1. Which of the following LAN physical layouts is subject to total loss if one device fails? A. Star B. Bus C. Ring D. Completely connected The correct answer is: B. Bus Explanation: The bus topology is vulnerable to failure if one device fails. In line and bus networks, which are essentially the same thing, terminals are connected to a single cable. If this cable is severed, all terminals beyond the point of severance will be unavailable. 2. Receiving an EDI transaction and passing it through the communication's interface stage usually requires: A. translating and unbundling transactions. B. routing verification procedures. C. passing data to the appropriate application system. D. creating a point of receipt audit log. The correct answer is: B. routing verification procedures. Explanation: The communication's interface stage requires routing verification procedures. EDI or ANSI X12 is a standard that must be interpreted by an application for transactions to be processed and then to be invoiced, paid and sent, whether they are for merchandise or services. There is no point in sending and receiving EDI transactions if they cannot be processed by an internal system. Unpacking transactions and recording audit logs are important elements that help follow business rules and establish controls, but are not part of the communication's interface stage. 3. Utility programs that assemble software modules needed to execute a machine instruction application program version are: A. text editors. B. program library managers. C. linkage editors and loaders. D. debuggers and development aids. The correct answer is: C. linkage editors and loaders. Explanation: Utility programs that assemble software modules needed to execute a machine instruction application program version are linkage editors and loaders. 4. Which of the following will help detect changes made by an intruder to the system log of a server? A. Mirroring the system log on another server B. Simultaneously duplicating the system log on a write-once disk C. Write protecting the directory containing the system log D. Storing the backup of the system log offsite The correct answer is: B. Simultaneously duplicating the system log on a write-once disk Explanation: A write-once CD cannot be overwritten. Therefore, the system log duplicated on the disk could be compared to the original log to detect differences, which could be the result of changes made by an intruder. Write protecting the system log does not prevent deletion or modification, since the superuser can override the write protection. Backup and mirroring may overwrite earlier files and may not be current. 5. Which of the following exposures associated with the spooling of sensitive reports for offline printing would an IS auditor consider to be the MOST serious? A. Sensitive data can be read by operators. B. Data can be amended without authorization. C. Unauthorized report copies can be printed. D. Output can be lost in the event of system failure. The correct answer is: C. Unauthorized report copies can be printed. Explanation: Unless controlled, spooling for offline printing may enable additional copies to be printed. Print files are unlikely to be available for online reading by operators. Data on spool files are no easier to amend without authority than any other file. There is usually a lesser threat of unauthorized access to sensitive reports in the event of a system failure 6. The database administrator (DBA) suggests that DB efficiency can be improved by denormalizing some tables. This would result in: A. loss of confidentiality. B. increased redundancy. C. unauthorized accesses. D. application malfunctions. The correct answer is: B. increased redundancy. Explanation: Normalization is a design or optimization process for a relational database (DB) that minimizes redundancy; therefore, denormalization would increase redundancy (Redundancy which is usually considered positive when it is a question of resource availability is negative in a database environment, since it demands additional, otherwise unnecessary, data handling efforts.) Denormalization is sometimes advisable for functional reasons. It should not cause loss of confidentiality, unauthorized accesses or application malfunctions. 7. The following question refers to the diagram below. Assuming this diagram represents an internal facility and the organization is implementing a firewall protection program, where should firewalls be installed? A. No firewalls are needed. B. Op-3 location only C. MIS (Global) and NAT2 D. SMTP Gateway and op-3 The correct answer is: D. SMTP Gateway and op-3 Explanation: The objective of a firewall is to protect a trusted network from an untrusted network; therefore, locations needing firewall implementations would be at the existence of the external connections. All other answers are incomplete or represent internal connections. 8. The objective of concurrency control in a database system is to: A. restrict updating of the database to authorized users. B. prevent integrity problems, when two processes attempt to update the same data at the same time. C. prevent inadvertent or unauthorized disclosure of data in the database. D. ensure the accuracy, completeness and consistency of data. The correct answer is: B. prevent integrity problems, when two processes attempt to update the same data at the same time. Explanation: Concurrency controls prevent data integrity problems, which can arise when two update processes access the same data item at the same time. Access controls restrict updating of the database to authorized users and controls, such as passwords, prevent the inadvertent or unauthorized disclosure of data from the database. Quality controls, such as edits, ensure the accuracy, completeness and consistency of data maintained in the database. 