xmlid=9780789735737%2Fapp02lev1sec2
Username:AdityaMishraBook:CISAExamPrep.Nopartofanychapterorbookmaybereproducedortransmittedinanyformbyanymeanswithouttheprior
writtenpermissionforreprintsandexcerptsfromthepublisherofthebookorchapter.RedistributionorotherusethatviolatesthefairuseprivilegeunderU.S.
copyrightlaws(see17USC107)orthatotherwiseviolatestheseTermsofServiceisstrictlyprohibited.ViolatorswillbeprosecutedtothefullextentofU.S.
FederalandMassachusettslaws.
PracticeExamQuestions
1.Whichtypeofsamplingisbestwhendealingwithpopulationcharacteristicssuchasdollaramountsand
weights?
A. Attributesampling
B. Variablesampling
C. Stopandgosampling
D. Discoverysampling
2.Whichofthefollowingsamplingtechniquesisgenerallyappliedtocompliancetesting?
A. Attributesampling
B. Variablesampling
C. Stopandgosampling
D. Discoverysampling
3.Toguaranteetheconfidentialityofclientinformation,anauditorshoulddowhichofthefollowingwhen
reviewingsuchinformation?
A. ContacttheCEOorCFOandrequestwhatsensitiveinformationcanandcannotbe
disclosedtoauthorities
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 1/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
B. Assumefullresponsibilityfortheauditarchiveandstoreddata
C. Leaveallsensitiveinformationattheownersfacility
D. Notbackupanyofhisorherworkpapers
4.Whichofthefollowingbestdescribesmateriality?
A. Anaudittechniqueusedtoevaluatetheneedtoperformanaudit
B. Theprinciplethatindividuals,organizations,andthecommunityareresponsiblefor
theiractionsandmightberequiredtoexplainthem
C. Theauditorsindependenceandfreedomfromconflictofinterest
D. Anauditingconceptthatexaminestheimportanceofanitemofinformationinregardto
theimpactoreffectontheentitybeingaudited
5.Whichofthefollowingsamplingtechniqueisbesttousetopreventexcessivesampling?
A. Attributesampling
B. Variablesampling
C. Stopandgosampling
D. Discoverysampling
6.Whichofthefollowingdescriptionsbestdefinesauditorindependence?
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 2/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
A. Theauditorhashighregardforthecompanyandholdsseveralhundredsharesofthe
companysstock
B. Theauditorhasahistoryofindependenceandeventhoughtheauditorhasaniecethat
isemployedbythecompany,hehasstatedthatthisisnotaconcern
C. Theauditorhaspreviouslygivenadvicetotheorganizationsdesignstaffwhile
employedastheauditor
D. Theauditorisobjective,notassociatedwiththeorganization,andfreeofany
connectionstotheclient
7.Whichofthefollowingmeetsthedescriptiontheprimaryobjectiveistoleveragetheinternalaudit
functionbyplacingresponsibilityofcontrolandmonitoringontothefunctionalareas?
A. Integratedauditing
B. Controlselfassessment
C. Automatedworkpapers
D. Continuousauditing
8.Whichofthefollowingsamplingtechniqueswouldbebesttouseiftheexpecteddiscoveryrateisextremely
low?
A. Attributesampling
B. Variablesampling
C. Stopandgosampling
D. Discoverysampling
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 3/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
9.Whichofthefollowingoffershowtoinformation?
A. Standards
B. Policy
C. Guidelines
D. Procedures
10.Thetypeofriskthatmightnotbedetectedbyasystemofinternalcontrolsisdefinedaswhichofthe
following?
A. Controlrisk
B. Auditrisk
C. Detectionrisk
D. Inherentrisk
11.Whichofthefollowingitemsmakescomputerassistedaudittechniques(CAAT)importanttoanauditor?
A. Alargeamountofinformationisobtainedbyusingspecifictechniquestoanalyze
systems.
B. AnassistantoruntrainedprofessionalwithnospecializedtrainingcanutilizeCAAT
tools,whichfreesuptheauditortoparticipateinotheractivities.
C. CAATrequiresmorehumaninvolvementintheanalysisthanmultifunctionaudit
utilities.
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 4/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
D. CAATrequirestheauditortoreducethesamplingrateandprovidesamorenarrow
auditcoverage.
12.Theriskthatamaterialerrorwilloccurbecauseofweakcontrolsornocontrolsisknownaswhichofthe
following?
A. Controlrisk
B. Auditrisk
C. Detectionrisk
D. Inherentrisk
13.Youhavebeenaskedtoauditaseriesofcontrols.UsingFigureE.1asyourreference,whattypeofcontrol
haveyoubeenaskedtoexamine?
A. Amounttotal
B. Hashtotal
C. Itemtotal
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 5/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
D. Datachecksum
FigureE.1.
