| A |
Backout procedures are used to restore a system to a previous state and are an important element of the change control process. The other choices are not related to the change control process-a process which specifies what procedures should be followed when software is being upgraded but the upgrade does not work and requires a fallback to its former state.
|
| B |
Incident management procedures are used to manage errors or problems with system operation. They are usually used by a help desk. One of the incident management procedures may be how to follow a fallback plan.
|
| C |
Software development procedures such as the software development life cycle (SDLC) are used to manage the creation or acquisition of new or modified software.:
|
| D |
Problem management procedures are used to track user feedback and issues related to the operation of an application for trend analysis and problem resolution.
|
| A |
A reciprocal agreement in which two organizations agree to provide computing resources to each other in the event of a disaster is a form of risk mitigation. This usually works well if both organizations have similar information "processing facilities. Because the intended effect of reciprocal agreements is to have a functional disaster recovery plan, it is a risk mitigation strategy.
|
| B |
Risk transfer is the transference of risk to a third party (e.g., buying insurance for activities that pose a risk).
|
| C |
Risk acceptance occurs when an organization decides to accept the risk as it is and to do nothing to mitigate or transfer it.
|
| D |
Risk avoidance is the decision to cease operations or activities that give rise to a risk. For example, a company may stop accepting credit card payments to avoid the risk of credit card information disclosure.
|
| A |
Network monitoring tools can be used to detect errors that are propagating through a network, but their primary focus is on network reliability so that the network is available when required.
|
| B |
A network monitoring tool can violate confidentiality by allowing a network administrator to observe non-encrypted traffic. This requires careful protection and policies regarding the use of network monitoring tools.
|
| C |
Network monitoring tools allow observation of network performance and problems. This allows the administrator to take corrective action when network problems are observed. Therefore, the characteristic that is most directly affected by network monitoring is availability.
|
| D |
Network monitoring tools will not measure completeness of the communication. This is measured by the end points in the communication.
|
| A |
Removal of backups from the data center is not an appropriate action because it could delay the evacuation of personnel. Most companies would have copies of backups in offsite storage to mitigate the risk of data loss for this type of disaster.
|
| B |
Fire suppression systems are designed to operate automatically, and activating the system when staff are not yet evacuated could create confusion and panic, leading to injuries or even fatalities. Manual triggering of the system could be necessary under certain conditions, but only after all other data center personnel are safely evacuated.
|
| C |
In an emergency, safety of life is always the first priority; therefore, the complete and orderly evacuation of the facility staff would be the most important activity.
|
| D |
Life safety is always the first priority, and notifying the fire department of the alarm is not typically necessary because most data center alarms are configured to automatically report to the local authorities.
|
| A |
A major benefit of using open source software is that it is free. The client is not required to pay for the open source software components; however,both the developing organization and the client should be concerned about the licensing terms and conditions of the open source software components that are being used.
|
| B |
Open source software,just like any software code, should be tested for security flaws and should be part of the normal system development life cycle (SDLC) process. This is not more of a concern than licensing compliance.
|
| C |
Open source software does not inherently lack quality. Like any software code, it should be tested for reliability and should be part of the normal SDLC process. This is not more of a concern than licensing compliance.
|
| D |
There are many types of open source software licenses and each has different terms and conditions. Some open source software licensing allows use of the open source software component freely but requires that the completed software product must also allow the same rights. This is known as viral licensing, and if the development organization is not careful, its products could violate licensing terms by selling the product for profit. The IS auditor should be most concerned with open source software licensing compliance to avoid unintended intellectual property risk or legal consequences.
|
| A |
The storage capacity of the archiving solution would be irrelevant if the proper email messages have not been properly preserved and others have been deleted.
|
| B |
The level of user awareness concerning email use would not directly affect the completeness and accuracy of the archived email.
|
| C |
Without a data retention policy that is aligned to the company's business and compliance requirements, the email archive may not preserve and reproduce the correct information when required.
|
| D |
The support and stability of the archiving solution manufacturer is secondary to the need to ensure a retention policy. Vendor support would not directly affect the completeness and accuracy of the archived email.
|
| A |
Testing an offsite location validates the value of the contingency plans and is not used to eliminate detailed plans.
|
| B |
Program and system documentation should be reviewed continuously for currency. A test of an offsite facility may ensure that the documentation for that site is current, but this is not the purpose of testing an offsite facility.
|
| C |
The main purpose of offsite hardware testing is to ensure the continued compatibility of the contingency facilities so that assurance can be gained that the contingency plans would work in an actual disaster.