9. Which of the following translates e-mail formats from one network to another so that the message can travel through all the networks? A. Gateway B. Protocol converter C. Front-end communication processor D. Concentrator/multiplexor The correct answer is: A. Gateway Explanation: A gateway performs the job of translating e-mail formats from one network to another so messages can make their way through all the networks. A protocol converter is a hardware device that converts between two different types of transmissions, such as asynchronous and synchronous transmissions. A front-end communication processor connects all network communication lines to a central computer to relieve the central computer from performing network control, format conversion and message handling tasks. A concentrator/multiplexor is a device used for combining several lower-speed channels into a higher-speed channel. 10. The following question refers to the diagram below. For locations 3a, 1d and 3d, the diagram indicates hubs with lines that appear to be open and active. Assuming that is true, what control(s), if any, should be recommended to mitigate this weakness? A. Intelligent hub B. Physical security over the hubs C. Physical security and an intelligent hub D. No controls are necessary since this is not a weakness. The correct answer is: C. Physical security and an intelligent hub Explanation: Open hubs represent a significant control weakness because of the potential to access a network connection easily. An intelligent hub would allow the deactivation of a single port while leaving the remaining ports active. Additionally, physical security would also provide a reasonable protection over hubs with active ports. 11. Which of the following is critical to the selection and acquisition of the correct operating system software? A. Competitive bids B. User department approval C. Hardware-configuration analysis D. Purchasing department approval The correct answer is: C. Hardware-configuration analysis Explanation: The purchase of operating system software is dependent on the fact that software is compatible with the existing hardware. Choices A and D, although important, are not as important as choice C. Users do not normally approve the acquisition of operating systems software. 12. To maximize the performance of a large database in a parallel processing environment, which of the following is used for separating indexes? A. Disk partitioning B. Mirroring C. Hashing D. Duplexing The correct answer is: C. Hashing Explanation: An essential part of designing a database for parallel processing is the partitioning scheme. Because large databases are indexed, independent indexes must also be partitioned to maximize performance. Hashing is a method used for index partitioning. It associates data to disks based on a hash key. Disk partitioning creates logical drives on the single disk for better management of the contents. Disk mirroring uses two identical disks. All operations on the two disks are performed so that each disk is a mirror image of the other. This provides redundancy in case of failure of one of the disks. Disk duplexing makes use of more than one disk with two separate controllers providing redundancy in case of a disk failure or a controller card failure. 13. Which of the ISO/OSI model layers provides for routing packets between nodes? A. Data link B. Network C. Transport D. Session The correct answer is: B. Network Explanation: The network layer switches and routes information (network layer header). Node-to-node data link services are extended across a network by this layer. The network layer provides service for routing packets (units of information at the network layer) between nodes connected through an arbitrary network. The data link layer transmits information as groups-of-bits (logical units called a frame) to adjacent computer systems (node-to-node). The bits in a frame are divided into an address field (media access control-MAC-48-bit hardware address), control field, data field and error-control field. The transport layer, provides end-to-end data integrity. To ensure reliable delivery, the transport layer builds on the error-control mechanisms provided by lower layers. If lower layers are not adequate, the transport layer is the last chance for error recovery. The session layer provides the control structure for communications between applications. It establishes, manages and terminates connections (sessions) between cooperating applications, and performs access security checking. 14. Which of the following is the MOST effective method for dealing with the spreading of a network worm that exploits a vulnerability in a protocol? A. Install the vendor's security fix for the vulnerability. B. Block the protocol traffic in the perimeter firewall. C. Block the protocol traffic between internal network segments. D. Stop the service until an appropriate security fix is installed. The correct answer is: D. Stop the service until an appropriate security fix is installed. Explanation: Stopping the service and installing the security fix is the safest way to prevent the worm from spreading. If the service is not stopped, installing the fix is not the most effective method because the worm continues spreading until the fix becomes effective. Blocking the protocol on the perimeter does not stop the worm from spreading to the internal network(s). Blocking the protocol helps to slow down the spreading but also prohibits every software that utilizes it from working between segments. 