Which of the following would be the MOST likely reason for an intrusion prevention system (IPS) being unable to block an ongoing web attack?
Correct Answer: C
Question 962
An IS auditor finds the log management system is overwhelmed with false positive alerts. The auditor's BEST recommendation would be to:
Correct Answer: C
Question 963
Which of the following is NOT a defined ISO basic task related to network management?
Correct Answer: D
Section: Information System Acquisition, Development and Implementation Explanation: Fault management: Detects the devices that present some kind of fault. Configuration management: Allows users to know, define and change remotely the configuration of any device. Accounting resources: Holds the records of the resource usage in the WAN. Performance management: Monitors usage levels and sets alarms when a threshold has been surpassed. Security management: Detects suspicious traffic or users and generates alarms accordingly. Reference: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure and Operational Practices (page 137).
Question 964
Who should issue the organizational policies?
Correct Answer: D
Policies should be signed, issued, and enforced by the highest level of management to ensure compliance by the organization. It is the responsibility of management (not the auditor) to implement internal controls.
Question 965
Which of the following is MOST important for an IS auditor to look for in a project feasibility study?
Correct Answer: C
Explanation The most important thing for an IS auditor to look for in a project feasibility study is an assessment of whether the expected benefits can be achieved. A project feasibility study is a preliminary analysis that evaluates the viability and suitability of a proposed project based on various criteria, such as technical, economic, legal, operational, and social factors. The expected benefits are the positive outcomes and value that the project aims to deliver to the organization and its stakeholders. The IS auditor should verify whether the project feasibility study has clearly defined and quantified the expected benefits, and whether it has assessed the likelihood and feasibility of achieving them within the project scope, budget, schedule, and quality parameters. The other options are also important for an IS auditor to look for in a project feasibility study, but not as important as an assessment of whether the expected benefits can be achieved, because they either focus on specific aspects of the project rather than the overall value proposition, or they assume that the project will be implemented rather than evaluating its viability. References: CISA Review Manual (Digital Version)1, Chapter 4, Section 4.2.1
