6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.

txt

1. Which of the following LAN physical layouts is subject to total loss if one device fails?

A. Star
B. Bus
C. Ring
D. Completely connected

The correct answer is:

B. Bus

Explanation:
The bus topology is vulnerable to failure if one device fails. In line and bus networks,
which are essentially the same thing, terminals are connected to a single cable. If
this cable is severed, all terminals beyond the point of severance will be unavailable.

2. Receiving an EDI transaction and passing it through the communication's interface stage usually
requires:
A. translating and unbundling transactions.
B. routing verification procedures.
C. passing data to the appropriate application system.
D. creating a point of receipt audit log.

The correct answer is:

B. routing verification procedures.

Explanation:
The communication's interface stage requires routing verification procedures.
EDI or ANSI X12 is a standard that must be interpreted by an application for transactions to be
processed and then to be invoiced,
https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 1/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt
paid and sent, whether they are for merchandise or services. There is no point in sending and
receiving EDI transactions
if they cannot be processed by an internal system. Unpacking transactions and recording audit logs
are
important elements that help follow business rules and establish controls, but are not part of the
communication's interface stage.

3. Utility programs that assemble software modules needed to execute a machine instruction
application program version are:

A. text editors.
B. program library managers.
C. linkage editors and loaders.
D. debuggers and development aids.

The correct answer is:

C. linkage editors and loaders.

Explanation:
Utility programs that assemble software modules needed to execute a machine instruction application
program version are linkage editors and loaders.

4. Which of the following will help detect changes made by an intruder to the system log of a server?

A. Mirroring the system log on another server

B. Simultaneously duplicating the system log on a write-once disk
C. Write protecting the directory containing the system log
D. Storing the backup of the system log offsite

The correct answer is:

B. Simultaneously duplicating the system log on a write-once disk

Explanation:
A write-once CD cannot be overwritten. Therefore, the system log duplicated on the disk could be
compared to the original log
to detect differences, which could be the result of changes made by an intruder.
Write protecting the system log does not prevent deletion or modification, since the superuser can
override the write protection.
Backup and mirroring may overwrite earlier files and may not be current.

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 2/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

5. Which of the following exposures associated with the spooling of sensitive reports for offline
printing would an IS auditor consider

to be the MOST serious?

A. Sensitive data can be read by operators.

B. Data can be amended without authorization.
C. Unauthorized report copies can be printed.
D. Output can be lost in the event of system failure.

The correct answer is:

C. Unauthorized report copies can be printed.

Explanation:
Unless controlled, spooling for offline printing may enable additional copies to be printed.
Print files are unlikely to be available for online reading by operators.
Data on spool files are no easier to amend without authority than any other file.
There is usually a lesser threat of unauthorized access to sensitive reports in the event of a
system failure

6. The database administrator (DBA) suggests that DB efficiency can be improved by denormalizing some
tables. This would result in:
A. loss of confidentiality.
B. increased redundancy.
C. unauthorized accesses.
D. application malfunctions.

The correct answer is:

B. increased redundancy.

Explanation:
Normalization is a design or optimization process for a relational database (DB) that minimizes
redundancy;
https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 3/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt
therefore, denormalization would increase redundancy (Redundancy which is usually considered positive
when it
is a question of resource availability is negative in a database environment, since it demands
additional, otherwise unnecessary,
data handling efforts.) Denormalization is sometimes advisable for functional reasons.
It should not cause loss of confidentiality, unauthorized accesses or application malfunctions.

7. The following question refers to the diagram below.

Assuming this diagram represents an internal facility and the organization is implementing a firewall
protection program,
where should firewalls be installed?

A. No firewalls are needed.

B. Op-3 location only
C. MIS (Global) and NAT2
D. SMTP Gateway and op-3

The correct answer is:

D. SMTP Gateway and op-3

Explanation:
The objective of a firewall is to protect a trusted network from an untrusted network;
therefore, locations needing firewall implementations would be at the existence of the external
connections.
All other answers are incomplete or represent internal connections.

8. The objective of concurrency control in a database system is to:

A. restrict updating of the database to authorized users.

B. prevent integrity problems, when two processes attempt to update the same data at the same time.
C. prevent inadvertent or unauthorized disclosure of data in the database.
D. ensure the accuracy, completeness and consistency of data.

The correct answer is:

B. prevent integrity problems, when two processes attempt to update the same data at the same time.

Explanation:
Concurrency controls prevent data integrity problems, which can arise when two update processes
access the same data item at the same time.
Access controls restrict updating of the database to authorized users and controls, such as
passwords,
prevent the inadvertent or unauthorized disclosure of data from the database. Quality controls, such
as edits,
ensure the accuracy, completeness and consistency of data maintained in the database.

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 4/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

9. Which of the following translates e-mail formats from one network to another so that the message
can travel through all the networks?
A. Gateway
B. Protocol converter
C. Front-end communication processor
D. Concentrator/multiplexor

The correct answer is:

A. Gateway

Explanation:
A gateway performs the job of translating e-mail formats from one network to another so messages can
make their way
through all the networks. A protocol converter is a hardware device that converts between two
different types of transmissions,
such as asynchronous and synchronous transmissions. A front-end communication processor connects all
network communication lines
to a central computer to relieve the central computer from performing network control,
format conversion and message handling tasks. A concentrator/multiplexor is a device used for
combining several
lower-speed channels into a higher-speed channel.

10. The following question refers to the diagram below.

For locations 3a, 1d and 3d, the diagram indicates hubs with lines that appear to be open and active.
Assuming that is true, what control(s), if any, should be recommended to mitigate this weakness?

A. Intelligent hub
B. Physical security over the hubs
C. Physical security and an intelligent hub
D. No controls are necessary since this is not a weakness.

The correct answer is:

C. Physical security and an intelligent hub
https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 5/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

Explanation:
Open hubs represent a significant control weakness because of the potential to access a network
connection easily.
An intelligent hub would allow the deactivation of a single port while leaving the remaining ports
active. Additionally,
physical security would also provide a reasonable protection over hubs with active ports.

11. Which of the following is critical to the selection and acquisition of the correct operating
system software?

A. Competitive bids
B. User department approval
C. Hardware-configuration analysis
D. Purchasing department approval

The correct answer is:

C. Hardware-configuration analysis

Explanation:
The purchase of operating system software is dependent on the fact that software
is compatible with the existing hardware. Choices A and D, although important, are
not as important as choice C. Users do not normally approve the acquisition of operating systems
software.

12. To maximize the performance of a large database in a parallel processing environment,

which of the following is used for separating indexes?

A. Disk partitioning
B. Mirroring
C. Hashing
D. Duplexing

The correct answer is:

C. Hashing

Explanation:
An essential part of designing a database for parallel processing is the partitioning scheme.
Because large databases are indexed, independent indexes must also be partitioned to maximize
performance.
https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 6/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

Hashing is a method used for index partitioning. It associates data to disks based on a hash key.
Disk partitioning creates logical drives on the single disk for better management of the contents.
Disk mirroring uses two identical disks. All operations on the two disks are performed so that each
disk
is a mirror image of the other. This provides redundancy in case of failure of one of the disks.
Disk duplexing makes use of more than one disk with two separate controllers providing redundancy in
case
of a disk failure or a controller card failure.