|
| D |
The testing of an offsite facility does nothing to protect the integrity of the database. It may test the validity of backups but does not protect their integrity.
|
| A |
The use of a DBA user account is normally set up to log all changes made and is most appropriate for changes made outside of normal hours. The use of a log, which records the changes, allows changes to be reviewed. Because an abbreviated number of steps are used, this represents an adequate set of compensating controls.
|
| B |
A normal user account should not have access to a database. This would permit uncontrolled changes to any of the databases.
|
| C |
Users should not be able to make changes. Logging would only provide information changes made but would not limit changes to only those who were authorized
|
| D |
The use of the database administrator (DBA) user account without logging would permit uncontrolled changes to be made to databases after access to the account was obtained.
|
| A |
The recovery point objective (RPO) is determined based on the acceptable data loss in the case of a disruption of operations. RPO defines the point in time from which it is necessary to recover the data and quantifies, in terms of time, the permissible amount of data loss in the case of interruption.
|
| B |
The service delivery objective (SDO) is directly related to the business needs. SDO is the level of services to be reached during the alternate process mode until the normal situation is restored.
|
| C |
The recovery time objective is determined based on the acceptable downtime in the case of a disruption of operations.
|
| D |
The interruption window is defined as the amount of time during which the organization is unable to maintain operations from the point of failure to the time that the critical services/applications are restored.
|
| A |
Reviewing executable and source code integrity is an ineffective control, because the source code was changed back to the original and will agree with the current executable.
|
| B |
Object code comparisons are ineffective because the original programs were restored, and the changed program does not exist.
|
| C |
Source code comparisons are ineffective because the original programs were restored, and the changed program does not exist.
|
| D |
Reviewing system log files is the only trail that may provide information about the unauthorized activities in the production library.
|
| A |
The recovery time objective (RTO). is the amount of time allowed for the recovery of a business function or resource after a disaster occurs; the RTO is the desired recovery time frame based on maximum tolerable outage (MTO) and available recovery alternatives.
|
| B |
An information security policy does not address recovery procedures.
|
| C |
MTO is the amount of time allowed for the recovery of a business function or resource after a disaster occurs; it represents the time by which the service must be restored before the organization is faced with the threat of collapse.
|
| D |
The recovery point objective (RPO) has the greatest influence on the recovery strategies for given data. It is determined based on the acceptable data loss in case of a disruption of operations. The RPO effectively quantifies the permissible amount of data loss in case of interruption.
|
| A |
IT management is interested in ensuring that systems are operating at optimal capacity, but their primary obligation is to ensure that IT is meeting the service level requirements of the business.
|
| B |
Capacity monitoring has multiple objectives; however, the primary objective is to ensure compliance with the internal service level agreement between the business and IT.
|
| C |
Determining future capacity is one definite benefit of technical capability monitoring.
|
| D |
This is one benefit of monitoring technical capacity because it can help forecast future demands, not just react to system failures. However,the primary responsibility of the IT manager is to meet the overall requirement to ensure that IT is meeting the service level expectations of the business.
|
| A |
It is a good practice to protect all source and object code-even in development. However, this will not ensure the synchronization of source and object code.
|
| B |
All production libraries should be protected with access controls, and this may protect source code from tampering. However, this will not ensure that source and object codes are based on the same version.
|
| C |
Using version control software and comparing source and object code is a good practice but may not detect a problem where the source code is a different version than the object code.
|
| D |
Date and time-stamp reviews of source and object code would ensure that source code, which has been compiled, matches the production object code. This is the most effective way to ensure that the approved production source code is compiled and is the one being used.
|
| A |
The implementation of a field check would not be as effective as a validity check that verifies that all password criteria have been met.
|
| B |
A size check is useful because passwords should have a minimum length, but it is not as strong of a control as validity.
|
| C |
Passwords are not typically entered in a batch mode, so a hash total would not be effective. More important, a system should not accept incorrect values of a password, so a hash total as a control will not indicate any weak passwords, errors or omissions.
|
| D |
A validity check would be the most useful for the verification of passwords because it would verify that the required format has been used-for example, not using a dictionary word, including non-alphabetical characters, etc. An effective password must have several different types of characters: alphabetical, numeric and special.
|
| A |
Denormalization should not cause loss of confidentiality even though confidential data may be involved. The database administrator should ensure that access controls to the databases remain effective.
|
| B |
Denormalization may require some changes to the calls between databases and applications but should not cause application malfunctions.
