2019 ISACA PreTest

Question 1

The PRIMARY purpose of implementing Redundant Array of /inexpensive Disks (RAID) level 1 in a file server is to:

A. achieve performance improvement
B. provide user authentication
C. ensure availability of data
D. ensure the confidentiality of the data

Answer 1

C. ensure availability of data

Question 2

Which of the following would be of MOST concern to an IS auditor reviewing a VPN implementation? Computers on the network that are located:

A. on the enterprise’s internal network.
B. at the backup site.
C. in employees’ homes.
D. at the enterprise’s remote offices.

Answer 2

C. in employees’ homes.

Question 3

Which of the following levels provides a higher degree of protection in applying access control software to avoid unauthorized access risk?

A. Network and OS level
B. Application level
C. Database level
D. Log file level

Answer 3

A. Network and OS level

Question 4

When an employee notifies the company that he/she has forgotten his/her password, what should be done FIRST by the security administrator?

A. Allow the system to randomly generate a new password
B. Verify the user’s identification through a challenge/response system
C. Provide the employee with the default password and explain that it should be changed as soon as possible
D. Ask the employee to move to the administrator terminal to generate a new password in order to assure confidentiality

Answer 4

B. Verify the user’s identification through a challenge/response system

Question 5

What test is MOST important for the IS auditor to perform as part of the review of dial-up access controls?

A. Dial the server from authorized and unauthorized telephone lines
B. Determine bandwidth requirements of remote maintenance and the
maximum line capacity
C. Check if the availability of the line is guaranteed to allow remote access any time
D. Check if call back is not used and the cost of calls is charged to the third party

Answer 5

A. Dial the server from authorized and unauthorized telephone lines

Question 6

What is the MOST significant risk that the IS auditor should evaluate regarding the existing remote access practice?

A. Modem is not powered on/off whenever is needed
B. A nondisclosure agreement was not signed by the third party
C. Data exchanged over the line is not encrypted
D. Firewall controls are bypassed

Answer 6

D. Firewall controls are bypassed

Question 7

Which of the following recommendations is MOST likely to reduce the current level of remote access risk?

A. Maintain an access log with the date and time when the modem was powered on/off
B. Encrypt the traffic over the telephone line
C. Migrate the dial-up access to an Internet VPN solution D. Update firewall policies and implement an IDS

Answer 7

C. Migrate the dial-up access to an Internet VPN solution

Question 8

What control should be implemented to prevent an attack on the internal network being initiated though an Internet VPN connection?

A. Firewall rules are periodically reviewed
B. All VPNs terminate at a single concentrator
C. An IPS capable to analyze encrypted traffic is implemented
D. Antivirus software is installed on all production servers

Answer 8

C. An IPS capable to analyze encrypted traffic is implemented