13. Which of the ISO/OSI model layers provides for routing packets between nodes?

A. Data link
B. Network
C. Transport
D. Session

The correct answer is:

B. Network

Explanation:
The network layer switches and routes information (network layer header).
Node-to-node data link services are extended across a network by this layer. The network layer
provides
service for routing packets (units of information at the network layer) between nodes connected
through an arbitrary network. The data link layer transmits information as groups-of-bits
(logical units called a frame) to adjacent computer systems (node-to-node). The bits in a
frame are divided into an address field (media access control-MAC-48-bit hardware address),
control field, data field and error-control field. The transport layer, provides end-to-end data
integrity.
To ensure reliable delivery, the transport layer builds on the error-control mechanisms provided by
lower
layers. If lower layers are not adequate, the transport layer is the last chance for error recovery.
The session layer provides the control structure for communications between applications. It
establishes,
manages and terminates connections (sessions) between cooperating applications, and performs access
security
checking.

14. Which of the following is the MOST effective method for dealing with the spreading of a network
worm that exploits a vulnerability in a protocol?

A. Install the vendor's security fix for the vulnerability.

B. Block the protocol traffic in the perimeter firewall.
C. Block the protocol traffic between internal network segments.
D. Stop the service until an appropriate security fix is installed.

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 7/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

The correct answer is:

D. Stop the service until an appropriate security fix is installed.

Explanation:
Stopping the service and installing the security fix is the safest way to prevent the worm from
spreading.
If the service is not stopped, installing the fix is not the most effective method because the worm
continues spreading until the fix becomes effective.
Blocking the protocol on the perimeter does not stop the worm from spreading to the internal
network(s).
Blocking the protocol helps to slow down the spreading but also prohibits every software that
utilizes it from working between segments.

15. Analysis of which of the following would MOST likely enable the IS auditor to determine if an
unapproved program attempted to access sensitive data?

A. Abnormal job termination reports

B. Operator problem reports
C. System logs
D. Operator work schedules

The correct answer is:

C. System logs

Explanation:
System logs are automated reports that identify most of the activities performed on the computer.
Many programs that analyze the system log
to report on specifically defined items have been developed. Abnormal job termination reports
identify application jobs
that were terminated before successful completion. Operator problem reports are used by operators to
log computer operations problems and
their solutions. Operator work schedules are maintained by IS management to assist in human resource
planning.

16. Applying a retention date on a file will ensure that:

A. data cannot be read until the date is set.

B. data will not be deleted before that date.
C. backup copies are not retained after that date.
D. datasets having the same name are differentiated.
https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 8/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

The correct answer is:

B. data will not be deleted before that date.

Explanation:
A retention date will ensure that a file cannot be overwritten before that date has passed.
The retention date will not affect the ability to read the file. Backup copies would be expected to
have a different retention date and,
therefore, may well be retained after the file has been overwritten.
The creation date, not the retention date, will differentiate files with the same name.

17. Web and e-mail filtering tools are PRIMARILY valuable to an organization because they:

A. protect the organization from viruses and nonbusiness materials.

B. maximize employee performance.
C. safeguard the organization's image.
D. assist the organization in preventing legal issues

The correct answer is:

A. protect the organization from viruses and nonbusiness materials.

Explanation:

The main reason for investing in web and e-mail filtering tools is that they significantly reduce
risks related to viruses, spam, mail chains,
recreational surfing and recreational e-mail. Choice B could be true in some circumstances (i.e., it
would need to be implemented along with an
awareness program, so that employee performance can be significantly improved); however, in such
cases, it would not be as relevant as choice A.
Choices C and D are secondary or indirect benefits.

18. In a database management system (DBMS), the location of data and the method of accessing the data
are provided by the:

A. data dictionary.
B. metadata.
https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 9/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

C. directory system.
D. data definition language.

The correct answer is:

C. directory system.

Explanation:
A directory system describes the location of data and the access method. A data dictionary contains
an
index and description of all the items stored in the database. Metadata are the data elements
required to
define an enterprisewide data warehouse. The data definition language processor allows the database
administrator (DBA) to create/modify a
data definition for mapping between external and conceptual schemes.

19. Which of the following line media would provide the BEST security for a telecommunication
network?

A. Broadband network digital transmission

B. Baseband network
C. Dial-up
D. Dedicated lines

The correct answer is:

D. Dedicated lines

Explanation:
Dedicated lines are set apart for a particular user or organization. Since there is no sharing of
lines or intermediate entry points, the risk of interception or disruption of telecommunications
messages is lower.

20. An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100
meters long.
https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 10/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

Which of the following could be caused by the length of the cable?

A. Electromagnetic interference (EMI)

B. Cross talk
C. Dispersion
D. Attenuation

The correct answer is:

D. Attenuation

Explanation:
Attenuation is the weakening of signals during transmission. When the signal becomes weak,
it begins to read a 1 for a 0, and the user may experience communication problems.
UTP faces attenuation around 100 meters. Electromagnetic interference (EMI) is caused by outside
electromagnetic waves
affecting the desired signals, which is not the case here. Cross-talk has nothing to do with the
length of the UTP cable.

21. Which of the following types of firewalls provide the GREATEST degree and granularity of control?

A. Screening router
B. Packet filter
C. Application gateway
D. Circuit gateway

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 11/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

The correct answer is:

C. Application gateway

Explanation:
The application gateway is similar to a circuit gateway, but it has specific proxies for each
service.
To handle web services, it has an HTTP proxy that acts as an intermediary between externals and
internals,
but is specifically for HTTP. This means that it not only checks the packet IP addresses (layer 3)
and the ports it
is directed to (in this case port 80, layer 4), it also checks every http command (layers 5 and 7).
Therefore, it works in a more detailed (granularity) way than the others. Screening router and packet
filter
(choices A and B) basically work at the protocol, service and/or port level. This means that they
analyze packets from layers
3 and 4 (not from higher levels). A circuit gateway (choice D) is based on a proxy or program that
acts as an intermediary between external
and internal accesses. This means that, during an external access, instead of opening a single
connection to the internal server,
two connections are established-one from the external server to the proxy (which conforms the
circuit-gateway) and one from the proxy
to the internal server. Layers 3 and 4 (IP and TCP) and some general features from higher protocols
are used to perform these tasks.

22. A company is implementing a dynamic host configuration protocol (DHCP). Given that the following
conditions exist, which represents the GREATEST concern?

A. Most employees use laptops.

B. A packet filtering firewall is used.
C. The IP address space is smaller than the number of PCs.
D. Access to a network port is not restricted.

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 12/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

The correct answer is:

D. Access to a network port is not restricted.

Explanation:
Given physical access to a port, anyone can connect to the internal network.
The other choices do not present the exposure that access to a port does.
DHCP provides convenience (an advantage) to the laptop users. Sharing IP addresses and the existence
of a firewall can be security measures.

