Domain 5: Protection of Information Assets Flashcards
Enterprise requirements for complying with adopted global security standards is PRIMARILY determined by:
A.internal compliance.
B.legal compliance.
C.regulatory compliance.
D.contractual compliance.
A. Complying with adopted global security standards is primarily determined by internal compliance requirements.
An enterprise can ensure that the recipients of emails from its employees can authenticate the identity of the sender by:
A.digitally signing all email messages.
B.encrypting all email messages.
C.compressing all email messages.
D.password protecting all email messages.
A. By digitally signing all email messages, the receiver is able to validate the authenticity of the sender.
Which of the following is the MOST important input for defining an information security framework for an enterprise?
Options:
A.Information security policies
B.Regulatory compliance requirements
C.Risk assessment results
D.Global security standards
D. Global security standards provide required high-level essential controls. These assist enterprises to define a security framework that meets the requirements.
Users are issued security tokens to be used in combination with a personal identification number (PIN) to access the enterprise virtual private network. Regarding the PIN, what is the MOST important rule to be included in a security policy?
A.Users should not leave tokens where they can be stolen.
B.Users must never keep the token in the same bag as their laptop computer.
C.Users should select a PIN that is completely random, with no repeating digits.
D.Users should never write down their PIN.
D. If a user writes their PIN on a slip of paper, an individual with the token, the slip of paper and the computer can access the enterprise network. A token and the PIN are a two-factor authentication method.
The implementation of access controls FIRST requires:
A.a classification of information systems (IS) resources.
B.the labeling of IS resources.
C.the creation of an access control list.
D.an inventory of IS resources.
D. The first step in implementing access controls is an inventory of IS resources, which is the basis for establishing ownership and classification.
An enterprise has created a policy that defines the types of websites that users are forbidden to access. What is the MOST effective technology to enforce this policy?
A.Stateful inspection firewall
B.Web content filter
C.Web cache server
D.Proxy server
B. A web content filter accepts or denies web communications according to the configured rules. To help the administrator properly configure the tool, enterprises and vendors have made available uniform resource locator blacklists and classifications for millions of websites.
In an enterprise where an IT security baseline has been defined, an information systems (IS) auditor should FIRST ensure:
A.implementation.
B.compliance.
C.documentation.
D.sufficiency.
D. An IS auditor should first evaluate the definition of the minimum baseline level by ensuring the sufficiency of the control baseline to meet security requirements.
To ensure compliance with a security policy requiring that passwords be a combination of letters and numbers, an information systems (IS) auditor should recommend that:
A.the enterprise policy be changed.
B.passwords are periodically changed.
C.an automated password management tool be used.
D.security awareness training is delivered.
C. The use of an automated password management tool is a preventive control measure. The software prevents repetition (semantic) and enforces syntactic rules, thus making the passwords robust. It also provides a method for ensuring frequent changes and prevents the same user from reusing his/her old password for a designated period of time.
Which of the following is the MOST effective method for disposing of magnetic media that contains confidential information?
A.Degaussing
B.Defragmenting
C.Erasing
D.Destroying
D. Destroying magnetic media is the only way to assure that confidential information cannot be recovered.
Enterprise governance of IT frameworks MAINLY helps organizations address business issues by:
A.aligning high-level strategic objectives with operational-level objectives, followed by direct work outcomes.
B.establishing a risk management capability to address business issues and preserve the value delivered to stakeholders.
C.developing a roadmap to help fill in the gap between the current state (as-is) and the desired state (to-be).
D.conducting multiple meetings with different stakeholder groups to learn about their expectations.
A. The strategic alignment between business objectives and enterprise IT objectives is one of the most important advantages of applying enterprise governance of information and technology (EGIT) frameworks because it helps in achieving enterprise objectives and delivering value at a reasonable cost.
Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance with the enterprise security policy?
A.Review the parameter settings.
B.Interview the firewall administrator.
C.Review the actual procedures.
D.Review the device’s log file for recent attacks.
A. A review of the parameter settings provides a good basis for comparison of the actual configuration to the security policy and provides audit evidence documentation.
From a control perspective, the PRIMARY objective of classifying information assets is to:
A.establish guidelines for the level of access controls that should be assigned.
B.ensure access controls are assigned to all information assets.
C.assist management and auditors in risk assessment.
D.identify which assets need to be insured against losses.
A. Information has varying degrees of sensitivity and criticality in meeting business objectives. By assigning classes or levels of sensitivity and criticality to information resources, management can establish guidelines for the level of access controls that should be assigned. End user management and the security administrator will use these classifications in their risk assessment process to assign a given class to each asset.
Which of the following methods BEST mitigates the risk of disclosing confidential information through the use of social networking sites?
A.Providing security awareness training
B.Requiring a signed acceptable use policy
C.Monitoring the use of social media
D.Blocking access to social media
A. Providing security awareness training is the best method to mitigate the risk of disclosing confidential information on social networking sites. It is important to remember that users may access these services through other means, such as mobile phones and home computers; therefore, awareness training is most critical.
An information systems (IS) auditor inspected a windowless room containing phone switching and networking equipment and documentation binders. The room was equipped with two handheld fire extinguishers—one filled with carbon dioxide (CO2) and the other filled with halon gas. Which of the following should be given the HIGHEST priority in the IS auditor’s report?
A.The halon extinguisher should be removed because halon has a negative impact on the atmospheric ozone layer.
B.Both fire suppression systems present a risk of suffocation when used in a closed room.
C.The CO2 extinguisher should be removed because CO2 is ineffective for suppressing fires involving solid combustibles (paper).
D.The documentation binders should be removed from the equipment room to reduce potential risk.
B. Protecting people’s lives should always be of the highest priority in fire suppression activities. Carbon dioxide (CO2) and halon both reduce the oxygen ratio in the atmosphere, which can induce serious personal hazards. In many countries, installing or refilling halon fire suppression systems is not allowed.
Which of the following exposures associated with the spooling of sensitive reports for offline printing should an information systems (IS) auditor consider to be the MOST serious?
A.Sensitive data might be read by operators.
B.Data might be amended without authorization.
C.Unauthorized report copies might be printed.
D.Output might be lost in the event of system failure.
C. Spooling for offline printing may enable additional copies to be printed unless adequate safeguards exist as compensating controls.
Which of the following is BEST prevented by a raised floor in the computer machine room?
A.Damage of wires around computers and servers
B.A power failure from static electricity
C.Shocks from earthquakes
D.Water flood damage
A. The primary reason for having a raised floor is to enable ventilation systems, power cables and data cables to be installed underneath the floor. This eliminates the safety and damage risk posed when cables are scattered on an open floor.
