Which of the following LAN physical layouts is subject to total loss if one device fails? A. Star B. Bus C. Ring D. Completely connected

Which of the following is a benefit of a risk-based approach to audit planning? Audit: A. scheduling may be performed months in advance. B. budgets are more likely to be met by the IS audit staff. C. staff will be exposed to a variety of technologies. D. resources are allocated to the areas of highest concern.

The PRIMARY objective of a logical access controls review is to: A. review access controls provided through software. B. ensure access is granted per the organization's authorities. C. walkthrough and assess access provided in the IT environment. D. provide assurance that computer hardware is protected adequately against abuse.

The security level of a private key system depends on the number of: A. encryption key bits. B. messages sent. C. keys. D. channels used.

Which of the following should be included in an organization's IS security policy? A. A list of key IT resources to be secured B. The basis for access authorization C. Identity of sensitive security features D. Relevant software security features

In the ISO/OSI model, which of the following protocols is the FIRST to establish security for the user application? A. Session layer. B. Transport layer C. Network layer D. Presentation layer

Which of the following protocols would be involved in the implementation of a router and interconnectivity device monitoring system? A. Simple network management B. File transfer C. Simple Mail Transfer Protocol D. Telnet

In large corporate networks having supply partners across the globe, network traffic may continue to rise. The infrastructure components in such environments should be scalable. Which of the following firewall architectures limits future scalability? A. Appliances B. Operating system based C. Host based D. Demilitarized

Which of the following is a concern when data is transmitted through secure socket layer (SSL) encryption implemented on a trading partner's server? A. Organization does not have control over encryption. B. Messages are subjected to wire tapping. C. Data might not reach the intended recipient. D. The communication may not be secure.

The responsibility, authority and accountability of the IS audit function is documented appropriately in an audit charter and MUST be: A. approved by the highest level of management. B. approved by audit department management. C. approved by user department management. D. changed every year before commencement of IS audits.

In which of the following network configurations would problem resolution be the easiest? A. Bus B. Ring C.Star D. Mesh

Which of the following is the operating system mode in which all instructions can be executed? A. Problem B. Interrupt C. Supervisor D. Standard processing

Which of the following BEST describes the role of a systems analyst? A. Defines corporate databases B. Designs systems based on the needs of the user C. Schedules computer resources D. Tests and evaluates programmer and optimization tools

The PRIMARY reason for separating the test and development environments is to: A. restrict access to systems under test. B. segregate user and development staff. C. control the stability of the test environment. D. secure access to systems under development.

Information for detecting unauthorized input from a terminal would be BEST provided by the: A. console log printout. B. transaction journal. C. automated suspense file listing. D. user error report.