23. Which of the following will prevent dangling tuples in a database?

A. Cyclic integrity
B. Domain integrity
C. Relational integrity
D. Referential integrity

The correct answer is:

D. Referential integrity

Explanation:
Referential integrity ensures that a foreign key in one table will equal null or the value of a
primary in the other table.
For every tuple in a table having a referenced/foreign key, there should be a corresponding tuple in
another table, i.e.,
for existence of all foreign keys in the original tables. If this condition is not satisfied, then it
results in a dangling tuple.
Cyclical checking is the control technique for the regular checking of accumulated data on a file
against authorized source documentation.
There is no cyclical integrity testing. Domain integrity testing ensures that a data item has a
legitimate value in the correct range or set.
Relational integrity is performed at the record level and is ensured by calculating and verifying
specific fields.

24. Which of the following operating system mechanisms checks each request by a subject (user
process) to access and use an object
(e.g., file, device, program) to ensure that the request complies with a security policy?

A. Address Resolution Protocol

B. Access control analyzer
C. Reference monitor
https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 13/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt
D. Concurrent monitor

The correct answer is:

C. Reference monitor

Explanation:
A reference monitor is an abstract mechanism that checks each request by a subject (user process)
to access and uses an object (e.g., file, device, program) to ensure that the request complies with a
security policy.
A reference monitor is implemented via a security kernel, which is a hardware/software/firmware
mechanism.
Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol (IP) address to a
physical machine address
that is recognized in the local network. An access control analyzer is an audit utility for analyzing
how well access controls
have been implemented and maintained within an access control package. A concurrent monitor is an
audit utility that captures selected events
as application systems are running to facilitate assessing program quality.

25. A referential integrity constraint consists of:

A. ensuring the integrity of transaction processing.

B. ensuring that data are updated through triggers.
C. ensuring controlled user updates to the database.
D. rules for designing tables and queries.

The correct answer is:

B. ensuring that data are updated through triggers.

Explanation:
Referential integrity constraints ensure that a change in a primary key of one table is automatically
updated in a matching foreign key of other tables. This is done using triggers.

26. In a client-server system, which of the following control techniques is used to inspect activity
from known or unknown users?
A. Diskless workstations
B. Data encryption techniques
C. Network monitoring devices
D. Authentication systems

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 14/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

The correct answer is:

C. Network monitoring devices

Explanation:
Network monitoring devices may be used to inspect activities from known or unknown users and can
identify client addresses,
which may assist in finding evidence of unauthorized access.
This serves as a detective control. Diskless workstations prevent access control
software from being bypassed. Data encryption techniques can help protect sensitive or propriety data
from unauthorized access, thereby serving as a preventive control. Authentication systems may provide
environmentwide,
logical facilities that can differentiate among users, before providing access to systems.

27. When a PC that has been used for the storage of confidential data is sold on the open market the:

A. hard disk should be demagnetized.

B. hard disk should be mid-level formatted.
C. data on the hard disk should be deleted.
D. data on the hard disk should be defragmented.

The correct answer is:

A. hard disk should be demagnetized.

Explanation:
The hard disk should be demagnetized, since this will cause all of the bits to be set to zero,
eliminating any chance of retrieving information that was previously stored on the disk.
A mid-level format does not delete information from the hard disk. It only resets the directory
pointers.
While the deletion of data from the disk removes the pointer to the file, the data remains in place,
so with the proper tools,
the information can be retrieved. The defragmentation of the disk does not cause information to be
deleted,
but simply moves it around to make it more efficient to access.
https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 15/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

28. A manufacturing firm wants to automate its invoice payment system. Objectives state that the
system should require considerably
less time for review and authorization and the system should be capable of identifying errors that
require follow up.
Which of the following would BEST meet these objectives?

A. Establishing an inter-networked system of client servers with suppliers for increased efficiencies
B Outsourcing the function to a firm specializing in automated payments and accounts
receivable/invoice processing
C Establishing an EDI system of electronic business documents and transactions with key suppliers,
computer to computer, in a standard format
D. Reengineering the existing processing and redesigning the existing system

The correct answer is:

C Establishing an EDI system of electronic business documents and transactions with key suppliers,
computer to computer, in a standard format

Explanation:
EDI is the best answer. Properly implemented (e.g., agreements with trading partners transaction
standards,
controls over network security mechanisms in conjunction with application controls) EDI is best
suited to identify and follow up on errors more quickly, given reduced opportunities for review and
authorization.

29. In a client-server architecture, a domain name service (DNS) is MOST important because it
provides the:

A. address of the domain server.

B. resolution service for the name/address.
C. IP addresses for the Internet.
D. domain name system.

The correct answer is:

B. resolution service for the name/address.

Explanation:
https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 16/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt
DNS is utilized primarily on the Internet for resolution of the name/address of the web site.
It is an Internet service that translates domain names into IP addresses.
As names are alphabetic, they are easier to remember. However, the Internet is based on IP addresses.
Every time a domain name is used, a DNS service must translate the name into the corresponding IP
address.
The DNS system has its own network. If one DNS server does not know how to translate a particular
domain name,
it asks another one, and so on, until the correct IP address is returned.

30. Checking for authorized software baselines is an activity addressed within which of the
following?

A. Project management
B. Configuration management
C. Problem management
D. Risk management

The correct answer is:

B. Configuration management

Explanation:
Configuration management accounts for all IT components, including software. Project management is
about scheduling,
resource management and progress tracking of software development. Problem management records and
monitors incidents.
Risk management involves risk identification, impact analysis, an action plan, etc.

31. An IS auditor needs to link his/her microcomputer to a mainframe system that uses binary
synchronous data communications
with block data transmission. However, the IS auditor's microcomputer, as presently configured, is
capable of only asynchronous
ASCII character data communications. Which of the following must be added to the IS auditor's
computer to enable it to communicate with
the mainframe system?

A. Buffer capacity and parallel port

B. Network controller and buffer capacity
C. Parallel port and protocol conversion
D. Protocol conversion and buffer capability

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 17/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

The correct answer is:

D. Protocol conversion and buffer capability

Explanation:
For the IS auditor's microcomputer to communicate with the mainframe, the IS auditor must use a
protocol converter to convert
the asynchronous and synchronous transmission. Additionally, the message must be spooled to the
buffer to compensate for different rates of data flow.

32. An IS auditor reviewing a database application discovers that the current configuration does not
match the originally designed structure.

Which of the following should be the IS auditor's next action?

A. Analyze the need for the structural change.

B. Recommend restoration to the originally designed structure.
C. Recommend the implementation of a change control process.
D. Determine if the modifications were properly approved.

The correct answer is:

D. Determine if the modifications were properly approved.

Explanation:
The IS auditor should first determine if the modifications were properly approved.
Choices A, B and C are possible subsequent actions, should the auditor find that the structural
modification had not been approved.