15. Analysis of which of the following would MOST likely enable the IS auditor to determine if an unapproved program attempted to access sensitive data? A. Abnormal job termination reports B. Operator problem reports C. System logs D. Operator work schedules The correct answer is: C. System logs Explanation: System logs are automated reports that identify most of the activities performed on the computer. Many programs that analyze the system log to report on specifically defined items have been developed. Abnormal job termination reports identify application jobs that were terminated before successful completion. Operator problem reports are used by operators to log computer operations problems and their solutions. Operator work schedules are maintained by IS management to assist in human resource planning. 16. Applying a retention date on a file will ensure that: A. data cannot be read until the date is set. B. data will not be deleted before that date. C. backup copies are not retained after that date. D. datasets having the same name are differentiated. The correct answer is: B. data will not be deleted before that date. Explanation: A retention date will ensure that a file cannot be overwritten before that date has passed. The retention date will not affect the ability to read the file. Backup copies would be expected to have a different retention date and, therefore, may well be retained after the file has been overwritten. The creation date, not the retention date, will differentiate files with the same name. 17. Web and e-mail filtering tools are PRIMARILY valuable to an organization because they: A. protect the organization from viruses and nonbusiness materials. B. maximize employee performance. C. safeguard the organization's image. D. assist the organization in preventing legal issues The correct answer is: A. protect the organization from viruses and nonbusiness materials. Explanation: The main reason for investing in web and e-mail filtering tools is that they significantly reduce risks related to viruses, spam, mail chains, recreational surfing and recreational e-mail. Choice B could be true in some circumstances (i.e., it would need to be implemented along with an awareness program, so that employee performance can be significantly improved); however, in such cases, it would not be as relevant as choice A. Choices C and D are secondary or indirect benefits. 18. In a database management system (DBMS), the location of data and the method of accessing the data are provided by the: A. data dictionary. B. metadata. C. directory system. D. data definition language. The correct answer is: C. directory system. Explanation: A directory system describes the location of data and the access method. A data dictionary contains an index and description of all the items stored in the database. Metadata are the data elements required to define an enterprisewide data warehouse. The data definition language processor allows the database administrator (DBA) to create/modify a data definition for mapping between external and conceptual schemes. 19. Which of the following line media would provide the BEST security for a telecommunication network? A. Broadband network digital transmission B. Baseband network C. Dial-up D. Dedicated lines The correct answer is: D. Dedicated lines Explanation: Dedicated lines are set apart for a particular user or organization. Since there is no sharing of lines or intermediate entry points, the risk of interception or disruption of telecommunications messages is lower. 20. An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100 meters long. Which of the following could be caused by the length of the cable? A. Electromagnetic interference (EMI) B. Cross talk C. Dispersion D. Attenuation The correct answer is: D. Attenuation Explanation: Attenuation is the weakening of signals during transmission. When the signal becomes weak, it begins to read a 1 for a 0, and the user may experience communication problems. UTP faces attenuation around 100 meters. Electromagnetic interference (EMI) is caused by outside electromagnetic waves affecting the desired signals, which is not the case here. Cross-talk has nothing to do with the length of the UTP cable. 21. Which of the following types of firewalls provide the GREATEST degree and granularity of control? A. Screening router B. Packet filter C. Application gateway D. Circuit gateway The correct answer is: C. Application gateway Explanation: The application gateway is similar to a circuit gateway, but it has specific proxies for each service. To handle web services, it has an HTTP proxy that acts as an intermediary between externals and internals, but is specifically for HTTP. This means that it not only checks the packet IP addresses (layer 3) and the ports it is directed to (in this case port 80, layer 4), it also checks every http command (layers 5 and 7). Therefore, it works in a more detailed (granularity) way than the others. Screening router and packet filter (choices A and B) basically work at the protocol, service and/or port level. This means that they analyze packets from layers 3 and 4 (not from higher levels). A circuit gateway (choice D) is based on a proxy or program that acts as an intermediary between external and internal accesses. This means that, during an external access, instead of opening a single connection to the internal server, two connections are established-one from the external server to the proxy (which conforms the circuit-gateway) and one from the proxy to the internal server. Layers 3 and 4 (IP and TCP) and some general features from higher protocols are used to perform these tasks. 