Answer / guest

Answer: A

Reviewing the effectiveness and utilization of assets is not
within the purview of a security audit. Security audits
primarily focus on the evaluation of the policies and
procedures that ensure the confidentiality, integrity and
availability of data. During an audit of security the IS
auditor would normally review access to assets, and validate
the physical and environmental controls to the extent
necessary to satisfy the audit requirements. The IS auditor
would also review logical access policies and compare them
to job profiles to ensure that excessive access has not been
granted. The review also would include an evaluation of
asset safeguards and procedures to prevent unauthorized
access to assets.

Which of the following would an IS auditor consider to be the MOST important when evaluating an organization's IS strategy? That it: A. has been approved by line management. B. does not vary from the IS department's preliminary budget. C. complies with procurement procedures. D. supports the business objectives of the organization.

1 Answers  

---

An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking? A. An application-level gateway B. A remote access server C. A proxy server D. Port scanning

2 Answers  

---

A data center has a badge-entry system. Which of the following is MOSTimportant to protect the computing assets in the center? A. Badge readers are installed in locations where tampering would be noticed B. The computer that controls the badge system is backed up frequently C. A process for promptly deactivating lost or stolen badges exists D. All badge entry attempts are logged

5 Answers  

---

A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it:

5 Answers   Cognizant,

---

Which of the following can identify attacks and penetration attempts to a network? A. Firewall B. Packet filters C. Stateful inspection D. Intrusion detection system (IDs)

1 Answers  

---

The method of routing traffic through split cable facilities or duplicate cable facilities is called: A. alternative routing. B. diverse routing. C. redundancy. D. circular routing.

1 Answers  

---

IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that: A. a substantive test would be too costly. B. the control environment is poor. C. inherent risk is low. D. control risks are within the acceptable limits.

2 Answers  

---

While planning an audit, an assessment of risk should be made to provide: A. reasonable assurance that the audit will cover material items. B. definite assurance that material items will be covered during the audit work. C. reasonable assurance that all items will be covered by the audit. D. sufficient assurance that all items will be covered during the audit work.

1 Answers  

---

Data edits are an example of: A. preventive controls. B. detective controls. C. corrective controls. D. compensating controls.

2 Answers  

---

Accountability for the maintenance of appropriate security measures over information assets resides with the: A. security administrator. B. systems administrator. C. data and systems owners. D. systems operations group.

2 Answers  

---

The PRIMARY purpose of audit trails is to: A. improve response time for users. B. establish accountability and responsibility for processed transactions. C. improve the operational efficiency of the system. D. provide useful information to auditors who may wish to track transactions.

1 Answers  

---

An advantage of the use of hot sites as a backup alternative is that: A. the costs associated with hot sites are low. B. hot sites can be used for an extended amount of time. C. hot sites can be made ready for operation within a short period of time. D. they do not require that equipment and systems software be compatible with the primary site.

1 Answers  

---