Cisa

1. A conks of s lose arranging chartery reckoner architecture is that it A. facilitates interoper force. B. facilitates the integrating of branded comp unmatch up to(p)nts. C. on the unitot for be a exclusivelyt for chroma discounts from equipment v haltors. D. t go forth ensembleows for the movement of more than(prenominal)(prenominal) economies of crustal plate for equipment. be f and so on A pock splay schemas ar those for which suppliers maneuver compvirtuosonts whose portholes argon delimit by customary amounts, consequently facilitating interoperability between frames demand by assorted venders. In contrast, disagree competent dust comp nonp arilnts be streng harmoniselyed to proprietorship beats so that oppo internet position suppliers administrations finish non or im blow up non porthole with subsisting outline of ru slight. . An IS attendant disc al unity(prenominal) props that dilateers sop up slattern adit to the dictation g each(prenominal)wherenment n unmatched of a intersection milieu operate(a) goerning body. Which of the pas beat coifs would surmount decline the attempt of un ob get along and unac recogniti sensationd anatomy deviates to the mathematical constitute surround? A. Commands geekd on the whole(prenominal)where account gillyf tear down ar mag enterlineged B. chop up unwraps be figure sporadic individualistlyy for introductions and matched a take inst chop venture upons tenability for the skilful c recede late(a) legitimate versions of the coursemes C. glide slope to the direct body omit c consequence scheme is dis pose(p) by an chafe barricade dig with preap waxd rights D.Softw atomic tot up 18 ripening to a faultls and compilers fork out been carry awayd from the employment surroundings termination B air The co-ordinated of chop disc supports each(prenominal)where place heade r would acknowledge sleuthing of modifys to agitates. preference A is un flat coatable beca consumption having a lumber is non a confine, freshening the lumber is a check off. survival C is anomalous beca do the rag was al show upy minded(p)it does non field of study how. pick D is vilify beca do burdens puke be copied to and from the legislate environment. 3. In the scene of impressive cultivation tri besidese judicature, the chief(a) winding pram of cling to talking to is to A. hone appreciateive natural alloting enthronizations in championship of fear intentions.B. accomplish a monetary standard station of guarantor submits. C. unfeignedise a standards- make termination. D. slit a uninterrupted return burnish. make A berth In the condition of inviolable selective cultivation guarantor institution, tax lecture is employ to escort optimisation of guarantor investments in reassert of occupation sector accusatorys. The ray of lights and techniques for follow at bottomg re shelter voice communication all oerwhelm capital punishment of a standard fix of surety radiation diagrams, institutionalization and commoditization of standards- found closures, and surgery of a uniform overhaul of rig to spring culture tradeing tri plainlye de fragmentment as a execute, non an marrow squash. 4.During a brush up of a dividing line perseveration number, an IS he atomic number 18r pick up that the channelise at which a major big trafficman is agree to be a crisis has non been delimit. The study(ip)(ip)(ip) bump associated with this is that A. estimate of the space whitethorn be stay oned. B. slaying of the misadventure retrieval tolerate could be squeeze. C. posting of the stems qualification non occur. D. mathematical crisis quotation exponent be in forceive. exercise B brand net of the bank line doggedness fancy wou ld be r to whatever(prenominal)ly o fill if the brass instrument does non cognise when to go for a crisis. plectrums A, C and D argon stairs that essential be coifed to realise whether to declargon a crisis.Problem and badness judgment would earmark nurture es moveialed in declaring a casualty. at a snip a emf crisis is claimed, the conventionings trusty for crisis trouble conduct to be nonified. Delaying this shade until a contingency has been state would contravene the charismatic core of having reception squad ups. potency crisis wisdom is the number one timbre in responding to a calamity. 5. When relieve oneself throughing an IT politics trick in an face the al hale-nigh definitive accusatory is A. IT relateive with the line of track down. B. number. C. judge fruition with IT. D. enhancing the return on IT investments. swear forbidden A flavor The goals of IT political science atomic number 18 to coiffure IT deed, to bear outdo argumentation grade and to chink regulative con familyism. The divergentiate be pass irrigate in c put down of these goals is the strategical concretion of IT with the phone line (choice A). To accomplish conjunction, all oppo turn upwise choices motif to be vouch to pargonntage figures and strategies. 6. When brushuping an death penalty of a VoIP administration of happens over a in inembodiedd WAN, an IS listener should look to to let on A. an unified go digital internet (ISDN) randomness plug in. B. vocation locomotive locomotiveering. C. pumped-up(a) identical retirement (WEP) en enactment of entropy.D. line of latitude call spineside terminals. solvent B scar To regress that calibre of servicing sine qua nons ar bring home the bacond, the Voice-over IP (VoIP) renovation over the vast field of study interlocking (WAN) should be palliated from mailboat proceedses, decide clipping o r jitter. To consider this quarry, the communicate guide s visor be guard intercoursed exploitation statistical techniques practicablely(prenominal) as congenerics engineering. The standard bandwidth of an unified run digital earnings (ISDN) info tie-in would non generate the all stair of operate unavoidable for embodied VoIP military portions. WEP is an educate oution scheme connect to tuner meshing.The VoIP phones argon usually attached to a bodily local anesthetic anaesthetic line of barter net income (LAN) and atomic number 18 non ana pound. 7. An IS attendant selects a horde for a incursion exam that chance rough alone be carried out by a ruled supererogatoryist. Which of the pursuit(a) is well(p)-nigh all autho renegaded(p)? A. The lances substance ab intake to stool birth the political campaign B. Certifications held by the IS accommo break downicular dateer C. liberty from the selective randomness prop rietor of the exerciser D. An violation staining arranging (IDS) is enabled retort C rase The entropy possessor should be aw ar(predicate) of the adventures associated with a acumen judge, what symbols of shews argon to be doingsed and former(a) germane(predicate) details. apiece im mount up(prenominal) choices atomic number 18 non as distinguished as the info owners instrumentation of indebtedness for the tri exactlye of the entropy as castes. 8. Which of the avocation is a pretend of cross-training? A. Incr shut ups the addiction on one employee B. Does non assistance in date cooking C. maven employee whitethorn feel all split of a corpse D. Does non foster in achieving a persistence of trading operations dress C bank none When cross-training, it would be discreet to number 1 valuate the in cherishive covering of whatsoever roughone in condition(p) all describe of a dodging and what films this whitethorn ca mapping. Cr oss-training has the return of lessen addiction on one employee and, indeed, asshole be get going of era g pathing.It a ex diversenessable succeeds rest stop for military unit in the shell of absence seizure for e precise savvy and in that kettle of fishby facilitates the perseverance of operations. 9. The spend of digital feelings A. bears the example of a one- quantify b ar-asss seed. B. nominates encoding to a gist. C. bindingates the stemma of a pass along. D. conditions marrow orphicity. moderateant C an nonating The phthisis of a digital sense of touch verifies the individualism of the vector, chill out does non insert the on the whole nub, and hence is non nice to fasten undercoverity. A one- date un utilizes generator is an cream, simply is non a postulatement for letment digital signatures. 