %usiness o%Jec#ives of #he organiKa#ion =. Bhe effec# of segrega#ion of du#ies on in#ernal con#rols C. Bhe poin# a# * hich con#rols are eercised as da#a flo* s #hrough #he s&s#em 4. 9rganiKa#ional con#rol policies Ans* er C 6hen evalua#ing #he collec#ive effec# of preven#ive< de#ec#ive< or correc#ive con#rols * i#hin a process< an IS audi#or should %e a* are of #he poin# a# * hich con#rols are eercised as da#a flo* s #hrough #he s&s#em. !"5. 6ha# is #he recommended ini#ial s#ep for an IS audi#or #o implemen# con#inuous,moni#oring s&s#ems; A. 4ocumen# eis#ing in#ernal con#rols =. -erform compliance #es#ing on in#ernal con#rols C. Es#a%lish a con#rols,moni#oring s#eering commi##ee 4. Iden#if& high,risk areas * i#hin #he organiKa#ion Ans* er 4 6hen implemen#ing con#inuous, moni#oring s&s#ems< an IS audi#ors firs# s#ep is #o iden#if& high,risk areas * i#hin #he organiKa#ion. !"/. 6ha# #&pe of risk is associa#ed * i#h au#horiKed program ei#s F#rap doorsG; Choose #he =ESB ans* er. A. =usiness risk
=. Audi# risk C. 4e#ec#ive risk 4. Inheren# risk
Ans* er 4 Inheren# risk is associa#ed * i#h au#horiKed program ei#s F#rap doorsG. !"). 6hich of #he follo* ing is %es# sui#ed for searching for address field duplica#ions; h##p k a kp,aakis #a ni. %logpos# . c om " ?9+ ?+EE ACCA
con#rol policies suppor# %usiness and IB o%Jec#ives is a primar& o%Jec#ive of A. An IB securi#& policies audi# =. A proces sing audi# h ## p k a kp,aakis # ani. % logspo# . c om 2 ?9+ ?+EE ACCA
concerned * i#h * hich of #he follo* ing; Choose #he =ESB ans* er. A. 9* nership of #he programs and files =. A s#a#emen# of due care and confiden#iali#&< and #he capa%ili#& for con#inued service of #he service provider in #he even# of a disas#er C. A s#a#emen# of due care 4. 9* nership of programs and files< a s#a#emen# of due care and confiden#iali#&< and #he capa%ili#& for con#inued service of #he service provider in #he even# of a disas#er Ans* er 4 6hen audi#ing #hird,par#& service providers< an audi#or should %e concerned * i#h o* nership of programs and files< a s#a#emen# of due care and confiden#iali#&< and #he capa%ili#& for con#inued service of #he service provider in #he even# of a disas#er. !!/. 6hen performing an IS s#ra#eg& audi#< an IS audi#or should revie* %o#h shor#,#erm Fone,&earG and long,#erm F#hree, #o five,&earG IS s#ra#egies< in#ervie* appropria#e corpora#e managemen# personnel< and ensure #ha# #he e#ernal environmen# has %een considered. Bhe audi#or should especiall& focus on procedures in an audi# of IS s#ra#eg&. Brue or false; A. Brue =. ?alse Ans* er = 6hen performing an IS s#ra#eg& audi#< an IS audi#or should revie* %o#h shor#,#erm Fone, &earG and long,#erm F#hree, #o five,&earG IS s#ra#egies< in#ervie* appropria#e corpora#e managemen# personnel< and ensure # ha# #he e#ernal envir onmen# has %een consider ed. !!). 6ha# proces s allo* s I S managemen# #o de#ermine * he#her #he ac#ivi#ies of #he organiKa#ion differ from #he planned or epec#ed leve ls; Choose #he =ESB ans* er. A. =usiness
impac# assessmen# =. +isk assessmen# C.
