The document discusses various IT audit concepts and controls. It provides definitions and descriptions of:
1. The audit charter and IT balanced scorecard as governance tools
2. Logical access controls and attribute sampling for compliance testing
3. Monitoring outsourced provider performance and parallel run as a system conversion strategy
4. Intrusion detection systems and the importance of separating backup files from the primary data center
Cisa_AB special top pointer’s, expect questions in exam form this topic
1. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
✔Audit Charter: The audit charter should state management's objectives for
and delegation of authority to IS audit. Should be approved at the highest
levels of management, and should outline the overall authority scope, and
responsibilities of the audit function. It should not significantly change over
time.
✔IT Balanced Scorecard: An IT business governance tool aimed at monitoring
IT performance evaluation indicators OTHER THAN financial results. It
considers other key success factors such as customer satisfaction, innovation
capacity, and processing.
✔Stop or Freezing Point during New System Design Requires that changes
made after that point be evaluated for cost-effectiveness. Used to allow for a
review of the cost-benefits and the payback period.
✔Clustered Server Setup makes the entire network vulnerable to natural
disasters or other disruptive events. Not recommended for high-availability
network configurations.
✔Logical Access Controls the PRIMARY safeguard for securing software and
data within an information processing facility.
✔The most important criterion when selecting a location for an offsite storage
facility for IS backup files. The offsite facility must be PHYSICALLY SEPARATED
from the data centre and not subject to the same risks as the primary data
centre.
✔Attribute sampling: The primary sampling method used for compliance
testing. AS is used to estimate the rate of occurrence of a specific quality
(attribute) AND is used in compliance testing to confirm whether the quality
exists.
✔Monitoring an outsourced provider's performance. The MOST important
function to be performed by IS management when a service has been
outsourced. This is critical to ensure that services are delivered to the company
as required.
2. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
✔Parallel Run: The system and data conversion strategy that provides the
GREATEST redundancy. The safest and the most expensive approach.
✔Adequate and most appropriate compensating control to track after-hours
database changes. Use the DBA user account to make changes. Log the
changes and review the change log the following day.
✔Intrusion Detection System (IDS) - Gathers evidence on intrusive attack or
penetration attempt activity.
✔Business Continuity Plan (BCP) covers only critical processes. The IT auditor
should: Revisit and/or update the Business Impact Analysis (BIA) to assess the
risk of not covering all processes in the plan.
✔Audit Planning: Assessment of Risk Should be made to provide REASONABLE
ASSURANCE that the audit will cover MATERIAL items.
✔Training provided on a regular basis to all current and new employees. The
MOST LIKELY element of a security awareness program.
✔Function Point Analysis: An indirect method of measuring the size of an
application by considering the number and complexity of its inputs, outputs,
and files. Is useful for evaluating complex applications.
✔PERT (Program evaluation review technique): A project management
technique that helps with both planning and control.
SLOC (Counting source lines of code): A direct measure of program size.
Does NOT allow for the complexity that may be caused by having multiple,
linked modules and a variety of inputs and outputs.
White Box Testing: Involves a detailed review of the behaviour of
program code, and is a quality assurance technique suited to simpler
applications during the design and build stage of development.
3. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
Security patch installations: should always be part of a good change
management process.
Degaussing obsolete magnetic tapes: The best way to remove data
from magnetic tapes. Leaves a very low residue of magnetic induction.
Overwriting or erasing tapes may cause magnetic errors but may not remove
the data completely. Tape label initialization does not remove the data that
follows the label.
The MOST important concern when auditing backup, recovery, and the
offsite storage vault that the data files stored in the vault are synchronized.
When evaluating the collective effort of preventive, detective, or
corrective controls within a process, an IS auditor should be aware of: The
point at which controls are EXERCISED as data flow through the system.
The BEST audit technique to use to determine whether there have been
unauthorized program changes since the last authorized program update
automated code comparison: automated, efficient technique to determine
whether the two versions correspond. Test data runs only allow for processing
verification. Code review will only detect potential errors or inefficient
statements.
IT Control Objectives: The statement of the desired result or purpose to
be achieved by implementing control procedures in a particular IT activity.
