(C-5-8) An organization experiences frequent malware infections on end-user workstations that are received through e-mail, despite the fact that workstations have anti-malware software. What is the best measure for reducing malware?

Anti-malware software on e-mail servers

Anti-malware software on web proxy servers

(C-5-9) An auditor has reviewed the access privileges of some employees and has discovered that employees with longer terms of service have excessive privileges. What can the auditor conclude from this?

Employee privileges are not being removed when they transfer from one position to another.

Long-time employees are able to guess other users’ passwords successfully and add to their privileges.

Long-time employees’ passwords should be set to expire more frequently.

The organization’s termination process is ineffective

(C-5-10) An organization wants to reduce the number of user IDs and passwords that its employees need to remember. What is the best available solution to this problem?

Password vaults for storing user IDs and passwords

(C-5-11) An IS auditor has discovered that an employee has installed a Wi-Fi access point in his cube. What action should the IS auditor take?

The IS auditor should immediately report this as a high-risk situation.

The IS auditor should include this in his audit report.

The IS auditor should ask the employee to turn off the Wi-Fi access point when it is not being used.

The IS auditor should test the Wi-Fi access point to see whether it properly authenticates users.

(C-5-12) An auditor is examining an organization’s data loss prevention (DLP) system. The DLP system is recording instances of sensitive information that is leaving the organization. There are no records of actions taken. What should the IS auditor recommend?

That management appoint a party responsible for taking action when the DLP system detects that sensitive information is leaving the organization

That management develop procedures for responding to DLP system alerts

That management discontinue use of the DLP system since no one is taking action

That the DLP system be reconfigured to stop issuing alerts

(C-5-13) An organization’s remote access requires a user ID and one-time password token. What weakness does this scheme have?

Someone who finds a one-time password token could log in as the user by guessing the user ID.

Someone who finds a one-time password token could log in as the user by guessing the password.

Someone who knows the user ID could derive the password.

Someone who is able to eavesdrop on the authentication can log in later using a replay attack

CHAPTER 5 - CISA

Authored by Yohana Gracia Naomi

Computers

Professional Development

Used 7+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

15 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

(C-5-1) A fire sprinkler system has water in its pipes, and sprinkler heads emit water only
if the ambient temperature reaches 220°F. What type of system is this?

Deluge

Post-action

Wet Pipe

Pre-Action

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

(C-5-2) An organization is building a data center in an area frequented by power outages.
The organization cannot tolerate power outages. What power system controls
should be selected?

Uninterruptible power supply and electric generator

Uninterruptible power supply and batteries

Electric generator

Electric generator and line conditioning

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

(C-5-3) An auditor has discovered several errors in user account management: many
terminated employees’ computer accounts are still active. What is the best course
of action?

Improve the employee termination process.

Shift responsibility for employee terminations to another group.

Audit the process more frequently.

Improve the employee termination process and audit the process more

frequently.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

(C-5-4) An auditor has discovered that several administrators in an application share an
administrative account. What course of action should the auditor recommend?

Implement activity logging on the administrative account

Use several named administrative accounts that are not shared.

Implement a host-based intrusion detection system.

Require each administrator to sign nondisclosure and acceptable-use

agreements.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

(C-5-5) An organization that has experienced a sudden increase in its long-distance
charges has asked an auditor to investigate. What activity is the auditor likely to
suspect is responsible for this?
A. Employees making more long-distance calls
B. Toll fraud
C. PBX malfunction
D. Malware in the PBX

Employees making more long-distance calls

Toll fraud

PBX malfunction

Malware in the PBX

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

(C-5-6) An auditor is examining a key management process and has found that the
IT department is not following its split-custody procedure. What is the likely
result of this failure?

One or more individuals are in possession of the entire password for an

encryption key.

One or more individuals are in possession of encrypted files.

Backup tapes are not being stored at an off-site facility.

Two or more employees are sharing an administrative account.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

(C-5-7) A developer is updating an application that saves passwords in plaintext. What is
the best method for securely storing passwords?