[Viewfullsizeimage]
14.Whichofthefollowingisthebesttooltoextractdatathatisrelevanttotheaudit?
A. Integratedauditing
B. Generalizedauditsoftware
C. Automatedworkpapers
D. Continuousauditing
15.Youhavebeenaskedtoperformanauditofthedisasterrecoveryprocedures.Aspartofthisprocess,you
mustusestatisticalsamplingtechniquestoinventoryallbackuptapes.Whichofthefollowing
descriptionsbestdefineswhatyouhavebeenaskedtodo?
A. Continuousaudit
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 6/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
B. Integratedaudit
C. Complianceaudit
D. Substantiveaudit
16.AccordingtoISACA,whichofthefollowingisthefourthstepintheriskbasedauditapproach?
A. Gatherinformationandplan
B. Performcompliancetests
C. Performsubstantivetests
D. Determineinternalcontrols
17.Whichgeneralcontrolproceduremostcloselymapstotheinformationsystemscontrolprocedurethat
specifies,Operationalcontrolsthatarefocusedondaytodayactivities?
A. Businesscontinuityanddisasterrecoveryproceduresthatprovidereasonable
assurancethattheorganizationissecureagainstdisasters
B. Proceduresthatprovidereasonableassuranceforthecontrolofdatabase
administration
C. Systemdevelopmentmethodologiesandchangecontrolproceduresthathavebeen
implementedtoprotecttheorganizationandmaintaincompliance
D. Proceduresthatprovidereasonableassurancetocontrolandmanagedataprocessing
operations
18.Whichofthefollowingisthebestexampleofadetectivecontrol?
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 7/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
A. Accesscontrolsoftwarethatusespasswords,tokens,and/orbiometrics
B. Intrusionpreventionsystems
C. Backupproceduresusedtoarchivedata
D. Variancereports
19.Whichofthefollowingisnotoneofthefourcommonelementsneededtodeterminewhetherfraudis
present?
A. Anerrorinjudgment
B. Knowledgethatthestatementwasfalse
C. Relianceonthefalsestatement
D. Resultingdamagesorlosses
20.Youhavebeenaskedtoimplementacontinuousauditingprogram.Withthisinmind,whichofthe
followingshouldyoufirstidentify?
A. Applicationswithhighpaybackpotential
B. Theformatandlocationofinputandoutputfiles
C. Areasofhighriskwithintheorganization
D. Targetswithreasonablethresholds
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 8/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
21.Whichofthefollowingshouldbethefirststepfororganizationswantingtodevelopaninformation
securityprogram?
A. Upgradeaccesscontrolsoftwaretoabiometricortokensystem
B. Approveacorporateinformationsecuritypolicystatement
C. Askinternalauditorstoperformacomprehensivereview
D. Developasetofinformationsecuritystandards
22.WhichofthefollowingisprimarilytaskedwithensuringthattheITdepartmentisproperlyalignedwith
thegoalsofthebusiness?
A. Chiefexecutiveofficer
B. Boardofdirectors
C. ITsteeringcommittee
D. Auditcommittee
23.Thebalancedscorecarddiffersfromhistoricmeasurementschemes,inthatitlooksatmorethanwhat?
A. Financialresults
B. Customersatisfaction
C. Internalprocessefficiency
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 9/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
D. Innovationcapacity
24.Whichofthefollowingisthepurposeofenterprisearchitecture(EA)?
A. Ensurethatinternalandexternalstrategyarealigned
B. MaptheITinfrastructureoftheorganization
C. MaptheITinfrastructureoftheorganizationandensurethatitsdesignmapstothe
organizationsstrategy
D. EnsurethatbusinessstrategyandITinvestmentsarealigned
25.Whichofthefollowingtypesofplanningentailsanoutlookofgreaterthanthreeyears?
A. Dailyplanning
B. Longtermplanning
C. Operationalplanning
D. Strategicplanning
26.AnewITauditorhasbeenaskedtoexaminesomeprocessing,editing,andvalidationcontrols.Canyou
helpdefinethecontrolshowninFigureE.2?
A. Validitycheck
B. Reasonablenesscheck
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 10/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
C. Existencecheck
D. Rangecheck
FigureE.2.
[Viewfullsizeimage]
27.Seniormanagementneedstoselectastrategytodeterminewhowillpayfortheinformationsystems
services.Whichofthefollowingpaymentmethodsisknownasapayasyougosystem?
A. Singlecost
B. Sharedcost
C. Chargeback
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 11/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
D. Sponsorpays
28.Whichofthefollowingisthebestmethodtoidentifyproblemsbetweenprocedureandactivity?
A. Policyreview
B. Directobservation
C. Procedurereview
D. Interview
29.Youareworkingwithariskassessmentteamthatishavingahardtimecalculatingthepotentialfinancial
losstothecompanysbrandnamethatcouldresultfromarisk.Whatshouldtheteamdonext?