33. A universal serial bus (USB) port:

A. connects the network without a network card.

B. connects the network with an Ethernet adapter.
C. replaces all existing connections.
D. connects the monitor.

The correct answer is:

B. connects the network with an Ethernet adapter.

Explanation:
The USB port connects the network without having to install a separate network interface card inside
a computer by using a USB Ethernet adapter.
https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 18/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

34. A benefit of quality of service (QoS) is that the:

A. entire networks availability and performance will be significantly improved.

B. telecom carrier will provide the company with accurate service level compliance reports.

C. participating applications will have guaranteed service levels.

D. communications link will be supported by security controls to perform secure online transactions.

The correct answer is:

C. participating applications will have guaranteed service levels.

Explanation:
The main function of QoS is to optimize network performance by assigning priority to business
applications and end users
through the allocation of dedicated parts of the bandwidth to specific traffic.
Choice A is not true because the communication itself will not be improved, while the speed of data
exchange
for specific applications could be faster. Availability will not be improved.
The QoS tools that many carriers are using do not provide reports of service levels;
however, there are other tools that will generate service level reports. Even when QoS is integrated
with firewalls,
VPNs, encryption tools and others, the tool itself is not intended to provide security controls.

35. The method of routing traffic through split-cable facilities or duplicate-cable facilities is
called:

A. alternative routing.
B. diverse routing.
C. redundancy.
D. circular routing.

The correct answer is:

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 19/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt
B. diverse routing.

Explanation:
Diverse routing is the method of routing traffic through split-cable facilities or
duplicate-cable facilities, which can be accomplished with different/duplicate cable sheaths.
Alternative routing is the method of routing information via an alternative medium, such as copper
cable or fiber optics.
Redundancy involves providing extra capacity, with an option to use such excess capacity in the event
the primary transmission capability is not available.
Circular routing is the logical path of a message in a communication network based on a series of
gates at the physical network layer
in the open system interconnection.

36. In a web server, a common gateway interface (CGI) is MOST often used as a(n):

A. consistent way for transferring data to the application program and back to the user.
B. computer graphics imaging method for movies and TV.
C. graphic user interface for web design.
D. interface to access the private gateway domain.

The correct answer is:

A. consistent way for transferring data to the application program and back to the user.

Explanation:
The common gateway interface (CGI) is a standard way for a web server to pass a user's request to an
application program and to move data back
and forth to the user. When the user requests a web page (for example, by clicking on a highlighted
word or entering a web site address),
the server sends back the requested page. However, when a user fills out a form on a web page and
submits it, it usually needs to be processed by
an application program. The web server typically passes the form information to a small application
program that processes the data and
may send back a confirmation message. This method, or convention for passing data back and forth
between the server and the application is
called the common gateway interface (CGI). It is part of the web's HTTP protocol.

37. Congestion control is BEST handled by which OSI layer?

A. Data link layer

B. Session layer
C. Transport layer
D. Network layer

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 20/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

The correct answer is:

C. Transport layer

Explanation:
The transport layer is responsible for reliable data delivery. This layer implements a flow control
mechanism that can detect congestion, reduce data transmission rates and increase transmission rates
when the network appears to
no longer be congested (e.g., TCP flow controls). The network layer is not correct because
congestion control occurs based on router
implementations of flow control at the subnet level (i.e., source quench messages sent out when
router memory or the buffer reaches capacity);
however, no message exists to cancel or discard messages, which actually may increase congestion
problems. The session and data link layers do
not have any functionality for network management.

38. Which of the following would an IS auditor consider to be the MOST helpful when evaluating the
effectiveness and adequacy of a
computer preventive maintenance program?

A. A system downtime log

B. Vendors' reliability figures
C. Regularly scheduled maintenance log
D. A written preventive maintenance schedule

The correct answer is:

A. A system downtime log

Explanation:
A system downtime log provides information regarding the effectiveness and adequacy of computer
preventive maintenance programs.

39. A network diagnostic tool that monitors and records network information is a/an:

A. online monitor.
B. downtime report.
C. help desk report.
D. protocol analyzer.

The correct answer is:

D. protocol analyzer.
https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 21/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

Explanation:
Protocol analyzers are network diagnostic tools that monitor and record network information from
packets traveling in the
link to which the analyzer is attached. Online monitors (choice A) measure telecommunications
transmissions and determine whether
transmissions were accurate and complete. Downtime reports (choice B) track the availability of
telecommunication lines and circuits.
Help desk reports (choice C) are prepared by the help desk, which is staffed or supported by IS
technical support personnel trained to handle problems
occurring during the course of IS operations.

40. Which of the following devices extends the network and has the capacity to store frames and act
as a storage and forward device?

A. Router
B. Bridge
C. Repeater
D. Gateway

The correct answer is:

B. Bridge

Explanation:
A bridge connects two separate networks to form a logical network (e.g., joining an Ethernet and
token network) and
has the storage capacity to store frames and act as a storage and forwarding device. Bridges operate
at the OSI data link layer
by examining the media access control header of a data packet. Routers are switching devices that
operate at the OSI network layer by
examining network addresses (i.e., routing information encoded in an IP packet). The router, by
examining the IP address, can make intelligent
decisions in directing the packet to its destination. Repeaters amplify transmission signals to reach
remote devices by taking a signal from a LAN,
reconditioning and retiming it, and sending it to another. This functionality is hardware-encoded and
occurs at the OSI physical layer.
Gateways provide access paths to foreign networks.

41. Which of the following types of firewalls would BEST protect a network from an Internet attack?

A. Screened subnet firewall

B. Application filtering gateway
C. Packet filtering router
D. Circuit-level gateway

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 22/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

The correct answer is:

A. Screened subnet firewall

Explanation:
A screened subnet firewall would provide the best protection. The screening router can be a
commercial router or
a node with routing capabilities and the ability to allow or avoid traffic between nets or nodes
based on addresses,
ports, protocols, interfaces, etc. Application-level gateways are mediators between two entities that
want to communicate,
also known as proxy gateways. The application level (proxy) works at the application level, not only
at a package level.
The screening controls at the package level, addresses and ports, but does not see the contents of
the package.
A packet filtering router examines the header of every packet or data traveling between the Internet
and the corporate network.

42. An IS auditor detected that several PCs connected to the Internet have a low security level that
is allowing for the free recording of cookies. This creates a risk because cookies locally store:

A. information about the Internet site.

B. information about the user.
C. information for the Internet connection.
D. Internet pages.

The correct answer is:

B. information about the user.

Explanation:
The cookie file resides on the client machine. It contains data passed from web sites, so that web
sites can communicate with this
file when the same client returns. The web site only has access to that part of the cookie file that
represents the interaction with
that particular web site. Cookie files have caused some issues with respect to privacy. The four
choices all relate to a cookie, but the
fact that the cookie stores information about the user is the risk.

43. Which of the following can be used to verify output results and control totals by matching them
against the input data and control totals?