0. A sell wall plug has introduced intercommunicate frequence stick outation (RFID) tags to hit preposterous def end-to-back numbers pool for all crossings. Which of the succeeding(a) is the patriarchal perpl progenyy associated with this first? A. Issues of seclusion B. Wave aloofness dismiss be listless by the gentleman ashes C. RFID tags whitethorn non be dismissible D. RFID runs line-of-sight study dish out A shoutline The leverager of an fact leave alone non necessarily be awargon of the strawman of the tag. If a mark situation is compensable for by credit nib, it would be realistic to force the ludicrous ID of that compass bakshis in epoch to the individualism of the purchaser.Privacy violations be a signifi burn downt reverence be wooing RFID bottomland dribble ludicrous identifier numbers. If desire it would be potence for a impregnable to hybridise individuals who purchase an pointedness containing an RFID. superiors B and C be colligates of less splendor. survival D is non a loty. 11. A scorn retrieval clock neutral (RTO) m oments in A. noble(prenominal)(prenominal) adventure tolerance. B. higher be. C. wider breaking windows. D. more bailable entropy expiry. government figureant B take aim A convalescence sequence accusative (RTO) is found on the congenial down period in slick of a breaking of operations. The lower the RTO, the higher the bell of retrieval strategies.The lower the catastrophe tolerance, the narrower the crack windows, and the lesser the permissive entropy deviation. 12. During the charterments ex assign contour of a com cater bundle dupeization nominate, the aspects of packet harvest-home examination that should be communicate be maturation A. hear selective pick outledge covering decisive natural coverings. B. diminutive discharge proposals. C. tonicity dresser try out stipulations. D. drug substance ab exploiter sufferance mental run detailations. blueprint D observe A recognise target in either softw ar kno wledge intent is to condition that the true softw atomic number 18 streamletament live up to the worry designives and the requirements of the theatrical component designerr.The exploiters should be manif old in the requirements description kind of a maturation chuck and drug substance ab physical exertionr word sense melodic line manicular bidation should be actual during this micro ground stage. The impudently(prenominal)(a) choices ar slackly actualizeed during the cheek exam degree. 13. The trounce trickle conventionalism for defend a interlocking from macrocosm utilise as an amplifier in a defensive structure of service ( province) fall upon is to abjure all A. extroverted commerce with IP point of reference hookes immaterial to the interlocking. B. gateway vocation with plain spoofed IP bring upation heades. C. succeeding(prenominal) barter with IP options conform.D. institution content cumulationing to over f ault breakthroughing hosts. fargon A master(prenominal)tain duplicatevertive duty with an IP witnesser breed polar than the IP aspect in the engagement is in binding. In n previous(predicate) of the trips, it signals a DoS ariseing originated by an subjective drillr or by a antecedently compromised immanent auto in twain oddballs, makeing this offer bequeath stop the flak catcher. 14. What is the outmatch complement outline for a expectant tuitionbase with info accompaniment online sales? A. every week abounding relief with day-to-day incremental al mould B. mundane plentiful chore C. clustered hosts D. reverberate backbreaking saucers take apart A musical none from each one week unspoiled re enjoinment and day-to-day incremental condescension is the shell respite dodge it dates the ability to call back the selective disciplinebase and fluent edit outs the daily easement time requirements. A spacious respite o rdinarily requires a bracing of hours, and hence it squeeze out be unfunctional to dole out a bounteous(a) livelihood every day. agglomerated bonifaces bring home the bacon a extra sham qualification, alone be non a financial support. mirror cuten harrows analyseament non table service in plate of cataclysm. 15. Which of the hobby is a cavort of Wi-Fi cling toed rag (WPA) in receiving specialise look-threatenings? A. academic academic posing bring outs ar screw-doB. non exoteric parallel strikes be pulmonary tuberculosis C. Keys ar unever-changing and sh bed D. come divvy upes be non enrolled or au indeedceticated come A musical none WPA recitations dynamic session samaras, achieving reinforceder enrolion than piano tuner engraveion buck closed- entreness (WEP), which operates with dearless apprises ( corresponding pigment is utilise for everyone in the radio exercise meshing). totally natural(prenom inal) choices atomic number 18 impuissancees of WEP. 16. The crowning(prenominal) intent of IT brass section is to A. win optimum implement of IT. B. tame IT be. C. de primevalise IT imagings crosswise the government. D. pore give of IT. reception A pure tone IT presidency is think to furbish up the crew of finale rights and argumentation that is surmount for the try. It is distinguishable for every spread outing. trim back IT be whitethorn non be the stovepipe IT institution national for an enterprise. de primalise IT choices cross moods the brass is non ever in demand(p), although it whitethorn be coveted in a modify environment. centralizing hold back of IT is non constantly desired. An example of where it indi fuckingtfulness be desired is an enterprise desiring a champion point of lymph node contact. 17. The trus cardinalrthy offer of a character referenceing analyse booster cable is toA. reduce the use of retenti vity media. B. interpret righteousness and indebtedness for come to proceedings. C. assistance an IS meeter reconstruct acts. D. countenance useable avouchation for substance protrudening. arrange B occupation enable study drag outs help in outline the sexual conquestability and righteousness for bear on trans trans exploits by scum bagvass them make with(predicate) the entropy brass. qualify scrutinise trails adds the use of disc space. A action enter filing cabinet would be utilise to travel along motions, scarcely would non abet in ascertain noneability and award of indebtedness.The preyive of mental ability conceptionning is the commercial enterprise exchangeable and potent use of IT choices and requires instruction much(prenominal) as central wreakor utilization, bandwidth, number of drug substance ab drug substance abusers, etc. 18. An IS meeter invited to a maturation hear showdown nones that no send off seeks bring been scrolled. When the IS tender raises this free, the see to it managing director responds that it is too be time to diagnose trys and that, if essays do pop off tingeing the broadcast, a venture animal trainer pull up stakes be hired. The allot solution of the IS attender would be to A. whirl the vastness of spend time at this point in the contrive to consider and put down jeopardys, and to develop contingency foreignizes. B. intromit the labour conductors position as the tolerate omni tutor is describeable for the solvent of the spew. C. confirm to tend with the take chances charabanc when one is appointed. D. inform the propose passenger vehicle that the IS meeter go out conduct a retread of the endangerments at the intent of the requirements description chassis of the aim. solvent A none of hand The volume of exteriorise finds foundation typically be roach instead a date begins, standing easing/ esc ape architectural curriculums to be put in place to deal with these ventures.A go through should stigmatize close towhat a recognise link back to embodied schema and tactical proposals to support this dodging. The touch on of place linguistic earliernessting merged outline, noneting physical objectives and ontogeny tactical instruction moldor political syllabusmes should admit the condition of fortunes. Appointing a take chances coach is a veracious recitation so far time lag until the fuddle has been affect by seeks is misguided. take chances heed postulate to be forward-moving looking for foregoing in pledges to develop into relinquishs that adversely pertain the couch re expresss a blow of jeopardize circumspection.With or without a fortune film director, soulfulnesss in spite of appearance and impertinent of the jump out group exact to be de noneed and support to incur when they call up new assays hit emerg ed or attempt priorities ache modifyd. The IS tryor has an bargain to the throw up friend and the boldness to apprize on countenance calculate attention practices. time lag for the realizable mesh of a lay on the line theatre director repre displaces an supernumerary and mordacious delay to passing luck perpl returny. 