ISACA. CISA Practice Questions 2009 All
Подождите немного. Документ загружается.
NOTE:The first step in implementing access controls is an inventory of IS
resources, which is the basis for classification. Labeling of resources
cannot be done without first determining the resources' classifications.
The access control list (ACL) would not be done without a meaningful
classification of resources.
69
、
An IS auditor conducting a review of software usage and licensing
discovers that numerous PCs contain unauthorized software. Which of the
following actions should the IS auditor take?
A
、
Personally delete all copies of the unauthorized software.
B
、
Inform the auditee of the unauthorized software, and follow up to
confirm deletion.
C
、
Report the use of the unauthorized software and the need to prevent
recurrence to auditee management.
D
、
Take no action, as it is a commonly accepted practice and operations
management is responsible for monitoring such use.
ANSWER:C
NOTE:The use of unauthorized or illegal software should be prohibited by
an organization. Software piracy results in inherent exposure and can
result in severe fines. An IS auditor must convince the user and user
management of the risk and the need to eliminate the risk. An IS auditor
should not assume the role of the enforcing officer and take on any
personal involvement in removing or deleting the unauthorized software.
70
、
The MAJOR advantage of a component-based development approach is the:
A
、
ability to manage an unrestricted variety of data types.
B
、
provision for modeling complex relationships.
C
、
capacity to meet the demands of a changing environment.
D
、
support of multiple development environments.
ANSWER:D
NOTE:Components written in one language can interact with components
written in other languages or running on other machines, which can
increase the speed of development. Software developers can then focus on
business logic. The other choices are not the most significant advantages
of a component-based development approach.
71
、
An IS auditor evaluating the resilience of a high-availability
network should be MOST concerned if:
A
、
the setup is geographically dispersed.
B
、
the network servers are clustered in a site.
C
、
a hot site is ready for activation.
D
、
diverse routing is implemented for the network.
ANSWER:B
NOTE:A clustered setup in one location makes the entire network vulnerable
to natural disasters or other disruptive events. Dispersed geographical
locations and diverse routing provide backup if a site has been destroyed.
A hot site would also be a good alternative for a single point-of-failure
site.
72
、
Which of the following potentially blocks hacking attempts?
A
、
Intrusion detection system
B
、
Honeypot system
C
、
Intrusion prevention system
D
、
Network security scanner
ANSWER:C
NOTE:An intrusion prevention system (IPS) is deployed as an in-line device
that can detect and block hacking attempts. An intrusion detection system
(IDS) normally is deployed in sniffing mode and can detect intrusion
attempts, but cannot effectively stop them. A honeypot solution traps the
intruders to explore a simulated target. A network security scanner scans
for the vulnerabilities, but it will not stop the intrusion.
73
、
Which of the following is a management technique that enables
organizations to develop strategically important systems faster, while
reducing development costs and maintaining quality?
A
、
Function point analysis
B
、
Critical path methodology
C
、
Rapid application development
D
、
Program evaluation review technique
ANSWER:C
NOTE:Rapid application development is a management technique that enables
organizations to develop strategically important systems faster, while
reducing development costs and maintaining quality. The program evaluation
review technique (PERT) and critical path methodology (CPM) are both
planning and control techniques, while function point analysis is used for
estimating the complexity of developing business applications.
74
、
An organization is implementing a new system to replace a legacy
system. Which of the following conversion practices creates the GREATEST
risk?
A
、
Pilot
B
、
Parallel
C
、
Direct cutover
D
、
Phased
ANSWER:C
NOTE:Direct cutover implies switching to the new system immediately,
usually without the ability to revert to the old system in the event of
problems. All other alternatives are done gradually and thus provide
greater recoverability and are therefore less risky.
75
、
A company undertakes a business process reengineering (BPR) project
in support of a new and direct marketing approach to its customers. Which
of the following would be an IS auditor's main concern about the new
process?