A. Calculatethereturnoninvestment(ROI)
B. Determinethesinglelossexpectancy(SLE)
C. Useaqualitativeapproach
D. Reviewactuarytables
30.Whatoperationmigrationstrategyhasthehighestpossiblelevelofrisk?
A. Parallel
B. Hard
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 12/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
C. Phased
D. Intermittent
31.Manyorganizationsrequireemployeestorotatetodifferentpositions.Why?
A. Helpdelivereffectiveandefficientservices
B. Provideeffectivecrosstraining
C. Reducetheopportunityforfraudorimproperorillegalacts
D. Increaseemployeesatisfaction
32.Thebalancedscorecardlooksatfourmetrics.Whichofthefollowingisnotoneofthosemetrics?
A. Externaloperations
B. Thecustomer
C. Innovationandlearning
D. Financialdata
33.Youhavebeenassignedtoasoftwaredevelopmentprojectthathas80linkedmodulesandisbeing
developedforasystemthathandlesseveralmilliontransactionsperyear.Theprimaryscreenofthe
applicationhasdataitemsthatcarryupto20dataattributes.Youhavebeenaskedtoworkwiththeaudit
stafftodetermineatrueestimateofthedevelopmenteffort.Whichofthefollowingisthebesttechniqueto
determinethesizeoftheproject?
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 13/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
A. Whiteboxing
B. Blackboxing
C. Functionpointanalysis
D. Sourcelinesofcode
34.Whichofthefollowingisthepreferredtoolforestimatingprojecttimewhenadegreeofuncertaintyexists?
A. ProgramEvaluationandReviewTechnique(PERT)
B. Sourcelinesofcode(SLOC)
C. Gantt
D. ConstructiveCostModel(COCOMO)
35.Whichofthefollowingtechniquesisusedtodeterminewhatactivitiesarecriticalandwhatthe
dependenciesareamongthevarioustasks?
A. Compilingalistofeachtaskrequiredtocompletetheproject
B. COCOMO
C. Criticalpathmethodology(CPM)
D. ProgramEvaluationandReviewTechnique(PERT)
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 14/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
36.Whichofthefollowingisconsideredatraditionalsystemdevelopmentlifecyclemodel?
A. Thewaterfallmodel
B. Thespiraldevelopmentmodel
C. Theprototypingmodel
D. Incrementaldevelopment
37.Youhavebeenassignedasanauditortoanewsoftwareproject.Theteammembersarecurrentlydefining
userneedsandthenmappinghowtheproposedsolutionmeetstheneed.AtwhatphaseoftheSDLCare
they?
A. Feasibility
B. Requirements
C. Design
D. Development
38.Whichofthefollowingisnotavalidoutputcontrol?
A. Logging
B. Batchcontrols
C. Securitysignatures
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 15/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
D. Reportdistribution
39.ThefollowingquestionreferencesFigureE.3.ItemAreferstowhichofthefollowing?
A. Foreignkey
B. Tuple
C. Attribute
D. Primarykey
FigureE.3.
[Viewfullsizeimage]
40.Youhavebeenaskedtosuggestacontrolthatcouldbeusedtodeterminewhetheracreditcardtransaction
islegitimateorpotentiallyfromastolencreditcard.Whichofthefollowingwouldbethebesttoolforthis
need?
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 16/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
A. Decisionsupportsystems
B. Expertsystems
C. Intrusionpreventionsystems
D. Dataminingtechniques
41.Youhavebeenaskedtosuggestacontrolthatcanbeusedtoverifythatbatchdataiscompleteandwas
transferredaccuratelybetweentwoapplications.Whatshouldyousuggest?
A. Acontroltotal
B. Checkdigit
C. Completenesscheck
D. Limitcheck
42.Whichofthefollowingtypesofprogramminglanguageisusedtodevelopdecisionsupportsystems?
A. 2GL
B. 3GL
C. 4GL
D. 5GL
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 17/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
43.Youhavebeenaskedtoworkwithanewprojectmanager.Theprojectteamhasjuststartedworkonthe
paybackanalysis.Whichofthefollowingisthebestanswertoidentifythephaseofthesystem
developmentlifecycleoftheproject?
A. Feasibility
B. Requirements
C. Design
D. Development
44.Inmanyways,ISoperationsisaserviceorganizationbecauseitprovidesservicestoitsusers.Assuch,how
shouldanauditorrecommendthatthepercentageofhelpdeskorresponsecallsansweredwithinagiven
timebemeasured?
A. Uptimeagreements
B. Timeservicefactor
C. Abandonrate
D. Firstcallresolution
45.Whatisthecorrecttermforitemsthatcanoccurwithouthumaninteraction?