The PRIMARY purpose for conducting parallel testing is: To ensure that
the implementation of a new system will meet user requirements.
4. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
An analysis of peaking/saturated WAN links should result in: Analysis
to establish whether this is a regular pattern and what causes this behaviour
before expenditure on a larger line capacity is recommended.
Immunizers: Defends against viruses by appending sections of
themselves to files. They continuously check the file for changes and report
changes as possible viral behaviour.
Behaviour blockers: Focus on detecting potentially abnormal behaviour,
such as writing to the boot sector or MBR, or making changes to EXEs.
CRCs (Cyclical Redundancy Checkers): Compute a binary number on a
known virus-free program that is then stored in a database file. When that
program is subsequently called to be executed, the checkers look for changes
to the files, compare them to the database, and report possible infection if
changes have occurred.
Active Monitors: Interpret DOS and ROM BIOS calls, looking for virus-
like actions.
The DR/Continuity Plan component that provides the GREATEST
assurance of post-disaster recovery: That an alternate facility will be available
until the original information processing facility is restored.
Email systems have become a useful source of litigation evidence
BECAUSE: Multiple cycles of backup files remain available, and documents that
have been deleted could potentially be recovered from these files.
5. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
By evaluating application development projects against the Capability
Maturity Model (CMM), an IS auditor should be able to verify that: Stable,
predictable software processes are being followed. However, CMM does NOT
guarantee a reliable product, nor does it evaluate technical processes, security
requirements, or other application controls.
The MOST IMPORTANT element for the successful implementation of
IT governance is: The identification of organizational strategies. This is
necessary to ensure the alignment between IT and corporate governance. The
KEY objective of IT governance is to support the business.
Stress testing is carried out to ensure that a system can cope with
production workloads. A test environment should always be used to avoid
damaging the production environment - testing should never take place in a
production environment. Live workloads should always be used, however, to
ensure that the system was stress tested adequately.
Periodic checking of hard drives. The MOST effective way to detect and
identify the loading of illegal software packages onto a network.
Which control best mitigates the risk of undetected and unauthorized
program changes being made in the production environment by developers?
Hash key generation. The matching of hash keys over time would allow
detection of changes to files.
Naming conventions for system resources are important for access
control because they: Reduce the number of rules required to adequately
protect resources. This facilitates security administration and maintenance
efforts, and allows for the grouping of resources and files by application.
6. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
When faced with multiple minor control weaknesses, the IS auditor's
audit report should: Record the observations and the risk arising from the
COLLECTIVE effect of the weaknesses.
It IS appropriate for an IT auditor to request and review a copy of a BCP
from each vendor that provides outsourced services. TRUE: An IS auditor will
evaluate the adequacy of the service bureau's BCP and assist their company in
implementing a complementary plan. The primary responsibility of an IS
auditor is to assure that the company assets are being safeguarded, even if the
assets do not reside on the immediate premises.
The PRIMARY concern with using RFID (radio frequency identification)
is: Issues of privacy. The purchaser (P) may not be aware of the tags, and
credit card purchases may be able to be tied back to the identity of P. Because
RFID can carry unique identifiers, it could be possible for a firm to track Ps who
purchase items containing RFIDs.
A proprietary software application purchase contract SHOULD provide
for: A source code agreement that provides for the placement of the source
code into escrow, ensuring that the purchaser will have the opportunity to
modify the software should the vendor cease to be in business.
When faced with control weaknesses, the IS auditor should stress that:
A comprehensive system control framework is necessary. Ex. effective access
controls may not sufficiently compensate for other detective control
weaknesses. The IS auditor has a FUNDAMENTAL obligation to point out
control weaknesses that give rise to unacceptable risks to the organization,
and work with management to have these corrected.
7. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
Simultaneous duplication of logs onto a write-once disk, helps to:
Detect changes made by unauthorized intruders to systems/platforms.
Application-level Gateway Provides the BEST protection against hacking
attempts. It can define with detail rules that describe the type of user or
connection that is or is not permitted. Analyses ALL layers of the OSI. Remote
Access servers require a user name/password, but can still be mapped or
scanned. Proxy servers provide protection based on an IP addresses and ports,
and can be complex or difficult to configure for multiple applications. Port
scanning doesn't help with controlling Internet content, or when all ports need
to be controlled.
