Using the OSI reference model, what layer(s) is/are used to encrypt data?

• A.transport layer
• B.Session layer
• C.Session and transport layers
• D.Data link layer

Comment: *

Name: *

Email: *

Verification: *

Which of the following cryptographic systems is MOST appropriate for bulk data encryption and small devices such as smart cards?

• A.DES
• B.AES
• C.Triple DES
• D.RSA

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be of PRIMARY concern to an IS auditor reviewing the management of
external IT service providers?

• A.Minimizing costs for the services provided
• B.Prohibiting the provider from subcontracting services
• C.Evaluating the process for transferring knowledge to the IT department
• D.Determining if the services were provided as contracted

Comment: *

Name: *

Email: *

Verification: *

When auditing a proxy-based firewall, an IS auditor should:

• A.verify that the firewall is not dropping any forwarded packets.
• B.review Address Resolution Protocol (ARP) tables for appropriate mapping between media access control (MAC) and IP addresses.
• C.verify that the filters applied to services such as HTTP are effective.
• D.test whether routing information is forwarded by the firewall.

Comment: *

Name: *

Email: *

Verification: *

A small organization does not have enough employees to implement adequate segregation of duties in accounts payable. Which of the following is the BEST compensating control to mitigate the risk associated with this situation?

• A.Supervisory review of logs to detect changes in vendors
• B.Review of transactions exceeding a specific threshold
• C.Regular reconciliation of key transactions approved by a supervisor
• D.Rotation of duties among existing personnel

Comment: *

Name: *

Email: *

Verification: *