22. A company is implementing a dynamic host configuration protocol (DHCP). Given that the following conditions exist, which represents the GREATEST concern? A. Most employees use laptops. B. A packet filtering firewall is used. C. The IP address space is smaller than the number of PCs. D. Access to a network port is not restricted. The correct answer is: D. Access to a network port is not restricted. Explanation: Given physical access to a port, anyone can connect to the internal network. The other choices do not present the exposure that access to a port does. DHCP provides convenience (an advantage) to the laptop users. Sharing IP addresses and the existence of a firewall can be security measures. 23. Which of the following will prevent dangling tuples in a database? A. Cyclic integrity B. Domain integrity C. Relational integrity D. Referential integrity The correct answer is: D. Referential integrity Explanation: Referential integrity ensures that a foreign key in one table will equal null or the value of a primary in the other table. For every tuple in a table having a referenced/foreign key, there should be a corresponding tuple in another table, i.e., for existence of all foreign keys in the original tables. If this condition is not satisfied, then it results in a dangling tuple. Cyclical checking is the control technique for the regular checking of accumulated data on a file against authorized source documentation. There is no cyclical integrity testing. Domain integrity testing ensures that a data item has a legitimate value in the correct range or set. Relational integrity is performed at the record level and is ensured by calculating and verifying specific fields. 24. Which of the following operating system mechanisms checks each request by a subject (user process) to access and use an object (e.g., file, device, program) to ensure that the request complies with a security policy? A. Address Resolution Protocol B. Access control analyzer C. Reference monitor D. Concurrent monitor The correct answer is: C. Reference monitor Explanation: A reference monitor is an abstract mechanism that checks each request by a subject (user process) to access and uses an object (e.g., file, device, program) to ensure that the request complies with a security policy. A reference monitor is implemented via a security kernel, which is a hardware/software/firmware mechanism. Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol (IP) address to a physical machine address that is recognized in the local network. An access control analyzer is an audit utility for analyzing how well access controls have been implemented and maintained within an access control package. A concurrent monitor is an audit utility that captures selected events as application systems are running to facilitate assessing program quality. 25. A referential integrity constraint consists of: A. ensuring the integrity of transaction processing. B. ensuring that data are updated through triggers. C. ensuring controlled user updates to the database. D. rules for designing tables and queries. The correct answer is: B. ensuring that data are updated through triggers. Explanation: Referential integrity constraints ensure that a change in a primary key of one table is automatically updated in a matching foreign key of other tables. This is done using triggers. 26. In a client-server system, which of the following control techniques is used to inspect activity from known or unknown users? A. Diskless workstations B. Data encryption techniques C. Network monitoring devices D. Authentication systems The correct answer is: C. Network monitoring devices Explanation: Network monitoring devices may be used to inspect activities from known or unknown users and can identify client addresses, which may assist in finding evidence of unauthorized access. This serves as a detective control. Diskless workstations prevent access control software from being bypassed. Data encryption techniques can help protect sensitive or propriety data from unauthorized access, thereby serving as a preventive control. Authentication systems may provide environmentwide, logical facilities that can differentiate among users, before providing access to systems. 27. When a PC that has been used for the storage of confidential data is sold on the open market the: A. hard disk should be demagnetized. B. hard disk should be mid-level formatted. C. data on the hard disk should be deleted. D. data on the hard disk should be defragmented. The correct answer is: A. hard disk should be demagnetized. Explanation: The hard disk should be demagnetized, since this will cause all of the bits to be set to zero, eliminating any chance of retrieving information that was previously stored on the disk. A mid-level format does not delete information from the hard disk. It only resets the directory pointers. While the deletion of data from the disk removes the pointer to the file, the data remains in place, so with the proper tools, the information can be retrieved. The defragmentation of the disk does not cause information to be deleted, but simply moves it around to make it more efficient to access. 