A. Batch header forms

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 23/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

B. Batch balancing
C. Data conversion error corrections
D. Access controls over print spools

The correct answer is:

B. Batch balancing

Explanation:
Batch balancing is used to verify output results and control totals by matching them against the
input data and control totals.
Batch header forms control data preparation; data conversion error corrections correct errors that
occur due to duplication of
transactions and inaccurate data entry; and access controls over print spools prevent reports from
being accidentally deleted
from print spools or directed to a different printer.

44. Which of the following network components is PRIMARILY set up to serve as a security measure by
preventing unauthorized traffic
between different segments of the network?

A. Firewalls
B. Routers
C. Layer 2 switches
D. VLANs

The correct answer is:

A. Firewalls

Explanation:
Firewall systems are the primary tool that enable an organization to prevent unauthorized access
between networks.
An organization may choose to deploy one or more systems that function as firewalls. Routers can
filter packets based on parameters,
such as source address, but are not primarily a security tool. Based on Media Access Control (MAC)
addresses, layer
2 switches separate traffic in a port as different segments and without determining if it is
authorized or unauthorized traffic.
A virtual LAN (VLAN) is a functionality of some switches that allows them to switch the traffic
between different ports as if they are
in the same LAN. Nevertheless, they do not deal with authorized vs. unauthorized traffic.
https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 24/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

45. When assessing the portability of a database application, the IS auditor should verify that:

A. a structured query language (SQL) is used.

B. information import and export procedures exist with other systems.
C. indexes are used.
D. all entities have a significant name and identified primary and foreign keys.

The correct answer is:

A. a structured query language (SQL) is used.

Explanation:
The use of an SQL is a key element for database portability. Import and export of information with
other systems is an objective of a database
interfaces review. The use of an index is an objective of a database access review, and the fact that
all entities have a significant name and
identified primary and foreign keys is an objective of a database design review.

46. To determine which users can gain access to the privileged supervisory state, which of the
following should an IS auditor review?

A. System access log files

B. Enabled access control software parameters
C. Logs of access control violations
D. System configuration files for control options used

The correct answer is:

D. System configuration files for control options used

Explanation:
Review of system configuration files for control options used would show which users have access to
the privileged supervisory state.
Both systems access log files and logs of access violations are detective in nature. Access control
software is run under the operating system.

47. Which of the following is the GREATEST risk related to the monitoring of audit logs?

A. Logs are not backed up periodically.

B. Routine events are recorded.
C. Procedures for enabling logs are not documented.
D. Unauthorized system actions are recorded but not investigated.

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 25/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

The correct answer is:

D. Unauthorized system actions are recorded but not investigated.

Explanation:
If unauthorized system actions are not investigated, the log is useless. Not backing up logs
periodically is a risk but
not as critical as the need to investigate questionable actions. Recording routine events can make
it more difficult to recognize unauthorized actions,
but the critical events are still recorded. Procedures for enabling and reviewing logs should be
documented, but documentation does not ensure investigation.

48. Which of the following is the MOST effective means of determining which controls are functioning
properly in an operating system?

A. Consulting with the vendor

B. Reviewing the vendor installation guide
C. Consulting with the system programmer
D. Reviewing the system generation parameters

The correct answer is:

D. Reviewing the system generation parameters

Explanation:
System generation parameters determine how a system runs, the physical configuration and its
interaction with the workload.

49. Which of the following would an IS auditor expect to find in a console log?

A. Names of system users

B. Shift supervisor identification
C. System errors
D. Data edit errors

The correct answer is:

C. System errors

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 26/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

Explanation:
System errors are the only ones that you would expect to find in the console log.

50. In a TCP/IP-based network, an IP address specifies a:

A. network connection.
B. router/gateway.
C. computer in the network.
D. device on the network.

The correct answer is:

A. network connection.

Explanation:
An IP address specifies a network connection. An IP address encodes both a network and a host on that
network;
it does not specify an individual computer, but provides a connection to a network. A router/gateway
connects two networks and has two IP
addresses. Hence, an IP address cannot specify a router. A computer in the network can be connected
to other networks as well.
It will then use many IP addresses. Such computers are called multihomed hosts. Here, again, an IP
address cannot refer to the computer.
IP addresses do not refer to individual devices on the network, but refer to the connections by which
they are connected to the network.

51. Capacity monitoring software is used to ensure:

A. maximum use of available capacity.

B. that future acquisitions meet user needs.
C. concurrent use by a large number of users.
D. continuity of efficient operations.

The correct answer is:

D. continuity of efficient operations.

Explanation:
https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 27/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

Capacity monitoring software shows the actual usage of online systems vs. their maximum capacity. The
aim is to enable software support
staff to ensure that efficient operation, in the form of response times, is maintained in the event
that use begins to approach the maximum available
capacity. Systems should never be allowed to operate at maximum capacity. Monitoring software is
intended to prevent this.
Although the software reports may be used to support a business case for future acquisitions, it
would not provide information on
the effect of user requirements and it would not ensure concurrent usage of the system by users,
other than to highlight levels of user access.

52. An organization provides information to its supply-chain partners and customers through an
extranet infrastructure.
Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall
security architecture?

A. A Secure Sockets Layer (SSL) has been implemented for user authentication and remote
administration of the firewall.
B. On the basis of changing requirements, firewall policies are updated.
C. Inbound traffic is blocked unless the traffic type and connections have been specifically
permitted.
D. The firewall is placed on top of the commercial operating system with all installation options.

The correct answer is:

D. The firewall is placed on top of the commercial operating system with all installation options.

Explanation:
The greatest concern when implementing firewalls on top of commercial operating systems is the
potential presence of vulnerabilities that
could undermine the security posture of the firewall platform itself. In most circumstances when
commercial firewalls are breached,
that breach is facilitated by vulnerabilities in the underlying operating system. Keeping all
installation options available on the system
further increases the risks of vulnerabilities and exploits. Using SSL for firewall administration
(choice A) is important, changes in user
and supply chain partners' roles and profiles will be dynamic. Therefore, it is appropriate to
maintain the firewall policies daily (choice B),
and prudent to block all inbound traffic unless permitted (choice C).

53. Which of the following would be considered an essential feature of a network management system?

A. A graphical interface to map the network topology

B. Capacity to interact with the Internet to solve the problems
C. Connectivity to a help desk for advice on difficult issues
D. An export facility for piping data to spreadsheets

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 28/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

The correct answer is:

A. A graphical interface to map the network topology

Explanation:
To trace the topology of the network, a graphical interface would be essential. It is not necessary
that each network
be on the Internet and connected to a help desk, and the ability to export to a spreadsheet is not
an essential element.

54. What is a risk associated with attempting to control physical access to sensitive areas, such as
computer rooms, using card keys or locks?

A. Unauthorized individuals wait for controlled doors to open and walk in behind those authorized.
B. The contingency plan for the organization cannot effectively test controlled access practices.
C. Access cards, keys and pads can be easily duplicated allowing easy compromise of the control.
D. Removing access for those who are no longer authorized is complex.

The correct answer is:

A. Unauthorized individuals wait for controlled doors to open and walk in behind those authorized.

Explanation:
The concept of piggybacking compromises all physical control established. Choice B would be of
minimal concern in a disaster recovery environment.
Items in choice C are not easily duplicated. Regarding choice D, while technology is constantly
changing, card keys have existed for
some time and appear to be a viable option for the foreseeable future.

