14. Which is the PRIMARY objective of system design specifications?
A. Define software testing requirements
B. Outline the coding languages used
C. Translate business requirements into technical specifications
D. Document user training plans
Answer: C. Translate business requirements into technical specifications
Explanation: System design specifications guide developers to build systems that meet business needs.
15. What is the PRIMARY risk of inadequate involvement of end-users during system development?
A. Project delays
B. Increased documentation
C. Poor user acceptance
D. Higher costs
Answer: C. Poor user acceptance
Explanation: Lack of user input often results in systems that do not align with user needs.
Domain 4: Information Systems Operations and Business Resilience
16. The PRIMARY goal of business continuity planning is to:
A. Prevent data breaches
B. Ensure uninterrupted critical business operations
C. Reduce staff turnover
D. Improve market share
Answer: B. Ensure uninterrupted critical business operations
Explanation: BCP ensures the continuation or quick recovery of essential functions during a disruption.
17. What is the MOST critical component of disaster recovery planning?
A. Insurance
B. Data backups
C. Employee benefits
D. IT staffing
Answer: B. Data backups
Explanation: Data is essential to business continuity; without reliable backups, recovery is impossible.
18. Recovery Time Objective (RTO) defines:
A. The point in time to which data must be recovered
B. The maximum allowable downtime
C. The time to complete a backup
D. The cost of restoring systems
Answer: B. The maximum allowable downtime
Explanation: RTO is the duration within which a process or system must be restored after disruption.
19. A hot site is BEST described as:
A. A manual process
B. A facility equipped with power but no hardware
C. A fully equipped and operational backup site
D. A paper-based backup plan
Answer: C. A fully equipped and operational backup site
Explanation: A hot site is ready for immediate use during a disaster.
20. Which of the following BEST ensures proper batch processing?
A. Backup tapes
B. Run-to-run controls
C. Encryption keys
D. System logs
Answer: B. Run-to-run controls
Explanation: Run-to-run controls verify that batch processing jobs run completely and correctly from one step to the next.
Domain 5: Protection of Information Assets
21. The PRIMARY objective of access controls is to:
A. Prevent system downtime
B. Ensure availability
C. Enforce least privilege
D. Create audit trails
Answer: C. Enforce least privilege
Explanation: Access controls limit users to the minimal level of access required, enforcing least privilege.
22. What is the PRIMARY goal of encryption?
A. Minimize downtime
B. Prevent brute-force attacks
C. Ensure confidentiality
D. Reduce data storage
Answer: C. Ensure confidentiality
Explanation: Encryption protects data from unauthorized access by converting it into unreadable form.
23. What does a digital signature primarily provide?
A. Availability and encryption
B. Authentication and integrity
C. Confidentiality and obfuscation
D. Backup and recovery
Answer: B. Authentication and integrity
Explanation: Digital signatures confirm the identity of the sender and that data has not been altered.
24. Which of the following is the BEST control to detect unauthorized changes to system files?
A. Antivirus software
B. File integrity monitoring
C. Data masking
D. Encryption
Answer: B. File integrity monitoring
Explanation: File integrity monitoring detects changes to critical files, which may indicate unauthorized activity.
25. The MOST effective way to mitigate phishing attacks is to:
A. Install antivirus software
B. Use spam filters
C. Conduct user awareness training
D. Implement data loss prevention (DLP) tools
Answer: C. Conduct user awareness training
Explanation: Educating users helps them recognize and avoid phishing attempts.
26. What is the PRIMARY purpose of an intrusion detection system (IDS)?
A. Prevent attacks
B. Detect unauthorized activity
C. Backup data
D. Control network traffic
Answer: B. Detect unauthorized activity
Explanation: IDSs monitor networks/systems and alert administrators to suspicious behavior.
27. What control BEST ensures data cannot be read by unauthorized users during transmission?
A. Firewalls
B. Tokenization
C. Encryption
D. Password protection
Answer: C. Encryption
Explanation: Encryption secures data in transit, making it unreadable to unauthorized parties.
28. Two-factor authentication provides:
A. Confidentiality and speed
B. Identification and encryption
C. Stronger user authentication
D. Network redundancy
Answer: C. Stronger user authentication
Explanation: It combines two independent credentials, improving access security.
29. Which of the following is a preventive control?
A. Audit logging
B. Firewall
C. Intrusion detection
D. Post-incident review
Answer: B. Firewall
Explanation: Firewalls prevent unauthorized access, making them a preventive control.
30. An IS auditor finds that logs are not reviewed regularly. What is the BEST recommendation?
A. Delete old logs
B. Increase storage capacity
C. Implement a log review procedure
D. Use encryption for logs
Answer: C. Implement a log review procedure
Explanation: Regular log reviews help detect suspicious activity and enhance security monitoring.
Reviews
There are no reviews yet.