Which of the following types of attack works by taking advantage of the unenforced and unchecked
assumptions the system makes about its inputs?

• A.format string vulnerabilities
• B.integer overflow
• C.code injection
• D.command injection
• E.None of the choices.

Comment: *

Name: *

Email: *

Verification: *

A CFO has requested an audit of IT capacity management due to a series of finance system slowdowns during month-end reporting. What would be MOST important to consider before including this audit in the program?

• A.Whether system delays result in more frequent use of manual processing
• B.Whether stakeholders are committed to assisting with the audit
• C.Whether internal auditors have the required skills to perform the audit
• D.Whether the system's performance poses a significant risk to the organization

Comment: *

Name: *

Email: *

Verification: *

To aid management in achieving IT and business alignment, an IS auditor should recommend the use of:

• A.control self-assessments.
• B.a business impact analysis.
• C.an IT balanced scorecard.
• D.business process reengineering.

Comment: *

Name: *

Email: *

Verification: *

The most common problem in the operation of an intrusion detection system (IDS) is:

• A.the detection of false positives.
• B.receiving trap messages.
• C.reject-error rates.
• D.denial-of-service attacks.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor has found that an organization is unable to add new servers on demand in a cost-efficient manner Which of the following is the auditor s BEST recommendation?

• A.Build a virtual environment
• B.Increase the capacity of existing systems.
• C.Hire temporary contract workers for the IT function.
• D.Upgrade hardware to newer technology.

Comment: *

Name: *

Email: *

Verification: *