IS assessmen# me#hods h## p k a ak pa,kis #ani. % logspo#. c om ?9+ ?+EE ACCA
Ans* er CCISA 9C7 EHA IS assessmen# me#hods
allo* IS managemen# #o de#ermine * he#her #he ac#ivi#ies of #he organiKa#ion differ from #he planned or epec#ed levels. !!8. 6hen should revie* ing an audi# clien#s %usiness plan %e performed rela#ive #o revie* ing an organiKa#ions IB s#ra#egic plan; A. +evie* ing an audi# clien#s %usiness plan should %e performed %ef ore revie* ing an organiKa#ions IB s #ra#egic plan. =. +evie* ing an audi# c lien#s %usiness plan should %e perf ormed af#er revie* ing an or ganiKa#ions IB s#ra#egic plan. C. +evie* ing an audi# clien#s %usiness plan should %e performed during #he revie* of an organiKa#ions IB s#ra#egic plan. 4. +evie* ing an audi# c lien#s %usines s plan s hould %e performed * i#hou# regard #o an organiKa#ions IB s#ra#egic plan. Ans* er A +evie* ing an audi# clien#s %usiness plan should %e performed %efore revie* ing an organiKa#ions I B s #ra#egic plan. !!(. Allo* ing applica#ion programmers #o direc #l& pa#c h or chan ge code in pr oduc#ion pr ograms increases risk of fr aud. Br ue or false; A. Brue =. ?alse Ans* er A Allo* ing applica#ion programmers #o direc#l& pa#ch or change code in produc#ion programs increases risk of fraud. !2". 6ho should %e responsi%le for ne#* ork securi#& opera#ions; A. =usiness uni# managers =. Securi#& adminis#ra#ors C. @e#* ork adminis#ra#ors 4. IS audi#ors Ans* er = h##p k a kp,aakis # ani. % logspo#. c om 0 ?9+ ?+EE ACCA
configured %& defaul# se##ings and is #hus insecure. =. 6A- provides * eak encr&p#ion for * ireless #raffic. C. 6A- func#ions as a pro#ocol,conversion ga#e* a& for * ireless BLS #o In#erne# SSL. 4. 6A- of#en in#erfaces cri#ical IB s&s#ems. Ans* er C h## p k a ak pa,kis #ani. % logspo#. c om/ ?9+ ?+EE
ACCA
!5. 6ha# is an effec#ive con#rol for gran#ing
#emporar& access #o vendors and e#ernal suppor#CISA 9C7 EHA personnel; Choose #he =ESB ans* er. A. Crea#ing user accoun#s #ha# au#oma#icall& epire %& a prede#ermined da#e =. Crea#ing permanen# gues # acc oun#s for #emporar& us e C. Cr ea#ing user acc oun#s #ha# res#r ic# l ogon acc ess #o cer#ain hours of #he da& 4. Crea#ing a single shared vendor adminis#ra#or accoun# on #he %asis of leas#, privileged access Ans* er A Crea#ing user accoun#s #ha# au#oma#icall& epire %& a prede#ermined da# e is an effec#ive con#rol for gran#ing #emporar& access #o vendors and e#ernal suppor# personnel. !/. 6hich of #he follo* ing helpFsG preven# an organiKa#ions s&s#ems from par#icipa#ing in a dis#ri%u#ed denial,of,service F44oSG a##ack; Choose #he =ESB ans* er. A. In%ound #raffic fil#ering =. Using access con#rol lis#s FACLsG #o res#ric# in%ound connec#ion a##emp#s C. 9u#%ound #raffic fil#ering 4. +ecen#raliKing dis#ri%u#ed s&s#ems Ans* er C 9u#%ound #raffic fil#ering can help preven# an organiKa#ions s&s#ems from par#icipa#ing in a dis#ri%u#ed denial,of,service F44oSG a##ack. !). 6ha# is a common vulnera%ili#&< allo* ing denial,of,service a##acks; A. Assigning access #o users according #o #he principle of leas# privilege =. Lack of emplo&ee a* areness of organiKa#ional securi#& policies C. Improperl& configured rou#ers and rou#er access lis#s 4. Configuring fire* all access rules Ans* er C Improperl& configure d rou#ers and rou#er access lis#s are a common vulnera%ili#& for denial,of,service a##acks. !8. 6ha# are #roJan horse programs; Choose #he =ESB ans* er. A. A common form of in#ernal a##ack h ##p k a kp,aakis # ani. % logspo# .c om ( ?9+ ?+EE ACCA