|
| C |
Normalization is a design or optimization process for a relational database that increases redundancy. Redundancy, which is usually considered positive when it is a question of resource availability, is negative in a database environment because it demands additional and otherwise unnecessary data handling efforts. Denormalization is sometimes advisable for functional reasons.
|
| D |
Denormalization pertains to the structure of the database, not the access controls. It should not result in unauthorized access.
|
| A |
Declining to deal with vendors does not take care of the flaw and may severely limit service options.
|
| B |
New software versions with all fixes included are not always available and a full installation could be time consuming.
|
| C |
To install the patch without knowing what it might affect could easily cause problems. The installation of a patch may also affect system availability; therefore, the patch should be rolled out at a time that is acceptable to the business.
|
| D |
The effect of installing the patch should be immediately evaluated and installation should occur based on the results of the evaluation. There are numerous cases where a patch from one vendor has affected other systems; therefore, it is necessary to test the patches as much as possible before rolling them out to the entire organization.
|
| A |
Ideally, a help desk team should have dedicated lines, but this exception is not as serious as the technical team unilaterally closing an incident.
|
| B |
Instant messaging is an add-on to improve the effectiveness of the help desk team. Its absence cannot be seen as a major concern as long as calls can still be made.
|
| C |
The help desk function is a service-oriented unit. The end users must be advised before an incident can be regarded as closed.
|
| D |
Although this is of concern, it should be expected. A problem escalation procedure should be developed to handle such scenarios.
|
| A |
Help desk reports are prepared by the help desk, which is staffed or supported by IS technical support personnel trained to handle problems occurring during the course of IS operations.
|
| B |
Protocol analyzers are network diagnostic tools that monitor and record network information from packets traveling in the link to which the analyzer is attached.
|
| C |
Online monitors measure telecommunication transmissions and determine whether transmissions were accurate and complete.
|
| D |
Downtime reports track the availability of telecommunication lines and circuits.
|
| A |
The plan must be subjected to regular testing, but the period between tests will depend on the nature of the organization, the amount of change in the organization and the relative importance of IS. Three months, or even annually, may be appropriate in different circumstances.
|
| B |
Although the disaster recovery plan should receive the approval of senior management, it need not be the chief executive officer if another executive officer is equally or more appropriate. For a purely IS-related plan, the executive responsible for technology may have approved the plan.
|
| C |
The plan should be reviewed at appropriate intervals, depending on the nature of the business and the rate of change of systems and personnel. Otherwise, it may become out of date and may no longer be effective.
|
| D |
Although a business continuity plan is likely to be circulated throughout an organization, the IS disaster recovery plan will usually be a technical document and only relevant to IS and communication staff.
|
| A |
Instances of jobs not being completed on time is a potential issue and should be investigated, but it is not the greatest concern.
|
| B |
Emergency changes are acceptable as long as they are properly documented as part of the process.
|
| C |
The audit should find that all scheduled jobs were run and that any exceptions were documented. This would not be a violation.
|
| D |
The overriding of computer processing jobs by computer operators could lead to unauthorized changes to data or programs. This is a control concern; thus, it is always critical.
|
| A |
Access controls restrict updating of the database to authorized users.
|
| B |
Quality controls such as edits ensure the accuracy, completeness and consistency of data maintained in the database.
|
| C |
Controls such as passwords prevent the inadvertent or unauthorized disclosure of data from the database.
|
| D |
Concurrency controls prevent data integrity problems, which can arise when two update processes access the same data item at the same time.
|
| A |
Diverse routing routes traffic through split-cable facilities or duplicate-cable facilities. This can be accomplished with different and/or duplicate cable sheaths. If different cable sheaths are used, the cable may be in the same conduit and, therefore, subject to the same interruptions as the cable it is backing up. The communication service subscriber can duplicate the facilities by having alternate routes, although the entrance to and from the customer premises may be in the same conduit. The subscriber can obtain diverse routing and alternate routing from the local carrier, including dual-entrance facilities. This type of access is time consuming and costly.
|
| B |
Alternative routing is a method of routing information via an alternate medium such as copper cable or fiber optics. This involves the use of different networks, circuits or end points should the normal network be unavailable.
|
| C |
Long-haul network diversity is a diverse, long-distance network using different packet switching circuits among the major long-distance carriers. It ensures long-distance access should any carrier experience a network failure.