Which is the MOST effective and environmentally friendly method of
supressing a fire in a data center? Dry-pipe water sprinkler’s, with an
automatic power shut-off system. The pipes must be dry-pipe so as to avoid
leakage. Halon is efficient and doesn't threaten human life, but it is
environmentally damaging and very expensive. Carbon Dioxide threatens
human life (but is safe for the environment), and therefore cannot be set to
automatic release.
Which finding would be MOST critical during an audit of a BCP?
Absence of a backup for the network backbone. This failure will impact the
ability of all users to access information on the network.
The SUCCESS of control self-assessment (CSA) depends highly on:
Having line managers assume a portion of the responsibility for control
monitoring. The primary objective of a CSA program is to leverage the internal
audit function by shifting some of the control monitoring responsibilities to the
functional area line managers.
8. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
1. Non-existent 2. Initial 3. Repeatable 4. Defined 5. Managed
6.Optimized. These are rankings used by the Information Security Governance
Maturity Model. When responsibilities for IT security are clearly assigned and
enforced, and an IT Security Risk and Impact Analysis is consistently
performed, it is said to be managed and measurable.
Which type of testing would confirm that a new or modified system
can operate in its target environment without adversely impacting EXISTING
systems? SOCIABILITY testing. PARALLEL testing is the process of feeding data
into 2 systems and comparing the results. PILOT testing takes place first at one
location and then is extended to other locations. INTERFACE/INTEGRATION
testing is a HW or SW test that evaluates the connection of 2 or more
components that pass info from one area to another.
Documentation of a business case used in an IT development project
should be retained until: The end of the system's life cycle.
Which type of firewall provides the GREATEST degree and granularity
of control? The APPLICATION GATEWAY firewall - it has specific proxies for
each TCP/IP service, and filters traffic across OSI L3-L7. A Screening Router and
a Packet Filter works at the protocol, service and/or port level (L3-L4). A Circuit
Gateway is based on a proxy or program that acts as an intermediary between
external and internal accesses (L3/L4).
To ensure message integrity, confidentiality, and nonrepudiation
between 2 parties, the MOST effective method would be to create a message
digest by applying a cryptographic hashing algorithm against: The ENTIRE
message, enciphering the MESSAGE DIGEST using the SENDER'S PRIVATE KEY
(nonrepudiation), enciphering the MESSAGE with a SYMMETRIC KEY, and
enciphering the KEY by using the RECEIVER'S PUBLIC KEY (confidentiality and
receiver nonrepudiation).
9. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
What is the initial step in creating a firewall policy? Identification of
network applications to be externally accessed.
In a BCP, the MAJOR risk with not defining the point at which a situation
could be declared a crisis is: That execution of the DRP/BCP could be impacted.
A top-down approach to the development of operational policies will
help ensure: That they are consistent across the organization. A bottom-up
approach would be derived as a result of risk assessment.
Which approach will BEST ensure the successful offshore development
of business applications? Detailed and correctly applied specifications.
The FIRST step in managing the risk of a cyberattack is to: Identify
critical information assets. After this, the next steps include identifying the
threats and vulnerabilities, and calculating potential damages.
Which component of network architecture acts as a decoy to detect
active Internet attacks? HONEYPOTS - these are computer systems that are
expressly set up to attract and trap individuals who attempt to penetrate
others individuals' computer systems. They can provide data on methods used
to attack systems. FIREWALLS are basically preventative measures.
TRAPDOORS create a vulnerability that provides an opportunity for the
insertion of unauthorized code into a system. TRAFFIC ANALYSIS is a type of
passive attack.
10. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
NEURAL networks are effective in detecting FRAUD because they can:
Attack problems that require consideration of a large number of input
variables. They can capture relationships and patterns, BUT NOT new trends.
Neural networks will not work well at solving problems for which sufficiently
large and general sets of training data are not obtainable.
Which computers would be of the MOST concern to an IS auditor
reviewing a VPN implementation? The at-home computers of employees who
connect via VPN. These are least subject to corporate security policies, and are,
therefore, high-risk.