28. A manufacturing firm wants to automate its invoice payment system. Objectives state that the system should require considerably less time for review and authorization and the system should be capable of identifying errors that require follow up. Which of the following would BEST meet these objectives? A. Establishing an inter-networked system of client servers with suppliers for increased efficiencies B Outsourcing the function to a firm specializing in automated payments and accounts receivable/invoice processing C Establishing an EDI system of electronic business documents and transactions with key suppliers, computer to computer, in a standard format D. Reengineering the existing processing and redesigning the existing system The correct answer is: C Establishing an EDI system of electronic business documents and transactions with key suppliers, computer to computer, in a standard format Explanation: EDI is the best answer. Properly implemented (e.g., agreements with trading partners transaction standards, controls over network security mechanisms in conjunction with application controls) EDI is best suited to identify and follow up on errors more quickly, given reduced opportunities for review and authorization. 29. In a client-server architecture, a domain name service (DNS) is MOST important because it provides the: A. address of the domain server. B. resolution service for the name/address. C. IP addresses for the Internet. D. domain name system. The correct answer is: B. resolution service for the name/address. Explanation: DNS is utilized primarily on the Internet for resolution of the name/address of the web site. It is an Internet service that translates domain names into IP addresses. As names are alphabetic, they are easier to remember. However, the Internet is based on IP addresses. Every time a domain name is used, a DNS service must translate the name into the corresponding IP address. The DNS system has its own network. If one DNS server does not know how to translate a particular domain name, it asks another one, and so on, until the correct IP address is returned. 30. Checking for authorized software baselines is an activity addressed within which of the following? A. Project management B. Configuration management C. Problem management D. Risk management The correct answer is: B. Configuration management Explanation: Configuration management accounts for all IT components, including software. Project management is about scheduling, resource management and progress tracking of software development. Problem management records and monitors incidents. Risk management involves risk identification, impact analysis, an action plan, etc. 31. An IS auditor needs to link his/her microcomputer to a mainframe system that uses binary synchronous data communications with block data transmission. However, the IS auditor's microcomputer, as presently configured, is capable of only asynchronous ASCII character data communications. Which of the following must be added to the IS auditor's computer to enable it to communicate with the mainframe system? A. Buffer capacity and parallel port B. Network controller and buffer capacity C. Parallel port and protocol conversion D. Protocol conversion and buffer capability The correct answer is: D. Protocol conversion and buffer capability Explanation: For the IS auditor's microcomputer to communicate with the mainframe, the IS auditor must use a protocol converter to convert the asynchronous and synchronous transmission. Additionally, the message must be spooled to the buffer to compensate for different rates of data flow. 32. An IS auditor reviewing a database application discovers that the current configuration does not match the originally designed structure. Which of the following should be the IS auditor's next action? A. Analyze the need for the structural change. B. Recommend restoration to the originally designed structure. C. Recommend the implementation of a change control process. D. Determine if the modifications were properly approved. The correct answer is: D. Determine if the modifications were properly approved. Explanation: The IS auditor should first determine if the modifications were properly approved. Choices A, B and C are possible subsequent actions, should the auditor find that the structural modification had not been approved. 33. A universal serial bus (USB) port: A. connects the network without a network card. B. connects the network with an Ethernet adapter. C. replaces all existing connections. D. connects the monitor. The correct answer is: B. connects the network with an Ethernet adapter. Explanation: The USB port connects the network without having to install a separate network interface card inside a computer by using a USB Ethernet adapter. 34. A benefit of quality of service (QoS) is that the: A. entire networks availability and performance will be significantly improved. B. telecom carrier will provide the company with accurate service level compliance reports. C. participating applications will have guaranteed service levels. D. communications link will be supported by security controls to perform secure online transactions. The correct answer is: C. participating applications will have guaranteed service levels. Explanation: The main function of QoS is to optimize network performance by assigning priority to business applications and end users through the allocation of dedicated parts of the bandwidth to specific traffic. Choice A is not true because the communication itself will not be improved, while the speed of data exchange for specific applications could be faster. Availability will not be improved. The QoS tools that many carriers are using do not provide reports of service levels; however, there are other tools that will generate service level reports. Even when QoS is integrated with firewalls, VPNs, encryption tools and others, the tool itself is not intended to provide security controls. 