Which of the following refers to a method of bypassing normal system authentication procedures?
Correct Answer: F
A backdoor is a method of bypassing normal authentication procedures. Many computer manufacturers used to preinstall backdoors on their systems to provide technical support for customers. Hackers typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors, hackers prefer to use either Trojan horse or computer worm.
Question 77
.Which of the following are effective in detecting fraud because they have the capability to consider a large number of variables when trying to resolve a problem? Choose the BEST answer.
Correct Answer: B
Neural networks are effective in detecting fraud because they have the capability to consider a large number of variables when trying to resolve a problem.
Question 78
An organization has developed mature risk management practices that are followed across all departments What is the MOST effective way for the audit team to leverage this risk management maturity?
Correct Answer: C
Question 79
Which of the following statement is NOT true about Voice-Over IP (VoIP)? VoIP uses circuit switching technology Lower cost per call or even free calls, especially for long distance call Lower infrastructure cost VoIP is a technology where voice traffic is carried on top of existing data infrastructure
Correct Answer: A
Explanation/Reference: The NOT is a keyword used in the question. You need to find out invalid statement about VoIP. VoIP uses packet switching and not circuit switching. For your exam you should know below information about VoIP: Voice-Over-IP IP telephony, internet telephony, is the technology that makes it possible to have a voice conversation over the Internet or over any dedicated IP network instead of dedicated transmission lines. The protocol is used to carry the signal over the IP network are commonly referred as Voice-Over-IP (VoIP).VoIP is a technology where voice traffic is carried on top of existing data infrastructure. Sounds are digitalized into IP packets and transferred through the network layer before being decode back into the original voice. VoIP allows the elimination of circuit switching and the associated waste of bandwidth. Instead, packet switching is used, where IP packets with voice data are sent over the network only when data needs to be sent. It has advantages over traditional telephony: Unlike traditional telephony, VoIP innovation progresses at market rates rather than at the rates of multilateral committee process of the International Telecommunication Union (ITU) Lower cost per call or even free calls, especially for long distance call Lower infrastructure costs. Once IP infrastructure is installed, no or little additional telephony infrastructure is needed VoIP Security Issues With the introduction of VoIP, the need for security is more important because it is needed to protect two assets - the data and the voice. Protecting the security of conversation is vital now. In VoIP, packets are sent over the network from the user's computer or VoIP phone to similar equipment at other end. Packets may pass through several intermediate systems that are not under the control of the user's ISP.The current Internet architecture does not provide same physical wire security as phone line. The main concern of VoIP solution is that while, in the case of traditional telephones, if data system is disrupted, then the different sites of the organization could still be reached via telephone. Thus a backup communication facility should be planned for if the availability of communication is vital to organization. Another issue might arises with the fact that IP telephones and their supporting equipment require the same care and maintenance as computer system do. To enhance the protection of the telephone system and data traffic, the VoIP infrastructure should be segregated using Virtual Local Area Network (VLAN). In many cases, session border controllers (SBCs) are utilized to provide security features for VoIP traffic similar to that provided by firewalls. The following were incorrect answers: Lower cost per call or even free calls, especially for long distance call - This is a valid statement about VoIP. In fact it is an advantage of VoIP. Lower infrastructure cost - This is a valid statement and advantage of using VoIP as compare to traditional telephony system. VoIP is a technology where voice traffic is carried on top of existing data infrastructure - This is also valid statement about VoIP. The following reference(s) were/was used to create this question: CISA review manual 2014 Page number355
Question 80
A penetration test performed as part of evaluating network security:
Correct Answer: C
Explanation/Reference: Explanation: Penetration tests are an effective method of identifying real-time risks to an information processing environment. They attempt to break into a live site in order to gain unauthorized access to a system. They do have the potential for damaging information assets or misusing information because they mimic an experienced hacker attacking a live system. On the other hand, penetration tests do not provide assurance that all vulnerabilities are discovered because they are based on a limited number of procedures. Management should provide consent for the test to avoid false alarms to IT personnel or to law enforcement bodies.