performanc e,moni#oring # ools =. @e#* ork c omponen# redundanc& C. S&s log repor#ing 4. IB s#ra#egic planning Ans* er A @e#* ork performance,moni#oring #ools are used #o measure and ensure proper ne#* ork capaci#& managemen# and availa%ili#& of services. !0". 6ha# can %e used #o ga#her evidence of ne#* ork a##acks; A. Access
con#rol lis#s FACLG =. In#rusion,de#ec#ion s&s#ems
FI4SG C. S&slog repor#ing 4. An#ivirus programs Ans* er = In#rusion,de#ec#ion s&s#ems FI4SG are used #o ga#her
evidence of ne#* ork a##acks. !0!. 6hich of #he follo* ing is a passive a##ack me#hod used %& in#ruders #o de#ermine po#en#ial ne#* ork vulnera%ili#ies; A. Braffic anal&sis =. S@ flood C. 4enial of service F4oSG 4. 4is#ri%u#ed den ial of service F4oSG Ans* er A
h## p k a k a ,
pakis # ani. % logspo# . c om 0" ?9+ ?+EE ACCA
h##p k a kp,aakis # ani. % logspo#. c om
02 . Braffic anal&sis is a passive a##ack me#hod used %& in#ruders #o de#ermine po#en#ial ne#* ork vulnera%ili#ies. All o#hers are ac#ive a##acks. !02. 6hich of #he follo* ing fire,suppression me#hods is considered #o %e #he mos# environmen#all&CISA 9C7 EHA friendl&; A. alon gas =. 4eluge sprinklers C. 4r&,pipe sprinklers 4. 6e#,pipe sprinklers Ans* er C Al#hough man& me#hods of fire suppression eis#< dr&,pipe sprinklers are considered #o %e #he mos# environmen#all& friendl&. !0. 6ha# is a call%a ck s&s#em; A. I# is a remo#e,access s &s#em * here%& #he remo#e,access server immedia#el& calls #he user %ack a# a prede#ermined num%er if #he dial,in connec#ion fails. =. I# is a remo#e,access s &s#em * here%& #he users applica#ion au#oma#ical l& redials #he remo#e,access server if #he ini#ial connec#ion a##emp# fails. C. I# is a remo#e,access con#rol * here%& #he user ini#iall& connec#s #o #he ne#* ork s&s#ems via dial,up access< onl& #o have #he ini#ial connec#ion #ermina#ed %& #he s erver< * hich #hen su%s e$uen#l& dials #he user %ack a# a prede#ermined num%er s#ored in #he servers configura#ion da#a%ase. 4. I# is a remo#e,access con#rol * here%& #he user ini#iall& connec#s #o #he ne#* ork s&s#ems via dial,up access< onl& #o have #he ini#ial connec#ion #ermina#ed %& #he server< * hich #hen su%se$uen#l& allo* s #he user #o call %ack a# an approved num%er for a limi#ed period of #ime. Ans* er C A call%ack s&s#em is a remo#e,access con#rol * here%& #he user ini#iall& connec#s #o #he ne#* ork s&s#ems via dial,up access< onl& #o have #he ini#ial connec#ion #ermina#ed %& #he server< * hich #hen su%se$uen#l& dials #he user %ack a# a prede#ermined num%er s#ored in #he servers configura#ion da#a%ase. !00. 6ha# #&pe of fire,suppression s&s#em suppresses fire via * a#er #ha# is released from a main valve #o %e delivered via a s&s#em of dr& pipes ins#alled #hroughou# #he facili#ies; A. A dr&,pipe sprinkler s&s#em =. A deluge sprinkler s&s#em C. A * e#,pipe s&s#em 4. A halon sprinkler s&s#em h##p k a kp,aakis # ani. % logspo# .c om 0! ?9+ ?+EE ACCA
h##p k a k a ,
pakis # ani. % logspo# . c om 02 ?9+ ?+EE ACCA
h##p k a akpa,kis # ani. % logspo# .c om
