Which of the following is an example of a passive attack initiated through the Internet?

• A.Traffic analysis
• B.Masquerading
• C.Denial of service
• D.E-mail spoofing

Comment: *

Name: *

Email: *

Verification: *

Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-to- consumer transactions via the internet?

• A.Customers are widely dispersed geographically, but the certificate authorities are not.
• B.Customers can make their transactions from any computer or mobile device.
• C.The certificate authority has several data processing subcenters to administer certificates.
• D.The organization is the owner of the certificate authority.

Comment: *

Name: *

Email: *

Verification: *

During a follow-up audit, an IS auditor discovers that a recommendation has not been implemented.
However, the auditee has implemented a manual workaround that addresses the identified risk, through far
less efficiency than the recommended action would. Which of the following would be the auditor's BEST
course of action?

• A.Notify management that the risk has been addressed and take no further action.
• B.Escalate the remaining issue for further discussion and resolution.
• C.Note that the risk has been addressed and notify management of the inefficiency.
• D.Insist to management that the original recommendation be implemented.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor seeks assurance that a new process for purging transactions does not have a detrimental impact on the integrity of a database. This could be achieved BEST by analyzing the:

• A.database structure.
• B.design of triggers.
• C.results of the process in a test environment.
• D.entity relationship diagram of the database.

Comment: *

Name: *

Email: *

Verification: *

When reviewing an organization's strategic IT plan an IS auditor should expect to find:

• A.an assessment of the fit of the organization's application portfolio with business objectives.
• B.actions to reduce hardware procurement cost.
• C.a listing of approved suppliers of IT contract resources.
• D.a description of the technical architecture for the organization's network perimeter security.

Comment: *

Name: *

Email: *

Verification: *