Practice Exam Questions

11/12/2016 techbus.safaribooksonline.com/print?
xmlid=9780789735737%2Fapp02lev1sec2
Username:AdityaMishraBook:CISAExamPrep.Nopartofanychapterorbookmaybereproducedortransmittedinanyformbyanymeanswithouttheprior
writtenpermissionforreprintsandexcerptsfromthepublisherofthebookorchapter.RedistributionorotherusethatviolatesthefairuseprivilegeunderU.S.
copyrightlaws(see17USC107)orthatotherwiseviolatestheseTermsofServiceisstrictlyprohibited.ViolatorswillbeprosecutedtothefullextentofU.S.
FederalandMassachusettslaws.
PracticeExamQuestions
1.Whichtypeofsamplingisbestwhendealingwithpopulationcharacteristicssuchasdollaramountsand
weights?
A. Attributesampling
B. Variablesampling
C. Stopandgosampling
D. Discoverysampling
2.Whichofthefollowingsamplingtechniquesisgenerallyappliedtocompliancetesting?
B. Variablesampling
3.Toguaranteetheconfidentialityofclientinformation,anauditorshoulddowhichofthefollowingwhen
reviewingsuchinformation?
A. ContacttheCEOorCFOandrequestwhatsensitiveinformationcanandcannotbe
disclosedtoauthorities
http://techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2 1/54
11/12/2016 techbus.safaribooksonline.com/print?xmlid=9780789735737%2Fapp02lev1sec2
B. Assumefullresponsibilityfortheauditarchiveandstoreddata
C. Leaveallsensitiveinformationattheownersfacility
D. Notbackupanyofhisorherworkpapers
4.Whichofthefollowingbestdescribesmateriality?
A. Anaudittechniqueusedtoevaluatetheneedtoperformanaudit
B. Theprinciplethatindividuals,organizations,andthecommunityareresponsiblefor
theiractionsandmightberequiredtoexplainthem
C. Theauditorsindependenceandfreedomfromconflictofinterest
D. Anauditingconceptthatexaminestheimportanceofanitemofinformationinregardto
theimpactoreffectontheentitybeingaudited
5.Whichofthefollowingsamplingtechniqueisbesttousetopreventexcessivesampling?
B. Variablesampling
6.Whichofthefollowingdescriptionsbestdefinesauditorindependence?
A. Theauditorhashighregardforthecompanyandholdsseveralhundredsharesofthe
companysstock
B. Theauditorhasahistoryofindependenceandeventhoughtheauditorhasaniecethat
isemployedbythecompany,hehasstatedthatthisisnotaconcern
C. Theauditorhaspreviouslygivenadvicetotheorganizationsdesignstaffwhile
employedastheauditor
D. Theauditorisobjective,notassociatedwiththeorganization,andfreeofany
connectionstotheclient
7.Whichofthefollowingmeetsthedescriptiontheprimaryobjectiveistoleveragetheinternalaudit
functionbyplacingresponsibilityofcontrolandmonitoringontothefunctionalareas?
A. Integratedauditing
B. Controlselfassessment
C. Automatedworkpapers
D. Continuousauditing
8.Whichofthefollowingsamplingtechniqueswouldbebesttouseiftheexpecteddiscoveryrateisextremely
low?
B. Variablesampling
9.Whichofthefollowingoffershowtoinformation?
A. Standards
B. Policy
C. Guidelines
D. Procedures
10.Thetypeofriskthatmightnotbedetectedbyasystemofinternalcontrolsisdefinedaswhichofthe
following?
A. Controlrisk
B. Auditrisk
C. Detectionrisk
D. Inherentrisk
11.Whichofthefollowingitemsmakescomputerassistedaudittechniques(CAAT)importanttoanauditor?
A. Alargeamountofinformationisobtainedbyusingspecifictechniquestoanalyze
systems.
B. AnassistantoruntrainedprofessionalwithnospecializedtrainingcanutilizeCAAT
tools,whichfreesuptheauditortoparticipateinotheractivities.
C. CAATrequiresmorehumaninvolvementintheanalysisthanmultifunctionaudit
utilities.
D. CAATrequirestheauditortoreducethesamplingrateandprovidesamorenarrow
auditcoverage.
12.Theriskthatamaterialerrorwilloccurbecauseofweakcontrolsornocontrolsisknownaswhichofthe
following?
A. Controlrisk
B. Auditrisk
C. Detectionrisk
D. Inherentrisk
13.Youhavebeenaskedtoauditaseriesofcontrols.UsingFigureE.1asyourreference,whattypeofcontrol
haveyoubeenaskedtoexamine?
A. Amounttotal
B. Hashtotal
C. Itemtotal
D. Datachecksum
FigureE.1.
