An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review? A. Availability of online network documentation B. Support of terminal access to remote hosts C. Handling file transfer between hosts and inter-user communications D. Performance management, audit and control

The review of router access control lists should be conducted during a/an: A. environmental review. B. network security review. C. business continuity review. D. data integrity review.

Neural networks are effective in detecting fraud because they can: A. discover new trends since they are inherently linear. B. solve problems where large and general sets of training data are not obtainable. C. attack problems that require consideration of a large number of input variables. D. make assumptions about the shape of any curve relating variables to the output.

A manufacturer has been purchasing materials and supplies for its business through an e-commerce application. Which of the following should this manufacturer rely on to prove that the transactions were actually made? A. Reputation B. Authentication C. Encryption D. Nonrepudiation

Which of the following message services provides the strongest protection that a specific action has occurred? A. Proof of delivery B. Nonrepudiation C. Proof of submission D. Message origin authentication

The database administrator has recently informed you of the decision to disable certain normalization controls in the database management system (DBMS) software to provide users with increased query performance. This will MOST likely increase the risk of: A. loss of audit trails. B. redundancy of data. C. loss of data integrity. D. unauthorized access to data.

The development of an IS security policy is ultimately the responsibility of the: A. IS department. B. security committee. C. security administrator. D. board of directors.

Which of the following should be of MOST concern to an IS auditor? A. Lack of reporting of a successful attack on the network B. Failure to notify police of an attempted intrusion C. Lack of periodic examination of access rights D. Lack of notification to the public of an intrusion

Which of the following audit techniques would an IS auditor place the MOST reliance on when determining whether an employee practices good preventive and detective security measures? A. Observation B. Detail testing C. Compliance testing D. Risk assessment

Which of the following is MOST important to have provided for in a disaster recovery plan? A. Backup of compiled object programs B. Reciprocal processing agreement C. Phone contact list D. Supply of special forms

An IS auditor reviewing an outsourcing contract of IT facilities would expect it to define the: A. hardware configuration. B. access control software. C. ownership of intellectual property. D. application development methodology.

An existing system is being extensively enhanced by extracting and reusing design and program components. This is an example of: A. reverse engineering. B. prototyping. C. software reuse. D. reengineering.

Which of the following is the FIRST step in a business process reengineering (BPR) project? A. Defining the areas to be reviewed B. Developing a project plan C. Understanding the process under review D. Reengineering and streamlining the process under review

The use of object-oriented design and development techniques would MOST likely: A. facilitate the ability to reuse modules. B. improve system performance. C. enhance control effectiveness. D. speed up the system development life cycle.

A disaster recovery plan (DRP) for an organization should: A. reduce the length of the recovery time and the cost of recovery. B. increase the length of the recovery time and the cost of recovery. C. reduce the duration of the recovery time and increase the cost of recovery. D. not affect the recovery time nor the cost of recovery.