Topic 5
Which of the following is the PRIMARY reason that asset classification is vital to an information security program?
C
Topic 5
Which of the following approaches would BEST ensure that data protection controls are embedded into software being
developed?
C
Topic 5
An organization has adopted a backup and recovery strategy that involves copying on-premise virtual machine (VM) images
to a cloud service provider. Which of the following provides the BEST assurance that VMs can be recovered in the event of a
disaster?
B
Topic 5
Which of the following BEST facilitates detection of zero-day exploits?
B
Topic 5
What is the BEST method for securing credit card numbers stored temporarily on a file server prior to transmission to the
downstream system for payment processing?
C
Topic 5
Which of the following is a characteristic of a single mirrored data center used for disaster recovery?
B
Topic 5
What is the BEST control to address SQL injection vulnerabilities?
B
Topic 5
IT disaster recovery time objectives (RTOs) should be based on the:
A
Topic 5
Which of the following security assessment techniques attempts to exploit a systems open ports?
C
Topic 5
A characteristic of a digital signature is that it:
B
Topic 5
Which of the following ensures the availability of transactions in the event of a disaster?
D
Explanation:
The only way to ensure availability of all transactions is to perform a real-time transmission to an offsite facility. Choices A
and B are not in real time and, therefore, would not include all the transactions. Choice C does not ensure availability at an
offsite location.
Topic 5
To provide protection for media backup stored at an offsite location, the storage site should be:
D
Explanation:
The offsite storage site should always be protected against unauthorized access and have at least the same security
requirements as the primary site. Choice A is incorrect because, if the backup is in the same building, it may suffer the same
event and may be inaccessible. Choices B and C represent access risks.
Topic 5
Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity of
the transaction processing is BEST ensured by:
D
Explanation:
Database commits ensure the data are saved to disk, while the transaction processing is underway or complete. Rollback
ensures that the already completed processing is reversed back, and the data already processed are not saved to the disk in
the event of the failure of the completion of the transaction processing. All other options do not ensure integrity while
processing is underway.
Topic 5
Which of the following findings should an IS auditor be MOST concerned about when performing an audit of backup and
recovery and the offsite storage vault?
C
Explanation:
Choice A is incorrect because more than one person would typically need to have a key to the vault to ensure that
individuals responsible for the offsite vault can take vacations and rotate duties. Choice B is not correct because an IS
auditor would not be concerned with whether paper documents are stored in the offsite vault. In fact, paper documents, such
as procedural documents and a copy of the contingency plan, would most likely be stored in the offsite vault, and the location
of the vault is important, but not as important as the files being synchronized.
Topic 5
Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist?
B
Explanation:
Operations documentation should contain recovery/restart procedures, so operations can return to normal processing in a
timely manner. Turning off the uninterruptible power supply (UPS) and then turning off the power might create a situation for
recovery and restart, but the negative effect on operations would prove this method to be undesirable. The review of
program code and documentation generally does not provide evidence regarding recovery/restart procedures.