A. Lightsout
B. Automatedprocessing
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 18/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
C. Followthesunoperations
D. Autopilotoperations
46.Whichofthefollowingisanexampleofa2GLlanguage?
A. SQL
B. Assembly
C. FORTRAN
D. Prolog
47.Whendiscussingwebservices,whichofthefollowingbestdescribesaproxyserver?
A. Reducesloadfortheclientsystem
B. ImprovesdirectaccesstotheInternet
C. Providesaninterfacetoaccesstheprivatedomain
D. Provideshighlevelsecurityservices
48.Regardingcohesionandcoupling,whichisbest?
A. Highcohesion,highcoupling
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 19/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
B. Highcohesion,lowcoupling
C. Lowcohesion,lowcoupling
D. Lowcohesion,highcoupling
49.Bluetoothclass1meetswhichofthefollowingspecifications?
A. Upto5mofrangeand.5mWofpower
B. Upto10mofrangeand1mWofpower
C. Upto20mofrangeand2.5mWofpower
D. Upto100mofrangeand100mWofpower
50.Whendiscussingelectronicdatainterface(EDI),whichofthefollowingtermsbestdescribesthedevice
thattransmitsandreceiveselectronicdocumentsbetweentradingpartners?
A. ValueAddedNetwork(VAN)
B. X12
C. Communicationshandler
D. ElectronicDataInterchangeForAdministrationCommerceAndTransport(EDIFACT)
51.Whichtypeofnetworkisusedtoconnectmultipleserverstoacentralizedpoolofdiskstorage?
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 20/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
A. PAN
B. LAN
C. SAN
D. MAN
52.ThefollowingquestionreferencesFigureE.4.ItemCreferstowhichofthefollowing?
A. Foreignkey
B. Tuple
C. Attribute
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 21/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
D. Primarykey
FigureE.4.
[Viewfullsizeimage]
53.WhichlayeroftheOSImodelisresponsibleforpacketrouting?
A. Application
B. Transport
C. Session
D. Network
54.Whichofthefollowingtypesoftestingisusuallyperformedattheimplementationphase,whentheproject
staffissatisfiedwithallothertestsandtheapplicationisreadytobedeployed?
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 22/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
A. Finalacceptancetesting
B. Systemtesting
C. Interfacetesting
D. Unittesting
55.Whichofthefollowingdevicescanbeontheedgeofnetworksforbasicpacketfiltering?
A. Bridge
B. Switch
C. Router
D. VLAN
56.MACaddressesaremostcloselyassociatedwithwhichlayeroftheOSImodel?
A. Datalink
B. Network
C. Session
D. Physical
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 23/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
57.TheIPaddressof128.12.3.15isconsideredtobewhichofthefollowing?
A. ClassA
B. ClassB
C. ClassC
D. ClassD
58.Whichofthefollowingstatementsismostcorrect?RIPisconsidered...
A. Aroutingprotocol
B. Aroutableprotocol
C. Adistancevectorroutingprotocol
D. Alinkstateroutingprotocol
59.Whichofthefollowingtesttypesisusedafterachangetoverifythatinputsandoutputsarecorrect?
A. Regressiontesting
B. Systemtesting
C. Interfacetesting
D. Pilottesting
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 24/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
60.Whichofthefollowingisanexampleofa5GLlanguage?
A. SQL
B. Assembly
C. FORTRAN
D. Prolog
61.Whichofthefollowingtypesofnetworktopologiesishardtoexpand,withonebreakpossiblydisablingthe
entiresegment?
A. Bus
B. Star
C. TokenRing
D. Mesh
62.Whatisthemostimportantreasontouseplenumgradecable?
A. Increasednetworksecurity
B. Lessattenuation
C. Lesscrosstalk
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 25/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
D. Fireretardantcoating
63.Whichofthefollowingcoppercablenetworkconfigurationsisconsideredthemostsecurefrom
eavesdroppingorinterception?
A. AswitchedVLANusingmultimodefibercable
B. ATokenRingnetworkusingCat5cabling
C. AswitchednetworkthatusesCat5eshieldedcable
D. Abusnetworkusing10BASE2cabling
64.Whichofthefollowingisaniterativedevelopmentmethodinwhichrepetitionsarereferredtoassprints
andtypicallylast30days?
A. Scrum
B. Extremeprogramming
C. RAD
D. Spiral
65.WhichtypeofdatabaseisshowninFigureE.5?
A. Relational
B. Network
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 26/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
C. Hierarchical
D. Floatingflat
FigureE.5.
66.Asanewauditor,youhavebeenaskedtoreviewnetworkoperations.Whichofthefollowingweaknesses
shouldyouconsiderthemostserious?
A. Datafilescanbeamendedorchangedbysupervisors.
B. Datafilescanbelostduringpoweroutagesbecauseofpoorbackup.
C. Sensitivedatafilescanbereadbymanagers.
D. Copiesofconfidentialreportscanbeprintedbyanyone.
67.
