| 1. | The offline print spooling feature of print servers should be carefully monitored to ensure that unauthorized viewing access to sensitive information is controlled and prevented. Which of the following issues is an IS auditor MOST concerned with? 
| A. | Some users have the technical authority to print documents from the print spooler even though the users are not authorized with the appropriate classification to view the data they can print. |
| B. | Some users have the technical authority to modify the print spooler file even though the users do not have the subject classification authority to modify data within the file. |
| C. | Some users have the technical authority to delete the print job from the spooler even though the users do not have the authority to modify the data output of the print job. |
| D. | Some users have the technical authority to pause the print jobs of certain information even though they do not have the subject classification authority to create, modify, or view the data output of the print job. |
|
| A1: | Answer: A. The question focuses on the confidentiality aspect of access control. A user with technical printer administration authority can print jobs from the print spooler, regardless of the user's authorization to view the print output. All other answers are potential compromises of information integrity or availability. |
| 2. | When reviewing firewall configuration, which of the following represents the greatest vulnerability for an IS auditor?
| A. | The firewall software has been configured with rules permitting or denying access to systems or networks based upon source and destination networks or systems, protocols, and user authentication. |
| B. | The firewall software is configured with an implicit deny rule as the last rule in the rule base. |
| C. | The firewall software is installed on a common operating system that is configured with default settings. |
| D. | The firewall software is configured as a VPN endpoint for site-to-site VPN connections. |
|
| A2: | Answer: C. When auditing any critical application, an IS auditor is always concerned about software or an operating system that is installed according to default settings. Default settings are often published and provide an intruder with predictable configuration information, which allows easier system compromise. Installing firewall software onto an otherwise robust and fully functioning operating system poses a greater risk of firewall compromise. To mitigate this risk, firewall software is often installed onto a system using an operating system that has very limited functionality, providing only the services necessary to support the firewall software. An example of such an operating system is the ISO operating system installed onto Nokia routing/firewall appliances. ISO provides the functionality necessary to support installation of Check Point firewall software but little else. The remaining answers are normal firewall configurations and are not of concern to the IS auditor. |
| 3. | An IS auditor strives to ensure that IT is effectively used to support organizational goals and objectives regarding information confidentiality, integrity, and availability. Which of the following processes best supports this mandate?
| A. | Network monitoring |
| B. | Systems monitoring |
| C. | Staffing monitoring |
| D. | Capacity planning and management |
|
| A3: | Answer: D. Computer resources should be carefully monitored to match utilization needs with proper resource capacity levels. Capacity planning and management relies upon network, systems, and staffing monitoring to ensure that organizational goals and objectives regarding information confidentiality, integrity, and availability are met. |
| 4. | Which of the following would be the first evidence to review when performing a network audit?
| A. | Network topology chart |
| B. | Systems inventory |
| C. | Applications inventory |
| D. | Database architecture |
|
| A4: | Answer: A. Reviewing a diagram of the network topology is often the best first step when auditing IT systems. This diagram provides the auditor with a foundation-level understanding of how systems, applications, and databases interoperate. Obtaining the systems and applications inventory would be a logical next step. Reviewing the database architecture is much more granular and can be performed only after adequately understanding the basics of how an organization's systems and networks are set up. |
| 5. | An IS auditor needs to check for proper software licensing and license management. Which of the following management audits would consider software licensing?
| A. | Facilities |
| B. | Operations |
| C. | Configuration |
| D. | Hardware |
|
| A5: | Answer: C. A configuration-management audit should always verify software licensing for authorized use. The remaining answers do not focus on software licensing. |
| 6. | "Dangling tuples" within a database represent a breach in which of the following?
| A. | Attribute integrity |
| B. | Referential integrity |
| C. | Relational integrity |
| D. | Interface integrity |
|
| A6: | Answer: B. It is important that database referential integrity be enforced, to avoid orphaned references, or "dangling tuples." Relational integrity is enforced more at the record level. The remaining answers are misleading. |
| 7. | Which of the following BEST supports communication availability, acting as a countermeasure to the vulnerability of component failure?
| A. | Careful network monitoring with a dynamic real-time alerting system |
| B. | Integrated corrective network controls |
| C. | Simple component redundancy |
| D. | High network throughput rate |
|
| A7: | Answer: C. Providing network path redundancy is the best countermeasure or control for potential network device failures. Careful monitoring only supports timely response to component failure. Integrated corrective network controls is misleading and loosely describes simple component redundancy. High network throughput rate provides increased performance but does not address component failure. |
| 8. | Which of the following firewall types provides the most thorough inspection and control of network traffic?
| A. | Packet-filtering firewall or stateful inspection firewall |
| B. | Application-layer gateway or stateful inspection firewall |
| C. | Application-layer gateway or circuit-level gateway |
| D. | Packet-filtering firewall or circuit-level gateway |
|
| A8: | Answer: B. An application-layer gateway, or proxy firewall, and stateful inspection firewalls provide the greatest degree of protection and control because both firewall technologies inspect all seven OSI layers of network traffic. A packet-filtering firewall, also known as a circuit-level gateway, reliably inspects only through OSI Layer 3. |
| 9. | Decreasing collisions because of network congestion is important for supporting network communications availability. Which of the following devices is best suited for logically segmenting and creating collision domains based upon OSI Layer 2 MAC addressing?
| A. | Router |
| B. | Hub |
| C. | Repeater |
| D. | Switch |
|
| A9: | Answer: D. A switch is most appropriate for segmenting the network into multiple collision domains to achieve the result of fewer network communications errors because of congestion-related collisions. As OSI Layer 1 devices, repeaters and hubs cannot understand MAC addressing, which is necessary to logically segment collision domains. As an OSI Layer 3 device, a router segments the network according to logical network addressing. |
| 10. | Which of the following network configurations BEST supports availability?
| A. | Mesh with host forwarding enabled |
| B. | Ring |
| C. | Star |
| D. | Bus |
|
| A10: | Answer: A. Although it is not very practical because of physical implementation constraints, a fully connected mesh with host forwarding enabled provides the most redundancy of network communication paths. |