Which of the following is the MOST effective control over visitor access to a data center?
A.Visitors are escorted.
B.Visitor badges are required.
C.Visitors sign in.
D.Visitors are spot-checked by operators.
A. Escorting visitors provides the best assurance that visitors have permission to access defined areas within the data processing facility.
When auditing security for a data center, an information systems (IS) auditor should look for the presence of a voltage regulator to ensure that the:
A.hardware is protected against power surges.
B.integrity is maintained if the main power is interrupted.
C.immediate power will be available if the main power is lost.
D.hardware is protected against long-term power fluctuations.
A. A voltage regulator protects against short-term power fluctuations.
An information systems (IS) auditor is reviewing the physical security measures of an enterprise. Regarding the access card system, the IS auditor should be MOST concerned that:
A.nonpersonalized access cards are given to the cleaning staff, who use a sign-in sheet but show no proof of identity.
B.access cards are not labeled with the enterprise’s name and address to facilitate easy return of a lost card.
C.card issuance and rights administration for the cards are done by different departments, causing unnecessary lead time for new cards.
D.the computer system used for programming the cards can only be replaced after three weeks in the event of a system failure.
A. Physical security is meant to control who is entering a secured area, so identification of all individuals is of utmost importance. It is not adequate to trust unknown external people by allowing them to write down their alleged name without proof (e.g., identity card or driver’s license).
An information systems (IS) auditor is reviewing the network infrastructure of a call center and determines that the internal telephone system is based on Voice-over Internet Protocol (VoIP) technology. Which of the following is the GREATEST concern?
A.Voice communication uses the same equipment that is used for data communication.
B.Ethernet switches are not protected by uninterrupted power supply units.
C.Voice communication is not encrypted on the local network.
D.The team that supports the data network also is responsible for the telephone system.
B. VoIP telephone systems use the LAN infrastructure of an enterprise for communication, typically using Ethernet connectivity to connect individual phones to the system. Most enterprises have a backup power supply for the main servers and systems, but typically do not have uninterrupted power supply units for the LAN switches. In the case of even a brief power outage, not having backup power on all network devices makes it impossible to send or receive phone calls, which is a concern, particularly in a call center.
An enterprise is proposing to establish a wireless local area network (WLAN). Management asks the information systems (IS) auditor to recommend security controls for the WLAN. Which of the following is the MOST appropriate recommendation?
A.Physically secure wireless access points to prevent tampering.
B.Use service set identifiers that clearly identify the enterprise.
C.Encrypt traffic using the wired equivalent privacy (WEP) mechanism.
D.Implement the Simple Network Management Protocol (SNMP) to allow active monitoring.
A. Physically securing access points, such as wireless routers, and preventing theft address the risk of malicious parties tampering with device settings. If access points can be physically reached, it is often a simple matter to restore weak default passwords and encryption keys, or to totally remove authentication and encryption from the network.
An information systems (IS) auditor is reviewing the physical security controls of a data center and notices several areas for concern. Which of the following areas is the MOST important?
A.The emergency power off button cover is missing.
B.Scheduled maintenance of the fire suppression system was not performed.
C.There are no security cameras inside the data center.
D.The emergency exit door is blocked.
D. Life safety is always the highest priority; therefore, the blocking of the emergency exit is the most serious problem.
When reviewing the procedures for the disposal of computers, which of the following should be the GREATEST concern for the information systems (IS) auditor?
A.Hard disks are overwritten several times at the sector level but are not reformatted before leaving the enterprise.
B.All files and folders on hard disks are separately deleted, and the hard disks are formatted before leaving the enterprise.
C.Hard disks are rendered unreadable by hole-punching through the platters at specific positions before leaving the enterprise.
D.The transport of hard disks is escorted by internal security staff to a nearby metal recycling enterprise, where the hard disks are registered and then shredded.
B. Overwriting a hard disk at the sector level completely erases data, directories, indices and master file tables. Reformatting is not necessary, because all contents are destroyed. Overwriting several times makes useless some forensic measures, which are able to reconstruct former contents of newly overwritten sectors by analyzing special magnetic features of the platter’s surface.
An information systems (IS) auditor is reviewing an enterprise’s network operations center (NOC). Which of the following choices is of the GREATEST concern? The use of:
A.a wet pipe-based fire suppression system.
B.a rented rack space in the NOC.
C.a carbon-dioxide-based fire suppression system.
D.an uninterrupted power supply with 10 minutes of backup power.
C. CO2 systems should not be used in areas where people are present, because their function will cause suffocation in the event of a fire. Controls should consider personnel safety first.
Which of the following environmental controls is appropriate to protect computer equipment against short-term reductions in electrical power?
A.Power-line conditioners
B.Surge-protection devices
C.Alternative power supplies
D.Interruptible power supplies
A. Power-line conditioners are used to compensate for peaks and valleys in the power supply and reduce peaks in the power flow to what is needed by the machine. Any valleys are removed by power stored in the equipment.
Electromagnetic emissions from a terminal represent a risk because they:
A.can damage or erase nearby storage media.
B.can disrupt processor functions.
C.can have adverse health effects on personnel.
D.can be detected and displayed.
D. Emissions can be detected by sophisticated equipment and displayed, thus giving unauthorized persons access to data. TEMPEST is a term referring to the investigation and study of compromising emanations of unintentional intelligence-bearing signals that, if intercepted and analyzed, may reveal their contents.
Which is the MOST important step an auditor should consider while developing an audit plan based on a risk-based approach?
A.Inventory the information systems in use in the enterprise and categorize them.
B.Assess what risk affect systems and the severity of the impact on the business.
C.Determine which systems impact critical enterprise functions and how close to real time they operate.
D.Rank the systems based on risk assessment and decide the audit priority, resources, schedule and frequency.
C. While planning the audit, the auditor decides what level of audit risk they are willing to accept. The more effective and extensive the audit work is, the less risk of a weakness going undetected. Understanding the critical systems of an enterprise and how close to real time they operate will help ensure that the auditor has the information needed to make a risk decision.
During an access control review for a mainframe application, an information systems (IS) auditor discovers user security groups without designated owners. The PRIMARY reason that this is a concern to the IS auditor is that, without ownership, there is no one with clear responsibility for:
A.updating group metadata.
B.reviewing existing user access.
C.approval of user access.
D.removing terminated users.
C. Without an owner to provide approval for user access to the group, unauthorized individuals can potentially gain access to any sensitive data within the rights of the group.
Which of the following should an information systems (IS) auditor be MOST concerned about in a financial application?
A.Programmers have access to source code in the user acceptance testing environment.