When developing a risk-based audit strategy, an IS auditor should
conduct a risk assessment to ENSURE that: Vulnerabilities and threats are
identified. This will determine the areas to be audited and the extent of
coverage.
AFTER a review applications (assets) and making a vulnerability
assessment, the next task(s) would be to: (1) Identify threats, and (2) estimate
the likelihood of a threat's occurrence.
Which of the following backup techniques is the MOST appropriate
where an organization requires extremely granular data restore points, as
defined by the recovery point objective (RPO)? Continuous data backup - this
process happens online, and in real-time.
An organization is using an enterprise resource management (ERP)
application. Which type of controls would be the MOST effective? Role-based
access controls (RBAC). RBAC controls the system access by defining roles for a
group of users. Users are assigned to the various roles and the access is
granted based on the user's role. User-level permissions would create larger
11. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
administrative overhead. Fine-grained access control is difficult to implement
and maintain in large enterprises. Discretionary access control may create
inconsistencies in the access control management.
When reviewing an implementation of a VoIP system over a corporate
WAN, an IS auditor should expect to find: Traffic engineering. This is a
statistical technique that helps to ensure that quality of service requirements
are achieved by minimizing packet loss, latency, and/or jitter.
An IS auditor doing penetration testing during an audit of Internet
connections would: Use tools and techniques available to a hacker.
The GREATEST advantage of using web services for the exchange of
information between two systems is: Efficient interfacing. Web services
facilitate the exchange of information between two systems regardless of the
OS or programming language used. Communication, however, will not
necessarily securer or faster, and there is no documentation benefit in using
web services.
What reduces the potential impact of social engineering attacks?
Security awareness programs.
Which of the following should an IS auditor review to gain an
understanding of the effectiveness of controls over the management of
multiple projects? A project portfolio database. This is the basis for project
portfolio management, and includes detailed project data. Project portfolio
management requires specific project portfolio reports.
Which of the following online auditing techniques is MOST effective for
the early detection of errors or irregularities? AUDIT HOOKS. The audit hook
technique involves embedding code in application systems for the examination
12. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
of selected transactions. This helps the IS auditor to act before an error or an
irregularity gets out of hand. An EMBEDDED AUDIT MODULE involves
embedding specially-written software in the organization's host application
system so that application systems are monitored on a selective basis. An
INTEGRATED TEST FACILITY is used when it is not practical to use test data.
SNAPSHOTS are used when an audit trail is required.
If coding standards are not enforced and code reviews are rarely carried
out, this will MOST increase the likelihood of a successful: BUFFER OVERFLOW
ATTACK (especially in web-based applications). BRUTE FORCE attacks are used
to crack passwords. DDOS attacks are used to flood and overwhelm its targets,
preventing them from responding to legitimate requests. WAR DIALING uses
modem-scanning tools to hack PBXs.
A BENEFIT of open system architecture is that it: Facilitates operability
between systems made by different vendors. Closed system components are,
in contrast, built to proprietary standards and cannot (or will not) interface
with existing systems.
Web and email filtering tools are PRIMARILY valuable to an organization
because they: Protect the organization from viruses, spam, mail chains,
recreational surfing and email, and other non-business materials.
The PRIMARY objective of service-level management (SLM) is to: Define,
negotiate, agree, document and record, and manage the required levels of
service in the manner in which the customer requires those services. This
doesn't necessarily ensure high availability, or that costs will be minimized.
An IS auditor performing a telecommunications access control review
should be concerned PRIMARILY with the: Preventative control of
authorization and authentication of a user prior to granting access to system
13. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
resources. Weak controls at this level can affect all other aspects of the
system.
Which IT governance best practice IMPROVES strategic alignment? Top
management mediating between the imperatives of business and technology.
Managing supplier and partner risks is a RISK MANAGEMENT best practice. A
knowledge base on customers, products, markets and processes is an IT VALUE
DELIVERY best practice. An infrastructure being provided to facilitate the
creation and sharing of business information is an IT VALUE DELIVERY and a
RISK MANAGEMENT best practice.
At the completion of a system development project, a post project
review SHOULD include: Identifying LESSONS LEARNED that may be applicable
to future projects.