55. Which of the following is an example of the defense in-depth security principle?

A. Using two firewalls of different vendors to consecutively check the incoming network traffic
B. Using a firewall as well as logical access controls on the hosts to control incoming network
traffic
C. Having no physical signs on the outside of a computer center building
D. Using two firewalls in parallel to check different types of incoming traffic

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 29/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

The correct answer is:

B. Using a firewall as well as logical access controls on the hosts to control incoming network
traffic

Explanation:
Defense in-depth means using different security mechanisms that back up each other. When network
traffic passes the firewall unintentionally,
the logical access controls form a second line of defense. Using two firewalls of different vendors
to consecutively check the
incoming network traffic is an example of diversity in defense. The firewalls are the same security
mechanisms.
By using two different products the probability of both products having the same vulnerabilities is
diminished.
Having no physical signs on the outside of a computer center building is a single security measure.
Using two firewalls in
parallel to check different types of incoming traffic is a single security mechanism and therefore
no different than having a
single firewall checking all traffic.

56. When reviewing system parameters, an IS auditor's PRIMARY concern should be that:

A. they are set to meet security and performance requirements.

B. changes are recorded in an audit trail and periodically reviewed.
C. changes are authorized and supported by appropriate documents.
D. access to parameters in the system is restricted.

The correct answer is:

A. they are set to meet security and performance requirements.

Explanation:
The primary concern is to find the balance between security and performance. Recording changes in an
audit trail and periodically reviewing it
is a detective control; however, if parameters are not set according to business rules, monitoring
of changes may not be an effective control.
Reviewing changes to ensure they are supported by appropriate documents is also a detective control.
If parameters are set incorrectly, the related
documentation and the fact that these are authorized does not reduce the impact. Restriction of
access to parameters ensures that only authorized staff
can access the parameters; however, if the parameters are set incorrectly, restricting access will
still have an adverse impact.

57. Which of the following BEST ensures the integrity of a server's operating system?

A. Protecting the server in a secure location

B. Setting a boot password
C. Hardening the server configuration
D. Implementing activity logging

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 30/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

The correct answer is:

C. Hardening the server configuration

Explanation:
Hardening a system means to configure it in the most secure manner (install latest security patches,
properly define the access
authorization for users and administrators, disable insecure options and uninstall unused services)
to prevent nonprivileged users
from gaining the right to execute privileged instructions and thus take control of the entire
machine, jeopardizing the OS's integrity.
Protecting the server in a secure location and setting a boot password are good practices, but do not
ensure that a user will not try to
exploit logical vulnerabilities and compromise the OS. Activity logging has two weaknesses in this
scenario-it is a detective control
(not a preventive one) and the attacker who already gained privileged access can modify logs or
disable them.

58. Which of the following is the MOST probable cause for a mail server being used to send spam?

A. Installing an open relay server

B. Enabling Post Office Protocol (POP3)
C. Using Simple Mail Transfer Protocol (SMTP)
D. Activating user accounting

The correct answer is:

A. Installing an open relay server

Explanation:
An open proxy (or open relay) allows unauthorized people to route their spam through someone else's
mail server.
POP3 and SMTP are commonly used mail protocols. Activating user accounting does not relate to using
a server to send spam.

59. The MOST significant security concern when using flash memory (e.g., USB removable disk) is that
the:

A. contents are highly volatile.

B. data cannot be backed up.
C. data can be copied.
D. device may not be compatible with other peripherals.

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 31/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

The correct answer is:

C. data can be copied.

Explanation:
Unless properly controlled, flash memory provides an avenue anyone to copy any content with ease.
The contents stored in flash memory are not volatile. Backing up flash memory data is not a control
concern,
as the data are sometimes stored as a backup. Flash memory will be accessed through a PC rather than
any other periphereal;
therefore, compatibility is not an issue.

60. Which of the following BEST reduces the ability of one device to capture the packets that are
meant for another device?

A. Filters
B. Switches
C. Routers
D. Firewalls

The correct answer is:

B. Switches

Explanation:
Switches are at the lowest level of network security and transmit a packet to the device to which it
is addressed.
This reduces the ability of one device to capture the packets that are meant for another device.
Filters allow for some basic
isolation of network traffic based on the destination addresses. Routers allow packets to be given or
denied access based on the addresses
of the sender and receiver and the type of packet. Firewalls are a collection of computer and network
equipment used to allow communications to
flow out of the organization and restrict communications flowing into the organization.

61. Which of the following systems-based approaches would a financial processing company employ to
monitor spending patterns to identify abnormal
patterns and report them?

A. A neural network
B. Database management software
C. Management information systems
D. Computer-assisted audit techniques

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 32/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

The correct answer is:

A. A neural network

Explanation:
A neural network will monitor and learn patterns, reporting exceptions for investigation. Database
management software is a method of
storing and retrieving data. Management information systems provide management statistics but do not
normally have a monitoring and detection function.
Computer-assisted audit techniques detect specific situations, but are not intended to learn
patterns and detect abnormalities.

62. A Ping command is used to measure:

A. attenuation.
B. throughput.
C. delay distortion.
D. latency.

The correct answer is:

D. latency.

Explanation:
Latency, which is measured using a Ping command, represents the delay that a message/packet will have
in traveling from source to destination.
A decrease in amplitude as a signal propagates through a transmission medium is called attenuation.
Throughput, which is the quantity of work per
unit of time, is measured in bytes per second. Delay distortion represents delay in transmission
because the rate of propagation of a signal along a
transmission line varies with the frequency.

63. Which of the following hardware devices relieves the central computer from performing network
control, format conversion and message handling tasks?

A. Spool
B. Cluster controller
C. Protocol converter
D. Front-end processor

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 33/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

The correct answer is:

D. Front-end processor

Explanation:
A front-end processor is a hardware device that connects all communication lines to a central
computer to relieve the central computer.

64. The GREATEST risk when end users have access to a database at its system level, instead of
through the application, is that the users can:

A. make unauthorized changes to the database directly, without an audit trail.

B. make use of a system query language (SQL) to access information.
C. remotely access the database.
D. update data without authentication.

The correct answer is:

A. make unauthorized changes to the database directly, without an audit trail.

Explanation:
Having access to the database could provide access to database utilities, which can update the
database without an audit trail and without
using the application. Using SQL only provides read access to information. In a networked
environment, accessing the database remotely does
not make a difference.

What is critical is what is possible or completed through this access. To access a database, it is
necessary that a user is authenticated using a user ID.

65. The most likely error to occur when implementing a firewall is:

A. incorrectly configuring the access lists.

B. compromising the passwords due to social engineering.
C. connecting a modem to the computers in the network.
D. inadequately protecting the network and server from virus attacks.