A
、
Whether key controls are in place to protect assets and information
resources
B
、
If the system addresses corporate customer requirements
C
、
Whether the system can meet the performance goals (time and
resources)
D
、
Whether owners have been identified who will be responsible for the
process
ANSWER:A
NOTE:The audit team must advocate the inclusion of the key controls and
verify that the controls are in place before implementing the new process.
Choices B, C and D are objectives that the business process reengineering
(BPR) process should achieve, but they are not the auditor's primary
concern.
76
、
The MOST effective control for addressing the risk of piggybacking
is:
A
、
a single entry point with a receptionist.
B
、
the use of smart cards.
C
、
a biometric door lock.
D
、
a deadman door.
ANSWER:D
NOTE:Deadman doors are a system of using a pair of (two) doors. For the
second door to operate, the first entry door must close and lock with only
one person permitted in the holding area. This reduces the risk of an
unauthorized person following an authorized person through a secured entry
(piggybacking). The other choices are all physical controls over entry to
a secure area but do not specifically address the risk of piggybacking.
77
、
Which of the following is a control over component communication
failure/errors?
A
、
Restricting operator access and maintaining audit trails
B
、
Monitoring and reviewing system engineering activity
C
、
Providing network redundancy
D
、
Establishing physical barriers to the data transmitted over the
network
ANSWER:C
NOTE:Redundancy by building some form of duplication into the network
components, such as a link, router or switch to prevent loss, delays or
data duplication is a control over component communication failure or
error. Other related controls are loop/echo checks to detect line errors,
parity checks, error correction codes and sequence checks. Choices A, B
and D are communication network controls.
78
、
A web server is attacked and compromised. Which of the following
should be performed FIRST to handle the incident?
A
、
Dump the volatile storage data to a disk.
B
、
Run the server in a fail-safe mode.
C
、
Disconnect the web server from the network.
D
、
Shut down the web server.
ANSWER:C
NOTE:The first action is to disconnect the web server from the network to
contain the damage and prevent more actions by the attacker. Dumping the
volatile storage data to a disk may be used at the investigation stage but
does not contain an attack in progress. To run the server in a fail-safe
mode, the server needs to be shut down. Shutting down the server could
potentially erase information that might be needed for a forensic
investigation or to develop a strategy to prevent future similar attacks.
79
、
Which of the following controls would BEST detect intrusion?
A
、
User IDs and user privileges are granted through authorized
procedures.
B
、
Automatic logoff is used when a workstation is inactive for a
particular period of time.
C
、
Automatic logoff of the system occurs after a specified number of
unsuccessful attempts.
D
、
Unsuccessful logon attempts are monitored by the security
administrator.
ANSWER:D
NOTE:Intrusion is detected by the active monitoring and review of
unsuccessful logons. User IDs and the granting of user privileges define a
policy, not a control. Automatic logoff is a method of preventing access
on inactive terminals and is not a detective control. Unsuccessful
attempts to log on are a method for preventing intrusion, not detecting.
80
、
Which of the following physical access controls effectively reduces
the risk of piggybacking?
A
、
Biometric door locks
B
、
Combination door locks
C
、
Deadman doors
D
、
Bolting door locks
ANSWER:C
NOTE:Deadman doors use a pair of doors. For the second door to operate,
the first entry door must close and lock with only one person permitted in
the holding area. This effectively reduces the risk of piggybacking. An
individual's unique body features such as voice, retina, fingerprint or
signature activate biometric door locks; however, they do not prevent or
reduce the risk of piggybacking. Combination door locks, also known as
cipher locks, use a numeric key pad or dial to gain entry. They do not
prevent or reduce the risk of piggybacking since unauthorized individuals
may still gain access to the processing center. Bolting door locks require
the traditional metal key to gain entry. Unauthorized individuals could
still gain access to the processing center along with an authorized
individual.
81
、
An organization provides information to its supply chain partners and
customers through an extranet infrastructure. Which of the following
should be the GREATEST concern to an IS auditor reviewing the firewall
security architecture?