35. The method of routing traffic through split-cable facilities or duplicate-cable facilities is called: A. alternative routing. B. diverse routing. C. redundancy. D. circular routing. The correct answer is: B. diverse routing. Explanation: Diverse routing is the method of routing traffic through split-cable facilities or duplicate-cable facilities, which can be accomplished with different/duplicate cable sheaths. Alternative routing is the method of routing information via an alternative medium, such as copper cable or fiber optics. Redundancy involves providing extra capacity, with an option to use such excess capacity in the event the primary transmission capability is not available. Circular routing is the logical path of a message in a communication network based on a series of gates at the physical network layer in the open system interconnection. 36. In a web server, a common gateway interface (CGI) is MOST often used as a(n): A. consistent way for transferring data to the application program and back to the user. B. computer graphics imaging method for movies and TV. C. graphic user interface for web design. D. interface to access the private gateway domain. The correct answer is: A. consistent way for transferring data to the application program and back to the user. Explanation: The common gateway interface (CGI) is a standard way for a web server to pass a user's request to an application program and to move data back and forth to the user. When the user requests a web page (for example, by clicking on a highlighted word or entering a web site address), the server sends back the requested page. However, when a user fills out a form on a web page and submits it, it usually needs to be processed by an application program. The web server typically passes the form information to a small application program that processes the data and may send back a confirmation message. This method, or convention for passing data back and forth between the server and the application is called the common gateway interface (CGI). It is part of the web's HTTP protocol. 37. Congestion control is BEST handled by which OSI layer? A. Data link layer B. Session layer C. Transport layer D. Network layer The correct answer is: C. Transport layer Explanation: The transport layer is responsible for reliable data delivery. This layer implements a flow control mechanism that can detect congestion, reduce data transmission rates and increase transmission rates when the network appears to no longer be congested (e.g., TCP flow controls). The network layer is not correct because congestion control occurs based on router implementations of flow control at the subnet level (i.e., source quench messages sent out when router memory or the buffer reaches capacity); however, no message exists to cancel or discard messages, which actually may increase congestion problems. The session and data link layers do not have any functionality for network management. 38. Which of the following would an IS auditor consider to be the MOST helpful when evaluating the effectiveness and adequacy of a computer preventive maintenance program? A. A system downtime log B. Vendors' reliability figures C. Regularly scheduled maintenance log D. A written preventive maintenance schedule The correct answer is: A. A system downtime log Explanation: A system downtime log provides information regarding the effectiveness and adequacy of computer preventive maintenance programs. 39. A network diagnostic tool that monitors and records network information is a/an: A. online monitor. B. downtime report. C. help desk report. D. protocol analyzer. The correct answer is: D. protocol analyzer. Explanation: Protocol analyzers are network diagnostic tools that monitor and record network information from packets traveling in the link to which the analyzer is attached. Online monitors (choice A) measure telecommunications transmissions and determine whether transmissions were accurate and complete. Downtime reports (choice B) track the availability of telecommunication lines and circuits. Help desk reports (choice C) are prepared by the help desk, which is staffed or supported by IS technical support personnel trained to handle problems occurring during the course of IS operations. 40. Which of the following devices extends the network and has the capacity to store frames and act as a storage and forward device? A. Router B. Bridge C. Repeater D. Gateway The correct answer is: B. Bridge Explanation: A bridge connects two separate networks to form a logical network (e.g., joining an Ethernet and token network) and has the storage capacity to store frames and act as a storage and forwarding device. Bridges operate at the OSI data link layer by examining the media access control header of a data packet. Routers are switching devices that operate at the OSI network layer by examining network addresses (i.e., routing information encoded in an IP packet). The router, by examining the IP address, can make intelligent decisions in directing the packet to its destination. Repeaters amplify transmission signals to reach remote devices by taking a signal from a LAN, reconditioning and retiming it, and sending it to another. This functionality is hardware-encoded and occurs at the OSI physical layer. Gateways provide access paths to foreign networks. 41. Which of the following types of firewalls would BEST protect a network from an Internet attack? A. Screened subnet firewall B. Application filtering gateway C. Packet filtering router D. Circuit-level gateway The correct answer is: A. Screened subnet firewall Explanation: A screened subnet firewall would provide the best protection. The screening router can be a commercial router or a node with routing capabilities and the ability to allow or avoid traffic between nets or nodes based on addresses, ports, protocols, interfaces, etc. Application-level gateways are mediators between two entities that want to communicate, also known as proxy gateways. The application level (proxy) works at the application level, not only at a package level. The screening controls at the package level, addresses and ports, but does not see the contents of the package. A packet filtering router examines the header of every packet or data traveling between the Internet and the corporate network. 