If no project risks have been identified during the early stages of a
development project, the IS auditor SHOULD: Stress the importance of
spending time at THIS point in the project to consider and document risks, and
to develop contingency plans. The IS auditor has an obligation to the project
sponsor and the organization to advise on appropriate project management
practices.
An IS auditor reviewing an organization's data file control procedures
finds that transactions are applied to the most current data files, while restart
procedures use earlier versions. The IS auditor should recommend the
implementation of: VERSION USAGE CONTROL when it is essential that the
proper version of a file is used.
If an IS auditor finds that the risk of data being intercepted to and from
remote sites is very high, the MOST effective and secure control that he can
recommend to reduce this exposure is: ENCRYPTION
14. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
If an IS auditor finds that conference rooms have active network ports, it
is MOST important to ensure that: That part of the network is ISOLATED from
the corporate network.
Which represents the GREATEST risk created by a reciprocal agreement
for disaster recovery between two companies? That future developments may
result in hardware and software incompatibility.
An Internet-based attack using password sniffing CAN: Be used to gain
access to systems containing proprietary information. SPOOFING attacks can
be used to enable one party to act as if they are by another party. DATA
MODIFICATION attacks can be used to modify the contents of certain
transactions. REPUDIATION OF TRANSACTIONS can cause major problems with
billing systems and transaction processing agreements.
What type of controls would an IS auditor look for in an environment
where duties cannot be appropriately segregated? COMPENSATING controls
are internal controls that are intended to reduce the risk of an existing or
potential control weakness that may arise when duties cannot be
appropriately segregated. OVERLAPPING controls are two controls addressing
the same control objective or exposure. BOUNDARY controls establish the
interface between the would-be user of a computer system and the computer
system itself, and are individual-based
Which of the following is a concern when data are transmitted through
Secure Socket Layer (SSL) encryption, implemented on a trading partner's
server? That the organization doesn't have control over encryption. The SSL
security protocol provides data encryption, server authentication, message
integrity, and optional client authentication. Simply installing a digital
certificate turns on SSL capabilities, and SSL encrypts the datum while it is
15. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
being transmitted over the Internet - there is no PW to remember b/c the
encryption is done in the background.
Where a business system accesses a corporate database using a single
ID and PW embedded in a program, what would provide efficient access
control over the organization's data? The best compensating control would be
role-based permissions within the application system to ensure that access to
data is granted based on a user's role. The issue is with permissions, not
authentication.
What would have the HIGHEST priority in a business continuity plan
(BCP)? The resumption of critical processes has the highest priority since it
enables business processes to begin immediately after the interruption and
not later than the declared mean time between failures (MTBF).
A company has decided to implement an electronic signature scheme
based on PKI. The user's private key will be stored on the computer's HDD and
protected by a PW. The MOST significant risk of this approach is: That a
compromise of the PW would enable access to the signature, which could
result in the impersonation of the user by substitution of the user's public key
with another person's public key.
If an IS auditor notes that an organization has adequate BCPs for each
individual process, but not a comprehensive BCP for the entire organization,
the IS auditor should: Determine whether the BCPs are consistent with one
another in order to provide a viable BCP strategy.
To protect a VoIP infrastructure against a DoS attack, it is MOST
important to secure the: SESSION BORDER CONTROLLERS. SBCs enhance the
security in the access network (AN) and in the core. In the AN, they hide a
user's real address and provide a managed public address. SBCs permit access
to clients behind FWs while maintaining the FW's effectiveness. In the core,
16. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
SBCs protect the users and the network. They hide network topology and
user's real addresses. They can also monitor bandwidth and QoS.
A web server is attacked and compromised. What should be performed
FIRST to handle the incident? Disconnect the web server from the network to
contain the damage and prevent more actions by the attacker.
When developing a BCP, which tools should be used to gain an
understanding of the organization's business processes? RISK ASSESSMENT
(RA) and BUSINESS IMPACT ASSESSMENT (BIA) are tools for understanding
business-for-business continuity planning. BUSINESS CONTINUITY SELF-AUDIT
is a tool for evaluating the adequacy of a BCP. RESOURCE RECOVERY ANALYSIS
is a tool for identifying a business resumption strategy. GAP ANALYSIS can be
used to identify deficiencies in a BCP plan.