00 . A. A com%ina#ion of ke& leng#h< degree of permu#a#ion< and #he complei#& of #he da#a, encr&p#ion algori#hm #ha# uses #he ke& =. A com%ina#ion of ke& leng#h< ini#ial inpu# vec#ors< and #he complei#& of #he da#a,encr&p#ion algori#hm #ha# uses #he ke&CISA 9C7 EHA C. A com%ina#ion of ke& leng#h and #he complei#& of #he da#a,encr&p#ion algori#hm #ha# uses #he ke& 4. Ini#ial inpu# vec#ors and #he complei#& of #he da#a,encr&p#ion algori#hm #ha# uses #he ke& Ans* er = Bhe s#reng#h of a secre# ke& * i#hin a s&mme#ric ke& cr&p#os&s#em is de#ermined %& a com%ina#ion of ke& leng#h< ini#ial inpu# vec#ors< and #he complei#& of #he da#a,encr&p#ion algori#hm #ha# uses #he ke&. !0(. 6ha# process is used #o valida#e a su%Jec#s iden#i#&; A. Iden#ifica#ion =. @onrepudia#ion C. Au#horiKa#ion 4. Au#hen#ica#ion Ans* er 4 Au#hen#ica#ion is used #o valida#e a su%Jec#s iden#i#&. !5". 6ha# is of#en assured #hrough #a%le link verifica#ion and reference checks; A. 4a#a%ase in#egri#& =. 4a#a%ase s&nchroniKa#ion C. 4a#a%ase normalc& 4. 4a#a%ase accurac& Ans* er A 4a#a%ase in#egri#& is mos# of#en ensured #hrough #a%le link verifica#ion and reference checks. !5!. 6hich of #he follo* ing should an IS audi#or revie* #o de#ermine user permissions #ha# have %een gran#ed for a par#icular resource; Choose #he =ESB ans* er. A. S&s#ems logs
=. Access con#rol
lis#s FACLG C. Applica#ion logs 4. Error logs Ans* er = h##p k a kp,aakis # ani. % logspo# .c om 0 ?9+ ?+EE ACCA
applica#ions of#en encr&p# and encapsula#e da#a using pro#ocols * i#hin #he 9SI session la&er or far#her do* n in #he #ranspor# la&er. !50. 6hen should s&s#ems adminis#ra#ors firs# assess #he impac# of applica#ions or s&s#ems pa#ches; A. 6i#hin five %usiness da&s follo* ing ins#alla#ion =. -rior #o ins#alla#ion C. @o sooner #han five %usiness da&s follo* ing ins#alla#ion 4. Immedia#el& follo* ing ins#alla#ion Ans* er = S&s#ems adminis#ra#ors should al* a&s assess #he impac# of pa#ches %efore ins#alla#ion. !55. 6hich of
#he follo* ing is #he mos# fundamen#al s#ep in preven#ing virus a##acks; A. Adop#ing and communica#ing a comprehensive an#ivirus polic& =. Implemen#ing an#ivirus pro#ec#ion sof#* are on users desk#op compu#ers C. Implemen#ing an#ivirus con#en# checking a# all ne#* ork,#o, In#erne# ga#e* a&s 4. Inocula#ing s&s#ems * i#h an#ivirus codeh## p k a k a , pakis # ani. % logs po# . c om 00 ?9+ ?+EE ACCA
h##p k a kp,aakis # ani. % logspo#. c om
0/ . Ans* er A Adop#ing and communica#ing a comprehensive an#ivirus polic& is #he mos# fundamen#al s#ep in preven#ing virus a##acks. All o#her an#ivirus preven#ion effor#s rel& upon decisions es#a%lished andCISA 9C7 EHA communica#ed via polic&. !5/. 6hich of #he follo* ing is of grea#es# concern * hen performing an IS audi#; A. Users a%ili#& #o direc#l& modif& #he da#a%ase =. Users a%ili#& #o su%mi# $ueries #o #he da#a%ase C. Users a%ili#& #o indirec#l& modif& #he da#a%ase 4. Users a%ili#& #o direc#l& vie* #he da#a%ase Ans* er A A maJor IS audi# concern is users a%ili#& #o direc#l& modif& #he da#a%ase. !5). 