[Viewfullsizeimage]
14.Whichofthefollowingisthebesttooltoextractdatathatisrelevanttotheaudit?
A. Integratedauditing
B. Generalizedauditsoftware
C. Automatedworkpapers
D. Continuousauditing
15.Youhavebeenaskedtoperformanauditofthedisasterrecoveryprocedures.Aspartofthisprocess,you
mustusestatisticalsamplingtechniquestoinventoryallbackuptapes.Whichofthefollowing
descriptionsbestdefineswhatyouhavebeenaskedtodo?
A. Continuousaudit
B. Integratedaudit
C. Complianceaudit
D. Substantiveaudit
16.AccordingtoISACA,whichofthefollowingisthefourthstepintheriskbasedauditapproach?
A. Gatherinformationandplan
B. Performcompliancetests
C. Performsubstantivetests
D. Determineinternalcontrols
17.Whichgeneralcontrolproceduremostcloselymapstotheinformationsystemscontrolprocedurethat
specifies,Operationalcontrolsthatarefocusedondaytodayactivities?
A. Businesscontinuityanddisasterrecoveryproceduresthatprovidereasonable
assurancethattheorganizationissecureagainstdisasters
B. Proceduresthatprovidereasonableassuranceforthecontrolofdatabase
administration
C. Systemdevelopmentmethodologiesandchangecontrolproceduresthathavebeen
implementedtoprotecttheorganizationandmaintaincompliance
D. Proceduresthatprovidereasonableassurancetocontrolandmanagedataprocessing
operations
18.Whichofthefollowingisthebestexampleofadetectivecontrol?
A. Accesscontrolsoftwarethatusespasswords,tokens,and/orbiometrics
B. Intrusionpreventionsystems
C. Backupproceduresusedtoarchivedata
D. Variancereports
19.Whichofthefollowingisnotoneofthefourcommonelementsneededtodeterminewhetherfraudis
present?
A. Anerrorinjudgment
B. Knowledgethatthestatementwasfalse
C. Relianceonthefalsestatement
D. Resultingdamagesorlosses
20.Youhavebeenaskedtoimplementacontinuousauditingprogram.Withthisinmind,whichofthe
followingshouldyoufirstidentify?
A. Applicationswithhighpaybackpotential
B. Theformatandlocationofinputandoutputfiles
C. Areasofhighriskwithintheorganization
D. Targetswithreasonablethresholds
21.Whichofthefollowingshouldbethefirststepfororganizationswantingtodevelopaninformation
securityprogram?
A. Upgradeaccesscontrolsoftwaretoabiometricortokensystem
B. Approveacorporateinformationsecuritypolicystatement
C. Askinternalauditorstoperformacomprehensivereview
D. Developasetofinformationsecuritystandards
22.WhichofthefollowingisprimarilytaskedwithensuringthattheITdepartmentisproperlyalignedwith
thegoalsofthebusiness?
A. Chiefexecutiveofficer
B. Boardofdirectors
C. ITsteeringcommittee
D. Auditcommittee
23.Thebalancedscorecarddiffersfromhistoricmeasurementschemes,inthatitlooksatmorethanwhat?
A. Financialresults
B. Customersatisfaction
C. Internalprocessefficiency
D. Innovationcapacity
24.Whichofthefollowingisthepurposeofenterprisearchitecture(EA)?
A. Ensurethatinternalandexternalstrategyarealigned
B. MaptheITinfrastructureoftheorganization
C. MaptheITinfrastructureoftheorganizationandensurethatitsdesignmapstothe
organizationsstrategy
D. EnsurethatbusinessstrategyandITinvestmentsarealigned
25.Whichofthefollowingtypesofplanningentailsanoutlookofgreaterthanthreeyears?
A. Dailyplanning
B. Longtermplanning
C. Operationalplanning
D. Strategicplanning
26.AnewITauditorhasbeenaskedtoexaminesomeprocessing,editing,andvalidationcontrols.Canyou
helpdefinethecontrolshowninFigureE.2?
A. Validitycheck
B. Reasonablenesscheck
C. Existencecheck
D. Rangecheck
FigureE.2.
[Viewfullsizeimage]
27.Seniormanagementneedstoselectastrategytodeterminewhowillpayfortheinformationsystems
services.Whichofthefollowingpaymentmethodsisknownasapayasyougosystem?
A. Singlecost
B. Sharedcost
C. Chargeback
D. Sponsorpays
28.Whichofthefollowingisthebestmethodtoidentifyproblemsbetweenprocedureandactivity?
A. Policyreview
B. Directobservation
C. Procedurereview
D. Interview
29.Youareworkingwithariskassessmentteamthatishavingahardtimecalculatingthepotentialfinancial
losstothecompanysbrandnamethatcouldresultfromarisk.Whatshouldtheteamdonext?