B.Secondary controls are documented for identified role conflicts.
C.The information security officer does not authorize all application changes.
D.Programmers have access to the production database.
D. Programmers having access to the production database is considered a separation of duties conflict.
A new business application was designed in a large, complex enterprise, and the business owner requested that the various reports be viewed on a need-to-know basis. Which of the following access control methods is the BEST method to achieve this requirement?
A.Mandatory
B.Role-based
C.Discretionary
D.Single sign-on (SSO)
B. Role-based access control limits access according to job roles and responsibilities and is the best method to allow only authorized users to view reports on a need-to-know basis.
An information systems (IS) auditor reviewing access controls for a client-server environment should FIRST:
A.evaluate the encryption technique.
B.identify the network access points.
C.review the identity management system.
D.review the application-level access controls.
B. A client-server environment typically contains several access points and uses distributed techniques, increasing the risk of unauthorized access to data and processing. To evaluate the security of the client server environment, all network access points should be identified.
During a logical access controls review, an information systems (IS) auditor observes that user accounts are shared. The GREATEST risk resulting from this situation is that:
A.an unauthorized user may use the ID to gain access.
B.user access management is time consuming.
C.passwords are easily guessed.
D.user accountability may not be established.
D. The use of a user ID by more than one individual precludes knowing who used that ID to access a system; therefore, it is impossible to hold anyone accountable.
While auditing an internally developed web application, an information systems (IS) auditor determines that all business users share a common access profile. Which of the following is the MOST relevant recommendation to prevent the risk of unauthorized data modification?
A.Enable detailed logging of user actions.
B.Customize user access profiles per job responsibility.
C.Enforce a strong password policy for all accounts.
D.Implement regular access rights review.
B. The strongest control is a preventive control that is automated through the system. Developing additional access profiles ensures that the system restricts users to privileges defined by their job responsibilities and that an audit trail exists for those user actions.
The implementation of which of the following would MOST effectively prevent unauthorized access to a system administration account on a web server?
A.Host intrusion detection software installed on the server
B.Password expiration and lockout policy
C.Password complexity rules
D.Two-factor authentication
D. Two-factor authentication requires a user to use a password in combination with another identification factor that is not easily stolen or guessed by an attacker. Types of two-factor authentication include electronic access tokens that show one-time passwords on their display panels and biometric authentication systems.
An organization with extremely high security requirements is evaluating the effectiveness of biometric systems. Which of the following performance indicators is MOST important?
A.False-acceptance rate (FAR)
B.Equal-error rate (EER)
C.False-rejection rate (FRR)
D.False-identification rate (FIR)
A. False-acceptance rate (FAR) is the frequency of accepting an unauthorized person as authorized, thereby granting access when it should be denied. In an enterprise with high security requirements, limiting the number of false acceptances is more important than the impact on the false reject rate.
The BEST overall quantitative measure of the performance of biometric control devices is:
A.false-rejection rate (FRR).
B.false-acceptance rate (FAR) .
C.equal error rate (EER).
D.estimated-error rate.
C. A low equal error rate (EER) is a combination of a low FRR and a low FAR. EER, expressed as a percentage, is a measure of the number of times that the FRR and FAR are equal. A low EER is the measure of the more effective biometrics control device.
Which of the following is the BEST access control procedure?
A.The data owner formally authorizes access and an administrator implements the user authorization tables.
B.Authorized staff implements the user authorization tables and the data owner approves them.
C.The data owner and an information systems (IS) manager jointly create and update the user authorization tables.
D.The data owner creates and updates the user authorization tables.
A. The data owner holds the privilege and responsibility for formally establishing the access rights. An information systems (IS) administrator should then implement or update user authorization tables at the direction of the owner.
In an online banking application, which of the following would BEST protect against identity theft?
A.Encryption of personal password
B.Restricting the user to a specific terminal
C.Multifactor authentication (MFA)
D.Periodic review of access logs
C. Multifactor authentication (MFA) requires two or more independent methods for establishing identity and privileges. Factors include something the user knows, such as a password; something the user has, such as a token; and something the user is, which is biometric. Requiring two or more of these factors makes identity theft more difficult.
There is a concern that the risk of unauthorized access may increase after implementing a single sign-on (SSO) process. To prevent unauthorized access, the MOST important action is to:
A.monitor failed authentication attempts.
B.review log files regularly.
C.deactivate unused accounts promptly.
D.mandate a strong password policy.
D. Strong passwords are important in any environment but take on special importance in an single sign-on (SSO) environment, where a user enters a password only one time and thereafter has general access throughout the environment. Of the options given, only a strong password policy offers broad preventative effects.
An accuracy measure for a biometric system is:
A.system response time.
B.registration time.
C.input file size.
D.false-acceptance rate (FAR).
D. Three main accuracy measures are used for a biometric solution: false-rejection rate (FRR), cross-error rate (CER) and false-acceptance rate (FAR). FRR is a measure of how often valid individuals are rejected. FAR is a measure of how often invalid individuals are accepted. CER is a measure of when the false-rejection rate equals the false-acceptance rate.
An information systems (IS) auditor reviewing the authentication controls of an enterprise should be MOST concerned if:
A.user accounts are not locked out after five failed attempts.
B.passwords can be reused by employees within a defined time frame.
C.system administrators use shared login credentials.
D.password expiration is not automated.
C. The use of shared login credentials makes accountability impossible. This is especially a risk with privileged accounts.
An information systems (IS) auditor evaluating logical access controls should FIRST:
A.document the controls applied to the potential access paths to the system.
B.test controls over the access paths to determine if they are functional.
C.evaluate the security environment in relation to written policies and practices.
D.obtain an understanding of the security risk to information processing.
D. When evaluating logical access controls, an IS auditor should first obtain an understanding of the security risk facing information processing by reviewing relevant documentation, inquiries, and conducting a risk assessment. This is necessary so that the IS auditor can ensure that the controls are adequate to address risk.
Which of the following groups would create the MOST concern to an information systems (IS) auditor if the group has full access to the production database?
A.Application developers
B.System administrators
C.Business users
D.Information security team
A. Application developers having access to the production environment bear the highest risk. Due to their focus on delivery of changes, they tend to bypass quality assurance controls installing deficient changes into the production environment.
When reviewing an enterprise’s logical access security to its remote systems, which of the following would be of GREATEST concern to an information systems (IS) auditor?
A.Passwords are shared.
B.Unencrypted passwords are used.
C.Redundant logon IDs exist.
D.Third-party users possess administrator access.
B. When evaluating the technical aspects of logical security, unencrypted passwords represent the greatest risk because it is assumed that remote access is over an untrusted network where passwords can be discovered.
