Intrebari examen 2014

1 An IS auditor is assigned to audit a software development project which is more than 80

percent complete but has alread! overrun time b! 10 percent and costs b! 2" percent# $hich of
the following actions should the IS auditor ta%e&
AReport that the organization does not have effective project management.
BRecommend the project manager be changed.
CReview the IT governance structure.
DReview the conduct of the project and the business case.
A'S$()* +
NOTE: Before making any recommendations, an IS auditor needs to understand the project and the
factors that have contributed to making the project over budget and over schedue! The organi"ation
may have effective project management practices and sound IT governance and sti be behind schedue
or over budget! There is no indication that the project manager shoud be changed #ithout ooking into
the reasons for the overrun!
2# +ocumentation of a business case used in an I, development project should be retained until*
Athe end of the systems !ife cyc!e.
Bthe project is approved.
Cuser acceptance of the system.
Dthe system is in production
A'S$()* A
NOTE: $ business case can and shoud be used throughout the ife cyce of the product! It serves as an
anchor for ne# %management& personne, heps to maintain focus and provides vauabe information on
estimates vs! actuas! 'uestions ike, (#hy do #e do that,)(#hat #as the origina intent) and (ho# did
#e perform against the pan) can be ans#ered, and essons for deveoping future business cases can be
earned! *uring the deveopment phase of a project one shoud a#ays vaidate the business case, as it
is a good management instrument! $fter finishing a project and entering production, the business case
and a the competed research are vauabe sources of information that shoud be kept for further
reference!
1
-# +uring a logical access controls review an IS auditor observes that user accounts are shared#
,he .)(A,(S, ris% resulting from this situation is that*
Aan unauthorized user may use the ID to gain access.
Buser access management is time consuming.
Cpasswords are easi!y guessed.
Duser accountabi!ity may not be estab!ishe
ANSWER: D
NOTE: The use of a singe user I* by more than one individua precudes kno#ing #ho in fact used that
I* to access a system+ therefore, it is iteray impossibe to hod anyone accountabe! $ user I*s, not
just shared I*s, can be used by unauthori"ed individuas! $ccess management #oud not be any
different #ith shared I*s, and shared user I*s do not necessariy have easiy guessed pass#ords!
4,he /AI' purpose of a transaction audit trail is to*
Areduce the use of storage media.
Bdetermine accountabi!ity and responsibi!ity for processed transactions.
Che!p an I" auditor trace transactions.
Dprovide usefu! information for capacity p!anning.
ANSWER: B
NOTE: Enabing audit trais aids in estabishing the accountabiity and responsibiity for processed
transactions by tracing them through the information system! Enabing audit trais increases the use of
disk space! $ transaction og fie #oud be used to trace transactions, but #oud not aid in determining
accountabiity and responsibiity! The objective of capacity panning is the efficient and effective use of
IT resources and re,uires information such as -./ utii"ation, band#idth, number of users, etc!
"# $hen an emplo!ee is terminated from service the /0S, important action is to*
Ahand over a!! of the emp!oyees fi!es to another designated emp!oyee.
Bcomp!ete a bac#up of the emp!oyees wor#.
Cnotify other emp!oyees of the termination.
Ddisab!e the emp!oyees !ogica! access.
ANSWER: D
NOTE: There is a probabiity that a terminated empoyee may misuse access rights+ therefore, disabing
the terminated empoyee0s ogica access is the most important action to take! $ the #ork of the
2
terminated empoyee needs to be handed over to a designated empoyee+ ho#ever, this shoud be
performed after impementing choice *! $ the #ork of the terminated empoyee needs to be backed up
and the empoyees need to be notified of the termination of the empoyee, but this shoud not precede the
action in choice *!
6. Which of the following satisfies a two-factor user authentication?
AIris scanning p!us fingerprint scanning
BTermina! ID p!us g!oba! positioning system $%&"'
CA smart card re(uiring the users &I)
D*ser ID a!ong with password
ANSWER: C
NOTE: $ smart card addresses #hat the user has! This is generay used in conjunction #ith testing
#hat the user kno#s, e!g!, a keyboard pass#ord or persona identification number %.IN&! .roving #ho
the user is usuay re,uires a biometrics method, such as fingerprint, iris scan or voice verification, to
prove bioogy! This is not a t#o1factor user authentication, because it proves ony #ho the user is! $
goba positioning system %2.S& receiver reports on #here the user is! The use of an I* and pass#ord
%#hat the user kno#s& is a singe1factor user authentication!
7. What is the BES !ac"u# strateg$ for a large %ata!ase with %ata su##orting online sales?
A+ee#!y fu!! bac#up with dai!y incrementa! bac#up
BDai!y fu!! bac#up
CC!ustered servers
D,irrored hard dis#s
A'S$()* A
NOTE: 3eeky fu backup and daiy incrementa backup is the best backup strategy+ it ensures the
abiity to recover the database and yet reduces the daiy backup time re,uirements! $ fu backup
normay re,uires a coupe of hours, and therefore it can be impractica to conduct a fu backup every
day! -ustered servers provide a redundant processing capabiity, but are not a backup! 4irrored hard
disks #i not hep in case of disaster!
8# $hich of the following should be of /0S, concern to an IS auditor&
A-ac# of reporting of a successfu! attac# on the networ#
3
B.ai!ure to notify po!ice of an attempted intrusion
C-ac# of periodic e/amination of access rights
D-ac# of notification to the pub!ic of an intrusion
ANSWER: A
NOTE: Not reporting an intrusion is e,uivaent to an IS auditor hiding a maicious intrusion, #hich
#oud be a professiona mistake! $though notification to the poice may be re,uired and the ack of a
periodic e5amination of access rights might be a concern, they do not represent as big a concern as the
faiure to report the attack! 6eporting to the pubic is not a re,uirement and is dependent on the
organi"ation0s desire, or ack thereof, to make the intrusion kno#n!
1# After observing suspicious activities in a server a manager re2uests a forensic anal!sis# $hich
of the following findings should be of /0S, concern to the investigator&
A"erver is a member of a wor#group and not part of the server domain
B%uest account is enab!ed on the server
CRecent!y0 122 users were created in the server
DAudit !ogs are not enab!ed for the server
A'S$()* +
NOTE: $udit ogs can provide evidence #hich is re,uired to proceed #ith an investigation and shoud
not be disabed! 7or business needs, a server can be a member of a #orkgroup and, therefore, not a
concern! 8aving a guest account enabed on a system is a poor security practice but not a forensic
investigation concern! 6ecenty creating 9:: users in the server may have been re,uired to meet
business needs and shoud not be a concern!
4