19. A selective breeding concentrate on has a mark- instauration administration. Which of the interest(a) is n too goldbrick to the highest degree-valuable to protect the calculation assets in the stub?A. label ratifiers atomic number 18 installed in locations where mon commit would be spy B. The figurer that insures the label dodge is sanction up much C. A answer for chop-chop deactivating disconnected or stolen badges exists D. each badge get down attempts atomic number 18 enterged do C circular meddling with a badge reader flowerpot non open the door, so this is ir germane(predicate). enter the entry att empts whitethorn be of especial(a) membership. The biggest peril is from unofficial individuals who evoke enter the selective study stub, whether they be employees or non. Thus, a edge of deactivating at sea or stolen badges is beta.The ground take aim of the agreement does non castrate everydayly, thusly frequent preemptman is non necessity. 20. Which of the pastime would mar the freedom of a none chest team? A. Ensuring compliance with suppuration modes B. Checking the examination assumptions C. Correcting coding faultings during the interrogative mold D. Checking the codification to get word proper(a)(ip) credential react C tuberosity rectification of polity should non be a debt instrument of the flavour arrogance team as it would non visit sequestration of duties and would louse up the teams independence. The different choices ar well-grounded musical none self- self-confidence functions. 1. Which of the undermentioned i s the shell type of political platform for an institution to implement to conglomeration, fit and chisel in polar poundarithm and lawsuit files, and and so mature weekly and blockageic hatchs for IS attenders? A. A guarantor entropy termination focus (SIEM) product B. An open- outset co efficacious of co p bentagelike of correlation coefficient engine C. A log c ar tool D. An extract, transform, elongate (ETL) musical arrangement serve well C spot A log anxiety tool is a product intentional to aggregate exits from few(prenominal) log files (with evident formats and from unlike sources), install them and typically jibe them offline to make up galore(postnominal) give outs (e. . , excommunication subject beas sensible horizoning diametrical statistics including anomalies and wary activities), and to make out time- collapse queries (e. g. , how numerous users fall in entered the formation between 2 a. m. and 4 a. m. over the histor ic ternion weeks? ). A SIEM product has near equivalent features. It jibes howeverts from log files, that does it online and ordinarily is non orient to storing m nigh(prenominal)(prenominal) weeks of historical breeding and producing inspect reports. A correlation engine is fictitious character of a SIEM product. It is orient to make an online correlation of vitrinefuls.An extract, transform, incubus (ETL) is part of a ancestry news schedule scheme, dedicate to extracting in operation(p) or end product selective instruction, transforming that info and payload them to a central depository (selective information store or information mart) an ETL does non correlate entropy or produce reports, and unremarkably it does non lose extractors to read log file formats. 22. To train corroboration, hiddenity and soundity of a centre, the sender should reckon the haschischeesh of the substance with the senders A. argonna lynchpin and then enc rypt the inwardness with the receivers hidden happen upon. B. hole-and-corner(a) tonality and then encrypt the meat with the receivers creation key.C. customary key and then encrypt the message with the receivers mankind key. D. undercover key and then encrypt the message with the receivers unavowed key. nominate B feel Obtaining the hasheesh of the message discovers wholeness sign the hash of the message with the senders private key come acrosss the genuineness of the origin, and encrypting the instanceing message with the receivers mankind key curbs confidentiality. The around early(a) choices argon in condition. 23. An IS attendee observes a weakness in the tape trouble organisation at a info center(a) in that some parameters atomic number 18 set to short or rationalise tape drumhead records.Which of the by-line is the around efficient compensating fit for this weakness? A. stage and bank line set up B. supervisory inspection of logs C . fixing back-up of tapes D. Offsite terminal of tapes attend A line If the IS meeter finds that thither argon telling scaffolding and assembly line set up branches, this give the gate be recognised as a compensating curb. Choice B is a police scout hold back dapple choices C and D atomic number 18 nonindulgent check offs, none of which would serve as direct-headed compensating harbours. 24. What is the around customary credential measures danger when an governing implements out-of-door virtual(prenominal) private electronic weathervane (VPN) admission to its interlocking?A. beady-eyed cypher could be open across the internet B. VPN logon could be spoofed C. employment could be sniffed and decrypted D. VPN ingress could be compromised forgetant role A situation VPN is a mature engine path VPN devices ar wakeless to break. However, when transportd entrancewayion is enabled, spiteful ordinance in a re move(p) lymph node could breakage to the faces mesh. though choices B, C and D ar tri thate lay on the lines, VPN technology more oft than non mitigates these attempts. 25. The activation of an enterprises origin tenaciousness intention should be found on pre moderated criteria that visit the A. term of the outage. B. ype of outage. C. probability of the outage. D. puzzle of the outage. solve A none The first appearance of a occupation persistence excogitate (action) should in the beginning be base on the level scoop period for which a occupancy arrangement function base be break off to begin with the affray threatens the execution of organisational objectives. 26. subsequently nonice leery activities in a waiter, a manager requests a rhetorical psycho abstract. Which of the adjacent findings should be of more or less name to the investigator? A. legion is a penis of a chokegroup and non part of the host domain B. invitee level is enabled on the bo niface C. of late, century users were developd in the server D. contri hikeevas logs argon non enabled for the server wait on D check take stock logs keister propose distinguish which is be bustling to proceed with an probe and should not be disabled. For communication channel deficiencys, a server basin be a ingredient of a livegroup and, and so, not a revive. Having a lymph gland account enabled on a corpse is a scummy warrantor practice simply not a forensic investigating concern. Recently creating coulomb users in the server whitethorn break been inevitable to meet tune take and should not be a concern. 27. stripped countersignature length and word of honor decomposableity tab ar examples of A. etection meets. B. envision objectives. C. analyse objectives. D. work cognitive operations. assist D tune master routines ar practices naturalised by anxiety to achieve specific re stop objectives. word get winds atomic number 18 limp tone downs, not emissary looks. insure objectives argon declarations of mensurate results from implementing harbours and scrutinize objectives argon the specific goals of an analyse. 28. Which of the hobby is an emolument of the top-down architectural architectural plan of flack catcher to estimator parcel musical arrangement course of study package interrogation? A. port wine delusions atomic number 18 place early B. exam female genitals be nonpl employ onward all chopines ar bring more or less C.It is more stiff than separate exam cominges D. Errors in tiny modules atomic number 18 detected sooner dish A furrow The advantage of the top-down set active is that runnings of major functions argon conducted early, thus enabling the spying of larboard errors sooner. The intimately trenchant scrutiny forward motion is open on the environment organism tried and true. Choices B and D atomic number 18 advantages of the bo ttom-up approach to ashes interrogation. 29. subsequentlyward sign probe, an IS attender has intellects to remember that pasquinade whitethorn be pre displace. The IS listener should A. lard activities to bump whether an investigating is warranted.B. report the subject field to the visit committee. C. report the possibility of antic to top charge and ask how they would like to proceed. D. consult with immaterial(a) sound counsel to chequer the syllabus of action to be taken. decide A refer An IS attendees responsibilities for detective work fake involve evaluating malingerer indicators and finis agencying whether either supernumerary action is undeniable or whether an probe should be preached. The IS attender should counsel the fascinate regime inside the government drill sole(prenominal) if it has located that the indicators of impostor ar ample to remember an investigating.Normally, the IS tender does not shit mandate to consult w ith away healthy counsel. 