A
、
A Secure Sockets Layer (SSL) has been implemented for user
authentication and remote administration of the firewall.
B
、
Firewall policies are updated on the basis of changing requirements.
C
、
Inbound traffic is blocked unless the traffic type and connections
have been specifically permitted.
D
、
The firewall is placed on top of the commercial operating system
with all installation options.
ANSWER:D
NOTE:The greatest concern when implementing firewalls on top of commercial
operating systems is the potential presence of vulnerabilities that could
undermine the security posture of the firewall platform itself. In most
circumstances, when commercial firewalls are breached that breach is
facilitated by vulnerabilities in the underlying operating system. Keeping
all installation options available on the system further increases the
risks of vulnerabilities and exploits. Using SSL for firewall
administration (choice A) is important, because changes in user and supply
chain partners' roles and profiles will be dynamic. Therefore, it is
appropriate to maintain the firewall policies daily (choice B), and
prudent to block all inbound traffic unless permitted (choice C).
82
、
During an audit of the logical access control of an ERP financial
system an IS auditor found some user accounts shared by multiple
individuals. The user IDs were based on roles rather than individual
identities. These accounts allow access to financial transactions on the
ERP. What should the IS auditor do next?
A
、
Look for compensating controls.
B
、
Review financial transactions logs.
C
、
Review the scope of the audit.
D
、
Ask the administrator to disable these accounts.
ANSWER:A
NOTE:The best logical access control practice is to create user IDs for
each individual to define accountability. This is possible only by
establishing a one-to-one relationship between IDs and individuals.
However, if the user IDs are created based on role designations, an IS
auditor should first understand the reasons and then evaluate the
effectiveness and efficiency of compensating controls. Reviewing
transactions logs is not relevant to an audit of logical access control
nor is reviewing the scope of the audit relevant. Asking the administrator
to disable the shared accounts should not be recommended by an IS auditor
before understanding the reasons and evaluating the compensating controls.
It is not an IS auditor's responsibility to ask for disabling accounts
during an audit.
83
、
Which of the following should be the MOST important consideration
when deciding areas of priority for IT governance implementation?
A
、
Process maturity
B
、
Performance indicators
C
、
Business risk
D
、
Assurance reports
ANSWER:C
NOTE:Priority should be given to those areas which represent a known risk
to the enterprise's operations. The level of process maturity, process
performance and audit reports will feed into the decision making process.
Those areas that represent real risk to the business should be given
priority.
84
、
To ensure compliance with a security policy requiring that passwords
be a combination of letters and numbers, an IS auditor should recommend
that:
A
、
the company policy be changed.
B
、
passwords are periodically changed.
C
、
an automated password management tool be used.
D
、
security awareness training is delivered.
ANSWER:C
NOTE:The use of an automated password management tool is a preventive
control measure. The software would prevent repetition (semantic) and
would enforce syntactic rules, thus making the passwords robust. It would
also provide a method for ensuring frequent changes and would prevent the
same user from reusing their old password for a designated period of time.
Choices A, B and D do not enforce compliance.
85
、
Which of the following online auditing techniques is most effective
for the early detection of errors or irregularities?
A
、
Embedded audit module
B
、
Integrated test facility
C
、
Snapshots
D
、
Audit hooks
ANSWER:D
NOTE:The audit hook technique involves embedding code in application
systems for the examination of selected transactions. This helps an IS
auditor to act before an error or an irregularity gets out of hand. An
embedded audit module involves embedding specially-written software in the
organization's host application system so that application systems are
monitored on a selective basis. An integrated test facility is used when
it is not practical to use test data, and snapshots are used when an audit
trail is required.
86
、
When planning to add personnel to tasks imposing time constraints on
the duration of a project, which of the following should be revalidated
FIRST?