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 27/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
Whichofthefollowingisthebestexampleofacontrolmechanismtobeusedtocontrolcomponentfailure
orerrors?
A. RedundantWANlinks
B. JustaBunchofDisks/Drives(JBOD)
C. RAID0
D. RAID1
68.Whichofthefollowingisthebesttechniqueforanauditortoverifyfirewallsettings?
A. Interviewthenetworkadministrator
B. Reviewthefirewallconfiguration
C. Reviewthefirewalllogforrecentattacks
D. Reviewthefirewallprocedure
69.Whichofthefollowingisnotacircuitswitchingtechnology?
A. DSL
B. POTS
C. T1
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 28/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
D. ATM
70.Whichofthefollowingusesaprocesstostandardizecodemodulestoallowforcrossplatformoperation
andprogramintegration?
A. Componentbaseddevelopment(CBD)
B. Webbasedapplicationdevelopment(WBAD)
C. Objectorientedsystemsdevelopment(OOSD)
D. Dataorientedsystemdevelopment(DOSD)
71.Datawarehousesareusedtostorehistoricdataofanorganization.Assuch,whichofthefollowingisthe
mostaccuratewaytodescribedatawarehouses?
A. Subjectoriented
B. Objectoriented
C. Accessoriented
D. Controloriented
72.Whichofthefollowingaccesscontrolmodelsallowstheusertocontrolaccess?
A. Mandatoryaccesscontrol(MAC)
B. Discretionaryaccesscontrol(DAC)
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 29/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
C. Rolebasedaccesscontrol(RBAC)
D. Accesscontrollist(ACL)
73.Whileauditingtheidentificationandauthenticationsystem,youwanttodiscussthebestmethodyou
reviewed.Whichofthefollowingisconsideredthestrongest?
A. Passwords
B. Tokens
C. Twofactorauthentication
D. Biometrics
74.Ifaskedtoexplaintheequalerrorrate(EER)toanotherauditor,whatwouldyousay?
A. TheEERisusedtodeterminetheclippinglevelusedforpasswordlockout.
B. TheEERisameasurementthatindicatesthepointatwhichFRRequalsFAR.
C. TheEERisaratingusedforpasswordtokens.
D. TheEERisaratingusedtomeasurethepercentageofbiometricuserswhoare
allowedaccessandwhoarenotauthorizedusers.
75.Youhavebeenaskedtoheaduptheauditofabusinessapplicationsystem.Whatisoneofthefirsttasks
youshouldperform?
A. Interviewusers
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 30/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
B. Reviewprocessflowcharts
C. Evaluatecontrols
D. Determinecriticalareas
76.ClosedcircuitTV(CCTV)systemsareconsideredwhattypeofcontrol?
A. Corrective
B. Detective
C. Preventive
D. Delayed
77.AccordingtoISACA,thesecondstepinthebusinesscontinuityplanning(BCP)processiswhichofthe
following?
A. Projectmanagementandinitiation
B. Plandesignanddevelopment
C. Recoverystrategy
D. Businessimpactanalysis
78.Youhavebeenaskedtoreviewthedocumentationforaplanneddatabase.Whichtypeofdatabaseis
representedbyFigureE.6?
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 31/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
A. Relational
B. Network
C. Hierarchical
D. Floatingflat
FigureE.6.
79.Whichofthefollowingissuesticketgrantingtickets?
A. TheKerberosauthenticationservice
B. TheRADIUSauthenticationservice
C. TheKerberosticketgrantingservice
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 32/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
D. TheRADIUSticketgrantingservice
80.Whichofthefollowingisthemostimportantcorrectivecontrolthatanorganizationhasthecapabilityto
shape?
A. Auditplan
B. Securityassessment
C. Businesscontinuityplan
D. Networktopology
81.Whichoneofthefollowingisnotconsideredanapplicationsystemtestingtechnique?
A. Snapshots
B. Mapping
C. Integratedtestfacilities
D. Basecasesystemevaluation
82.Whichofthefollowingstatementsregardingrecoveryiscorrect?
A. Thegreatertherecoverypointobjective(RPO),themoretoleranttheprocessisto
interruption.
B. Thelesstherecoverytimeobjective(RTO),thelongertheprocesscantaketobe
restored.
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 33/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
C. ThelesstheRPO,themoretoleranttheprocessistointerruption.
D. ThegreatertheRTO,thelesstimetheprocesscantaketoberestored.
83.Whichofthefollowingbestdefinestheservicedeliveryobjective(SDO)?