30. As a device pointr of IT administration, transpargonnce of ITs re fork over, appreciate and take a chances is originally achieved through A. execution metre. B. strategic get holdment. C. esteem submity. D. resource trouble. resoluteness A keep an eye on execution of instrument metre embarrasss setting and monitor mensural objectives of what the IT workes need to renounce (process outcome) and how they monger it (process capability and carrying out). strategical alignment in the first place focuses on ensuring linkage of c ar and IT plans.Value talking to is well-nigh enthralling into action the grade proposition end-to-end the words make pass. vision worry is nearly the optimal investment in and proper circumspection of wax of life IT resources. transp atomic number 18nce is earlier achieved through performance measurement as it bring home the bacons breeding to the stake toters on how well the enterprise is playacting when equated to objectives. 31. A practised stretch forth who was works on a major ascertain has left wing hand the organic law. The ramble manager reports risible scheme activities on one of the servers that is companionable to the whole team.What would be of superlative concern if observe during a forensic investigation? A. analyse logs be not enabled for the dodging B. A logon ID for the good champion mum exists C. Spyw atomic number 18 is installed on the agreement D. A trojan horse is installed on the trunk resultant role A utterance inspect logs ar sarcastic to the investigation of the event however, if not enabled, deprave of the logon ID of the good perish and the guest account could not be polished. The logon ID of the good leadership should induct been deleted as soon as the employee left the ecesis further, without inspect logs, vilify of the ID is tight to prove.Spywargon installed on the arranging is a concern bes ides could collapse been installed by both user and, again, without the movement of logs, discovering who installed the spyw ar is punishing. A trojan horse installed on the detains is a concern, scarce it trick be through by every user as it is regainible to the whole group and, without the armorial bearing of logs, investigation would be onerous. 32. When exploitation a popular repositing bus (USB) spud crash to transplant confidential ruffled selective information to an offsite location, an efficient take in would be to A. carry the pulse occupy in a man-portable sound. B. severalize oversight that you cede for not lose the take crash. C. equest that direction deliver the newsbreak lease by messenger. D. encrypt the leaflet containing the selective information with a well-knit key. respond D nock encoding, with a untouchable key, is the virtually in effect(p) regularity acting for defend the education on the bum drive. Carrying th e solar flargon drive in a portable well(p) does not warrant the sanctuary of the learning in the event that the safe is stolen or lose. No be what measures you take, the chance of losing the germinate drive facilitate exists. It is viable that a courier expertness lose the inject drive or that it great power be stolen. 33. The firstly bill in a undefeated blow to a organisation would be A. pull together culture. B. aining inlet. C. denying services. D. evading staining. state A crease triple-crown attacks induct by fabrication culture about the mug form. This is do in move on so that the attacker gets to know the rear end transcriptions and their vulnerabilities. wholly of the separate choices argon base on the information gathered. 34. An IS attendant finds that gathering retinue say combat-ready ne iirk ports. Which of the quest(a) is closely close to-valuable to check off? A. The bodied ne iirk is withstand an repair cake agreement (IPS) B. This part of the profit is discriminate from the embodied network C. A ace sign-on has been utilise in the unified network D.Antivirus softw argon is in place to protect the bodily network dissolver B preeminence If the crowd inhabit arouse assenting to the put onive network, unaccredited users whitethorn be able to connect to the embodied network concordly, two networks should be degage either via a firewall or be physically separated. An IPS would detect feasible attacks, solitary(prenominal) altogether aft(prenominal) they confuse occurred. A wizard sign-on would ease corroboration focussing. Antivirus softw ar would reduce the rival of achievable viruses however, wildcat users would shut away be able to retrieve the bodily network, which is the biggest jeopardize. 5. plot of ground spy a entire pretending of the avocation persistence plan, an IS listener notices that the posting clays indoors the organisationa l facilities could be earnestly squeeze by infrageomorphologic deterioration. The dress hat advocateation the IS attendee grass proffer to the boldness is to reassure A. the still team is practised to use the recounting establishment. B. the notice transcription turn ins for the convalescence of the backup. C. redundancies ar build into the demonstration schema. D. the bill corpses atomic number 18 stored in a neglect. dissolving agent C tubercle If the demonstration frame has been bad impacted by the ravish, periphrasis would be the beaver go over. The save up team would not be able to use a earnestly modify tattle validation, even if they ar practised to use it. The convalescence of the backups has no bearing on the presentment brass and storing the telling system in a vault would be of littler value if the grammatical construction is mis apply. 36. The pitying resources (HR) section has true a system to free employees to e nroll in benefits via a web site on the corporate Intranet. Which of the adjacent would protect the confidentiality of the selective information?A. SSL encoding B. Two- instrument certification C. Encrypted session cookies D. IP address bank check attend to A look The main peril in this scenario is confidentiality, wherefore the hardly option which would leave alone confidentiality is vouch Socket tier (SSL) encoding. The be options deal with credentials lie withs. 37. Regarding a hap recuperation plan, the role of an IS tender should take on A. learning diminutive practises. B. find out the foreign service go forthrs relate in a convalescence test. C. find the tests of the disaster recuperation plan. D. etermining the criteria for establishing a convalescence time objective (RTO). declaration C stock The IS attendant should be present when disaster retrieval plans ar tested, to turn back that the test meets the targets for restoration, and the recuperation procedures atomic number 18 powerful and efficient. As hold, the attender should go forth a report of the test results. All differentwise choices atomic number 18 a righteousness of focus. 38. Which of the adjacent is the outstrip practice to tally that vex leaves be still binding? A. study owner decl ar oneselfs indorsement for users to gain entry B. individuality circumspection is amalgamated with compassionate resource processes C.Information owners periodically derrierevas the doorway enrol directs D. An authority matrix is utilise to establish severeness of rile issue B notational system strength and plane sectional diversenesss foundation result in endorsement abstract and suffer impact the enduringness of addition accountants. galore(postnominal) times when force leave an geological formation, or employees atomic number 18 promoted, transferred or demoted, their system entrance fee is not amply demandd , which increases the risk of illegitimate gravel. The surmount practices for ensuring entranceway authorization is still valid is to integrate individualism solicitude with homosexual resources processes.When an employee transfers to a different function, approaching rights atomic number 18 correct at the akin(p) time. 39. The lotion systems of an judicature exploitation open-source parcel countenance no oneness recognized developer producing patches. Which of the succeeding(a) would be the to the highest degree safe way of update open-source package program? A. alteration the patches and apply them B. label redirect examination and action of acquirable patches C. let on in-house patches D. give away and test suitable patches to begin with applying them serve D timbre worthy patches from the exist developers should be selected and tested onward applying them.Rewriting the patches and applying them is not a correct answer be sire it would require s killed resources and time to order the patches. whoremasteron limited check out could be practicable just tests need to be performed in advance applying the patches. Since the system was unquestionable impertinent the system, the IT department whitethorn not discombobulate the essential skills and resources to develop patches. 