The correct answer is:

A. incorrectly configuring the access lists.

Explanation:
An updated and flawless access list is a significant challenge and, therefore, has the greatest
https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 34/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

chance for errors at the

time of the initial installation. Passwords do not apply to firewalls, a modem bypasses a firewall
and a virus attack is not an element in
implementing a firewall.

66. Which of the following controls will detect MOST effectively the presence of bursts of errors in
network transmissions?

A. Parity check
B. Echo check
C. Block sum check
D. Cyclic redundancy check

The correct answer is:

D. Cyclic redundancy check

Explanation:
The cyclic redundancy check (CRC) can check for a block of transmitted data.
The workstations generate the CRC and transmit it with the data. The receiving workstation computes a
CRC and compares it to the
transmitted CRC. If both of them are equal, then the block is assumed error free. In this case (such
as in parity error or echo check),
multiple errors can be detected. In general, CRC can detect all single-bit and bubble-bit errors.
Parity check (known as vertical redundancy check)
also involves adding a bit (known as the parity bit) to each character during transmission. In this
case, where there is a presence of bursts of errors
(i.e., impulsing noise during high transmission rates), it has a reliability of approximately 50
percent. In higher transmission rates,
this limitation is significant. Echo checks detect line errors by retransmitting data back to the
sending device for comparison with the original
transmission.

67. Neural networks are effective in detecting fraud because they can:

A. discover new trends since they are inherently linear.

B solve problems where large and general sets of training data are not obtainable.
C. attack problems that require consideration of a large number of input variables.
D. make assumptions about the shape of any curve relating variables to the output.

The correct answer is:

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 35/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

C. attack problems that require consideration of a large number of input variables.

Explanation:
Neural networks can be used to attack problems that require consideration of numerous input
variables.
They are capable of capturing relationships and patterns often missed by other statistical methods,
and
they will not discover new trends. Neural networks are inherently nonlinear and make no assumption
about the shape of any curve
relating variables to the output. Neural networks will not work well at solving problems for which
sufficiently large and general
sets of training data are not obtainable.

68. Which of the following would enable an enterprise to provide access to its intranet (i.e.,
extranet) to its business partners across the Internet?

A. Virtual private network

B. Client-server
C. Dial-in access
D. Network service provider

The correct answer is:

A. Virtual private network

Explanation:
A virtual private network (VPN) allows external partners to securely participate in the extranet
using public networks as a transport or
shared private networks. Because of its low cost, using public networks (Internet) as a transport is
the principal method.
VPNs rely on tunneling/encapsulation techniques, which allow the Internet protocol (IP) to carry a
variety of different protocols
(e.g., SNA, IPX, NETBEUI). A client-server (choice B) does not address extending the network to
business partners
(i.e., client-server refers to a group of computers within an organization connected by a
communications network where the client is the
requesting machine and the server is the supplying machine). Choice C refers to remote users
accessing a secured environment.
It is the means, not the method, of providing access to a network. A network service provider (choice
D) may provide services to
a shared private network by providing Internet services, but it does not extend to an organization's
intranet.

69. By establishing a network session through an appropriate application, a sender transmits a

message by breaking it into packets,
but the packets may reach the receiver out of sequence. Which OSI layer addresses the out-of-sequence
message through segment sequencing?

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 36/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

A. Network layer
B. Session layer
C. Application layer
D. Transport layer

The correct answer is:

D. Transport layer

Explanation:
The function of resequencing packets (segment) received out of order is taken care of by the
transport layer.
Neither the network, session or application layers address resequencing.

70. The interface that allows access to lower- or higher-level network services is called:

A. firmware.
B. middleware.
C. X.25 interface.
D. utilities.

The correct answer is:

B. middleware.

Explanation:
Middleware, a class of software employed by client-server applications, provides services, such as
identification, authentication,
directories and security. It facilitates client-server connections over the network and allows client
applications to access and
update remote databases and mainframe files. Firmware consists of memory chips with embedded program
code that hold their content
when the power is turned off. X.25 interface is the interface between data terminal equipment and
data circuit terminating equipment
for terminals operating in the packet mode on some public data networks. Utilities are system
software used to perform system maintenance
and routines that are required during normal processing, such as sorting or backup.

71. Which of the following is a control over component communication failure/errors?

A. Restricting operator access and maintaining audit trails

B. Monitoring and reviewing system engineering activity
C. Providing network redundancy
D. Establishing physical barriers to the data transmitted over the network
https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 37/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

The correct answer is:

C. Providing network redundancy

Explanation:
Redundancy by building some form of duplication into the network components, such as a link, router
or switch, to prevent loss,
delays or data duplication is a control over component communication failure or error. Other related
controls are loop/echo checks
to detect line errors, parity checks, error correction codes and sequence checks. Choices A, B and D
are communication network controls

72. After installing a network, an organization installed a vulnerability assessment tool or security
scanner to identify possible weaknesses.
Which is the MOST serious risk associated with such tools?

A. Differential reporting
B. False-positive reporting
C. False-negative reporting
D. Less-detail reporting

The correct answer is:

C. False-negative reporting

Explanation:
False-negative reporting on weaknesses means the control weaknesses in the network are not identified
and, hence, may not be addressed,
leaving the network vulnerable to attack. False-positive reporting is one in which the controls are
in place, but are evaluated as weak,
which should prompt a rechecking of the controls. Less-detail reporting and differential reporting
functions provided by these tools
compare scan results over a period of time.

73. The following question refers to the diagram below.

In the 2c area on the diagram, there are three hubs connected to each other. What potential risk
might this indicate?

A. Virus attack
B. Performance degradation
C. Poor management controls
https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 38/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

D. Vulnerability to external hackers

The correct answer is:

B. Performance degradation

Explanation:
Hubs are internal devices that usually have no direct external connectivity and, thus, are not prone
to hackers.
There are no known viruses that are specific to hub attacks. While this situation may be an indicator
of poor management controls,
choice B is more likely when the practice of stacking hubs and creating more terminal connections is
used.

74. When reviewing the implementation of a LAN, the IS auditor should FIRST review the:

A. node list.
B. acceptance test report.
C. network diagram.
D. user's list.

The correct answer is:

C. network diagram.

Explanation:
To properly review a LAN implementation, the IS auditor should first verify the network diagram and
confirm the approval.
Verification of nodes from the node list and the network diagram would be next followed by a review
of the acceptance test report and
then the user's list.

75. To evaluate the referential integrity of a database, an IS auditor should review the:

A. composite keys.
B. indexed fields.
C. physical schema.
D. foreign keys.

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 39/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

The correct answer is:

D. foreign keys.

Explanation:
A foreign key is a column in a table that references a primary key of another table, thus providing
the referential integrity.
Composite keys consist of two or more columns designated together as a table's primary key. Field
indexing speeds up searches,
but does not ensure referential integrity. Referential integrity is related to the logical schema,
not the physical schema.

