Answer / guest

Answer: A

Tunnel mode with IP security provides encryption and
authentication of the complete IP package. To accomplish
this, the AH (authentication header) and ESP (encapsulating
security payload) services can be nested? Choices B and C
provide authentication and integrity. TCP services do not
provide encryption and authentication.

A primary reason for an IS auditor's involvement in the development of a new application system is to ensure that: A. adequate controls are built into the system. B. user requirements are satisfied by the system. C. sufficient hardware is available to process the system. D. data are being developed for pre-implementation testing of the system.

1 Answers  

---

In large corporate networks having supply partners across the globe, network traffic may continue to rise. The infrastructure components in such environments should be scalable. Which of the following firewall architectures limits future scalability? A. Appliances B. Operating system based C. Host based D. Demilitarized

1 Answers  

---

Which of the following provides nonrepudiation services for e-commerce transactions? A. Public key infrastructure (PKI) B. Data encryption standard (DES) C. Message authentication code (MAC) D. Personal identification number (PIN)

1 Answers  

---

The PRIMARY purpose of undertaking a parallel run of a new system is to: A. verify that the system provides required business functionality. B. validate the operation of the new system against its predecessor. C. resolve any errors in the program and file interfaces. D. verify that the system can process the production load.

2 Answers  

---

Which of the following is the MOST effective type of antivirus software? A. Scanners B. Active monitors C. Integrity checkers D. Vaccines

2 Answers  

---

Which of the following is the MOST important consideration when developing a business continuity plan for a bank? A. Antivirus software B. Naming standards C. Customer balance list D. Password policy

1 Answers  

---

A programmer included a routine into a payroll application to search for his/her own payroll number. As a result, if this payroll number does not appear during the payroll run, a routine will generate and place random numbers onto every paycheck. This routine is known as: A. scavenging. B. data leakage. C. piggybacking. D. a trojan horse.

1 Answers  

---

Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures? A. Review software migration records and verify approvals. B. Identify changes that have occurred and verify approvals. C. Review change control documentation and verify approvals. D. Ensure that only appropriate staff can migrate changes into production.

1 Answers  

---

Which of the following BEST describes the early stages of an IS audit? A. Observing key organizational facilities. B. Assessing the IS environment. C. Understanding business process and environment applicable to the review. D. Reviewing prior IS audit reports.

1 Answers  

---

The use of statistical sampling procedures helps minimize: A. sampling risk. B. detection risk. C. inherent risk. D. control risk.

1 Answers  

---

An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking? A. An application-level gateway B. A remote access server C. A proxy server D. Port scanning

2 Answers  

---

An IS auditor performing an audit of the company's IS strategy would be LEAST likely to: A. assess IS security procedures. B. review both short- and long-term IS strategies. C. interview appropriate corporate management personnel. D. ensure that the external environment has been considered.

1 Answers  

---