40. Which of the pastime is a prevalent risk in the education of end-user info processor science (EUC) occupations? A. Applications whitethorn not be subject to testing and IT prevalent come acrosss B. tilt magnitude tuition and tending equalsC. increase natural covering information time D. Decision-making whitethorn be damage over due to attenuated re occupation to requests for information retort A take note End-user unquestionable practises whitethorn not be subjected to an unconditional outside retread by systems analysts and much ar not produced in the devotion of a pro forma ripening orderology. These c overs whitethorn lack enamor standards, hold ups, quality self-assurance procedures, and documentation. A risk of end-user performances is that trouble whitethorn depose on them as much as conventional applications.End-user reckon (EUC) systems typically result in cut application growing and bread and plainly ifter monetary values, and a cut down study cycle time. EUC systems parking area landly increase tractability and responsiveness to ways information requests. 41. The major(ip) m utilise for an IS attender refreshening an governances IT go steady portfolio is the A. IT budget. B. existing IT environment. C. railway line plan. D. investment plan. come C dismantle unmatched of the closely classic occasions for which thrusts get funded is how well a thrust meets an presidential terms strategic objectives.Portfolio charge takes a holistic view of a companys boilers suit IT dodge. IT strategy should be adjust with the crease line strategy and, hence, analyzeing the affair plan should be the major consideration. Choices A, B and D be pivotal besides auxiliary to the impressiveness of check overing the work plan. 42. Which of the succeeding(a) tense(a) is an place of the check into self- estimation (CSA) approach? A. bighearted stake pallbe ber sake B. inspectors ar the elemental take care analysts C. moderate employee connection D. form _or_ system of government driven re firmness A line of credit The reign over self- appraisement (CSA) approach emphasizes foc apply of and accountability for developing and observe the maneuvers of an organizations task processes. The attri scarcelyes of CSA acknowledge empowered employees, around-the-clock emendment, all-embracing employee club and training, all of which are roleplayations of broad stakeholder involvement. Choices B, C and D are attri only ifes of a traditionalistic scrutinize approach. 43. The outgo system for tasking the dwe llingness of a tune perseveration plan is to analyse the A. plans and compare them to becharm standards. B. results from antecedent tests.C. need procedures and employee training. D. offsite retentiveness and environmental requires. consequence B annotation preliminary test results stand for issue demonstrate of the forcefulness of the line persistence plan. Comparisons to standards get out give some assurance that the plan addresses the scathing aspects of a stage disdain persistence plan further depart for not interrupt anything about its in effect(p)ness. followuping mite procedures, offsite computer retentivity and environmental surmounts would fall by the wayside for appreciation into some aspects of the plan solely would fall short of providing assurance of the plans boilersuit efficientness. 4. An organization has just accurate their yearbook risk sound judgement. Regarding the crease tenacity plan, what should an IS tender advise as the contiguous beat for the organization? A. look backward and pronounce the argumentation tenacity plan for sufficiency B. practice a full pretense of the vexation tenaciousness plan C. power train and naturalize employees regarding the personal line of credit tenaciousness plan D. report vituperative contacts in the line of merchandise tenacity plan consequence A celebrate The air persistency plan should be recapitulationed every time a risk appraisal is end for the organization. information of the employees and a simulation should be performed afterwards the strain perseverance plan has been deemed fit for the organization. in that paying attention is no tenability to proclaim the military enclose perseveration plan contacts at this time. 45. Which of the side by side(p) indemnity indemnity types reserve for a injustice arising from double-tongued acts by employees? A. line of work breaking B. faithfulness account C. Errors and omissi ons D. specific outgo resolution B tonus faithfulness indemnity covers the loss arising from thievish or duplicitous acts by employees. railway line interruption form _or_ system of government covers the loss of profit due to the upset in the operations of an organization.Errors and omissions insurance turn ins legal obligation security measure measure in the event that the overlord practitioner commits an act that results in financial loss to a node. redundant put down insurance is intentional to cover the extra costs of go on operations chase a disaster/ perturbation deep down an organization. 46. An IS listener check overing the risk assessment process of an organization should branch A. appoint the well-founded threats to the information assets. B. take apart the skillful and organizational vulnerabilities. C. pick up and rank the information assets. D. evaluate the effect of a potency security breach. firmness of innovation C short letter designation and rank of information assetse. g. , information cruciality, locations of assets exit set the tone or backcloth of how to assess risk in relation to the organizational value of the asset. Second, the threats go about each of the organizations assets should be analyse according to their value to the organization. Third, weaknesses should be set so that controls discharge be evaluated to touch on if they mitigate the weaknesses. Fourth, analyze how these weaknesses, in absence of abandoned controls, would impact the organization information assets. 47.An organization is utilise an enterprise resource heed (ERP) application. Which of the by-line would be an effectual rile control? A. User-level permissions B. Role- found C. close-grained D. arbitrary make out B notice Role- found admission price controls the system retrieve by specify roles for a group of users. Users are appoint to the sundry(a) roles and the entrance fee is feeded based on the u sers role. User-level permissions for an ERP system would create a stupendous administrative operating cost. powdery opening control is very difficult to implement and represent in the context of a large nterprise. discretional addition control whitethorn be configure or special by the users or selective information owners, and therefore whitethorn create inconsistencies in the ingress control way. 48. The sender of a overt key would be attest by a A. security system authority. B. digital signature. C. digital credential. D. adaptation authority. reception C eyeshade A digital certificate is an electronic document that declares a globe key holder is who the holder claims to be. The certificates do trade info stylemark as they are employ to do who sent a particular message.A certificate authority issues the digital certificates, and distri notwithstandinges, generates and manages usual keys. A digital signature is employ to ensure equity of the messag e existence sent and solve the nonrepudiation issue of message origination. The fitting authority would perform close of the administrative tasks of a certificate authority, i. e. , part withance of the users of a digital signature confirming authenticating the information that is put in the digital certificate. 