76. For an online transaction processing system, transactions per second is a measure of:

A. throughput.
B. response time.
C. turnaround time.
D. uptime.

The correct answer is:

A. throughput.

Explanation:
Throughput measures how much work is done by a system over a period of time; it measures the
productivity of the system.
In an online transaction processing system, transactions per second is a throughput index. Response
time is defined as the length of
time that elapsed between submission of an input and receipt of the first character of output in an
online system. Turnaround time is
the length of time that elapsed between submission of a job and receipt of a completed output. It is
a measure of timeliness in a batch system.
The percentage of time that the system is available for processing is called uptime or a reliability
index; thus, this is not the correct answer.

77. An IS auditor is performing a network security review of a telecom company that provides Internet
connection services to shopping malls
for their wireless customers. The company uses Wireless Transport Layer Security (WTLS) and Secure
Socket Layers (SSL) technology for protecting
their customer's payment information. The IS auditor should be MOST concerned, if a hacker:

A. compromised the Wireless Application Protocol (WAP) gateway.

B. installed a sniffing program in front of the server.
C. stole a customer's PDA.
D. listened to the wireless transmission.

The correct answer is:

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 40/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

A. compromised the Wireless Application Protocol (WAP) gateway.

Explanation:
In a WAP gateway, the encrypted messages from customers must be decrypted to transmit to the Internet
and vice versa.
Therefore, if the gateway is compromised all of the messages would be exposed. SSL protects the
messages from sniffing on the Internet,
limiting disclosure of the customer's information. WTLS provides authentication, privacy and
integrity and prevents messages from eavesdropping.

78. An IS auditor is performing an audit of a network operating system. Which of the following is a
user feature the IS auditor should review?

A. Availability of online network documentation

B. Support of terminal access to remote hosts
C. Handling file transfer between hosts and interuser communications
D. Performance management, audit and control

The correct answer is:

A. Availability of online network documentation

Explanation:
Network operating system user features include online availability of network documentation. Other
features would be user access to
various resources of network hosts, user authorization to access particular resources, and the
network and host computers used without
special user actions or commands. Choices B, C and D are examples of network operating systems
functions among which the following are included:
supporting terminal access to remote hosts, handling file transfer between hosts and interuser
communications.

79. Which of the following would help to ensure the portability of an application connected to a
database? The:

A. verification of database import and export procedures.

B. usage of a structured query language (SQL).
C. analysis of stored procedures/triggers.
D. synchronization of the entity-relation model with the database physical schema.

The correct answer is:

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 41/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

B. usage of a structured query language (SQL).

Explanation:
The use of SQL facilitates portability. Verification of import and export procedures with other
systems ensures better
interfacing with other systems, analyzing stored procedures/triggers ensures proper
access/performance, and reviewing the design
entity-relation model will all be helpful but do not contribute to the portability of an application
connecting to a database.

80. In an online transaction processing system, data integrity is maintained by ensuring that a
transaction is either completed in
its entirety or not at all. This principle of data integrity is known as:

A. isolation.
B. consistency.
C. atomicity.
D. durability.

The correct answer is:

C. atomicity.

Explanation:
The principle of atomicity requires that a transaction be completed in its entirety or not at all. If
an error or interruption occurs,
all changes made up to that point are backed out. Consistency ensures that all integrity conditions
in the database be maintained with each transaction.
Isolation ensures that each transaction is isolated from other transactions, and hence, each
transaction only accesses data that are part of a
consistent database state. Durability ensures that, when a transaction has been reported back to a
user as complete, the resultant changes to the
database will survive subsequent hardware or software failures.

81. Which of the following would BEST support 24/7 availability?

A. Daily backup
B. Offsite storage
C. Mirroring
D. Periodic testing

The correct answer is:

C. Mirroring

Explanation:
Mirroring of critical elements is a tool that facilitates immediate recoverability. Daily backup
implies that it is reasonable for
restoration to take place within a number of hours but not immediately. Offsite storage and periodic
testing of systems do not,
of themselves, support continuous availability.

82. A hub is a device that connects:

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 42/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt

A. two LANs using different protocols.

B. a LAN with a WAN.
C. a LAN with a metropolitan area network (MAN).
D. two segments of a single LAN.

The correct answer is:

D. two segments of a single LAN.

Explanation:
A hub is a device that connects two segments of a single LAN. A hub is a repeater.
It provides transparent connectivity to users on all segments of the same LAN. It is a level 1
device.
A bridge operates at level 2 of the OSI layer and is used to connect two LANs using different
protocols (e.g., joining an ethernet and token network)
to form a logical network. A gateway, which is a level 7 device, is used to connect a LAN to a WAN.
A LAN is connected with a MAN, which operates in the network layer using a router.

83. In a LAN environment, which of the following minimizes the risk of data corruption during
transmission?

A. Using end-to-end encryption for data communication

B. Using separate conduits for electrical and data cables
C. Using check sums for checking the corruption of data
D. Connecting the terminals using a star topology

The correct answer is:

B. Using separate conduits for electrical and data cables

Explanation:
Using separate conduits for data cables and electrical cables, minimizes the risk of data corruption
due to an induced magnetic field
created by electrical current. Data encryption minimizes the risk of data leakage in case of wire
tapping; however, it cannot prevent corruption.
A check sum will help detect the data corruption during communication, but will not prevent it. Using
a star topology will increase the speed of
communication, but will not detect the corruption.

84. Which of the following is widely accepted as one of the critical components in networking
management?

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 43/44
6/1/23, 5:09 PM https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt
A. Configuration management
B. Topological mappings
C. Application of monitoring tools
D. Proxy server trouble shooting

The correct answer is:

A. Configuration management

Explanation:
Configuration management is widely accepted as one of the key components of any network, since it
establishes how the network will
function both internally and externally. It also deals with the management of configuration and
monitoring performance.
Topological mappings provide outlines of the components of the network and its connectivity.
Application monitoring is not essential and proxy server trouble shooting is used for trouble-
shooting purposes.

--------------------------------------------------------------------------------

Close Window | Instruction Page

Copyright © 2002-5 Information Systems Audit and Control Association. All rights reserved.

USE RESTRICTIONS

The Question Database and Software ("CISA Sample Exam") is copyrighted. Licensee may not and Licensee
may not permit others to (a) disassemble, decompile, or otherwise derive source code from the CISA
Sample Exam, (b) reverse engineer the CISA Sample Exam, (c) modify or prepare derivative works of the
CISA Sample Exam, (d) copy the CISA Sample Exam (e) rent or lease the CISA Sample Exam, (f) use the
CISA Sample Exam in an on-line system, (g) use the CISA Sample Exam in any manner that infringes the
intellectual property or other rights of another party, or (h) transfer the CISA Sample Exam or any
copy thereof to another party. Unauthorized copying of the CISA Sample Exam is expressly forbidden.
Licensee may not reproduce the CISA Sample Exam or any part thereof. You may not create derivative
works, including translations, of the CISA Sample Exam or any part thereof without the prior written
consent of ISACA. Licensee may make printed media copies of the quiz and scored results, so long as
such copies do not include any part of the Software, for non-commercial, personal use including
transmission by any means including electronic, mechanical, recording, or otherwise.

https://www.taxheal.com/wp-content/uploads/2016/07/QA_3.txt 44/44