A. Calculatethereturnoninvestment(ROI)
B. Determinethesinglelossexpectancy(SLE)
C. Useaqualitativeapproach
D. Reviewactuarytables
30.Whatoperationmigrationstrategyhasthehighestpossiblelevelofrisk?
A. Parallel
B. Hard
C. Phased
D. Intermittent
31.Manyorganizationsrequireemployeestorotatetodifferentpositions.Why?
A. Helpdelivereffectiveandefficientservices
B. Provideeffectivecrosstraining
C. Reducetheopportunityforfraudorimproperorillegalacts
D. Increaseemployeesatisfaction
32.Thebalancedscorecardlooksatfourmetrics.Whichofthefollowingisnotoneofthosemetrics?
A. Externaloperations
B. Thecustomer
C. Innovationandlearning
D. Financialdata
33.Youhavebeenassignedtoasoftwaredevelopmentprojectthathas80linkedmodulesandisbeing
developedforasystemthathandlesseveralmilliontransactionsperyear.Theprimaryscreenofthe
applicationhasdataitemsthatcarryupto20dataattributes.Youhavebeenaskedtoworkwiththeaudit
stafftodetermineatrueestimateofthedevelopmenteffort.Whichofthefollowingisthebesttechniqueto
determinethesizeoftheproject?
A. Whiteboxing
B. Blackboxing
C. Functionpointanalysis
D. Sourcelinesofcode
34.Whichofthefollowingisthepreferredtoolforestimatingprojecttimewhenadegreeofuncertaintyexists?
A. ProgramEvaluationandReviewTechnique(PERT)
B. Sourcelinesofcode(SLOC)
C. Gantt
D. ConstructiveCostModel(COCOMO)
35.Whichofthefollowingtechniquesisusedtodeterminewhatactivitiesarecriticalandwhatthe
dependenciesareamongthevarioustasks?
A. Compilingalistofeachtaskrequiredtocompletetheproject
B. COCOMO
C. Criticalpathmethodology(CPM)
D. ProgramEvaluationandReviewTechnique(PERT)
36.Whichofthefollowingisconsideredatraditionalsystemdevelopmentlifecyclemodel?
A. Thewaterfallmodel
B. Thespiraldevelopmentmodel
C. Theprototypingmodel
D. Incrementaldevelopment
37.Youhavebeenassignedasanauditortoanewsoftwareproject.Theteammembersarecurrentlydefining
userneedsandthenmappinghowtheproposedsolutionmeetstheneed.AtwhatphaseoftheSDLCare
they?
A. Feasibility
B. Requirements
C. Design
D. Development
38.Whichofthefollowingisnotavalidoutputcontrol?
A. Logging
B. Batchcontrols
C. Securitysignatures
D. Reportdistribution
39.ThefollowingquestionreferencesFigureE.3.ItemAreferstowhichofthefollowing?
A. Foreignkey
B. Tuple
C. Attribute
D. Primarykey
FigureE.3.
[Viewfullsizeimage]
40.Youhavebeenaskedtosuggestacontrolthatcouldbeusedtodeterminewhetheracreditcardtransaction
islegitimateorpotentiallyfromastolencreditcard.Whichofthefollowingwouldbethebesttoolforthis
need?
A. Decisionsupportsystems
B. Expertsystems
C. Intrusionpreventionsystems
D. Dataminingtechniques
41.Youhavebeenaskedtosuggestacontrolthatcanbeusedtoverifythatbatchdataiscompleteandwas
transferredaccuratelybetweentwoapplications.Whatshouldyousuggest?
A. Acontroltotal
B. Checkdigit
C. Completenesscheck
D. Limitcheck
42.Whichofthefollowingtypesofprogramminglanguageisusedtodevelopdecisionsupportsystems?
A. 2GL
B. 3GL
C. 4GL
D. 5GL
43.Youhavebeenaskedtoworkwithanewprojectmanager.Theprojectteamhasjuststartedworkonthe
paybackanalysis.Whichofthefollowingisthebestanswertoidentifythephaseofthesystem
developmentlifecycleoftheproject?
A. Feasibility
B. Requirements
C. Design
D. Development
44.Inmanyways,ISoperationsisaserviceorganizationbecauseitprovidesservicestoitsusers.Assuch,how
shouldanauditorrecommendthatthepercentageofhelpdeskorresponsecallsansweredwithinagiven
timebemeasured?
A. Uptimeagreements
B. Timeservicefactor
C. Abandonrate
D. Firstcallresolution
45.Whatisthecorrecttermforitemsthatcanoccurwithouthumaninteraction?
