Codes from exploit programs are frequently reused in:
Correct Answer: E
Section: Protection of Information Assets Explanation: "The term ""exploit"" generally refers to small programs designed to take advantage of a software flaw that has been discovered, either remote or local. The code from the exploit program is frequently reused in trojan horses and computer viruses. In some cases, a vulnerability can lie in a certain programs processing of a specific file type, such as a non-executable media file."
Question 312
Which of the following is BEST used for detailed testing of a business application's data and configuration files?
Correct Answer: D
The best tool for detailed testing of a business application's data and configuration files is an audit analytics tool. An audit analytics tool is a software that helps auditors to analyze large sets of data and identify anomalies, trends, and patterns that are relevant to the audit objectives. An audit analytics tool can also provide audit evidence and support the auditor's professional judgment and conclusions. Some of the benefits of using an audit analytics tool are: * It can improve the efficiency and effectiveness of the audit by reducing the time and effort required to perform manual tests and procedures. * It can enhance the quality and reliability of the audit by increasing the coverage and accuracy of the data analysis and testing. * It can enable the auditor to perform more complex and sophisticated tests and procedures that may not be possible or feasible with traditional methods. * It can help the auditor to discover new insights and risks that may not be apparent or detectable with traditional methods. Some examples of audit analytics tools are: * IDEA: A data analysis software that allows auditors to import, analyze, and visualize data from various sources and formats. It also offers features such as sampling, stratification, gap analysis, duplicate detection, Benford's law, and regression analysis.1 * ACL: A data analysis software that helps auditors to access, analyze, and report on data from various sources and formats. It also offers features such as sampling, stratification, gap analysis, duplicate detection, Benford's law, regression analysis, and scripting.2 * TeamMate Analytics: A data analysis software that integrates with Microsoft Excel and provides auditors with a range of tools and functions to perform data analysis and testing. It also offers features such as sampling, stratification, gap analysis, duplicate detection, Benford's law, regression analysis, and scripting.3
Question 313
Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organization's information security policy?
Correct Answer: D
Explanation The most important consideration for an IS auditor when assessing the adequacy of an organization's information security policy is its alignment with the business objectives. The information security policy is a high-level document that defines the organization's vision, goals, principles, and responsibilities for protecting its information assets. The information security policy should support and enable the achievement of the business objectives, such as increasing customer satisfaction, enhancing competitive advantage, or complying with legal requirements. The information security policy should also be consistent with other relevant policies, standards, and frameworks that guide the organization's governance, risk management, and compliance activities.
Question 314
The IS management of a multinational company is considering upgrading its existing virtual private network (VPN) to support voice-over IP (VoIP) communications via tunneling. Which of the following considerations should be PRIMARILY addressed?
Correct Answer: A
Explanation/Reference: Explanation: The company currently has a VPN; issues such as authentication and confidentiality have been implemented by the VPN using tunneling. Privacy of voice transmissions is provided by the VPN protocol. Reliability and QoS are, therefore, the primary considerations to be addressed.
Question 315
Which of the following would be an indicator of the effectiveness of a computer security incident response team?
Correct Answer: A
The most important indicator is the financial impact per security incident. Choices B, C and D could be measures of effectiveness of security, but would not be a measure of the effectiveness of a response team.