Encrypted with each user’s public key

Encrypted with a public key

Encrypted with a private key

Hashed

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

10 questions

Git & Github

Quiz

•

Professional Development

11 questions

KOE034: Sensors and Instruments

Quiz

•

Professional Development

20 questions

DI (EM24) - Diseño de Contenidos (T8)

Quiz

•

University - Professi...

10 questions

Cloud computing 2

Quiz

•

Professional Development

11 questions

Fortnite

Quiz

•

5th Grade - Professio...

10 questions

UDC 2022

Quiz

•

Professional Development

10 questions

Mastering KineMaster

Quiz

•

Professional Development

17 questions

Introduction to Computer Systems: Basic elements

Quiz

•

University - Professi...

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Computers

10 questions

How to Email your Teacher

Quiz

•

Professional Development

6 questions

3RD GRADE DECLARATION OF INDEPENDENCE EXIT TICKET

Quiz

•

Professional Development

19 questions

Black History Month Trivia

Quiz

•

6th Grade - Professio...

22 questions

Multiplying Exponents with the Same Base

Quiz

•

9th Grade - Professio...

40 questions

Flags of the World

Quiz

•

KG - Professional Dev...

CHAPTER 5 - CISA

(C-5-1) A fire sprinkler system has water in its pipes, and sprinkler heads emit water onlyif the ambient temperature reaches 220°F. What type of system is this?

(C-5-2) An organization is building a data center in an area frequented by power outages.The organization cannot tolerate power outages. What power system controlsshould be selected?

(C-5-3) An auditor has discovered several errors in user account management: manyterminated employees’ computer accounts are still active. What is the best courseof action?

(C-5-4) An auditor has discovered that several administrators in an application share anadministrative account. What course of action should the auditor recommend?

(C-5-5) An organization that has experienced a sudden increase in its long-distancecharges has asked an auditor to investigate. What activity is the auditor likely tosuspect is responsible for this?A. Employees making more long-distance callsB. Toll fraudC. PBX malfunctionD. Malware in the PBX

(C-5-6) An auditor is examining a key management process and has found that theIT department is not following its split-custody procedure. What is the likelyresult of this failure?

(C-5-7) A developer is updating an application that saves passwords in plaintext. What isthe best method for securely storing passwords?

(C-5-8) An organization experiences frequent malware infections on end-userworkstations that are received through e-mail, despite the fact that workstationshave anti-malware software. What is the best measure for reducing malware?

(C-5-9) An auditor has reviewed the access privileges of some employees and hasdiscovered that employees with longer terms of service have excessive privileges.What can the auditor conclude from this?

(C-5-10) An organization wants to reduce the number of user IDs and passwords that itsemployees need to remember. What is the best available solution to this problem?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers

(C-5-1) A fire sprinkler system has water in its pipes, and sprinkler heads emit water only
if the ambient temperature reaches 220°F. What type of system is this?

(C-5-2) An organization is building a data center in an area frequented by power outages.
The organization cannot tolerate power outages. What power system controls
should be selected?

(C-5-3) An auditor has discovered several errors in user account management: many
terminated employees’ computer accounts are still active. What is the best course
of action?

(C-5-4) An auditor has discovered that several administrators in an application share an
administrative account. What course of action should the auditor recommend?

(C-5-6) An auditor is examining a key management process and has found that the
IT department is not following its split-custody procedure. What is the likely
result of this failure?

(C-5-7) A developer is updating an application that saves passwords in plaintext. What is
the best method for securely storing passwords?

(C-5-8) An organization experiences frequent malware infections on end-user
workstations that are received through e-mail, despite the fact that workstations
have anti-malware software. What is the best measure for reducing malware?

(C-5-9) An auditor has reviewed the access privileges of some employees and has
discovered that employees with longer terms of service have excessive privileges.
What can the auditor conclude from this?

(C-5-10) An organization wants to reduce the number of user IDs and passwords that its
employees need to remember. What is the best available solution to this problem?