Domain 5: Protection of Information Assets (Part 5B)

Question 1

After installing a network, an organization implemented a vulnerability assessment tool to identify possible weaknesses. Which type of reporting poses the MOST serious risk associated with such tools?

Answer 1

False- negative

Question 2

A benefit of quality of service is that the:

Answer 2

participating applications will have bandwidth guaranteed.

Question 3

A company determined that its web site was compromised, and a rootkit was installed on the server hosting the application. Which of the following choices would have MOST likely prevented the incident?

Answer 3

A host-based intrusion prevention system

Question 4

The computer security incident response team of an organization disseminates detailed descriptions of recent threats. An IS auditor’s GREATEST concern should be that the users may:

Answer 4

use this information to launch attacks.

Question 5

A cyclic redundancy check is commonly used to determine the:

Answer 5

validity of data transfer.

Question 6

A data center has a badge-entry system. Which of the following is MOST important to protect the computing assets in the center?

Answer 6

A process for promptly deactivating lost or stolen badges is followed.

Question 7

During an IS audit of a global organization, the IS auditor discovers that the organization uses Voice-over Internet Protocol over the Internet as the sole means of voice connectivity among all offices. Which of the following presents the MOST significant risk for the organization’s VoIP infrastructure?

Answer 7

Distributed denial-of- service attack

Question 8

During a review of intrusion detection logs, an IS auditor notices traffic coming from the Internet, which appears to originate from the internal IP address of the company payroll server. Which of the following malicious activities would MOST likely cause this type of result?

Answer 8

Spoofing

Question 9

During the collection of forensic evidence, which of the following actions would MOST likely result in the destruction or corruption of evidence on a compromised system?

Answer 9

Rebooting the system

Question 10

Electromagnetic emissions from a terminal represent a risk because they:

Answer 10

can be detected and displayed.

Question 11

An employee has received a digital photo frame as a gift and has connected it to his/her work PC to transfer digital photos. The PRIMARY risk that this scenario introduces is that:

Answer 11

the photo frame could be infected with malware.

Question 12

The FIRST step in a successful attack to a system is:

Answer 12

gathering information.

Question 13

The GREATEST risk from an improperly implemented intrusion prevention system is:

Answer 13

blocking of critical systems or services due to false triggers.

Question 14

A hacker could obtain passwords without the use of computer tools or programs through the technique of:

Answer 14

social engineering.

Question 15

If inadequate, which of the following would be the MOST likely contributor to a denial- of-service attack?

Answer 15

Router configuration and rules

Question 16

Inadequate programming and coding practices increase the risk of:

Answer 16

buffer overflow exploitation.

Question 17

An information security policy stating that “the display of passwords must be masked or suppressed” addresses which of the following attack methods?

Answer 17

Shoulder surfing

Question 18

An Internet-based attack using password sniffing can:

Answer 18

be used to gain access to systems containing proprietary information.

Question 19

An IS auditor discovers that uniform resource locators (URLs) for online control self-assessment questionnaires are sent using URL shortening services. The use of URL shortening services would MOST likely increase the risk of which of the following attacks?

Answer 19

Phishing

Question 20

An IS auditor has been asked by management to review a potentially fraudulent transaction. The PRIMARY focus of an IS auditor while evaluating the transaction should be to:

Answer 20

assure that the integrity of the evidence is maintained.

Question 21

An IS auditor has found that employees are emailing sensitive company information to public web-based email domains. Which of the following is the BEST remediation option for the IS auditor to recommend?

Answer 21

Data loss prevention

Question 22

An IS auditor is performing a review of a network. Users report that the network is slow and web pages periodically time out. The IS auditor confirms the users’ feedback and reports the findings to the network manager. The most appropriate action for the network management team should be to FIRST:

Answer 22

use a protocol analyzer to perform network analysis and review error logs of local area network equipment.

Question 23

An IS auditor is reviewing an organization to ensure that evidence related to a data breach case is preserved. Which of the following choices would be of MOST concern to the IS auditor?

Answer 23

There is no chain of custody policy.

Question 24

An IS auditor is reviewing security incident management procedures for the company. Which of the following choices is the MOST important consideration?

Answer 24

Chain of custody of electronic evidence

Question 25

An IS auditor reviewing a network log discovers that an employee ran elevated commands on their PC by invoking the task scheduler to launch restricted applications. This is an example what type of attack?

Answer 25

A privilege escalation

Question 26

An IS auditor reviewing digital rights management applications should expect to find an extensive use for which of the following technologies?

Answer 26

Steganography

Question 27

An IS auditor reviewing the implementation of an intrusion detection system (IDS) should be MOST concerned if:

Answer 27

the IDS is used to detect encrypted traffic.

Question 28

An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. Which of the following is MOST important?

Answer 28

Permission from the data owner of the server

Question 29

An IS auditor suspects an incident is occurring while an audit is being performed on a financial system. What should the IS auditor do FIRST?

Answer 29

Report the incident to management.

Question 30

The MAIN reason for requiring that all computer clocks across an organization are synchronized is to:

Answer 30

support the incident investigation process.

Question 31

The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program?

Answer 31

Training provided on a regular basis to all current and new employees

Question 32

The MOST important factor in planning a black box penetration test is:

Answer 32

knowledge by the management staff of the client organization.

Question 33

The MOST likely explanation for a successful social engineering attack is:

Answer 33

judgment errors.

Question 34

Neural networks are effective in detecting fraud because they can:

Answer 34

address problems that require consideration of a large number of input variables.

Question 35

An organization discovers that the computer of the chief financial officer has been infected with malware that includes a keystroke logger and a rootkit. The FIRST action to take would be to:

Answer 35

disconnect the PC from the network.