A. Definesthemaximumamountoftimetheorganizationcanprovideservicesatthe
alternatesite
B. Definesthelevelofserviceprovidedbyalternateprocesses
C. Definesthetimethatsystemscanbeofflinebeforecausingdamage
D. Defineshowlongtheprocesscantaketoberestored
84.Duringwhichstepofthebusinesscontinuityplanning(BCP)processisariskassessmentperformed?
A. Projectmanagementandinitiation
B. Plandesignanddevelopment
C. Recoverystrategy
D. Businessimpactanalysis
85.Whenauditingsecurityforadatacenter,theauditorshouldlookforwhichofthefollowingasthebest
exampleoflongtermpowerprotection?
A. Standbygenerator
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 34/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
B. Uninterruptedpowersupply
C. Surgeprotector
D. Filteredpowersupply
86.Whichofthefollowingwouldbeconsideredthemostcomplexcontinuousaudittechnique?
A. Continuousandintermittentsimulation(CIS)
B. Snapshots
C. Audithooks
D. Integratedtestfacilities
87.WhichofthefollowingisnotareplacementforHalon?
A. FM200
B. NAFS3
C. FM100
D. Argon
88.Whendiscussingbiometrics,whatdoType1errorsmeasure?
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 35/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
A. Thepointatwhichthefalserejectionrate(FRR)equalsthefalseacceptancerate(FAR)
B. Theaccuracyofthebiometricsystem
C. Thepercentageofillegitimateuserswhoaregivenaccess
D. Thepercentageoflegitimateuserswhoaredeniedaccess
89.ClassAfiresarecomprisedofwhichofthefollowing?
A. Electronicequipment
B. Paper
C. Oil
D. Metal
90.Youareperforminganauditofanorganizationsphysicalsecuritycontrols,specifically,emergency
controls.Whendoorsthatuserelaysorelectriclocksaresaidtofailsoft,whatdoesthatmean?
A. Locksofthistypefailopen.
B. Locksofthistypeareeasytopick.
C. Locksofthistypefailclosed.
D. Locksofthistypearehardtopick.
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 36/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
91.WhichtypeofdatabaseisrepresentedbyFigureE.7?
A. Relational
B. Network
C. Hierarchical
D. Floatingflat
FigureE.7.
[Viewfullsizeimage]
92.Systemscontrolauditreviewfileandembeddedauditmodules(SCARF/EAM)isanexampleofwhichof
thefollowing?
A. Outputcontrols
B. Continuousonlineauditing
C. Inputcontrols
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 37/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
D. Processingcontrols
93.WhichtypeofaccessrightscontrolmodeliswidelyusedbytheDoD,NSA,CIA,andFBI?
A. MAC
B. DAC
C. RBAC
D. ACL
94.Whyistheprotectionofprocessingintegrityimportant?
A. Tomaintainavailabilitytouserssotheyhavetheavailabilitytocopyandusedata
withoutdelay
B. Toprotectdatafromunauthorizedaccesswhileintransit
C. Topreventoutputcontrolsfrombecomingtainted
D. Tomaintaindataencryptiononportabledevicessothatdatacanberelocatedto
anotherfacilitywhilebeingencrypted
95.Aprivacyimpactanalysis(PIA)istiedtoseveralitems.Whichofthefollowingisnotoneofthoseitems?
A. Technology
B. Processes
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 38/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
C. People
D. Documents
96.Whichofthefollowingisultimatelyresponsibleforthesecuritypracticesoftheorganization?
A. Securityadvisorygroup
B. Chiefsecurityofficer
C. Executivemanagement
D. Securityauditor
97.Whichofthefollowingguaranteesthatallforeignkeysreferenceexistingprimarykeys?
A. Relationalintegrity
B. Referentialintegrity
C. Entityintegrity
D. Tracingandtagging
98.Whichofthefollowingwouldacompanyextendtoallownetworkaccesstoabusinesspartner?
A. Internet
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 39/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
B. Intranet
C. Extranet
D. VLAN
99.Whattermisusedtodescribethedelaythatinformationwillexperiencefromthesourcetothe
destination?
A. Echo
B. Latency
C. Delay
D. Congestion
100.Youhavebeenaskedtodescribewhatsecurityfeaturecanbefoundinthewirelessstandard802.11a.How
willyourespond?
A. WiFiProtectedAccess(WPA)
B. WiredEquivalentPrivacy(WEP)
C. TemporalKeyIntegrityProtocol(TKIP)
D. WiFiProtectedAccess2(WPA2)
101.Whichofthefollowingisnotapacketswitchingtechnology?
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 40/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
A. X.25
B. ISDN
C. FrameRely
D. ATM
102.Transportlayersecurity(TLS)canbestbedescribedasbeingfoundbetweenwhichtwolayersoftheOSI
model?
A. Layers2and3
B. Layers3and4
C. Layers4and5
D. Layers5and6
103.Whichofthefollowingdescriptionshighlightstheimportanceofdomainnameservice(DNS)?