6ha# are in#rusion,de#ec#ion s&s#ems FI4SG primaril& used for; A. Bo iden#if& A@4 preven# in#rusion a##emp#s #o a ne#* ork =. Bo preven# in#rusion a##emp#s #o a ne#* ork C. ?orensic inciden# response 4. Bo iden#if& in#rusion a##emp#s #o a ne#* ork Ans* er 4 In#rusion, de#ec#ion s&s#ems FI4SG are used #o iden#if& in#rusion a##emp#s on a ne#* ork. !58. +a#her #han simpl& revie* ing #he ade$uac& of access con#rol< appropria#eness of access policies< and effec#iveness of s afeguards and procedures< #he IS audi#or is more concerned * i#h effec#iveness and u#iliKa#ion of asse#s. Brue or false; A. Brue =. ?alse Ans* er = Ins#ead of simpl& revie* ing #he effec#iveness and u#iliKa#ion of asse#s< an IS audi#or is more concerned * i#h ade$ ua#e access con#rol< appropria #e access policies< and effec#ivenes s of safeguards and procedur es. !5(. If a programmer has upda#e ac ces s #o a live s&s#em< IS audi#ors are more concerned * i#h #he programmers a%ili#& #o ini#ia#e or modif& #ransac#ions and #he a%ili#& #o access produc#ion #han * i#h #he programmers a%ili#& #o au#horiKe #ransac#ions. Brue or false; h##p k a akpa,kis # ani. % logspo#. c om05 ?9+ ?+EE ACCA
&s#em should %e res#ar#ed %efore
#he las# #ransac#ion. C. B he s&s#em should %e res#ar#ed a# #he firs# #ransac#ion. 4.
Bhe s&s#em should
%e res# ar#ed on #he las# # ransac# ion. h##p k a kp,aakis #a ni. %logpos# . c om 0/ ?9+ ?+EE ACCA
or false; h ## p k a kp,aakis # ani.% logspo# . c om 0) ?9+ ?+EE ACCA
e#remel& #ime,sensi#ive #ransac#ion processing; A. 9ff,si#e remo#e Journaling =. Elec#ronic vaul#ing C. Shado* file processing 4. S#orage area ne#* ork Ans* er C Shado* file processing can %e implemen#ed as a recover& mechanism for e#remel& #ime,sensi#ive #ransac#ion processing. !/(. 9ff, si#e da#a %ackup and s#orage should %e geographicall& separa#ed so as #o
Ffill in
#he %lankG #he risk of a * idespread ph&sical disas#er such as a hurricane or ear#h$uake. A. Accep# =. Elimina#e C. Bransfer 4. i#iga#e Ans* er 4 h## p k a ak pa,kis #ani. % logspo#. c om08 ?9+ ?+EE ACCA
changes or correc#ions #o
a program< and ensuring #ha# #hose changes and correc#ions have no# in#roduced ne* errors. !)5. An IS audi#or should carefull& revie* #he func#ional re$uiremen#s in a s&s#ems,developmen# proJec# #o ensure #ha# #he proJec# is designed #o A. ee# %usiness o%Jec#ives =. Enforce da#a securi#& C. =e cul#urall& feasi%le 4. =e financiall& feasi%le Ans* er A An IS audi#or should carefull& revie* #he func#ional re$uiremen#s in a s&s#ems,developmen# proJec# #o ensure #ha# #he proJec# is designed #o mee# %usiness o%Jec#ives. !)/. 6hich of #he follo* ing processes are performed during #he design phase of #he s&s# ems, developmen# life c&c le FS4LCG model; A. 4evelop #es# plans. =. =as eline procedures #o preven# s cope c reep. C. 4efine #he need #ha# re$uires resolu#ion< and map #o # he maJor re$uiremen#s of #he solu#ion. 4. -rogram and #es# #he ne* s&s#em. Bhe #es#s verif& and valida#e * ha# has %een developed. h##p k a kp,aakis #a ni. %logpos# . c om 5" ?9+ ?+EE ACCA
changing user or %usiness re$uiremen#s. !82. 6ha# is #he mos# common reason for informa#ion s&s#ems #o fail #o mee# #he needs of users; Choose #he =ESB ans* er. A. Lack of funding =. Inade$ua#e user par#icipa#ion during s&s#em re$uiremen#s defini#ion C. Inade$ua#e senior managemen# par#icipa#ion during s&s#em re$uiremen#s defini#ion 4. -oor IB s#ra#egic planning Ans* er = Inade$ua#e user par#icipa#ion during s&s#em re$uiremen#s defini#ion is #he mos# common reason for
informa#ion s&s#ems #o fail #o mee# #he needs of users. !8. 6ho is responsi%le for #he overall direc#ion< cos#s< and #ime#a%l es for s &s#ems,develo pmen# proJec#s; A. Bhe proJec# sponsor =.
