Answer / guest

Answer: B

The absence of password controls on the client-server where
production data resides is the most critical weakness. All
other findings, while they are control weaknesses, do not
carry the same disastrous impact.

Which of the following audit tools is MOST useful to an IS auditor when an audit trail is required? A. Integrated test facility (ITF) B. Continuous and intermittent simulation (CIS) C. Audit hooks D. Snapshots

1 Answers  

---

Which of the following is the MOST effective type of antivirus software? A. Scanners B. Active monitors C. Integrity checkers D. Vaccines

2 Answers  

---

Business continuity/disaster recovery is PRIMARILY the responsibility of: A. IS management. B. business unit managers. C. the security administrator. D. the board of directors.

1 Answers  

---

Which of the following provides a mechanism for coding and compiling programs interactively? A. Firmware B. Utility programs C. Online programming facilities D. Network management software

1 Answers  

---

Which of the following would an IS auditor consider to be the MOST important when evaluating an organization's IS strategy? That it: A. has been approved by line management. B. does not vary from the IS department's preliminary budget. C. complies with procurement procedures. D. supports the business objectives of the organization.

1 Answers  

---

---

Which of the following provisions in a contract for external information systems services would an IS auditor consider to be LEAST significant? A. Ownership of program and files B. Statement of due care and confidentiality C. Continued service of outsourcer in the event of a disaster D. Detailed description of computer hardware used by the vendor

1 Answers  

---

During which of the following phases in systems development would user acceptance test plans normally be prepared? A. Feasibility study B. Requirements definition C. Implementation planning D. Post-implementation review

1 Answers  

---

Which of the following types of firewalls would BEST protect a network from an Internet attack? A. Screened subnet firewall B. Application filtering gateway C. Packet filtering router D. Circuit-level gateway

2 Answers  

---

To share data in a multivendor network environment, it is essential to implement program-to-program communication. With respect to program-to-program communication features that can be implemented in this environment, which of the following makes implementation and maintenance difficult? A. User isolation B. Controlled remote access C. Transparent remote access D. The network environments

1 Answers  

---

The difference between a vulnerability assessment and a penetration test is that a vulnerability assessment: A. searches and checks the infrastructure to detect vulnerabilities, whereas penetration testing intends to exploit the vulnerabilities to probe the damage that could result from the vulnerabilities. B. and penetration tests are different names for the same activity. C. is executed by automated tools, whereas penetration testing is a totally manual process. D. is executed by commercial tools, whereas penetration testing is executed by public processes.

1 Answers  

---

Which of the following is the PRIMARY safeguard for securing software and data within an information processing facility? A. Security awareness B. Reading the security policy C. Security committee D. Logical access controls

1 Answers  

---

A B-to-C e-commerce web site as part of its information security program wants to monitor, detect and prevent hacking activities and alert the system administrator when suspicious activities occur. Which of the following infrastructure components could be used for this purpose? A. Intrusion detection systems B. Firewalls C. Routers D. Asymmetric encryption

1 Answers  

---