Intrebari examen 2014

1、An IS auditor is assigned to audit a software development project which is more than 80

percent complete, but has already overrun time by 10 percent and costs by 25 percent. Which of

the following actions should the IS auditor take?

A、Report that the organization does not have effective project management.

B、Recommend the project manager be changed.

C、Review the IT governance structure.

D、Review the conduct of the project and the business case.

ANSWER: D

NOTE: Before making any recommendations, an IS auditor needs to understand the project and the

factors that have contributed to making the project over budget and over schedule. The organization

may have effective project management practices and sound IT governance and still be behind schedule

or over budget. There is no indication that the project manager should be changed without looking into

the reasons for the overrun.

2. Documentation of a business case used in an IT development project should be retained until:

A、the end of the system's life cycle.

B、the project is approved.

C、user acceptance of the system.

D、the system is in production

ANSWER: A

NOTE: A business case can and should be used throughout the life cycle of the product. It serves as an

anchor for new (management) personnel, helps to maintain focus and provides valuable information on

estimates vs. actuals. Questions like, “why do we do that,”“what was the original intent” and “how did

we perform against the plan” can be answered, and lessons for developing future business cases can be

learned. During the development phase of a project one should always validate the business case, as it

is a good management instrument. After finishing a project and entering production, the business case

and all the completed research are valuable sources of information that should be kept for further

reference.

1

3. During a logical access controls review, an IS auditor observes that user accounts are shared.

The GREATEST risk resulting from this situation is that:

A、an unauthorized user may use the ID to gain access.

B、user access management is time consuming.

C、passwords are easily guessed.

D、user accountability may not be establishe

ANSWER: D

NOTE: The use of a single user ID by more than one individual precludes knowing who in fact used that

ID to access a system; therefore, it is literally impossible to hold anyone accountable. All user IDs, not

just shared IDs, can be used by unauthorized individuals. Access management would not be any

different with shared IDs, and shared user IDs do not necessarily have easily guessed passwords.

4、The MAIN purpose of a transaction audit trail is to:

A、reduce the use of storage media.

B、determine accountability and responsibility for processed transactions.

C、help an IS auditor trace transactions.

D、provide useful information for capacity planning.

ANSWER: B

NOTE: Enabling audit trails aids in establishing the accountability and responsibility for processed

transactions by tracing them through the information system. Enabling audit trails increases the use of

disk space. A transaction log file would be used to trace transactions, but would not aid in determining

accountability and responsibility. The objective of capacity planning is the efficient and effective use of

IT resources and requires information such as CPU utilization, bandwidth, number of users, etc.

5. When an employee is terminated from service, the MOST important action is to:

A、hand over all of the employee's files to another designated employee.

B、complete a backup of the employee's work.

C、notify other employees of the termination.

D、disable the employee's logical access.

ANSWER: D

2

NOTE: There is a probability that a terminated employee may misuse access rights; therefore, disabling

the terminated employee's logical access is the most important action to take. All the work of the

terminated employee needs to be handed over to a designated employee; however, this should be

performed after implementing choice D. All the work of the terminated employee needs to be backed up

and the employees need to be notified of the termination of the employee, but this should not precede the

action in choice D.

6. Which of the following satisfies a two-factor user authentication?

A、Iris scanning plus fingerprint scanning

B、Terminal ID plus global positioning system (GPS)

C、A smart card requiring the user's PIN

D、User ID along with password

ANSWER: C

NOTE: A smart card addresses what the user has. This is generally used in conjunction with testing

what the user knows, e.g., a keyboard password or personal identification number (PIN). Proving who

the user is usually requires a biometrics method, such as fingerprint, iris scan or voice verification, to

prove biology. This is not a two-factor user authentication, because it proves only who the user is. A

global positioning system (GPS) receiver reports on where the user is. The use of an ID and password

(what the user knows) is a single-factor user authentication.

7. What is the BEST backup strategy for a large database with data supporting online sales?

A、Weekly full backup with daily incremental backup

B、Daily full backup

C、Clustered servers

D、Mirrored hard disks

ANSWER: A

NOTE: Weekly full backup and daily incremental backup is the best backup strategy; it ensures the

ability to recover the database and yet reduces the daily backup time requirements. A full backup

normally requires a couple of hours, and therefore it can be impractical to conduct a full backup every

day. Clustered servers provide a redundant processing capability, but are not a backup. Mirrored hard

disks will not help in case of disaster.

8. Which of the following should be of MOST concern to an IS auditor?

3

A、Lack of reporting of a successful attack on the network

B、Failure to notify police of an attempted intrusion

C、Lack of periodic examination of access rights

D、Lack of notification to the public of an intrusion

ANSWER: A

NOTE: Not reporting an intrusion is equivalent to an IS auditor hiding a malicious intrusion, which

would be a professional mistake. Although notification to the police may be required and the lack of a

periodic examination of access rights might be a concern, they do not represent as big a concern as the

failure to report the attack. Reporting to the public is not a requirement and is dependent on the

organization's desire, or lack thereof, to make the intrusion known.

9. After observing suspicious activities in a server, a manager requests a forensic analysis. Which

of the following findings should be of MOST concern to the investigator?

A、Server is a member of a workgroup and not part of the server domain

B、Guest account is enabled on the server

C、Recently, 100 users were created in the server

D、Audit logs are not enabled for the server

ANSWER: D

NOTE: Audit logs can provide evidence which is required to proceed with an investigation and should

not be disabled. For business needs, a server can be a member of a workgroup and, therefore, not a

concern. Having a guest account enabled on a system is a poor security practice but not a forensic

investigation concern. Recently creating 100 users in the server may have been required to meet

business needs and should not be a concern.

4