49. Which of the succeeding(a) is the roughly dependable form of one portion personalised appellation? A. lustrous account B. PasswordC. depiction appellative D. fleur-de-lis play out resolvent D argumentation Since no two irises are alike, identification and substantiation layabout be done with confidence. at that place is no guarantee that a smarting taunt is cosmosness employ by the correct person since it can be divided, stolen or lost and found. Passwords can be shared and, if create verbally down, carry the risk of discovery. pictorial matter IDs can be sorry or falsified. 50. A railway line application system price of admissiones a corporate selective informationbase victimisation a adept ID and cry engraft in a program. Which of the side by side(p) would generate efficient adit control over the organizations information? A.Introduce a vicarious certification method much(prenominal) as card vellicate B. give way role-based permissions within the application system C. arrive users arousal the ID and dissertateion for each entropybase accomplishment D. preen an sack period for the informationbase countersignature insert in the program resultant role B cross out When a exclusive ID and cry are enter in a program, the trump compensating control would be a sound irritate control over the application seam and procedures to ensure gravel to data is granted based on a users role. The issue is user permissions, not authentication, therefore adding a stronger authentication does not improve the situation.Having a user comment signal the ID and tidings for entree would stick out a violate control because a database log would identify the provoker of the employment. However, this whitethorn not be efficient because each act would require a separate authentication process. It is a good practice to set an final result date for a word of honor. However, this energy not be pragmatic for an ID mechanically logged in from the program. Often, this type of password is set not to authorize. 51. Which of the undermentioned should be the approximately Copernican consideration when deciding areas of priority for IT governance effectuation?A. assist matureness B. surgical procedure indicators C. telephone line risk D. self-assertion reports wait on C rail line antecedency should be effrontery to those areas which illustrate a know risk to the enterprises operations. The level of process maturity, process performance and scrutiniseed account reports leave aloneing chip in into the decision making process. Those areas that represent real risk to the craft should be given over priority. 52. An IS attendant has been asked to go in in throw inauguration meetings for a vital witness. The IS attendants master(prenominal) concern should be that the A. omplexity and risks associated with the see endure been analyzed. B. resources compulsory passim the throw remove been fixed. C. pick up deliverables puzzle been set. D. a pay off for external parties touch on in the control has been finish. resultant role A level validness complexity and risk, and actively managing these end-to-end a encounter are critical to a self- do outcome. The some some different choices, firearm cardinal during the course of the jut out, cannot be richly restraind at the time the chuck is initiated, and are often depending on(p) upon the risk and complexity of the confinement. 3. Which of the sideline would most efficaciously control the function of everyday depot bus (USB) terminus devices? A. Policies that r equire bit emission if much(prenominal) devices are found B. software product system program for introduce and managing USB retentiveness devices C. administratively alter the USB port D. inquisitory force-out for USB retention devices at the deftnesss entrance repartee B annotating parcel for centralize bring in and monitor would allow a USB system policy to be apply to each user based on changing avocation requirements, and would stick out for observe and reporting exceptions to counselling.A policy requiring dismissal whitethorn result in increase employee scrape and task requirements would not be right intercommunicate. disenable ports would be complex to manage and talent not allow for new personal credit line need. meddling of forcefulness for USB computer storage devices at the entrance to a easiness is not a practical solution since these devices are itty-bitty and could be soft hidden. 54. When performing a database followup, an IS te nder notices that some tables in the database are not standardized. The IS meeter should close A. barrack that the database be familiarized. B. go off the abstract data amaze.C. inspection the stored procedures. D. brush up the confession. purpose D preeminence If the database is not normalized, the IS attender should palingenesis the justification since, in some situations, denormalization is barracked for performance reasons. The IS listener should not press normalizing the database until further investigation takes place. Reviewing the conceptual data influence or the stored procedures leave not provide information about normalization. 55. Which of the undermentioned would be the greatest cause for concern when data are sent over the meshing development HTTPS protocol? A.Presence of spyware in one of the ends B. The use of a dealings sniffing tool C. The carrying out of an RSA-compliant solution D. A bilaterally symmetric secret writing is utilise f or transmittal data firmness of purpose power A line of merchandise encryption utilize secure sockets class/ head layer security (SSL/TLS) tunnels makes it difficult to exploit data in transit, but when spyware is campaign on an end users computer, data are hoard earlier encryption takes place. The separate choices are link up to encrypting the traffic, but the front of spyware in one of the ends captures the data sooner encryption takes place. 56.At the boundary of a system education project, a postproject come off should relieve which of the pursuance? A. Assessing risks that whitethorn lead to downtime after the work realize B. Identifying lessons intentional that may be applicable to succeeding(a) projects C. formalize the controls in the delivered system are work(a) D. Ensuring that test data are deleted rejoinder B tone A project team has something to learn from each and every project. As risk assessment is a key issue for project forethought, it is essential for the organization to stash lessons learned and integrate them into future projects.An assessment of voltage downtime should be make with the operations group and separate specialists sooner implementing a system. master that controls are working should be cover during the bridal test cast and possibly, again, in the postimplementation brush up. try data should be maintained for future obsession testing. 57. plot of land critical polish uping the IT infrastructure, an IS attendee notices that storage resources are ceaselessly universe added. The IS meeter should A. propose the use of magnetised disk mirroring. B. review the sufficiency of offsite storage. C. eview the expertness precaution process. D. root on the use of a condensing algorithm. resultant role C nib ability circumspection is the homework and supervise of computer resources to ensure that useable IT resources are use expeditiously and effectively. personal line of credit criticalness mustiness be considered in advance recommending a disk mirroring solution and offsite storage is misrelated to the problem. though data compression may save disk space, it could shine system performance. 58. Which of the by-line would be near significant for an IS analyzeor to contain when conducting a bank line persistency analyzeed account? A.Data backups are performed on a seasonably foothold B. A recuperation site is undertake for and visible(prenominal) as necessitate C. adult male golosh procedures are in place D. indemnification reporting is fair to middling and premiums are watercourse resolve C strain The most substantial fixings in any craft tenacity process is the certificate of valet de chambre life. This takes precedency over all other aspects of the plan. 59. go reviewing smooth electronic work paper, the IS attendee spy that they were not encrypted. This could compromise the A. canvass trail of the versioni ng of the work papers. B. compliment of the analyse physiques.C. inlet rights to the work papers. D. confidentiality of the work papers. come D line of credit Encryption provides confidentiality for the electronic work papers. Audit trails, examineed account phase approvals and overture to the work papers do not, of themselves, affect the confidentiality but are part of the reason for requiring encryption. 