An information systems (IS) auditor is reviewing system access and discovers an excessive number of users with privileged access. The IS auditor discusses the situation with the system administrator, who states that some personnel in other departments need privileged access and management has approved the access. Which of the following is the BEST course of action for the IS auditor?
A.Determine whether compensating controls are in place.
B.Document the issue in the audit report.
C.Recommend an update to the procedures.
D.Discuss the issue with senior management.
A. An excessive number of users with privileged access is not necessarily an issue if compensating controls are in place.
An information systems (IS) auditor is reviewing access controls for a manufacturing organization. During the review, the IS auditor discovers that data owners can change access controls for a low-risk application. The BEST course of action for the IS auditor is to:
A.recommend that mandatory access control be implemented.
B.report this as a finding to upper management
C.report this to the data owners to determine whether it is an exception.
D.not report this issue because discretionary access controls are in place.
D. DAC allows data owners to modify access, which is a normal procedure and is a characteristic of DAC.
A key IT systems developer has suddenly resigned from an enterprise. Which of the following will be the MOST important action?
A.Set up an exit interview with human resources.
B.Initiate the handover process to ensure continuity of the project.
C.Terminate the developer’s logical access to IT resources.
D.Ensure that management signs off on the termination paperwork.
C. To protect IT assets, terminating logical access to IT resources is the first and most important action to take after management has confirmed the employee’s clear intention to leave the enterprise.
The responsibility for authorizing access to a business application system belongs to the:
A.data owner.
B.security administrator.
C.IT security manager.
D.requestor’s immediate supervisor.
A. When a business application is developed, a good practice is to assign an information or data owner to the application. The information owner should be responsible for authorizing access to the application itself or to back-end databases for queries.
Web and email filtering tools are valuable to an enterprise PRIMARILY because they:
A.protect the enterprise from viruses and nonbusiness materials.
B.maximize employee performance.
C.safeguard the enterprise’s image.
D.assist the enterprise in preventing legal issues.
A. The main reason for investing in web and email filtering tools is that they significantly reduce risk related to viruses, spam, mail chains, recreational surfing and recreational email.
The review of router access control lists should be conducted during:
A.an environmental review.
B.a network security review.
C.a business continuity review.
D.a data integrity review.
B. Network security reviews include reviewing router access control lists, port scanning, internal and external connections to the system, etc.
Which of the following is the MOST effective control when granting temporary access to vendors?
A.Vendor access corresponds to the service level agreement (SLA).
B.User accounts are created with expiration dates and are based on services provided.
C.Administrator access is provided for a limited period.
D.User IDs are deleted when the work is completed.
B. The most effective control is to ensure that the granting of temporary access is based on services to be provided and that there is an expiration date (automated is best) associated with each unique ID. The use of an identity management system enforces temporary and permanent access for users, at the same time ensuring proper accounting of their activities.
An information systems (IS) auditor discovers that the configuration settings for password controls are more stringent for business users than for IT developers. Which of the following is the BEST action for the IS auditor to take?
A.Determine whether this is a policy violation and document it.
B.Document the observation as an exception.
C.Recommend that all password configuration settings be identical.
D.Recommend that logs of IT developer access are reviewed periodically.
A. If the policy documents the purpose and approval for different procedures, then an information systems (IS) auditor only needs to document observations and tests about whether the procedures are followed.
With the help of a security officer, granting access to data is the responsibility of:
A.data owners.
B.programmers.
C.system analysts.
D.librarians.
A. Data owners are responsible for the access to and use of data. Written authorization for users to gain access to computerized information should be provided by the data owners. Security administration with the owners’ approval sets up access rules stipulating which users or group of users are authorized to access data or files and the level of authorized access (e.g., read or update).
Which of the following is the BEST control to prevent the deletion of audit logs by unauthorized individuals in an enterprise?
A.Actions performed on log files should be tracked in a separate log.
B.Write access to audit logs should be disabled.
C.Only select personnel should have rights to view or delete audit logs.
D.Backups of audit logs should be performed periodically.
C. Granting audit-log access to only system administrators and security administrators reduces the possibility of these files being deleted.
Which stage of a biometrics system operation should the information systems (IS) auditor review FIRST?
A.Enrollment
B.Identification
C.Verification
D.Storage
A. The users must first be enrolled to use a biometric device; therefore, the information systems (IS) auditor should review this stage first.
Due to resource constraints, a developer requires full access to production data to support certain problems reported by production users. Which of the following choices is a good compensating control for controlling unauthorized changes in production?
A.Provide and monitor separate developer login IDs for programming and for production support.
B.Capture activities of the developer in the production environment by enabling detailed audit trails.
C.Back up all affected records before allowing the developer to make production changes.
D.Ensure that all changes are approved by the change manager prior to implementation.
A. Providing separate login IDs that only allow a developer privileged access when required is a good compensating control, but it must also be backed up with monitoring and supervision of the activity of the developer.
Authorizing access to application data is the responsibility of the:
A.data custodian.
B.application administrator.
C.data owner.
D.security administrator.
C. Data owners have authority to grant or withhold access to the data and applications for which they are responsible.
A data center has a badge-entry system. Which of the following is MOST important to protect the computing assets in the center?
A.Badge readers are installed in locations where tampering would be noticed.
B.The computer that controls the badge system is backed up frequently.
C.A process for promptly deactivating lost or stolen badges is followed.
D.All badge entry attempts are logged, whether or not they succeed.
C. The biggest risk is from unauthorized individuals who can enter the data center, whether they are employees or not. Thus, having and following a process of deactivating lost or stolen badges is important.
During a logical access controls review, an information systems (IS) auditor observes that user accounts are shared. The GREATEST risk resulting from this situation is that:
A.an unauthorized user may use a shared ID to gain access.
B.user access management is time consuming.
C.user accountability is not established.
D.passwords are easily guessed.
C. The use of a single user ID by more than one individual precludes knowing who, in fact, used that ID to access a system; therefore, it is more difficult to hold anyone accountable.
Which of the following is a form of two-factor user authentication?
A.A smart card and personal identification number
B.A unique User ID and complex, nondictionary password
C.An iris scan and a fingerprint scan
D.A magnetic-strip card and a proximity badge
A. A smart card is something that a user has, while a personal identification number paired with the card is something the user knows. This is an example of two-factor authentication.
An information systems (IS) auditor is assessing a biometric system used to protect physical access to a data center containing regulated data. Which of the following observations is the GREATEST concern to the auditor?
A.Administrative access to the biometric scanners or the access control system is permitted over a virtual private network.
B.Biometric scanners are not installed in restricted areas.