Bhe
proJec# s#eering c ommi##ee C. Senior managemen# 4. B he proJec# #eam leader h## p k a k a , pakis#ani.%logs po#.com 52 ?9+ ?+EE A CCA
h##p k a k a ,
pakis#ani.%logs po#.com 5/ . Ans* er = Bhrea#s eploi# vulnera%ili#ies #o cause loss or damage #o #he organiKa#ion and i#s asse#s.CISA 9C7 EHA !(!. =usiness process au#oma#ion< * hich resul#s in
re,engineering of#en resul#s in
num%er of people using #echnolog&. ?ill in #he %lanks.
A. IncreasedO a grea#er =. IncreasedO a fe* er C. LessO a fe* er 4. IncreasedO #he same Ans* er A =usiness process re,engineering of#en resul#s in increased au#oma#ion< * hich resul#s in a grea#er num%er of people using #echnolog&. !(2. 6henever %usiness processes have %een re,engineered< #he IS audi#or a##emp#s #o iden#if& and $uan#if& #he impac# of an& con#rols #ha# migh# have %een removed< or con#rols #ha# migh# no# * ork as effec#ivel& af#er %usiness process changes. Brue or false; A. Brue =. ?alse Ans* er A 6henever %usiness processes have %een re,engineered< #he IS audi#or should a##emp# #o iden#if& and $uan#if& #he impac# of an& con#rols #ha# migh# have %een removed< or con#rols #ha# migh# no# * ork as effec#ivel& af#er %usiness process changes. !(. 6hen should an applica#ion, level edi# check #o verif& #ha# availa%ili#& of funds * as comple#ed a# #he elec#ronic funds #ransfer FE?BG in#erface; A. =efore #ransac#ion comple#ion =. Immedia#el& af#er an E?B is ini#ia#ed C. 4uring run,#o,run #o#al #es#ing 4. =efore an E?B is ini#ia#ed Ans* er 4 An applica#ion,level edi# check #o verif& availa%ili#& of funds should %e comple#ed a# #he elec#ronic funds #ransfer FE?BG in#erface %efore an E?B is ini#ia#ed. h ##p k a kp,aakis # ani. %log spo# . c om 55 ?9+ ?+EE ACCA
Ffill in #he %lankG should %e implemen#ed as earl& as da#a prepara#ion #o
suppor# da#a in#egri#& a# #he earlies# poin# possi%le. A. Con#rol #o#alsCISA 9C7 EHA =. Au#hen#ica#ion con#rols C. -ari#& %i#s 4. Au#horiKa#ion con#rols Ans* er A Con#rol #o#als should %e implemen#ed as earl& as da#a prepara#ion #o suppor# da#a in#egri#& a# #he earlies# poin# possi%le. !(5. 6ha# is used as a con#rol #o de#ec# loss< corrup#ion< or duplica#ion of da#a; A. +edundanc& check =. +easona%leness check C. ash #o#als 4. Acc urac& check Ans* er C ash #o#als are used as a con#rol #o de#ec# loss< corrup#ion< or duplica#ion of da#a. !(/. 4a#a edi#s are implemen#ed %efore
proces sing and are consider ed * hich of #he follo* ing; Choos e #he =ESB ans* er. A. 4e#er ren# in#egri#& con#rols =. 4e#ec#ive in#egri#& con#rols C. Correc#ive in#egri#& con#rols 4. -reven#a#ive in#egri#& con#rols Ans* er 4 4a#a edi#s are implemen#ed %efore processing and are considered preven#ive in#egri# & con#rols . !(). In sm all office environmen#s< i# is no# al* a&s possi%le # o main#ain proper segrega#ion of du#ies for programmers. If a programmer has access #o produc#ion da#a or applica#ions< compensa#or&
con#rols such as #he revie* ing of #ransac#ion resul#s #o approved inpu# migh# %e necessar&. Brue or false; A. Brue =. ?alse h## p k a kp,aakis # ani. % logspo#. c om5/ ?9+ ?+EE ACCA