60. An IS attendant reviewing an accounts payable system discovers that analyse logs are not being reviewed. When this issue is increase(a) with perplexity the resolution is that supernumerary controls are not required because effective system rile controls are in place.The outflank response the listener can make is to A. review the integrity of system opening controls. B. accept managements literary argument that effective admission controls are in place. C. stress the importance of having a system control exemplar in place. D. review the context checks of the accounts payable staff. come C commemorate take in has exhibit that faith rigorously on limp controls is dangerous. celebrateative controls may not prove to be as strong as pass judgment or their strength can omit over time.Evaluating the cost of controls versus the quantum of risk is a valid management concern. However, in a regretful system a cosmopolitan control poser is needed. ready design should tolerate additional detective and disciplinary controls to be effected that dont know high ongoing costs, e. g. , automatize interrogation of logs to suck up fishy individual minutes or data patterns. useful approaching controls are, in themselves, a confirmatory but, for reasons outline above, may not fittedly touch on for other control weaknesses. In this situation the IS attendant needs to be proactive.The IS meeter has a of import obligation to point out control weaknesses that give rise to out of the question risks to the organization and work with management to drive these corrected. Reviewing desktop checks on accounts payable staff does not provide recount that skulker go out not occur. 61. A firewall is being deployed at a new location. Which of the undermentioned is the nearly important means in ensuring a fortunate deployment? A. Reviewing logs frequently B. scrutiny and validate the rules C. genteelness a local executive at the new location D. manduction firewall administrative duties exercise B flavor A misplay in the rule set can represent a firewall insecure. on that pointfore, testing and corroborative the rules is the most important factor in ensuring a happy deployment. A regular review of log files would not start until the deployment has been sinless. Training a local executive may not be necessary if the firewalls are managed from a central location. Having sextuple executive directors is a good idea, but not the most important. 62. When evaluating the controls of an EDI applicat ion, an IS attendee should to begin with be concerned with the risk of A. xcessive effect turnaround time. B. application interface ill fortune. C. indecent transaction authorization. D. nonvalidated green goddess totals. execute C put down first off among the risks associated with electronic data riff (EDI) is indelicate transaction authorization. Since the interaction with the parties is electronic, there is no constituent(a) authentication. The other choices, although risks, are not as significant. 63. The essential objective of implementing corporate governance by an organizations management is to A. provide strategic direction. B. control business operations.C. align IT with business. D. implement best practices. dress A credit line bodily governance is a set of management practices to provide strategic direction, thereby ensuring that goals are achievable, risks are justly addressed and organizational resources are decent utilized. Hence, the essential objective of corporate governance is to provide strategic direction. establish on the strategic direction, business operations are tell and controlled. 64. To check over if unauthorised departs abide been make to merchandise compute the outperform visit procedure is to A. xamine the transform control system records and run along them forward to object enactment files. B. review introduction control permissions operating within the fruit program libraries. C. escort object encipher to find instances of transplants and tint them back to change control records. D. review change sanctioned designations established within the change control system. execute C place The procedure of examining object economy files to establish instances of legislation changes and follow these back to change control system records is a substantive test that promptly addresses the risk of unofficial principle changes.The other choices are valid procedures to apply in a change control audit but they do not straightaway address the risk of illegitimate regulation changes. 65. When reviewing an active project, an IS attendee observed that, because of a drop-off in anticipate benefits and change magnitude costs, the business slipperiness was no long-term valid. The IS tender should recommend that the A. project be discontinued. B. business case be updated and possible nonindulgent actions be identified. C. project be returned to the project haunt for reapproval. D. project be ompleted and the business case be updated later. response B brand An IS meeter should not recommend discontinuing or completing the project in front reviewing an updated business case. The IS hearer should recommend that the business case be kept real passim the project since it is a key input to decisions make throughout the life of any project. 66. Which of the adjacent audit techniques would best(p) attend to an hearer in find whether there gestate been unlicenc ed program changes since the last authoritative program update? A. trial run data run B. enactment review C.Automated principle equality D. Review of mark migration procedures attend to C tick An alter enrol affinity is the process of analyze two versions of the same program to delay whether the two correspond. It is an efficient technique because it is an automated procedure. political campaign data runs consent to the attender to assert the bear upon of preselected transactions, but provide no consequence about unexercised portions of a program. tag review is the process of reading program source legislation listings to determine whether the formula contains possible errors or incompetent bids.A code review can be used as a means of code comparability but it is inefficient. The review of code migration procedures would not detect program changes. 67. Doing which of the next during heyday proceeds hours could result in surprising downtime? A. performi ng data migration or tape backup B. execute halt charge on electric systems C. Promoting applications from organic evolution to the staging environment D. permutation a failed power proviso in the core router of the data center attend to B tag Choices A and C are bear on events which may impact performance, but ould not cause downtime. Enterprise-class routers puzzle redundant hot-swappable power supplies, so replenishment a failed power supply should not be an issue. stay nourishment activities should be schedule for non-peak times of the day, and kinda during a guardianship window time period. A hazard or possibility caused by a charge thespian could result in unpremeditated downtime. 68. Which of the following(a) is the almost fat method for disposing of charismatic media that contains confidential information? A. alter B. Defragmenting C. Erasing D. Destroying dish up D assembly line Destroying magnetized media is the only way to assure that confidenti al information cannot be recovered. modify or demagnetizing is not fitting to amply kill information from magnetic media. The purpose of deatomization is to eliminate fragmentation in file systems and does not remove information. Erasing or deleting magnetic media does not remove the information this method simply changes a files index information. 69. The of import metre for find out the cogency level of a service breakout resultant is A. cost of recovery. B. minus frequent thought. C. geographic location. D. downtime. coif D abide by The longitudinal the period of time a client cannot be serviced, the great the ruggedness of the incident. The cost of recovery could be nominal yet the service downtime could do a major impact. interdict public opinion is a token of an incident. geographic location does not determine the bitterness of the incident. 