C.Data transmitted between the biometric scanners and the access control system do not use a securely encrypted tunnel.
D.Biometric system risk analysis was last conducted three years ago.
C. Data transmitted between the biometric scanners and the access control system should use a securely encrypted tunnel to protect the confidentiality of the biometric data.
The information systems (IS) auditor is reviewing the implementation of a storage area network (SAN). The SAN administrator indicates that logging and monitoring is active, hard zoning is used to isolate data belonging to different business units and all unused SAN ports are disabled. The administrator implemented the system, performed and documented security testing during implementation and is the only user with administrative rights to the system. What should the IS auditor’s initial determination be?
A.There is no significant potential risk.
B.Soft zoning presents a potential risk.
C.Disabling unused ports presents a potential risk.
D.The SAN administrator presents a potential risk.
D. The potential risk in this scenario is posed by the SAN administrator. One concern is having a single point of failure. Because only one administrator has the knowledge and access required to administer the system, the enterprise is susceptible to risk. For example, if the SAN administrator decided to quit unexpectedly or was otherwise unavailable, the enterprise may not be able to adequately administer the SAN. In addition, having a single administrator for a large, complex system, such as a SAN, also presents a separation of duties risk. The enterprise currently relies entirely on the SAN administrator to implement, maintain and validate all security controls; this means that the SAN administrator can modify or remove those controls without detection.
A business application system accesses an enterprise database using a single ID and password embedded in a program. Which of the following would provide efficient access control over the enterprise data?
A.Introduce a secondary authentication method such as card swipe.
B.Apply role-based permissions within the application system.
C.Have users input the ID and password for each database transaction.
D.Set an expiration period for the database password embedded in the program.
B. This is a normal process to allow the application to communicate with the database. Therefore, the best control is to control access to the application and procedures to ensure that access to data is granted based on a user’s role.
Which of the following is an effective preventive control to ensure that a database administrator (DBA) complies with the custodianship of the enterprise’s data?
A.Exception reports
B.Separation of duties (SoD)
C.Review of access logs and activities
D.Management supervision
B. Adequate segregation/separation of duties (SoD) is a preventative control that can restrict the activities of the DBA to those that have been authorized by the data owners. SoD can restrict what a DBA can do by requiring more than one person to participate to complete a task.
Which of the following findings is of GREATEST concern to an information systems (IS) auditor during a review of logical access to an application?
A.Some developers have update access to production data.
B.Developers can run a debugging tool in the production environment.
C.The change control team has knowledge of the application ID password.
D.The application does not enforce the use of strong passwords.
B. A debugging tool displays the execution of a program step by step and allows the user to modify data during execution. Using such a tool in production may result in unauthorized modification of production data.
An enterprise uses a biometric control system for managing access. Which of the following indicates the MOST effective biometric control system?
A.The highest equal error rate (EER)
B.The lowest EER
C.A false-rejection rate (FRR) equal to the false-acceptance rate (FAR)
D.A FRR equal to the failure-to-enroll rate (FER)
B. The EER of a biometric system denotes the percent at which the false-acceptance rate (FAR) is equal to the false-rejection rate (FRR). The biometric that has the lowest EER is the most effective.
Which of the following is the GREATEST concern associated with the use of peer-to-peer computing?
A.Virus infection
B.Data leakage
C.Network performance issues
D.Unauthorized software usage
B. Peer-to-peer computing can share the contents of a user hard drive over the Internet. The risk that sensitive data can be shared with others is the greatest concern.
The reason a certification and accreditation process is performed on critical systems is to ensure that:
A.security compliance has been technically evaluated.
B.data have been encrypted and are ready to be stored.
C.the systems have been tested to run on different platforms.
D.the systems have followed the phases of a waterfall model.
A. Certified and accredited systems are systems that have had their security compliance technically evaluated for running in a specific environment and configuration.
Which of the following is a passive attack to a network?
A.Message modification
B.Masquerading
C.Denial-of-service
D.Traffic analysis
D. Traffic analysis allows a watching threat actor to determine the nature of the flow of traffic between defined hosts, which may allow the threat actor to guess the type of communication taking place without taking an active role.
Which of the following types of transmission media provide the BEST security against unauthorized access?
A.Copper wire
B.Shielded twisted pair
C.Fiber-optic cables
D.Coaxial cables
C. Fiber-optic cables have proven to be more secure and more difficult to tap than the other media.
Which of the following is the BEST way to minimize unauthorized access to unattended end-user PC systems?
A.Enforce the use of a password-protected screen saver.
B.Implement a proximity-based authentication system.
C.Terminate the user session at predefined intervals.
D.Adjust power management settings so the monitor screen is blank.
A. A password-protected screen saver with a proper time interval is the best measure to prevent unauthorized access to unattended end-user systems. It is important to ensure that users lock the workstation when they step away from the machine, which is something that can be reinforced via awareness training.
The technique used to ensure security in virtual private networks is called:
A.data encapsulation.
B.data wrapping.
C.data transformation.
D.data hashing.
A. Encapsulation, or tunneling, is a technique used to encrypt the traffic payload so that it can be securely transmitted over an insecure network.
Which of the following would be the BEST overall control for an Internet business looking for confidentiality, reliability and integrity of data?
A.Transport Layer Security (TLS)
B.Intrusion detection system (IDS)
C.Public key infrastructure
D.Virtual private network (VPN)
A. Transport Layer Security (TLS) is used for many ecommerce applications to set up a secure channel for communications that provides confidentiality through a combination of public and symmetric key encryption and integrity through hash message authentication code.
An enterprise stores and transmits sensitive customer information within a secure wired network. It has implemented an additional wireless local area network (WLAN) to support general-purpose staff computing needs. A few employees with WLAN access have legitimate business reasons for also accessing customer information. Which of the following represents the BEST control to ensure separation of the two networks?
A.Establish two physically separate networks.
B.Implement virtual local area network (VLAN) segmentation.
C.Install a dedicated router between the two networks.
D.Install a firewall between the networks.
D. In this case, a firewall can be used as a strong control to allow authorized users on the wireless network to access the wired network.
A characteristic of User Datagram Protocol (UDP) in network communications is:
A.packets may arrive out of order.
B.increased communication latency.
C.incompatibility with packet broadcast.
D.error correction may slow down processing.
A. User Datagram Protocol (UDP) uses a simple transmission model without implicit handshaking routines for providing reliability, ordering or data integrity. Thus, UDP provides an unreliable service, and datagrams may arrive out of order, appear duplicated or get dropped.
Validated digital signatures in an email software application will:
A.help detect unauthorized email.
B.provide confidentiality.
C.add to the workload of gateway servers.