A. Lightsout
B. Automatedprocessing
C. Followthesunoperations
D. Autopilotoperations
46.Whichofthefollowingisanexampleofa2GLlanguage?
A. SQL
B. Assembly
C. FORTRAN
D. Prolog
47.Whendiscussingwebservices,whichofthefollowingbestdescribesaproxyserver?
A. Reducesloadfortheclientsystem
B. ImprovesdirectaccesstotheInternet
C. Providesaninterfacetoaccesstheprivatedomain
D. Provideshighlevelsecurityservices
48.Regardingcohesionandcoupling,whichisbest?
A. Highcohesion,highcoupling
B. Highcohesion,lowcoupling
C. Lowcohesion,lowcoupling
D. Lowcohesion,highcoupling
49.Bluetoothclass1meetswhichofthefollowingspecifications?
A. Upto5mofrangeand.5mWofpower
B. Upto10mofrangeand1mWofpower
C. Upto20mofrangeand2.5mWofpower
D. Upto100mofrangeand100mWofpower
50.Whendiscussingelectronicdatainterface(EDI),whichofthefollowingtermsbestdescribesthedevice
thattransmitsandreceiveselectronicdocumentsbetweentradingpartners?
A. ValueAddedNetwork(VAN)
B. X12
C. Communicationshandler
D. ElectronicDataInterchangeForAdministrationCommerceAndTransport(EDIFACT)
51.Whichtypeofnetworkisusedtoconnectmultipleserverstoacentralizedpoolofdiskstorage?
A. PAN
B. LAN
C. SAN
D. MAN
52.ThefollowingquestionreferencesFigureE.4.ItemCreferstowhichofthefollowing?
A. Foreignkey
B. Tuple
C. Attribute
D. Primarykey
FigureE.4.
[Viewfullsizeimage]
53.WhichlayeroftheOSImodelisresponsibleforpacketrouting?
A. Application
B. Transport
C. Session
D. Network
54.Whichofthefollowingtypesoftestingisusuallyperformedattheimplementationphase,whentheproject
staffissatisfiedwithallothertestsandtheapplicationisreadytobedeployed?
A. Finalacceptancetesting
B. Systemtesting
C. Interfacetesting
D. Unittesting
55.Whichofthefollowingdevicescanbeontheedgeofnetworksforbasicpacketfiltering?
A. Bridge
B. Switch
C. Router
D. VLAN
56.MACaddressesaremostcloselyassociatedwithwhichlayeroftheOSImodel?
A. Datalink
B. Network
C. Session
D. Physical
57.TheIPaddressof128.12.3.15isconsideredtobewhichofthefollowing?
A. ClassA
B. ClassB
C. ClassC
D. ClassD
58.Whichofthefollowingstatementsismostcorrect?RIPisconsidered...
A. Aroutingprotocol
B. Aroutableprotocol
C. Adistancevectorroutingprotocol
D. Alinkstateroutingprotocol
59.Whichofthefollowingtesttypesisusedafterachangetoverifythatinputsandoutputsarecorrect?
A. Regressiontesting
B. Systemtesting
C. Interfacetesting
D. Pilottesting
A. SQL
B. Assembly
C. FORTRAN
D. Prolog
61.Whichofthefollowingtypesofnetworktopologiesishardtoexpand,withonebreakpossiblydisablingthe
entiresegment?
A. Bus
B. Star
C. TokenRing
D. Mesh
62.Whatisthemostimportantreasontouseplenumgradecable?
A. Increasednetworksecurity
B. Lessattenuation
C. Lesscrosstalk
D. Fireretardantcoating
63.Whichofthefollowingcoppercablenetworkconfigurationsisconsideredthemostsecurefrom
eavesdroppingorinterception?
A. AswitchedVLANusingmultimodefibercable
B. ATokenRingnetworkusingCat5cabling
C. AswitchednetworkthatusesCat5eshieldedcable
D. Abusnetworkusing10BASE2cabling
64.Whichofthefollowingisaniterativedevelopmentmethodinwhichrepetitionsarereferredtoassprints
andtypicallylast30days?
A. Scrum
B. Extremeprogramming
C. RAD
D. Spiral
65.WhichtypeofdatabaseisshowninFigureE.5?
A. Relational
B. Network
C. Hierarchical
D. Floatingflat
FigureE.5.
66.Asanewauditor,youhavebeenaskedtoreviewnetworkoperations.Whichofthefollowingweaknesses
shouldyouconsiderthemostserious?
A. Datafilescanbeamendedorchangedbysupervisors.
B. Datafilescanbelostduringpoweroutagesbecauseofpoorbackup.
C. Sensitivedatafilescanbereadbymanagers.
D. Copiesofconfidentialreportscanbeprintedbyanyone.
67.