|
| D |
Last-mile circuit protection is a redundant combination of local carrier T-ls (E-ls in Europe), microwave and/or coaxial cable access to the local communications loop. This enables the facility to have access during a local carrier communication disaster. Alternate local-carrier routing is also used.
|
| A |
The use of a normal user account would not have sufficient privileges to make changes on the database.
|
| B |
The server administrative accounts are shared and may be used by multiple support users. In addition, the server privilege accounts may not have the ability to perform database changes.
|
| C |
Logging in using the named user account before using the database administrator (DBA) account provides accountability by noting the person making the changes.
|
| D |
The DBA account is typically a shared user account. The shared account makes it difficult to establish the identity of the support user who is performing the database update.
|
| A |
The provision of an alternate processor onsite would be fine if it were an equipment problem but would not help in the case of a power outage and may require technical expertise to cutover to the alternate equipment.
|
| B |
Offsite storage of backups would not help, because electronic funds transfer tends to be an online process and offsite storage will not replace the dysfunctional processor.
|
| C |
Installation of duplex communication links would be most appropriate if it were only the communication link that failed.
|
| D |
Having an alternative standby processor at another network node would be the best solution. The unavailability of the central communications processor would disrupt all access to the banking network, resulting in the disruption of operations for all of the shops. This could be caused by failure of equipment, power or communications.
|
| A |
Configuration management is widely accepted as one of the key components of any network because it establishes how the network will function internally and externally. It also deals with the management of configuration and monitoring performance. Change management ensures that the setup and management of the network is done properly, including managing changes to the configuration, removal of default passwords and possibly hardening the network by disabling unneeded services.
|
| B |
Application monitoring is not a critical part of network management.
|
| C |
Topological mappings provide outlines of the components of the network and its connectivity.This is important to address issues such as single points of failure and proper network isolation but is not the most critical component of network management.
|
| D |
Proxy server troubleshooting is used for troubleshooting purposes, and managing a proxy is only a small part of network management.
|
| A |
Audit log procedures enable recording of all events that have been identified and help in tracing the events. However,they only point to the event and do not ensure completeness or accuracy of the database contents.
|
| B |
Rollback and rollforward database features ensure recovery from an abnormal disruption. They assure the integrity of the transaction that was being processed at the time of disruption, but do not provide assurance on the integrity of the contents of the database.
|
| C |
Querying/monitoring table access time checks helps designers improve database performance but not integrity.
|
| D |
Performing table link/reference checks serves to detect table linking errors (such as completeness and accuracy of the contents of the database), and thus provides the greatest assurance of database integrity.
|
| A |
Auditing the cloud vendor would be useful; however,this would only be useful if the vendor is contractually required to provide disaster recovery (DR) services.
|
| B |
A copy of DR policies can be requested to review their adequacy; however,this will only be useful if the vendor is contractually required to provide DR services.
|
| C |
DR services can only be expected from the vendor when explicitly listed in the contract with well-defined recovery time objectives and recovery point objectives. Without the contractual language, the vendor is not required to provide DR services.
|
| D |
An independent auditor's report, such as Statements on Standards for Attestation Engagements 16, on DR capabilities can be reviewed to ascertain the vendor's DR capabilities; however, this will only be fruitful if the vendor is contractually required to provide DR services.
|
| A |
The difference in security infrastructures, while a risk, is not insurmountable.
|
| B |
The plan can be tested by paper-based walk-throughs and possibly by agreement between the companies.
|
| C |
If one organization updates its hardware and software configuration, it may mean that it is no longer compatible with the systems of the other party in the agreement. This may mean that each company is unable to use the facilities at the other company to recover their processing following a disaster.
|
| D |
Resources being unavailable when needed are an intrinsic risk in any reciprocal agreement, but this is a contractual matter and is not the greatest risk.
|
| A |
Software migration records may not have all changes listed-changes could have been made that were not included in the migration records.
|
| B |
Change control records may not have all changes listed.
|
| C |
The most effective method is to determine what changes have been made (check logs and modified dates) and then verify that they have been approved.
|
| D |
Ensuring that only appropriate staff can migrate changes into production is a key control process but, in itself, does not verify compliance.
|
| A |
A critical issue when migrating data from one database to another is the integrity of the data and ensuring that the data are migrated completely and correctly.
|
| B |
The timing of the cutover is important, but because the data are being migrated to a new database, duplication should not be an issue.
|
| C |
The authorization of the users is not as relevant as the authorization of the application because the users will interface with the database through an application, and the users will not directly interface with the database.
|
| D |
Normalization is used to design the database and is not necessarily related to database migration.
|