Domain 5 Practice Questions Flashcards
An IS auditor reviewing the configuration of a signature-based IDS would be MOST concerned if which of the following is discovered?
Auto-update is turned off
Which of the following BEST provides access control to payroll data being processed on a local server?
Using software that restricts access rules to authorized staff
An IS auditor has just completed a review of an organization that has a mainframe computer and two database servers where all production data reside. Which of the following weaknesses would be considered the MOST serious?
Password controls are not administered over the two database servers
An organization is proposing to install a single sign-on facility giving access to all systems. The organization should be aware that:
Maximum unauthorized access would be possible if a password is disclosed
When reviewing an implementation of a Voice-over IP system over a corporate wide area network, an IS auditor should expect to find:
Traffic engineering
An insurance company is using public cloud computing for one of its critical applications to reduce costs. Which of the following would be of MOST concern to the IS auditor?
The data in the shared environment being accessed by other companies
Which of the following BEST determines whether complete encryption and authentication protocols for protecting information while being transmitted exist?
Work is being done in tunnel mode with the nested services of authentication header (AH) and encapsulating security payload (ESP)
Which of the following concerns about the security of an electronic message would be addressed by a digital signature?
Alteration
Which of the following characterizes a DDoS attack?
Central initiation of intermediary computers to direct simultaneous spurious message traffic at a specified target site
Which of the following is the MOST effective preventive antivirus control?
An online antivirus scan with up to date virus definitions