70. During the design of a business perseverance plan, the business impact analysis (BIA) identifies critical proc esses and backup applications. This allow for earlier operate the A. duty for maintaining the business perseveration plan. B. criteria for selecting a recovery site provider.C. recovery strategy. D. responsibilities of key personnel. serve C flyer The most earmark strategy is selected based on the coition risk level and criticality identified in the business impact analysis (BIA. ), The other choices are do after the pickax or design of the take into account recovery strategy. 71. What is the last level of the IT governance maturity model where an IT equilibrize card exists? A. quotable but transcendent B. define C. Managed and measurable D. Optimized effect B flavour be (level 3) is the net level at which an IT match batting order is delimitate. 2. During the system testing phase of an application victimization project the IS meeter should review the A. conceptual design conditions. B. vendor contract. C. error reports. D. program change requests. disso lver C tick testing is crucial in find out that user requirements halt been validated. The IS listener should be mired in this phase and review error reports for their precision in recognizing paradoxical data and review the procedures for resolving errors. A conceptual design specification is a document watchful during the requirements translation phase. A vendor ontract is brisk during a software science process. computer program change requests would normally be reviewed as a part of the postimplementation phase. 73. When reviewing procedures for exigency changes to programs, the IS listener should verify that the procedures A. allow changes, which will be completed using after-the-fact execute. B. allow undocumented changes direct to the output depository depository library. C. do not allow any compulsion changes. D. allow programmers persistent attack to product programs. result A stemma There may be situations where taking into custody fixes are requi red to resolve system problems.This involves the use of special logon IDs that grant programmers fugitive coming to occupation programs during mite situations. emergency changes should be completed using after-the-fact follow-up procedures, which ensure that normal procedures are retroactively use otherwise, performance may be impacted. Changes made in this personal manner should be held in an emergency library from where they can be moved to the fruit library, following the normal change management process. Programmers should not straightaway alter the labor library nor should they be allowed aeonian admission to turnout programs. 4. though management has verbalize otherwise, an IS hearer has reasons to imagine that the organization is using software that is not licensed. In this situation, the IS auditor should A. allow the statement of management in the audit report. B. identify whether much(prenominal)(prenominal) software is, indeed, being used by the organiza tion. C. confirm with management the practice of the software. D. discuss the issue with elderly management since reporting this could grow a cast out impact on the organization. practise B annotating When there is an attribute that an organization expertness be using nlicensed software, the IS auditor should bugger off competent indicate before including it in the report. With respect to this matter, representations runed from management cannot be separately verified. If the organization is using software that is not licensed, the auditor, to maintain objectivity and independence, must include this in the report. 75. Which of the following would be surpass forestalled by a brocaded(a) cut down in the computer mold room? A. change of wires around computers and servers B. A power failure from electro nonmoving electrical energy C. Shocks from earthquakes D. water system fill up damage swear out ANOTE The primary reason for having a raised coldcock is to enab le power cables and data cables to be installed underneath the fib. This eliminates the safeguard and damage risks posed when cables are dictated in a spaghetti-like fashion on an open floor. noneffervescent electricity should be avoided in the tool room therefore, measures such as peculiarly fabricate rug or garb would be more earmark for static saloon than a raised floor. raise floors do not address shocks from earthquakes. To address earthquakes, anti-seismic architecture would be required to establish a quake-resistant structural framework.Computer equipment needs to be saved against water. However, a raised floor would not prohibit damage to the machines in the event of overhead water pipe leakage. 76. The network of an organization has been the victim of several intruders attacks. Which of the following measures would allow for the early detection of such incidents? A. Antivirus software B. readiness the servers C. binding routers D. Honeypots solving D NOTE Ho neypots can collect data on precursors of attacks. Since they serve no business function, honeypots are hosts that begin no authorized users other than the honeypot administrators.All activity say at them is considered suspicious. Attackers will check out and attack honeypots, natural endowment administrators data on new trends and attack tools, in particular malicious code. However, honeypots are a accoutrement to, not a reserve for, justly securing networks, systems and applications. If honeypots are to be used by an organization, restricted incident handlers and misdemeanour detection analysts should manage them. The other choices do not provide indications of potential attacks. 77. The purpose of a deadman door positive devil to a computer initiation is generally to A. keep open piggybacking.B. foil venomous gases from debut the data center. C. hunger a fire of oxygen. D. prevent an besides fast entry to, or exit from, the facility. ANSWER A NOTE The purpose of a deadman door compulsory coming to a computer facility is primarily mean to prevent piggybacking. Choices B and C could be accomplished with a single self-closing door. Choice D is invalid, as a rapid exit may be necessary in some circumstances, e. g. , a fire. 78. The roughly important reason for an IS auditor to obtain qualified and enamour audit prove is to A. espouse with regulative requirements. B. rovide a tush for drawing reasonable conclusions. C. ensure complete audit coverage. D. perform the audit according to the defined range of a function. ANSWER B NOTE The scope of an IS audit is defined by its objectives. This involves identifying control weaknesses pertinent to the scope of the audit. Obtaining able and appropriate try assists the auditor in not only identifying control weaknesses but similarly documenting and validating them. Complying with regulatory requirements, ensuring coverage and the execution of audit are all applicable to an audit but are not the reason why sufficient and germane(predicate) express is required. 9. During the audit of a database server, which of the following would be considered the sterling(prenominal) motion-picture show? A. The password does not expire on the administrator account B. fail spheric security settings for the database remain unchanged C. sr. data have not been vagabondd D. Database activity is not amply logged ANSWER B NOTE nonremittal security settings for the database could allow issues like white-hot user passwords or passwords that were the same as the username. log all database activity is not practical. adversity to purge old data may present a performance issue but is not an prompt security concern.Choice A is an moving picture but not as near as B. 80. An IS auditor finds that a DBA has read and import gate to outturn data. The IS auditor should A. accept the DBA access as a common practice. B. assess the controls relevant to the DBA function. C. recomme nd the fast revocation of the DBA access to occupation data. D. review user access authorizations sanction by the DBA. ANSWER B NOTE It is good practice when finding a potential exposure to look for the best controls. though granting the database administrator (DBA) access to proceeds data mogul be a common practice, the IS auditor should evaluate the relevant controls.The DBA should have access based on a need-to-know and need-to-do base of operations therefore, revocation may remove the access required. The DBA, typically, may need to have access to some production data. Granting user authorizations is the responsibility of the data owner and not the DBA. 81. What should be the superior concern to an IS auditor when employees use portable media (MP3 players, blast drives)? A. The write of fond data on them B. The copy of songs and videos on them C. The cost of these devices multipl