D.significantly reduce available bandwidth.
A. Validated electronic signatures are based on qualified certificates that are created by a certificate authority, with the technical standards required to ensure the key can neither be forced nor reproduced in a reasonable time. Such certificates are only delivered through a registration authority after proof of identity has been passed. Using strong signatures in email traffic, nonrepudiation can be assured, and a sender can be tracked. The recipient can configure his/her email server or client to automatically delete emails from specific senders.
An information systems (IS) auditor performing detailed network assessments and access control reviews should FIRST:
A.determine the points of entry into the network.
B.evaluate users’ access authorization.
C.assess users’ identification and authorization.
D.evaluate the domain-controlling server configuration.
A. In performing detailed network assessments and access control reviews, an information systems (IS) auditor should first determine the points of entry to the system and review the points of entry, accordingly, for appropriate controls.
An enterprise has established a guest network for visitor access. Which of the following should be of GREATEST concern to an information systems (IS) auditor?
A.A login screen is not displayed for guest users.
B.The guest network is not segregated from the production network.
C.Guest users who are logged in are not isolated from each other.
D.A single-factor authentication technique is used to grant access.
B. The implication of this is that guests have access to the enterprise network. Allowing untrusted users to connect to the enterprise network can introduce malware and potentially allow these individuals inappropriate access to systems and information.
An organization requests that an information systems (IS) auditor provide a recommendation to enhance the security and reliability of its Voice-over Internet Protocol (VoIP) system and data traffic. Which of the following meets this objective?
A.VoIP infrastructure needs to be segregated using virtual local area networks.
B.Buffers need to be introduced at the VoIP endpoints.
C.Ensure that end-to-end encryption is enabled in the VoIP system.
D.Ensure that emergency backup power is available for all parts of the VoIP infrastructure.
A. Segregating the Voice-over Internet Protocol (VoIP) traffic using virtual local area networks (VLANs) best protects the VoIP infrastructure from network-based attacks, potential eavesdropping and network traffic issues (which helps to ensure uptime).
Enterprise XYZ has outsourced production support to service provider ABC located in another country. The ABC service provider personnel remotely connect to the enterprise network of the XYZ outsourcing entity over the Internet. Which of the following would provide the BEST assurance that only authorized users of ABC connect over the Internet for production support to XYZ?
A.Single sign-on (SSO) authentication
B.Password complexity requirements
C.Multifactor authentication (MFA)
D.Internet Protocol (IP) address restrictions
C. Multifactor authentication (MFA) is the best method to provide a secure connection because it uses multiple factors, typically, what you have (e.g., a device to generate one-time passwords), what you are (e.g., biometric characteristics) or what you know (e.g., a personal identification number or password). Using a password without the use of one or more of the other factors is not the best method for this scenario.
An information systems (IS) auditor performing an audit of the newly installed Voice-over Internet Protocol system is inspecting the wiring closets on each floor of a building. What would be the GREATEST concern?
A.The local area network (LAN) switches are not connected to uninterruptible power supply units.
B.Network cabling is disorganized and not properly labeled.
C.The telephones are using the same cable used for LAN connections.
D.The wiring closet also contains power lines and breaker panels.
A. Voice-over Internet Protocol (VoIP) telephone systems use standard network cabling and typically each telephone gets power over the network cable (power over Ethernet) from the wiring closet where the network switch is installed. If the local area network switches do not have backup power, the phones will lose power if there is a utility interruption and potentially not be able to make emergency calls.
In a small enterprise, an employee performs computer operations and, when the situation demands, the program modifications. Considering the lack of separation of duties in the IT environment, which of the following should the information systems (IS) auditor recommend to the IT management to mitigate the risk?
A.Automated logging of changes to development libraries
B.Additional staff to provide segregation/separation of duties (SoD)
C.Procedures that verify that only approved program changes are implemented
D.Access controls to prevent the operator from making program modifications
C. An information systems (IS) auditor must consider recommending a better process. An IS auditor should recommend a formal change control process that manages and can detect changes to production source and object code, such as code comparisons, so the changes can be reviewed on a regular basis by a third party. This is a compensating control process.
An information systems (IS) auditor is reviewing a manufacturing enterprise and finds that mainframe users at a remote site connect to the mainframe at headquarters over the Internet via Telnet. Which of the following offers the STRONGEST security?
A.Use of a point-to-point leased line
B.Use of a firewall rule to allow only the internet protocol (IP) address of the remote site
C.Use of two-factor authentication
D.Use of a nonstandard port for Telnet
A. A leased line effectively extends the local area network of the headquarters to the remote site, and the mainframe Telnet connection travels over the private line, which is less of a security risk when using an insecure protocol such as Telnet.
Which of the following MOST effectively enhances the security of a challenge-response based authentication system?
A.Selecting a more robust algorithm to generate challenge strings
B.Implementing measures to prevent session hijacking attacks
C.Increasing the frequency of associated password changes
D.Increasing the length of authentication strings
B. Challenge-response-based authentication is prone to session hijacking or man-in-the-middle attacks. Security management should be aware of this and engage in risk assessment and control design such as periodic authentication when they employ this technology.
Java applets and Active X controls are distributed programs that execute in the background of a client web browser. This practice is considered reasonable when:
A.a firewall exists.
B.a secure web connection is used.
C.the source of the executable file is certain.
D.the host website is part of the enterprise.
C. Acceptance of these mechanisms should be based on established trust. The control is provided by only knowing the source and then allowing the acceptance of the applets. Hostile applets can be received from anywhere.
The potential for unauthorized system access by way of terminals or workstations within an enterprise’s facility is increased when:
A.connecting points are available in the facility to connect laptops to the network.
B.users take precautions to keep their passwords confidential.
C.terminals with password protection are located in insecure locations.
D.terminals are located within the facility in small clusters under the supervision of an administrator.
A. Any person with wrongful intentions can connect a laptop to the network. The insecure connecting points make unauthorized access possible if the individual has knowledge of a valid user ID and password. The other choices are controls for preventing unauthorized network access.
An IT auditor completed the fieldwork phase of a network security review and is preparing the initial draft of the audit report. Which of the following findings would be the BIGGEST risk to the enterprise?
A.Network penetration tests are performed by an internal team.
B.Network firewall rules are not approved by the chief information security officer (CISO) before implementation.
C.Network penetration tests are not performed.
D.The inventory of network devices was last updated two years ago.
D. Keeping an up-to-date asset inventory is the most important requirement to keep an enterprise’s information assets secure. Without a complete inventory list and asset criticality determination, the risk assessment cannot be completed and controls will be inadequate.
