During an IS audit, the IS auditor discovers that a wireless network is used within the enterprise's headquarters. What is the FIRST thing the auditor should check?

The signal strength outside of the building

The number of clients connected

The IP address allocation mechanism

Employees in the company have received several e-mail messages from unknown sources that try and entice her to click a specific link using a “Click Here” approach. Which of the following best describes the most likely taking place in this situation?

Embedded hyperlink is obfuscated

Bi-directional injection attack

Terminal emulation software is useful for which of the following?

Configuring a server or network device through a serial port

To ensure controls are in place and used by the designated personnel, authentication is a must. Two-factor authentication is commonly used by organizations. Which of the below could refer to this type of authentication?

User ID and unique characteristic

What do the initials of the older terminology IPF represent?

Information processing facility

Information-only policy for distribution

Which of the following is provided by digital signatures?

Sender identity with nonrepudiation

File encryption using the sender’s public key

File confidentiality using encryption

Sender identity without nonrepudiation

Which of the following is true concerning the roles of data owner, data user, and data custodian?

The data owner specifies controls

The data user implements controls as necessary

The data custodian is responsible for specifying acceptable usage

The data custodian specifies security classification

Which of the following VPN methods will transmit data across the local network in plain text without encryption?

Layer 2 Tunneling Protocol (L2TP)

Which of these is the most effective control over a guest wireless ID given to the vendor staff?

Assignment of a renewable user ID which expires daily

A write-once log to monitor the vendor's activities on the system

Utilization of a user ID format similar to that used by employees

Ensuring that wireless network encryption is configured properly

Why is it important to have a clearly defined incident-handling process in place?

To avoid dealing with a computer and network threat in an ad hoc, reactive, and confusing manner

In order to provide a quick reaction to a threat so that a company can return to normal operations as soon as possible

In order to provide a uniform approach with certain expectations of the results

Why should the transportation and tracking of backup media be given a high priority?

Backup media contains the organization’s secrets.

Backup media has a limited shelf life.

Backups should be transported in a locked storage box.

Use of encryption eliminates transportation and tracking issues.

Identifying information assets and their owners is a significant control activity. Social engineering methods can be used to compromise Information assets. Which of the below methods represents social engineering?

Deceiving a person into voluntarily cooperating with the attacker

Software hacking tool usage to circumvent security

Phishing of sensitive information by an employee

Not using software development standards

CA or the certificate authority are used by several organizations for ensuring controls. What is the primary role of CA’s in infrastructure using public keys?

Certificate issue and record maintenance

Which of the following conditions is likely to represent a control failure and therefore be a concern to the auditor?

A policy without an underlying standard of monitoring and enforcement

A general policy intended to be a catchall for things not specifically mentioned

Use of the guideline with monitoring, but no formal policy

In comparison to a guideline, what is the definition of a standard?

A standard is a compulsory control for supporting a policy. It is discretionary to follow guidelines.

A standard is a control that is discretionary used with a guideline to help the decision process of the reader.

A guideline is a control that is recommended and required for supporting discretionary standards.

A guideline is intended for designating a policy, while a standard is used when a policy is absent.

Who should be responsible for issuing the organizational policies?

They should be enforced and signed by the highest management level.

They should initiate from the lowest level and then move up for approval to the department manager.

They should be issued by the auditor according to the standards. The highest management level should authorize them for ensuring compliance.

They can be issued by any management level.

Which statement is true concerning digital signatures?

The recipient uses the signer’s public key

The signer uses the recipient’s public key.

The signer uses the recipient’s private key.

The recipient uses the signer’s private key.

The two common proximity identification devices types are:

User-activated devices and system sensing devices

Swipe card devices and passive devices

Biometric devices and access control devices

Preset code devices and wireless devices

M4 and M5

Quiz

•

Professional Development

•

Professional Development

•

Practice Problem

•

Hard

Rohit Narang

FREE Resource

Student preview

Network-based intrusion detection

A fingerprint scanner facilitating biometric access control

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Professional Development

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

100 questions

Screening Test Customer Service

Quiz

•

Professional Development

20 questions

90s Cartoons

Quiz

•

Professional Development

10 questions

Reading a ruler in Inches

Quiz

•

4th Grade - Professio...

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

12 questions

Valentines Day Trivia

Quiz

•

Professional Development

M4 and M5

49 questions

An IS auditor is auditing a proposed software acquisition. What should be kept in mind?

An IS auditor reviewing the operating system integrity of a server would PRIMARILY:

An organization which has large number of suppliers wants to have an online update of the material supply. Therefore, it wishes to provide limited network access to its suppliers. Which of these options would be chosen?

At which layer of the OSI model does a gateway operate?

Due to increased level of attacks on an organization’s Internet, it has asked its audit team to recommend a detection and deterrent control against Internet attacks. Which of the below would be the BEST option?

During an audit where scope includes server environments, an IS auditor would be ensured with which of the below BEST providing the highest degree of server access control?

During an IS audit, the IS auditor discovers that a wireless network is used within the enterprise's headquarters. What is the FIRST thing the auditor should check?

During data backup, which of the below would require special handling?

Employees in the company have received several e-mail messages from unknown sources that try and entice her to click a specific link using a “Click Here” approach. Which of the following best describes the most likely taking place in this situation?

Access all questions and much more by creating a free account

Popular Resources on Wayground

Discover more resources for Professional Development