Question 36

A perpetrator looking to gain access to and gather information about encrypted data being transmitted over a network would MOST likely use:

Answer 36

traffic analysis.

Question 37

The PRIMARY purpose of audit trails is to:

Answer 37

establish accountability for processed transactions.

Question 38

The reason a certification and accreditation process is performed on critical systems is to ensure that:

Answer 38

security compliance has been technically evaluated.

Question 39

The reliability of an application system’s audit trail may be questionable if:

Answer 39

users can amend audit trail records when correcting system errors.

Question 40

To ensure compliance with a security policy requiring that passwords be a combination of letters and numbers, an IS auditor should recommend that:

Answer 40

an automated password management tool be used.

Question 41

To prevent Internet Protocol (IP) spoofing attacks, a firewall should be configured to drop a packet for which the sender of a packet:

Answer 41

specifies the route that a packet should take through the network (the source routing field is enabled).

Question 42

Users are issued security tokens to be used in combination with a personal identification number (PIN) to access the corporate virtual private network. Regarding the PIN, what is the MOST important rule to be included in a security policy?

Answer 42

Users should never write down their PIN.

Question 43

Web and email filtering tools are valuable to an organization PRIMARILY because they:

Answer 43

protect the organization from viruses and nonbusiness materials.

Question 44

Web application developers sometimes use hidden fields on web pages to save information about a client session. This technique is used, in some cases, to store session variables that enable persistence across web pages, such as maintaining the contents of a shopping cart on a retail web site application. The MOST likely web-based attack due to this practice is:

Answer 44

parameter tampering.

Question 45

A web server is attacked and compromised. Organizational policy states that incident response should balance containment of an attack with retaining freedom for later legal action against an attacker. Under the circumstances, which of the following should be performed FIRST?

Answer 45

Disconnect the web server from the network.

Question 46

What is the BEST approach to mitigate the risk of a phishing attack?

Answer 46

User education

Question 47

When conducting a penetration test of an IT system, an organization should be MOST concerned with:

Answer 47

estoring systems to the original state.

Question 48

When installing an intrusion detection system, which of the following is MOST important?

Answer 48

Properly locating it in the network architecture

Question 49

When performing a computer forensic investigation, in regard to the evidence gathered, an IS auditor should be MOST concerned with:

Answer 49

preservation.

Question 50

Which of the following antivirus software implementation strategies would be the MOST effective in an interconnected corporate network?

Answer 50

Enterprise- based antivirus software

Question 51

Which of the following controls would be MOST effective in reducing the risk of loss due to fraudulent online payment requests?

Answer 51

Transaction monitoring

Question 52

Which of the following criteria are MOST needed to ensure that log information is admissible in court? Ensure that data have been:

Answer 52

verified to ensure log integrity.

Question 53

Which of the following is a control that can be implemented to reduce risk of internal fraud if application programmers are allowed to move programs into the production environment in a small organization?

Answer 53

Registration and review of changes

Question 54

Which of the following is an example of a passive cybersecurity attack?

Answer 54

Traffic analysis

Question 55

Which of the following is a passive attack to a network?

Answer 55

Traffic analysis

Question 56

Which of the following is MOST indicative of the effectiveness of an information security awareness program?

Answer 56

Employees report more information regarding security incidents.

Question 57

Which of the following is the BEST control to mitigate the risk of pharming attacks to an Internet banking application?

Answer 57

Domain name system server security hardening

Question 58

Which of the following is the BEST criterion for evaluating the adequacy of an organization’s security awareness program?

Answer 58

Job descriptions contain clear statements of accountability for information security.

Question 59

Which of the following is the BEST way for an IS auditor to determine the effectiveness of a security awareness and training program?

Answer 59

Interview a sample of employees.

Question 60

Which of the following is the MAIN reason an organization should have an incident response plan? The plan helps to:

Answer 60

minimize the duration and impact of system outages and security incidents.

Question 61

Which of the following is the MOST important action in recovering from a cyberattack?

Answer 61

Activating an incident response team

Question 62

Which of the following is the MOST reliably effective method for dealing with the spread of a network worm that exploits vulnerability in a protocol?

Answer 62

Stop the services that the protocol uses.

Question 63

Which of the following methods BEST mitigates the risk of disclosing confidential information through the use of social networking sites?

Answer 63

Providing security awareness training

Question 64

Which of the following potentially blocks hacking attempts?

Answer 64

Intrusion prevention system

Question 65

Which of the following presents an inherent risk with no distinct identifiable preventive controls?

Answer 65

Data diddling

Question 66

Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network?

Answer 66

Periodic checking of hard drives

Question 67

Which of the following results in a denial-of-service attack?

Answer 67

Ping of death

Question 68

Which of the following situations would increase the likelihood of fraud?

Answer 68

Application programmers are implementing changes to production programs.

Question 69

Which of the following specifically addresses how to detect cyberattacks against an organization’s IT systems and how to recover from an attack?

Answer 69

An incident response plan

Question 70

Which of the following systems or tools can recognize that a credit card transaction is more likely to have resulted from a stolen credit card than from the holder of the credit card?

Answer 70

Data mining techniques

Question 71

Which of the following types of penetration tests effectively evaluates the incident handling and response capability of the system administrator?

Answer 71

Double-blind testing

Question 72

Which of the following would be an indicator of the effectiveness of a computer security incident response team?

Answer 72

Financial impact per security incident

Question 73

Which of the following would MOST effectively reduce social engineering incidents?

Answer 73

Security awareness training

Question 74

While conducting an audit, an IS auditor detects the presence of a virus. What should be the IS auditor’s NEXT step?

Answer 74

Inform appropriate personnel immediately.