A. Addressofadomainserver
B. ResolvesfullyqualifieddomainnamestoIPaddresses
C. ResolvesknownIPaddressforunknownInternetaddresses
D. ResolvesIPandMACaddressesneededfordeliveryofInternetdata
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 41/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
104.UsingFigureE.8asareference,whichofthefollowingbestdescribesa10BASE5networkdesign?
A. ItemA
B. ItemB
C. ItemC
D. ItemD
FigureE.8.
105.Youhavebeenaskedtodescribeaprogramthatcanbeclassifiedasterminalemulationsoftware.Whichof
thefollowingwouldyoumention?
A. Telnet
B. FTP
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 42/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
C. SNMP
D. SMTP
106.Whichofthefollowingservicesoperatesonports20and21?
A. Telnet
B. FTP
C. SMTP
D. DHCP
107.WhichlayeroftheOSImodelisresponsibleforreliabledatadelivery?
A. Datalink
B. Session
C. Transport
D. Network
108.Anobjectiveoftheimplementationphaseofanewlyinstalledsystemcanincludewhichofthefollowing?
A. Conductingacertificationtest
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 43/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
B. Determininguserrequirements
C. Assessingtheprojecttoseeifexpectedbenefitswereachieved
D. Reviewingthedesignedaudittrails
109.Whichofthefollowingisthebestexampleofaprocessingcontrol?
A. Exceptionreports
B. Sequencecheck
C. Keyverification
D. Logicalrelationshipcheck
110.Whichofthefollowingdevicesismostcloselyrelatedtothedatalinklayer?
A. Hub
B. Repeater
C. Bridge
D. Router
111.Whichofthefollowingprovidethecapabilitytoensurethevalidityofdatathroughvariousstagesof
processing?
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 44/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
A. Manualrecalculations
B. Programmingcontrols
C. Runtoruntotals
D. Reasonablenessverification
112.Youoverheardthedatabaseadministratordiscussingnormalizingsometables.Whatisthepurposeofthis
activity?
A. Decreaseredundancy
B. Increaseredundancy
C. Decreaseapplicationmalfunction
D. Increaseaccuracy
113.WhichofthefollowingisnotincludedinaPERTchart?
A. Themostoptimistictimethetaskcanbecompletedin
B. Themostcosteffectivescenarioforthetask
C. Theworstcasescenarioorlongesttimethetaskcantake
D. Themostlikelytimethetaskwillbecompletedin
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 45/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
114.Verificationssuchasexistencecheckscanbestbedescribedas:
A. Aprocessingcontrolthatisconsideredpreventive
B. Avalidationeditcontrolthatisconsideredpreventive
C. Aprocessingcontrolthatisconsidereddetective
D. Avalidationeditcontrolthatisconsidereddetective
115.Referentialintegrityisusedtopreventwhichofthefollowing?
A. Attributeerrors
B. Relationalerrors
C. Danglingtuples
D. Integrityconstraints
116.Whichofthefollowingbestdescribesthedifferencebetweenaccreditationandcertification?
A. Certificationisinitiatedaftertheaccreditationofthesystemtoensurethatthesystem
meetsrequiredstandards.
B. Certificationisinitiatedbeforeaccreditationtoensurethatqualitypersonnelareusing
thenewdesignedsystems.
C. Accreditationisissuedaftercertification.Accreditationisamanagementfunction,while
certificationisatechnicalfunction.
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 46/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
D. Productionandmanagementmightseeaccreditationandcertificationasbasicallyone
andthesame.
117.Youhavebeenaskedtoreviewtheorganizationsplannedfirewalldesign.Assuch,whichofthefollowing
bestdescribesthetopologyshowninFigureE.9?
A. Packetfilter
B. Screenedsubnet
C. Screenedhost
D. Dualhomedhost
FigureE.9.
[Viewfullsizeimage]
118.Whichofthefollowingdatabasedesignsisconsideredalatticestructurebecauseeachrecordcanhave
multipleparentandchildrecords?Althoughthisdesigncanworkwellinstableenvironments,itcanbe
extremelycomplex.
A. Thehierarchicaldatabasemanagementsystems
B. Therelationaldatabasemanagementsystems
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 47/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
C. Thenetworkdatabasemanagementsystems
D. Thestructureddatabasemanagementsystems
119.Whichofthefollowingisnotusedwhencalculatingfunctionpointanalysis?
A. Numberofuserinquires
B. Numberoffiles
C. Numberofuserinputs
D. Numberofexpectedusers
120.Whichofthefollowingisanexampleofaninterpretedprogramminglanguage?
A. FORTRAN
B. Assembly
C. Basic
D. Java
121.Whichofthefollowingisanexampleofa4GLlanguage?
A. SQL
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 48/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
B. Assembly
C. FORTRAN
D. Prolog
122.Whichofthefollowingdatabasetakestheformofaparent/childstructure?
