Which of the following BEST ensures the integrity of a server's operating system? A. Protecting the server in a secure location B. Setting a boot password C. Hardening the server configuration D. Implementing activity logging
Correct Answer: C
Explanation:
Explanation:
Hardening a system means to configure it in the most secure manner (install latest security patches, properly define the access authorization for users and administrators, disable insecure options and uninstall unused services) to prevent nonprivileged users from gaining the right to execute privileged instructions and thus take control of the entire machine, jeopardizing the OS’s integrity. Protecting the server in a secure location and setting a boot password are good practices, but do not ensure that a user will not try to exploit logical vulnerabilities and compromise the OS. Activity logging has two weaknesses in this scenario-it is a detective control (not a preventive one), and the attacker who already gained privileged access can modify logs or disable them.
IT operations for a large organization have been outsourced. An IS auditor reviewing the outsourced operation should be MOST concerned about which of the following findings? A. The outsourcing contract does not cover disaster recovery for the outsourced IT operations. B. The service provider does not have incident handling procedures. C. Recently a corrupted database could not be recovered because of library management problems. D. incident logs are not being reviewed.
Correct Answer: A
Explanation:
Explanation:
The lack of a disaster recovery provision presents a major business risk. Incorporating such a provision into the contract will provide the outsourcing organization leverage over the service provider. Choices B, C and D are problems that should be addressed by the service provider, but are not as important as contract requirements for disaster recovery.
An intruder accesses an application server and makes changes to the system log. Which of the following would enable the identification of the changes? A. Mirroring the system log on another server B. Simultaneously duplicating the system log on a write-once disk C. Write-protecting the directory containing the system log D. Storing the backup of the system log offsite
Correct Answer: B
Explanation:
Explanation:
A write-once CD cannot be overwritten. Therefore, the system log duplicated on the disk could be compared to the original log to detect differences, which could be the result of changes made by an intruder. Write-protecting the system log does not prevent deletion or modification, since the superuser can override the write protection. Backup and mirroring may overwrite earlier files and may not be current.
Which of the following is a network diagnostic tool that monitors and records network information? A. Online monitor B. Downtime report C. Help desk report D. Protocol analyzer
Correct Answer: D
Explanation:
Explanation:
Protocol analyzers are network diagnostic tools that monitor and record network information from packets traveling in the link to which the analyzer is attached. Online monitors (choice A) measure telecommunications transmissions and determine whether transmissions were accurate and complete. Downtime reports (choice B) track the availability of telecommunication lines and circuits. Help desk reports (choice C) are prepared by the help desk, which is staffed or supported by IS technical support personnel trained to handle problems occurring during the course of IS operations.
Applying a retention date on a file will ensure that: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated.
Correct Answer: B
Explanation:
Explanation:
A retention date will ensure that a file cannot be overwritten before that date has passed. The retention date will not affect the ability to read the file. Backup copies would be expected to have a different retention date and therefore may be retained after the file has been overwritten. The creation date, not the retention date, will differentiate files with the same name.
Which of the following exposures associated with the spooling of sensitive reports for offline printing should an IS auditor consider to be the MOST serious? A. Sensitive data can be read by operators. B. Data can be amended without authorization. C. Unauthorized report copies can be printed. D. Output can be lost in the event of system failure.
Correct Answer: C
Explanation:
Explanation:
Unless controlled, spooling for offline printing may enable additional copies to be printed. Print files are unlikely to be available for online reading by operations. Data on spool files are no easier to amend without authority than any other file. There is usually a lesser threat of unauthorized access to sensitive reports in the event of a system failure.
Which of the following would an IS auditor consider to be the MOST helpful when evaluating the effectiveness and adequacy of a computer preventive maintenance program? A. A system downtime log B. Vendors' reliability figures C. Regularly scheduled maintenance log D. A written preventive maintenance schedule
Correct Answer: A
Explanation:
Explanation:
A system downtime log provides information regarding the effectiveness and adequacy of computer preventive maintenance programs.
To determine which users can gain access to the privileged supervisory state, which of the following should an IS auditor review? A. System access log files B. Enabled access control software parameters C. Logs of access control violations D. System configuration files for control options used
Correct Answer: D
Explanation:
Explanation:
A review of system configuration files for control options used would show which users have access to the privileged supervisory state. Both systems access log files and logs of access violations are detective in nature. Access control software is run under the operating system.
Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network? A. The use of diskless workstations B. Periodic checking of hard drives C. The use of current antivirus software D. policies that result in instant dismissal if violated
Correct Answer: B
Explanation:
Explanation:
The periodic checking of hard drives would be the most effective method of identifying illegal software packages loaded to the network. Antivirus software will not necessarily identify illegal software, unless the software contains a virus. Diskless workstations act as a preventive control and are not effective, since users could still download software from other than diskless workstations. Policies lay out the rules about loading the software, but will not detect the actual occurrence.
During a human resources (HR) audit, an IS auditor is informed that there is a verbal agreement between the IT and HR departments as to the level of IT services expected. In this situation, what should the IS auditor do FIRST? A. Postpone the audit until the agreement is documented B. Report the existence of the undocumented agreement to senior management C. Confirm the content of the agreement with both departments D. Draft a service level agreement (SLA) for the two departments
Correct Answer: C
Explanation:
Explanation:
An IS auditor should first confirm and understand the current practice before making any recommendations. The agreement can be documented after it has been established that there is an agreement in place. The fact that there is not a written agreement does not justify postponing the audit, and reporting to senior management is not necessary at this stage of the audit. Drafting a service level agreement (SLA) is not the IS auditor’s responsibility.
Please disable your adblocker or whitelist this site!