Intrebari Examen 2014
-
Upload
oana-ciufu -
Category
Documents
-
view
8 -
download
4
Transcript of Intrebari Examen 2014
Intrebari examen 2014
1、An IS auditor is assigned to audit a software development project which is more than 80
percent complete, but has already overrun time by 10 percent and costs by 25 percent. Which of
the following actions should the IS auditor take?
A、Report that the organization does not have effective project management.
B、Recommend the project manager be changed.
C、Review the IT governance structure.
D、Review the conduct of the project and the business case.
ANSWER: D
NOTE: Before making any recommendations, an IS auditor needs to understand the project and the
factors that have contributed to making the project over budget and over schedule. The organization
may have effective project management practices and sound IT governance and still be behind schedule
or over budget. There is no indication that the project manager should be changed without looking into
the reasons for the overrun.
2. Documentation of a business case used in an IT development project should be retained until:
A、the end of the system's life cycle.
B、the project is approved.
C、user acceptance of the system.
D、the system is in production
ANSWER: A
NOTE: A business case can and should be used throughout the life cycle of the product. It serves as an
anchor for new (management) personnel, helps to maintain focus and provides valuable information on
estimates vs. actuals. Questions like, “why do we do that,”“what was the original intent” and “how did
we perform against the plan” can be answered, and lessons for developing future business cases can be
learned. During the development phase of a project one should always validate the business case, as it
is a good management instrument. After finishing a project and entering production, the business case
and all the completed research are valuable sources of information that should be kept for further
reference.
1
3. During a logical access controls review, an IS auditor observes that user accounts are shared.
The GREATEST risk resulting from this situation is that:
A、an unauthorized user may use the ID to gain access.
B、user access management is time consuming.
C、passwords are easily guessed.
D、user accountability may not be establishe
ANSWER: D
NOTE: The use of a single user ID by more than one individual precludes knowing who in fact used that
ID to access a system; therefore, it is literally impossible to hold anyone accountable. All user IDs, not
just shared IDs, can be used by unauthorized individuals. Access management would not be any
different with shared IDs, and shared user IDs do not necessarily have easily guessed passwords.
4、The MAIN purpose of a transaction audit trail is to:
A、reduce the use of storage media.
B、determine accountability and responsibility for processed transactions.
C、help an IS auditor trace transactions.
D、provide useful information for capacity planning.
ANSWER: B
NOTE: Enabling audit trails aids in establishing the accountability and responsibility for processed
transactions by tracing them through the information system. Enabling audit trails increases the use of
disk space. A transaction log file would be used to trace transactions, but would not aid in determining
accountability and responsibility. The objective of capacity planning is the efficient and effective use of
IT resources and requires information such as CPU utilization, bandwidth, number of users, etc.
5. When an employee is terminated from service, the MOST important action is to:
A、hand over all of the employee's files to another designated employee.
B、complete a backup of the employee's work.
C、notify other employees of the termination.
D、disable the employee's logical access.
ANSWER: D
2
NOTE: There is a probability that a terminated employee may misuse access rights; therefore, disabling
the terminated employee's logical access is the most important action to take. All the work of the
terminated employee needs to be handed over to a designated employee; however, this should be
performed after implementing choice D. All the work of the terminated employee needs to be backed up
and the employees need to be notified of the termination of the employee, but this should not precede the
action in choice D.
6. Which of the following satisfies a two-factor user authentication?
A、Iris scanning plus fingerprint scanning
B、Terminal ID plus global positioning system (GPS)
C、A smart card requiring the user's PIN
D、User ID along with password
ANSWER: C
NOTE: A smart card addresses what the user has. This is generally used in conjunction with testing
what the user knows, e.g., a keyboard password or personal identification number (PIN). Proving who
the user is usually requires a biometrics method, such as fingerprint, iris scan or voice verification, to
prove biology. This is not a two-factor user authentication, because it proves only who the user is. A
global positioning system (GPS) receiver reports on where the user is. The use of an ID and password
(what the user knows) is a single-factor user authentication.
7. What is the BEST backup strategy for a large database with data supporting online sales?
A、Weekly full backup with daily incremental backup
B、Daily full backup
C、Clustered servers
D、Mirrored hard disks
ANSWER: A
NOTE: Weekly full backup and daily incremental backup is the best backup strategy; it ensures the
ability to recover the database and yet reduces the daily backup time requirements. A full backup
normally requires a couple of hours, and therefore it can be impractical to conduct a full backup every
day. Clustered servers provide a redundant processing capability, but are not a backup. Mirrored hard
disks will not help in case of disaster.
8. Which of the following should be of MOST concern to an IS auditor?
3
A、Lack of reporting of a successful attack on the network
B、Failure to notify police of an attempted intrusion
C、Lack of periodic examination of access rights
D、Lack of notification to the public of an intrusion
ANSWER: A
NOTE: Not reporting an intrusion is equivalent to an IS auditor hiding a malicious intrusion, which
would be a professional mistake. Although notification to the police may be required and the lack of a
periodic examination of access rights might be a concern, they do not represent as big a concern as the
failure to report the attack. Reporting to the public is not a requirement and is dependent on the
organization's desire, or lack thereof, to make the intrusion known.
9. After observing suspicious activities in a server, a manager requests a forensic analysis. Which
of the following findings should be of MOST concern to the investigator?
A、Server is a member of a workgroup and not part of the server domain
B、Guest account is enabled on the server
C、Recently, 100 users were created in the server
D、Audit logs are not enabled for the server
ANSWER: D
NOTE: Audit logs can provide evidence which is required to proceed with an investigation and should
not be disabled. For business needs, a server can be a member of a workgroup and, therefore, not a
concern. Having a guest account enabled on a system is a poor security practice but not a forensic
investigation concern. Recently creating 100 users in the server may have been required to meet
business needs and should not be a concern.
4