A. Thehierarchicaldatabasemanagementsystems
B. Therelationaldatabasemanagementsystems
C. Thenetworkdatabasemanagementsystems
D. Thestructureddatabasemanagementsystems
123.Youhavebeenaskedtoexplainringsofprotectionandhowtheconceptappliestothesupervisorymodeof
theoperatingsystem(OS).Whichofthefollowingisthebestdescription?
A. Systemutilitiesshouldruninsupervisormode.
B. Supervisorstateallowstheexecutionofallinstructions,includingprivileged
instructions.
C. Supervisorymodeisusedtoblockaccesstothesecuritykernel.
D. Ringsarearrangedinahierarchyfromleastprivilegedtothemostprivilegedasthe
mosttrustedusuallyhasthehighestringnumber
124.Youhavebeenaskedtodesignacontrol.Theorganizationwouldliketolimitwhatchecknumbersare
used.Specfically,theywouldliketobeabletoflagachecknumbered318ifthedaysfirstcheckhadthe
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 49/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
number120andthedayslastcheckwasnumber144.Whattypeofvalidationcheckdoesthedepartment
require?
A. Limitcheck
B. Rangecheck
C. Validitycheck
D. Sequencecheck
125.Whichofthefollowingdescriptionsbestdescribesadelaywindow?
A. Thetimebetweenwhenaneventoccursandwhentheauditrecordisreviewed
B. Thetimebetweenwhenanincidentoccursandwhenitisaddressed
C. Thetimebetweenwhenaneventoccursandwhentheauditrecordisrecorded
D. Thedifferencebetweenathresholdandatrigger
126.Youhavebeenaskedtoreviewaconsolelog.Whattypeofinformationshouldyouexpecttofind?
A. Namesandpasswordsofsystemusers
B. Applicationaccessandbackuptimes
C. Systemerrors
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 50/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
D. Errorsfromdataedits
127.Duringasoftwarechangeprocess,auditorsmightbeaskedtoverifyexistingsourcecodeatsomepoint.
Whatisthemosteffectivetoolforauditorstocompareoldandnewsoftwareforunreportedchanges?
A. Functionpointanalysis(FPA)
B. Manualreviewofthesoftware
C. Variationtools
D. Sourcecodecomparisonsoftware
128.Whichofthefollowingisnotavalidprocessingcontrol?
A. Authorization
B. Processing
C. Validation
D. Editing
129.Whichofthefollowingisnotpartoftheprojectmanagementtriangle?
A. Scope
B. Time
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 51/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
C. Resources
D. Cost
130.UsingFigureE.10asareference,placethefourrecoverytimeobjectivesintheirproperorder.
A. ItemsA,B,C,D
B. ItemsB,C,D,A
C. ItemsD,A,C,B
D. ItemsC,B,D,A
FigureE.10.
131.
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 52/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
Whendealingwithprojectmanagementissues,whichofthefollowingisultimatelyresponsibleandmust
ensurethatstakeholdersneedsaremet?
A. Stakeholders
B. Projectsteeringcommittee
C. Projectmanager
D. Qualityassurance
132.Projectsmusttakeonanorganizationalform.Theseorganizationalformsorframeworkscanbeeither
looselystructuredorveryrigid.WhichprojectformmatchesthedescriptionTheprojectmanagerhasno
realauthority,andthefunctionalmanagerremainsincharge?
A. Weakmatrix
B. Pureproject
C. Balancedmatrix
D. Influence
133.WhichofthefollowingisthebestdescriptionoftheConstructiveCostModel(COCOMO)?
A. COCOMOisamodelthatforecaststhecostandscheduleofsoftwaredevelopment,
includingthenumberofpersonsandmonthsrequiredforthedevelopment.
B. COCOMOisamodelthatforecastsnetworkcostsassociatedwithhardware,the
physicalmedium,andtrainedpersonnel.
C. COCOMOisaforecastmodelthatestimatesthetimeinvolvedinproducingaproduct
andshippingtotheenduser.
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 53/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
D. COCOMOisamodelthatforecaststheconstructionofadditionalcompaniesassociated
withorganizationalgrowth.
134.Whichofthefollowingsoftwareestimatingmethodsdoesnotworkaswellinmoderndevelopment
programsbecauseadditionalfactorsthatarenotconsideredwillaffecttheoverallcost?
A. FacilitedRiskAssessmentProcess(FRAP)
B. Gantt
C. Functionpointanalysis(FPA)
D. Sourcelinesofcode(SLOC)
135.Whichofthefollowingisthebestexampleofaquantitativeriskassessmenttechnique?
A. TheDelphitechnique
B. Facilitatedriskassessmentprocess
C. Actuarialtables
D. Riskratingofhigh,medium,orlow
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 54/54