An organization has experienced a large amount of traffic being re-routed from its Voice-over Internet Protocol packet network. The organization believes it is a victim of eavesdropping. Which of the following can result in eavesdropping of Voice-over Internet Protocol (VoIP) traffic?
A.Corruption of the Address Resolution Protocol cache in Ethernet switches
B.Use of a default administrator password on the analog phone switch
C.Deploying virtual local area networks VLANs without enabling encryption
D.End users having access to software tools such as packet sniffer applications
A. On an Ethernet switch, there is a data table known as the address resolution protocol (ARP) cache that stores mappings between media access control and internet protocol (IP) addresses. During normal operations, Ethernet switches only allow directed traffic to flow between the ports involved in the conversation and no other ports can see that traffic. However, if the ARP cache is intentionally corrupted with an ARP poisoning attack, some Ethernet switches simply flood the directed traffic to all ports of the switch, which can allow an attacker to monitor traffic not normally visible to the port where the attacker was connected, and thereby eavesdrop on Voice-over Internet Protocol (VoIP) traffic.
An enterprise is implementing a Dynamic Host Configuration Protocol (DHCP). Which of the following conditions represents the GREATEST concern?
A.Most employees use laptops.
B.A packet filtering firewall is used.
C.The internet protocol (IP) address space is smaller than the number of PCs.
D.Access to a network port is not restricted.
D. Physical access to network ports is not restricted, allowing unauthorized individuals to connect to the internal network.
Which of the following preventive controls BEST helps secure a web application?
A.Password masking
B.Developer training
C.Use of encryption
D.Vulnerability testing
B. Of the given choices, teaching developers to write secure code is the best way to secure a web application.
To prevent internet protocol (IP) spoofing attacks, a firewall should be configured to drop a packet for which the sender of a packet:
A.specifies the route that a packet should take through the network (the source routing field is enabled).
B.puts multiple destination hosts (the destination field has a broadcast address).
C.indicates that the computer should immediately stop using the transmission control protocol (TCP) connection (a reset flag is turned on).
D.allows use of dynamic routing instead of static routing (Open Shortest Path First protocol is enabled).
A. internet protocol (IP) spoofing takes advantage of the source-routing option in the IP. With this option enabled, an attacker can insert a spoofed source IP address. The packet will travel the network according to the information within the source-routing field, bypassing the logic in each router, including dynamic and static routing.
Which of the following types of firewalls provide the GREATEST degree and granularity of control?
A.Screening router
B.Packet filter
C.Application gateway
D.Circuit gateway
C. The application gateway is similar to a circuit gateway, but it has specific proxies for each service. To handle web services, it has a hypertext transmission protocol (HTTP) proxy that acts as an intermediary between externals and internals but is specifically for HTTP. This means that it not only checks the packet internet protocol (IP) addresses (open systems interconnection (OSI) Layer 3) and the ports it is directed to (in this case port 80, or layer 4), but also checks every HTTP command (OSI Layers 5 and 7). Therefore, it works in a more detailed (granularity) way than the other choices.
In transport mode, the use of the encapsulation security payload (ESP), protocol is advantageous over the authentication header protocol because it provides:
A.connectionless integrity.
B.data origin authentication.
C.antireplay service.
D.confidentiality.
D. Only the ESP protocol provides confidentiality via encryption.
After reviewing its business processes, a large enterprise is deploying a new web application based on Voice-over Internet Protocol (VoIP) technology. Which of the following is the MOST appropriate approach for implementing access control that will facilitate security management of the VoIP web application?
A.Fine-grained access control
B.Role-based access control
C.Access control lists
D.Network/service access control
B. Authorization in this case can best be addressed by role-based access control (RBAC) technology. RBAC controls access according to job roles or functions. RBAC is easy to manage and can enforce strong and efficient access controls in large-scale web environments including VoIP implementation.
Which of the following functions is performed by a virtual private network (VPN)?
A.Hiding information from sniffers on the net
B.Enforcing security policies
C.Detecting misuse or mistakes
D.Regulating access
A. A virtual private network (VPN) hides information from sniffers on the Internet using tunneling. It works based on encapsulation and encryption of sensitive traffic.
Which of the following types of firewalls would BEST protect a network from an Internet attack?
A.Screened subnet firewall
B.Application filtering gateway
C.Packet filtering router
D.Circuit-level gateway
A. A screened subnet firewall would provide the best protection. The screening router can be a commercial router or a node with routing capabilities and the ability to allow or avoid traffic between nets or nodes based on addresses, ports, protocols, interfaces, etc. The subnet would isolate Internet-based traffic from the rest of the enterprise network.
Which of the following line media would provide the BEST security for a telecommunication network?
A.Broadband network digital transmission
B.Baseband network
C.Dialup
D.Dedicated lines
D. Dedicated lines are set apart for a particular user or organization. Because there is no sharing of lines or intermediate entry points, the risk of interception or disruption of telecommunications messages is lower.
An enterprise provides information to its supply chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an information systems (IS) auditor reviewing the firewall security architecture?
A.A secure sockets layer (SSL) has been implemented for user authentication and remote administration of the firewall.
B.Firewall policies are updated based on changing requirements.
C.Inbound traffic is blocked unless the traffic type and connections have been specifically permitted.
D.The firewall is placed on top of the commercial operating system (OS) with all default installation options.
D. The greatest concern when implementing firewalls on top of commercial operating systems (OSs) is the potential presence of vulnerabilities that can undermine the security posture of the firewall platform itself. In most circumstances, when commercial firewalls are breached, that breach is facilitated by vulnerabilities in the underlying OS. Keeping all installation options available on the system further increases the risk of vulnerabilities and exploits.
Which of the following is an example of the defense in-depth security principle?
A.Using two firewalls to consecutively check the incoming network traffic
B.Using a firewall as well as logical access controls on the hosts to control incoming network traffic
C.Lack of physical signs on the outside of a computer center building
D.Using two firewalls in parallel to check different types of incoming traffic
B. Defense in-depth means using different security mechanisms that back up each other. When network traffic passes the firewall unintentionally, the logical access controls form a second line of defense.
The IT team of an enterprise informs the information systems (IS) auditor of a concern that some users might be loading illegal software packages onto a network. Which of the following should the IS auditor recommend for identifying if the concern is valid?
A.Use of diskless workstations
B.Periodic checking of hard drives
C.Use of current antivirus software
D.Policies that result in instant dismissal if violated
B. The periodic checking of hard drives would be the most effective method of identifying illegal software packages loaded onto the network.
An information systems (IS) auditor finds that conference rooms have active network ports. Which of the following prevents this from being of any concern for the enterprise?
