Which of the following would not prevent the loss of an asset but would assist in recovery by transferring part of the risk to a third party? A. Full system backups B. Insurance C. Testing D. Business impact analysis

A control for a company that wants to prevent virus-infected programs (or other type of unauthorized modified programs) would be to: A. utilize integrity checkers. B. verify program's lengths. C. backup the source and object code. D. implement segregation of duties.

Which of the following is the MOST effective type of antivirus software? A. Scanners B. Active monitors C. Integrity checkers D. Vaccines

Testing the connection of two or more system components that pass information from one area to another is: A. pilot testing. B. parallel testing C. interface testing. D. regression testing.

Which of the following are data file controls? A. Internal and external labeling B. Limit check and logical relationship checks C. Total items and hash totals D. Report distribution procedures

Which of the following is an example of a passive attack, initiated through the Internet? A. Traffic analysis B. Masquerading C. Denial of service D. E-mail spoofing

Which of the following Internet security threats could compromise integrity? A. Theft of data from the client B. Exposure of network configuration information C. A trojan horse browser D. Eavesdropping on the net

IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that: A. a substantive test would be too costly. B. the control environment is poor. C. inherent risk is low. D. control risks are within the acceptable limits.

The IS department of an organization wants to ensure that the computer files, used in the information processing facility, are backed up adequately to allow for proper recovery. This is a/an: A. control procedure. B. control objective. C. corrective control. D. operational control.

Which of the following reports should an IS auditor use to check compliance with a service level agreement (SLA) requirement for uptime? A. Utilization reports B. Hardware error reports C. System logs D. Availability reports

Various standards have emerged to assist IS organizations in achieving an operational environment that is predictable, measurable and repeatable. The standard that provides the definition of the characteristics and the associated quality evaluation process to be used when specifying the requirements for and evaluating the quality of software products throughout their life cycle is: A. ISO 9001. B. ISO 9002. C. ISO 9126. D. ISO 9003.

To help mitigate the effects of a denial of service attack, which mechanism can an Internet service provider (ISP) use to identify Internet protocol (IP) packets from unauthorized sources? A. Inbound traffic filtering B. Rate limiting C. Reverse address lookup D. Network performance monitoring

An organization is moving its application maintenance in-house from an outside source. Which of the following should be the main concern of an IS auditor? A. Regression testing B. Job scheduling C. User manuals D. Change control procedures

The phases and deliverables of a systems development life cycle (SDLC) project should be determined: A. during the initial planning stages of the project. B. after early planning has been completed, but before work has begun. C. through out the work stages based on risks and exposures. D. only after all risks and exposures have been identified and the IS auditor has recommended appropriate controls.

An IS auditor performing a review of the IS department discovers that formal project approval procedures do not exist. In the absence of these procedures the IS manager has been arbitrarily approving projects that can be completed in a short duration and referring other more complicated projects to higher levels of management for approval. The IS auditor should recommend as a FIRST course of action that: A. users participate in the review and approval process. B. formal approval procedures be adopted and documented. C. projects be referred to appropriate levels of management for approval. D. the IS manager's job description be changed to include approval authority.