Whichofthefollowingisthebestexampleofacontrolmechanismtobeusedtocontrolcomponentfailure
orerrors?
A. RedundantWANlinks
B. JustaBunchofDisks/Drives(JBOD)
C. RAID0
D. RAID1
68.Whichofthefollowingisthebesttechniqueforanauditortoverifyfirewallsettings?
A. Interviewthenetworkadministrator
B. Reviewthefirewallconfiguration
C. Reviewthefirewalllogforrecentattacks
D. Reviewthefirewallprocedure
69.Whichofthefollowingisnotacircuitswitchingtechnology?
A. DSL
B. POTS
C. T1
D. ATM
70.Whichofthefollowingusesaprocesstostandardizecodemodulestoallowforcrossplatformoperation
andprogramintegration?
A. Componentbaseddevelopment(CBD)
B. Webbasedapplicationdevelopment(WBAD)
C. Objectorientedsystemsdevelopment(OOSD)
D. Dataorientedsystemdevelopment(DOSD)
71.Datawarehousesareusedtostorehistoricdataofanorganization.Assuch,whichofthefollowingisthe
mostaccuratewaytodescribedatawarehouses?
A. Subjectoriented
B. Objectoriented
C. Accessoriented
D. Controloriented
72.Whichofthefollowingaccesscontrolmodelsallowstheusertocontrolaccess?
A. Mandatoryaccesscontrol(MAC)
B. Discretionaryaccesscontrol(DAC)
C. Rolebasedaccesscontrol(RBAC)
D. Accesscontrollist(ACL)
73.Whileauditingtheidentificationandauthenticationsystem,youwanttodiscussthebestmethodyou
reviewed.Whichofthefollowingisconsideredthestrongest?
A. Passwords
B. Tokens
C. Twofactorauthentication
D. Biometrics
74.Ifaskedtoexplaintheequalerrorrate(EER)toanotherauditor,whatwouldyousay?
A. TheEERisusedtodeterminetheclippinglevelusedforpasswordlockout.
B. TheEERisameasurementthatindicatesthepointatwhichFRRequalsFAR.
C. TheEERisaratingusedforpasswordtokens.
D. TheEERisaratingusedtomeasurethepercentageofbiometricuserswhoare
allowedaccessandwhoarenotauthorizedusers.
75.Youhavebeenaskedtoheaduptheauditofabusinessapplicationsystem.Whatisoneofthefirsttasks
youshouldperform?
A. Interviewusers
B. Reviewprocessflowcharts
C. Evaluatecontrols
D. Determinecriticalareas
76.ClosedcircuitTV(CCTV)systemsareconsideredwhattypeofcontrol?
A. Corrective
B. Detective
C. Preventive
D. Delayed
77.AccordingtoISACA,thesecondstepinthebusinesscontinuityplanning(BCP)processiswhichofthe
following?
A. Projectmanagementandinitiation
B. Plandesignanddevelopment
C. Recoverystrategy
D. Businessimpactanalysis
78.Youhavebeenaskedtoreviewthedocumentationforaplanneddatabase.Whichtypeofdatabaseis
representedbyFigureE.6?
A. Relational
B. Network
C. Hierarchical
D. Floatingflat
FigureE.6.
79.Whichofthefollowingissuesticketgrantingtickets?
A. TheKerberosauthenticationservice
B. TheRADIUSauthenticationservice
C. TheKerberosticketgrantingservice
D. TheRADIUSticketgrantingservice
80.Whichofthefollowingisthemostimportantcorrectivecontrolthatanorganizationhasthecapabilityto
shape?
A. Auditplan
B. Securityassessment
C. Businesscontinuityplan
D. Networktopology
81.Whichoneofthefollowingisnotconsideredanapplicationsystemtestingtechnique?
A. Snapshots
B. Mapping
C. Integratedtestfacilities
D. Basecasesystemevaluation
82.Whichofthefollowingstatementsregardingrecoveryiscorrect?
A. Thegreatertherecoverypointobjective(RPO),themoretoleranttheprocessisto
interruption.
B. Thelesstherecoverytimeobjective(RTO),thelongertheprocesscantaketobe
restored.
C. ThelesstheRPO,themoretoleranttheprocessistointerruption.
D. ThegreatertheRTO,thelesstimetheprocesscantaketoberestored.
83.Whichofthefollowingbestdefinestheservicedeliveryobjective(SDO)?
A. Definesthemaximumamountoftimetheorganizationcanprovideservicesatthe
alternatesite
B. Definesthelevelofserviceprovidedbyalternateprocesses
C. Definesthetimethatsystemscanbeofflinebeforecausingdamage
D. Defineshowlongtheprocesscantaketoberestored
84.Duringwhichstepofthebusinesscontinuityplanning(BCP)processisariskassessmentperformed?