What would be a considered a weakness, with regard to an organization
that uses PKI with digital certificates? If the organization is also the owner of
the certificate authority (CA), this could potentially create a perceived conflict
of interest if customers wanted to allege fraud during a transaction
repudiation.
The PRIMARY role of the certificate authority (CA) as a third party is to:
Confirm the identity of an entity owning a certificate issued by that CA. The
primary activity of a CA is to issue certificates. The CA can contribute to
authenticating communicating partners, but is not involved in the
communication stream itself.
An IS auditor reviewing wireless network security determines that DHCP
is disabled at all WAPs. This practice: Reduces the risk of unauthorized access
to the network.
17. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
The PRIMARY objective of testing a BCP is to: Identify and provide
evidence of any limitations of the current BCP.
What method might an IS auditor use to test wireless security at branch
office locations? WAR DRIVING - this is a technique for locating and gaining
access to wireless networks by driving or walking with a wireless equipped
computer around a building. WAR DIALING is a technique for gaining access to
a computer or network through the dialling of defined blocks of telephone
numbers, with the hope of getting an answer from a modem. SOCIAL
ENGINEERING is a technique used to gather info that can assist an attacker in
gaining logical or physical access to data or resources. PASSWORD CRACKERS
are tools used to guess users' PWs by trying combinations and dictionary
words.
Confidentiality of data transmitted in a WLAN is BEST protected if the
session is: Encrypted using DYNAMIC KEYS. With dynamic keys, the encryption
key is changed frequently, thus reducing the risk of key compromise and
unauthorized message decryption.
DDoS attacks on Internet sites are typically evoked by hackers by using:
TROJAN HORSES - these are malicious or damaging code hidden within an
authorized computer program. Hackers use Trojans to mastermind DDoS
attacks from multiple computers simultaneously. LOGIC BOMBS are programs
designed to destroy or modify data at a specific time in the future. PHISHING is
an attack, normally via email, pretending to be an authorized person or
organization requesting information. SPYWARE is a program that picks up
information from PC drives by making copies of their contents.
18. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
Which anti-spam filtering technique would BEST prevent a valid,
variable-length email message containing a heavily-weighted spam keyword
from being labelled as spam? BAYESIAN (STATISTICAL) FILTERING - BF applies
statistical modelling to messages by performing a frequency analysis on each
word within the message and then evaluating the message as a whole. It can
ignore a suspicious keyword if the entire message is within normal bounds.
HEURISTIC FILTERING is less effective since new exception rules may need to
be defined when a valid message is labelled as spam. SIGNATURE-BASED
FILTERING is useless against variable-length messages because the calculated
MD5 hash changes all the time. PATTERN MATCHING is actually a degraded
rule-based technique where the rules operate at the word level using
wildcards, and not at higher levels.
When determining the ACCEPTABLE time period for the RESUMPTION of
critical business processes: BOTH downtime AND recovery costs need to be
evaluated. The outcome of a BIA should be a recovery strategy that represents
the optimal balance,
Where a mix of access points cannot be upgraded to stronger or more
advanced wireless security, a recommendation to replace the access points is
BEST justified by the argument that: The organization's security would only be
as strong as its weakest points. Affordability, performance, and product
manageability is NOT the IS auditor's concern in this situation.
From a control perspective, the PRIMARY objective of classifying
information assets is to: Establish guidelines for the level of access controls
that should be assigned. Information has varying degrees of sensitivity and
criticality in meeting business objectives. By assigning classes or levels of
sensitivity and criticality to information resources, management can establish
guidelines for the level of access controls that should be assigned. End user
management and the security administrator will use these classifications in
their risk assessment (RA) process to assign a given class to each asset.
19. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
Which biometric has the HIGHEST RELIABILITY and the LOWEST FALSE-
ACCEPTANCE RATE (FAR)? RETINA SCAN. Retina scan uses optical technology to
map the capillary pattern of an eye's retina. This is highly reliable and has the
lowest FAR among the current biometric methods. PALM SCANNING entails
placing a hand on a scanner where the palm's physical characteristics are
captured. HAND GEOMETRY measures the physical characteristics of the user's
hands and fingers from a 3-D perspective. Both the palm and hand biometric
techniques lack uniqueness in the geometry data. With FACE RECOGNITION, a
reader analyses the images captured for general facial characteristics. Though
natural and friendly, face biometrics lack uniqueness which means that people
who look alike can fool the device.
20. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
-Domain 4-
1. Shadow file = Exact duplicate is maintained in the same remote site.
2. Hard disk Mirroring – Provides redundancy in case of failure.
3. Electronic Vaulting – Not Real-time. Send data either to the direct
access storage or an optical disc.
4. Portability - Vendor Lock in clause Removed
5. Efficient ways to test the design effectiveness of Change Control Process
= Observation perform end to end walk in through.
6. Inheritance - An object us called by another module and inherits its data
from calling module.
7. Encapsulation = An object defines a communication interface with the
public or exterior only which belongs to that object can be accessed
(Permits enhances degree of security over data
8. Polymorphism = Different object behaves differently depending on the
input. No security features
9. For any Authorization of program changes will be recorded in the log so
an IS auditor can review
10.SLA = 1. Performance Metrics 2. Certain Degree of performance obliged
to be delivered 3. Security.
11.Process Owner Involvement is ultimate.
12.Data Classification is to have control over data
13.Out of range data in some tables of the database = Proper control is
Implement Integrity Constraints in DB (PC)Preventive Control
14.Code Signing ensures the executable code came from a reputable
sources and not been altered.
15.Atomicity – Prevents either the entire transaction is processed or none
of it
16.Consistency – database is in proper state from the begin and end and no
tamper the integrity
17.Durability – Successful transaction persist and cannot be undone
18.Isolation – Prevent two transaction from attempting to access the same
data at the same time
19.Ownership Ensure – Responsibility & Accountability
20.As per ISACA Clustering is the best option of Redundancy
21.Redundant Pathways – Communication Links
22.Standby Power – Redundant Power
23.Library Control – Have Separate Test Environment, The Purpose is
without authorization it should not be moved to the Production
24.Portability of the application is through SQL
21. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
25.Performance is achieved through Continuous Monitoring.
26.SLM – Service Level Management – Define, Agree On, Record and
Manage the Required Levels of Service. (Doesn’t Ensure Service
delivered, Cost associated)
27.To Minimize the error in patch management process, it is always
important Good change management process in place
28.Relational Database – Referential DB (Page 298)
29.Parameter Setting should be appropriate an organization.
30.Compensating control should be a preventive control
31.Main Criterion for determining the security Level of service disruption is
Downtime (which Gives Severity of impact)
32.Normalization - removing of redundant data element from the DB
structure.
33.Configuration Management automated tools - it will provide an
automated recording of software releases baselines.
34.Any Patches before it is released should be tested and know the impact
of patch, its each to apply than revert back.
35.First thing to do when reviewing the network devices : Understand the
Network Topology
36.Integrity of the firewall is obtained: Sending the log information to a
dedicated third party server
37.Commitment and Rollback controls directly relevant to integrity.
38.Developing the DR Strategy it should be cost effective, built in
resiliency.
39.Extremely Granular level data Restore point: continuous data Backup
40.First step in problem management is Exception reporting (Track all the
unsuccessful attempts)
41.Raid 1 - Primary Purpose is Availability of Data. Does not give
performance.
42.If a Database is restored before image dumps the process will begin
before the Last Transaction
43.In consideration in providing backup for online system its equally
important to ensure that periodic dumps of transactions logs are
backed up
44.Efficient way to determine the effectiveness of plan DRP – Preparedness
Test
45.Data Integrity Check – Isolation, Concurrency, and Durability is the way
to do it.
46.With Hot warm and cold site contractual provision IS auditor primarily
look in to Number of Subscribers permitted to use the site (FIFO)
22. AB Special_ Top Pointer’s, Expect Q&A in Exam
Success comes to those who never stops dreaming….
Life is rocking, until you keep yourself joking….
47.SDO is the Minimum acceptable operational capability