A.The enterprise network is using an intrusion prevention system (IPS).
B.The conference rooms part of the network is isolated from the enterprise network.
C.A single sign-on (SSO) has been implemented in the enterprise network.
D.Antivirus software is in place to protect the enterprise network.
B. If the conference rooms have access to the enterprise network, unauthorized users may be able to connect to the enterprise network; therefore, both networks should be isolated either via a firewall or by being physically separated.
When planning an audit of a network setup, an information systems (IS) auditor should give highest priority to obtaining which of the following network documentation?
A.Wiring and schematic diagram
B.Users’ lists and responsibilities
C.Application lists and their details
D.Backup and recovery procedures
A. The wiring and schematic diagram of the network is necessary to carry out a network audit. The information systems (IS) auditor needs to know what equipment, configuration and addressing is used on the network to perform an audit of the network setup.
Enterprise XYZ has outsourced production support to service provider ABC, located in another country. The ABC service provider personnel remotely connect to the enterprise network of the XYZ outsourcing entity over the Internet. Which of the following would BEST provide assurance that transmission of information is secure while the production support team at ABC is providing support to XYZ?
A.Secret key encryption
B.Dynamic internet protocol (IP) address and port
C.Hash functions
D.Virtual private network (VPN) tunnel
D. Because ABC and XYZ are communicating over the Internet, which is an untrusted network, establishing an encrypted virtual private network (VPN) tunnel best ensures that the transmission of information is secure.
The BEST filter rule for protecting a network from being used as an amplifier in a denial-of-service attack is to deny all:
A.outgoing traffic with source addresses external to the network.
B.incoming traffic with discernible spoofed internet protocol (IP) source addresses.
C.incoming traffic that includes options set in the Internet Protocol.
D.incoming traffic whose destination address belongs to critical hosts.
A. Outgoing traffic with an internet protocol (IP) source address different than the internal IP range in the network is invalid. In most cases, it signals a denial-of-service attack originated by an internal user or by a previously compromised internal machine; in both cases, applying this filter will stop the infected machine from participating in the attack.
Which of the following is the MOST secure and economical method for connecting a private network over the Internet in a small- to medium-sized enterprise?
A.Virtual private network (VPN)
B.Dedicated line
C.Leased line
D.Integrated services digital network
A. The most secure method is a virtual private network (VPN), using encryption, authentication and tunneling to allow data to travel securely from a private network to the Internet.
What is the MOST prevalent security risk when an organization implements remote virtual private network (VPN) access to its network?
A.Malicious code can be spread across the network.
B.The VPN logon can be spoofed.
C.Traffic can be sniffed and decrypted.
D.The VPN gateway can be compromised.
A. Virtual private network (VPN) is a mature technology; VPN devices are hard to break. However, when remote access is enabled, malicious code in a remote client can spread to the enterprise’s network. One problem is when the VPN terminates inside the network and the encrypted VPN traffic goes through the firewall. This means that the firewall cannot adequately examine the traffic.
The PRIMARY goal of a website certificate is:
A.authentication of the website that will be surfed.
B.authentication of the user who surfs through that site.
C.preventing surfing of the website by hackers.
D.the same purpose as that of a digital certificate.
A. Authenticating the site to be surfed is the primary goal of a web certificate.
Which of the following provides the MOST relevant information for proactively strengthening security settings?
A.Bastion host
B.Intrusion detection system (IDS)
C.Honeypot
D.Intrusion prevention system (IPS)
C. The design of a honeypot is such that it lures the hacker and provides clues about the hacker’s methods and strategies, and the resources required to address such attacks. A honeypot allows the attack to continue, to obtain information about the hacker’s strategy and methods.
Which of the following will BEST maintain the integrity of a firewall log?
A.Granting access to log information only to administrators
B.Capturing log events in the operating system (OS) layer
C.Writing dual logs onto separate storage media
D.Sending log information to a dedicated third-party log server
D. Establishing a dedicated third-party log server and logging events in it is the best procedure for maintaining the integrity of a firewall log. When access control to the log server is adequately maintained, the risk of unauthorized log modification is mitigated, therefore improving the integrity of log information.
The information systems (IS) management of a multinational enterprise is considering upgrading its existing virtual private network (VPN) to support Voice-over Internet Protocol (VoIP) communication via tunneling. Which of the following considerations should be PRIMARILY addressed?
A.Reliability and quality of service
B.Means of authentication
C.Privacy of voice transmissions
D.Confidentiality of data transmissions
A. Reliability and quality of service (QoS) are the primary considerations to be addressed. Voice communications require consistent levels of service, which may be provided through QoS and class of service controls.
An organization is considering connecting a critical PC-based system to the Internet. Which of the following provides the BEST protection against hacking?
A.Application-level gateway
B.Remote access server
C.Proxy server
D.Port scanning
A. An application-level gateway is the best way to protect against hacking because it can be configured with detailed rules that describe the type of user or connection that is or is not permitted. It analyzes, in detail, each package—not only in layers one through four of the Open System Interconnection model, but also layers five through seven, which means that it reviews the commands of each higher-level protocol (Hypertext Transmission Protocol, File Transfer Protocol, Simple Network Management Protocol, etc.).
An information systems (IS) auditor performing a telecommunication access control review should be concerned PRIMARILY with the:
A.maintenance of access logs of usage of various system resources.
B.authorization and authentication of the user prior to granting access to system resources.
C.adequate protection of stored data on servers by encryption or other means.
D.accountability system and the ability to identify any terminal accessing system resources.
B. The authorization and authentication of users before granting them access to system resources (networks, servers, applications, etc.) is the most significant aspect in a telecommunication access control review because it is a preventive control. Weak controls at this level can affect all other aspects of security.
An information systems (IS) auditor found that employees are emailing sensitive enterprise information to public web-based email domains. Which of the following is the BEST remediation option for the IS auditor to recommend?
A.Encrypted mail accounts
B.Training and awareness
C.Activity monitoring
D.Data loss prevention
D. Data loss prevention is an automated preventive tool that can block sensitive information from leaving the network, while, at the same time, logging the offenders. This is a better choice than relying on training and awareness because it works equally well when there is intent to steal data.
Which of the following measures is an effective method to deal with a data loss event experienced by an enterprise?
A.Sharing sensitive data via unencrypted email
B.Allowing unrestricted access to sensitive data
C.Implementing regular data backups
D.Using weak passwords for user accounts
C. Regular data backups are an effective method for data loss prevention. By creating frequent backups, enterprises can ensure that they can restore the data to its previous state in the event of data loss or corruption. This practice helps protect against accidental data deletion, hardware failure and data breaches.