A. Projectmanagementandinitiation
B. Plandesignanddevelopment
C. Recoverystrategy
D. Businessimpactanalysis
85.Whenauditingsecurityforadatacenter,theauditorshouldlookforwhichofthefollowingasthebest
exampleoflongtermpowerprotection?
A. Standbygenerator
B. Uninterruptedpowersupply
C. Surgeprotector
D. Filteredpowersupply
86.Whichofthefollowingwouldbeconsideredthemostcomplexcontinuousaudittechnique?
A. Continuousandintermittentsimulation(CIS)
B. Snapshots
C. Audithooks
D. Integratedtestfacilities
87.WhichofthefollowingisnotareplacementforHalon?
A. FM200
B. NAFS3
C. FM100
D. Argon
88.Whendiscussingbiometrics,whatdoType1errorsmeasure?
A. Thepointatwhichthefalserejectionrate(FRR)equalsthefalseacceptancerate(FAR)
B. Theaccuracyofthebiometricsystem
C. Thepercentageofillegitimateuserswhoaregivenaccess
D. Thepercentageoflegitimateuserswhoaredeniedaccess
89.ClassAfiresarecomprisedofwhichofthefollowing?
A. Electronicequipment
B. Paper
C. Oil
D. Metal
90.Youareperforminganauditofanorganizationsphysicalsecuritycontrols,specifically,emergency
controls.Whendoorsthatuserelaysorelectriclocksaresaidtofailsoft,whatdoesthatmean?
A. Locksofthistypefailopen.
B. Locksofthistypeareeasytopick.
C. Locksofthistypefailclosed.
D. Locksofthistypearehardtopick.
91.WhichtypeofdatabaseisrepresentedbyFigureE.7?
A. Relational
B. Network
C. Hierarchical
D. Floatingflat
FigureE.7.
[Viewfullsizeimage]
92.Systemscontrolauditreviewfileandembeddedauditmodules(SCARF/EAM)isanexampleofwhichof
thefollowing?
A. Outputcontrols
B. Continuousonlineauditing
C. Inputcontrols
D. Processingcontrols
93.WhichtypeofaccessrightscontrolmodeliswidelyusedbytheDoD,NSA,CIA,andFBI?
A. MAC
B. DAC
C. RBAC
D. ACL
94.Whyistheprotectionofprocessingintegrityimportant?
A. Tomaintainavailabilitytouserssotheyhavetheavailabilitytocopyandusedata
withoutdelay
B. Toprotectdatafromunauthorizedaccesswhileintransit
C. Topreventoutputcontrolsfrombecomingtainted
D. Tomaintaindataencryptiononportabledevicessothatdatacanberelocatedto
anotherfacilitywhilebeingencrypted
95.Aprivacyimpactanalysis(PIA)istiedtoseveralitems.Whichofthefollowingisnotoneofthoseitems?
A. Technology
B. Processes
C. People
D. Documents
96.Whichofthefollowingisultimatelyresponsibleforthesecuritypracticesoftheorganization?
A. Securityadvisorygroup
B. Chiefsecurityofficer
C. Executivemanagement
D. Securityauditor
97.Whichofthefollowingguaranteesthatallforeignkeysreferenceexistingprimarykeys?
A. Relationalintegrity
B. Referentialintegrity
C. Entityintegrity
D. Tracingandtagging
98.Whichofthefollowingwouldacompanyextendtoallownetworkaccesstoabusinesspartner?
A. Internet
B. Intranet
C. Extranet
D. VLAN
99.Whattermisusedtodescribethedelaythatinformationwillexperiencefromthesourcetothe
destination?
A. Echo
B. Latency
C. Delay
D. Congestion
100.Youhavebeenaskedtodescribewhatsecurityfeaturecanbefoundinthewirelessstandard802.11a.How
willyourespond?
A. WiFiProtectedAccess(WPA)
B. WiredEquivalentPrivacy(WEP)
C. TemporalKeyIntegrityProtocol(TKIP)
D. WiFiProtectedAccess2(WPA2)
101.Whichofthefollowingisnotapacketswitchingtechnology?
A. X.25
B. ISDN
C. FrameRely
D. ATM
102.Transportlayersecurity(TLS)canbestbedescribedasbeingfoundbetweenwhichtwolayersoftheOSI
model?
A. Layers2and3
B. Layers3and4
C. Layers4and5
D. Layers5and6
103.Whichofthefollowingdescriptionshighlightstheimportanceofdomainnameservice(DNS)?