A
、
The project budget
B
、
The critical path for the project
C
、
The length of the remaining tasks
D
、
The personnel assigned to other tasks
ANSWER:B
NOTE:Since adding resources may change the route of the critical path, the
critical path must be reevaluated to ensure that additional resources will
in fact shorten the project duration. Given that there may be slack time
available on some of the other tasks not on the critical path, factors
such as the project budget, the length of other tasks and the personnel
assigned to them may or may not be affected.
87
、
Which of the following acts as a decoy to detect active Internet
attacks?
A
、
Honeypots
B
、
Firewalls
C
、
Trapdoors
D
、
Traffic analysis
ANSWER:A
NOTE:Honeypots are computer systems that are expressly set up to attract
and trap individuals who attempt to penetrate other individuals' computer
systems. The concept of a honeypot is to learn from intruder's actions. A
properly designed and configured honeypot provides data on methods used to
attack systems. The data are then used to improve measures that could curb
future attacks. A firewall is basically a preventive measure. Trapdoors
create a vulnerability that provides an opportunity for the insertion of
unauthorized code into a system. Traffic analysis is a type of passive
attack.
88
、
An organization with extremely high security requirements is
evaluating the effectiveness of biometric systems. Which of the following
performance indicators is MOST important?
A
、
False-acceptance rate (FAR)
B
、
Equal-error rate (EER)
C
、
False-rejection rate (FRR)
D
、
False-identification rate (FIR)
ANSWER:A
NOTE:FAR is the frequency of accepting an unauthorized person as
authorized, thereby granting access when it should be denied. In an
organization with high security requirements, user annoyance with a higher
FRR is less important, since it is better to deny access to an authorized
individual than to grant access to an unauthorized individual. EER is the
point where the FAR equals the FRR; therefore, it does not minimize the
FAR. FIR is the probability that an authorized person is identified, but
is assigned a false ID.
89
、
A retail outlet has introduced radio frequency identification (RFID)
tags to create unique serial numbers for all products. Which of the
following is the PRIMARY concern associated with this initiative?
A
、
Issues of privacy
B
、
Wavelength can be absorbed by the human body
C
、
RFID tags may not be removable
D
、
RFID eliminates line-of-sight reading
ANSWER:A
NOTE:The purchaser of an item will not necessarily be aware of the
presence of the tag. If a tagged item is paid for by credit card, it would
be possible to tie the unique ID of that item to the identity of the
purchaser. Privacy violations are a significant concern because RFID can
carry unique identifier numbers. If desired it would be possible for a
firm to track individuals who purchase an item containing an RFID. Choices
B and C are concerns of less importance. Choice D is not a concern.
90
、
The risks associated with electronic evidence gathering would MOST
likely be reduced by an e-mail:
A
、
destruction policy.
B
、
security policy.
C
、
archive policy.
D
、
audit policy.
ANSWER:C
NOTE:With a policy of well-archived e-mail records, access to or retrieval
of specific e-mail records is possible without disclosing other
confidential e-mail records. Security and/or audit policies would not
address the efficiency of record retrieval, and destroying e-mails may be
an illegal act.
91
、
Which of the following is a characteristic of timebox management?
A
、
Not suitable for prototyping or rapid application development (RAD)
B
、
Eliminates the need for a quality process
C
、
Prevents cost overruns and delivery delays
D
、
Separates system and user acceptance testing
ANSWER:C
NOTE:Timebox management, by its nature, sets specific time and cost
boundaries. It is very suitable for prototyping and RAD, and integrates
system and user acceptance testing, but does not eliminate the need for a
quality process.
92
、
Which of the following line media would provide the BEST security for
a telecommunication network?
A
、
Broadband network digital transmission
B
、
Baseband network
C
、
Dial-up
D
、
Dedicated lines
ANSWER:D
NOTE:Dedicated lines are set apart for a particular user or organization.
Since there is no sharing of lines or intermediate entry points, the risk
of interception or disruption of telecommunications messages is lower.