A. Addressofadomainserver
B. ResolvesfullyqualifieddomainnamestoIPaddresses
C. ResolvesknownIPaddressforunknownInternetaddresses
D. ResolvesIPandMACaddressesneededfordeliveryofInternetdata
104.UsingFigureE.8asareference,whichofthefollowingbestdescribesa10BASE5networkdesign?
A. ItemA
B. ItemB
C. ItemC
D. ItemD
FigureE.8.
105.Youhavebeenaskedtodescribeaprogramthatcanbeclassifiedasterminalemulationsoftware.Whichof
thefollowingwouldyoumention?
A. Telnet
B. FTP
C. SNMP
D. SMTP
106.Whichofthefollowingservicesoperatesonports20and21?
A. Telnet
B. FTP
C. SMTP
D. DHCP
107.WhichlayeroftheOSImodelisresponsibleforreliabledatadelivery?
A. Datalink
B. Session
C. Transport
D. Network
108.Anobjectiveoftheimplementationphaseofanewlyinstalledsystemcanincludewhichofthefollowing?
A. Conductingacertificationtest
B. Determininguserrequirements
C. Assessingtheprojecttoseeifexpectedbenefitswereachieved
D. Reviewingthedesignedaudittrails
109.Whichofthefollowingisthebestexampleofaprocessingcontrol?
A. Exceptionreports
B. Sequencecheck
C. Keyverification
D. Logicalrelationshipcheck
110.Whichofthefollowingdevicesismostcloselyrelatedtothedatalinklayer?
A. Hub
B. Repeater
C. Bridge
D. Router
111.Whichofthefollowingprovidethecapabilitytoensurethevalidityofdatathroughvariousstagesof
processing?
A. Manualrecalculations
B. Programmingcontrols
C. Runtoruntotals
D. Reasonablenessverification
112.Youoverheardthedatabaseadministratordiscussingnormalizingsometables.Whatisthepurposeofthis
activity?
A. Decreaseredundancy
B. Increaseredundancy
C. Decreaseapplicationmalfunction
D. Increaseaccuracy
113.WhichofthefollowingisnotincludedinaPERTchart?
A. Themostoptimistictimethetaskcanbecompletedin
B. Themostcosteffectivescenarioforthetask
C. Theworstcasescenarioorlongesttimethetaskcantake
D. Themostlikelytimethetaskwillbecompletedin
114.Verificationssuchasexistencecheckscanbestbedescribedas:
A. Aprocessingcontrolthatisconsideredpreventive
B. Avalidationeditcontrolthatisconsideredpreventive
C. Aprocessingcontrolthatisconsidereddetective
D. Avalidationeditcontrolthatisconsidereddetective
115.Referentialintegrityisusedtopreventwhichofthefollowing?
A. Attributeerrors
B. Relationalerrors
C. Danglingtuples
D. Integrityconstraints
116.Whichofthefollowingbestdescribesthedifferencebetweenaccreditationandcertification?
A. Certificationisinitiatedaftertheaccreditationofthesystemtoensurethatthesystem
meetsrequiredstandards.
B. Certificationisinitiatedbeforeaccreditationtoensurethatqualitypersonnelareusing
thenewdesignedsystems.
C. Accreditationisissuedaftercertification.Accreditationisamanagementfunction,while
certificationisatechnicalfunction.
D. Productionandmanagementmightseeaccreditationandcertificationasbasicallyone
andthesame.
117.Youhavebeenaskedtoreviewtheorganizationsplannedfirewalldesign.Assuch,whichofthefollowing
bestdescribesthetopologyshowninFigureE.9?
A. Packetfilter
B. Screenedsubnet
C. Screenedhost
D. Dualhomedhost
FigureE.9.
[Viewfullsizeimage]
118.Whichofthefollowingdatabasedesignsisconsideredalatticestructurebecauseeachrecordcanhave
multipleparentandchildrecords?Althoughthisdesigncanworkwellinstableenvironments,itcanbe
extremelycomplex.
A. Thehierarchicaldatabasemanagementsystems
B. Therelationaldatabasemanagementsystems
C. Thenetworkdatabasemanagementsystems
D. Thestructureddatabasemanagementsystems
119.Whichofthefollowingisnotusedwhencalculatingfunctionpointanalysis?
A. Numberofuserinquires
B. Numberoffiles
C. Numberofuserinputs
D. Numberofexpectedusers
120.Whichofthefollowingisanexampleofaninterpretedprogramminglanguage?
A. FORTRAN
B. Assembly
C. Basic
D. Java
A. SQL
B. Assembly
C. FORTRAN
D. Prolog
122.Whichofthefollowingdatabasetakestheformofaparent/childstructure?
A. Thehierarchicaldatabasemanagementsystems
B. Therelationaldatabasemanagementsystems
C. Thenetworkdatabasemanagementsystems
D. Thestructureddatabasemanagementsystems
123.Youhavebeenaskedtoexplainringsofprotectionandhowtheconceptappliestothesupervisorymodeof
theoperatingsystem(OS).Whichofthefollowingisthebestdescription?
A. Systemutilitiesshouldruninsupervisormode.
B. Supervisorstateallowstheexecutionofallinstructions,includingprivileged
instructions.
C. Supervisorymodeisusedtoblockaccesstothesecuritykernel.
D. Ringsarearrangedinahierarchyfromleastprivilegedtothemostprivilegedasthe
mosttrustedusuallyhasthehighestringnumber
124.Youhavebeenaskedtodesignacontrol.Theorganizationwouldliketolimitwhatchecknumbersare
used.Specfically,theywouldliketobeabletoflagachecknumbered318ifthedaysfirstcheckhadthe
number120andthedayslastcheckwasnumber144.Whattypeofvalidationcheckdoesthedepartment
require?
A. Limitcheck
B. Rangecheck
C. Validitycheck
D. Sequencecheck
125.Whichofthefollowingdescriptionsbestdescribesadelaywindow?
A. Thetimebetweenwhenaneventoccursandwhentheauditrecordisreviewed
B. Thetimebetweenwhenanincidentoccursandwhenitisaddressed
C. Thetimebetweenwhenaneventoccursandwhentheauditrecordisrecorded
D. Thedifferencebetweenathresholdandatrigger
126.Youhavebeenaskedtoreviewaconsolelog.Whattypeofinformationshouldyouexpecttofind?
A. Namesandpasswordsofsystemusers
B. Applicationaccessandbackuptimes
C. Systemerrors
D. Errorsfromdataedits
127.Duringasoftwarechangeprocess,auditorsmightbeaskedtoverifyexistingsourcecodeatsomepoint.
Whatisthemosteffectivetoolforauditorstocompareoldandnewsoftwareforunreportedchanges?
A. Functionpointanalysis(FPA)
B. Manualreviewofthesoftware
C. Variationtools
D. Sourcecodecomparisonsoftware
128.Whichofthefollowingisnotavalidprocessingcontrol?
A. Authorization
B. Processing
C. Validation
D. Editing
129.Whichofthefollowingisnotpartoftheprojectmanagementtriangle?
A. Scope
B. Time
C. Resources
D. Cost
130.UsingFigureE.10asareference,placethefourrecoverytimeobjectivesintheirproperorder.
A. ItemsA,B,C,D
B. ItemsB,C,D,A
C. ItemsD,A,C,B
D. ItemsC,B,D,A
FigureE.10.
131.
Whendealingwithprojectmanagementissues,whichofthefollowingisultimatelyresponsibleandmust
ensurethatstakeholdersneedsaremet?
A. Stakeholders
B. Projectsteeringcommittee
C. Projectmanager
D. Qualityassurance
132.Projectsmusttakeonanorganizationalform.Theseorganizationalformsorframeworkscanbeeither
looselystructuredorveryrigid.WhichprojectformmatchesthedescriptionTheprojectmanagerhasno
realauthority,andthefunctionalmanagerremainsincharge?
A. Weakmatrix
B. Pureproject
C. Balancedmatrix
D. Influence
133.WhichofthefollowingisthebestdescriptionoftheConstructiveCostModel(COCOMO)?
A. COCOMOisamodelthatforecaststhecostandscheduleofsoftwaredevelopment,
includingthenumberofpersonsandmonthsrequiredforthedevelopment.
B. COCOMOisamodelthatforecastsnetworkcostsassociatedwithhardware,the
physicalmedium,andtrainedpersonnel.
C. COCOMOisaforecastmodelthatestimatesthetimeinvolvedinproducingaproduct
andshippingtotheenduser.
D. COCOMOisamodelthatforecaststheconstructionofadditionalcompaniesassociated
withorganizationalgrowth.
134.Whichofthefollowingsoftwareestimatingmethodsdoesnotworkaswellinmoderndevelopment
programsbecauseadditionalfactorsthatarenotconsideredwillaffecttheoverallcost?
A. FacilitedRiskAssessmentProcess(FRAP)
B. Gantt
C. Functionpointanalysis(FPA)
D. Sourcelinesofcode(SLOC)
135.Whichofthefollowingisthebestexampleofaquantitativeriskassessmenttechnique?
A. TheDelphitechnique
B. Facilitatedriskassessmentprocess
C. Actuarialtables
D. Riskratingofhigh,medium,orlow

Practice Exam Questions

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Practice Exam Questions

Diunggah oleh

Hak Cipta:

Format Tersedia

11/12/2016 techbus.safaribooksonline.com/print?

Anda mungkin juga menyukai