42. An IS auditor detected that several PCs connected to the Internet have a low security level that is allowing for the free recording of cookies. This creates a risk because cookies locally store: A. information about the Internet site. B. information about the user. C. information for the Internet connection. D. Internet pages. The correct answer is: B. information about the user. Explanation: The cookie file resides on the client machine. It contains data passed from web sites, so that web sites can communicate with this file when the same client returns. The web site only has access to that part of the cookie file that represents the interaction with that particular web site. Cookie files have caused some issues with respect to privacy. The four choices all relate to a cookie, but the fact that the cookie stores information about the user is the risk. 43. Which of the following can be used to verify output results and control totals by matching them against the input data and control totals? A. Batch header forms B. Batch balancing C. Data conversion error corrections D. Access controls over print spools The correct answer is: B. Batch balancing Explanation: Batch balancing is used to verify output results and control totals by matching them against the input data and control totals. Batch header forms control data preparation; data conversion error corrections correct errors that occur due to duplication of transactions and inaccurate data entry; and access controls over print spools prevent reports from being accidentally deleted from print spools or directed to a different printer. 44. Which of the following network components is PRIMARILY set up to serve as a security measure by preventing unauthorized traffic between different segments of the network? A. Firewalls B. Routers C. Layer 2 switches D. VLANs The correct answer is: A. Firewalls Explanation: Firewall systems are the primary tool that enable an organization to prevent unauthorized access between networks. An organization may choose to deploy one or more systems that function as firewalls. Routers can filter packets based on parameters, such as source address, but are not primarily a security tool. Based on Media Access Control (MAC) addresses, layer 2 switches separate traffic in a port as different segments and without determining if it is authorized or unauthorized traffic. A virtual LAN (VLAN) is a functionality of some switches that allows them to switch the traffic between different ports as if they are in the same LAN. Nevertheless, they do not deal with authorized vs. unauthorized traffic. 45. When assessing the portability of a database application, the IS auditor should verify that: A. a structured query language (SQL) is used. B. information import and export procedures exist with other systems. C. indexes are used. D. all entities have a significant name and identified primary and foreign keys. The correct answer is: A. a structured query language (SQL) is used. Explanation: The use of an SQL is a key element for database portability. Import and export of information with other systems is an objective of a database interfaces review. The use of an index is an objective of a database access review, and the fact that all entities have a significant name and identified primary and foreign keys is an objective of a database design review. 46. To determine which users can gain access to the privileged supervisory state, which of the following should an IS auditor review? A. System access log files B. Enabled access control software parameters C. Logs of access control violations D. System configuration files for control options used The correct answer is: D. System configuration files for control options used Explanation: Review of system configuration files for control options used would show which users have access to the privileged supervisory state. Both systems access log files and logs of access violations are detective in nature. Access control software is run under the operating system. 47. Which of the following is the GREATEST risk related to the monitoring of audit logs? A. Logs are not backed up periodically. B. Routine events are recorded. C. Procedures for enabling logs are not documented. D. Unauthorized system actions are recorded but not investigated. The correct answer is: D. Unauthorized system actions are recorded but not investigated. Explanation: If unauthorized system actions are not investigated, the log is useless. Not backing up logs periodically is a risk but not as critical as the need to investigate questionable actions. Recording routine events can make it more difficult to recognize unauthorized actions, but the critical events are still recorded. Procedures for enabling and reviewing logs should be documented, but documentation does not ensure investigation. 48. Which of the following is the MOST effective means of determining which controls are functioning properly in an operating system? A. Consulting with the vendor B. Reviewing the vendor installation guide C. Consulting with the system programmer D. Reviewing the system generation parameters The correct answer is: D. Reviewing the system generation parameters Explanation: System generation parameters determine how a system runs, the physical configuration and its interaction with the workload. 49. Which of the following would an IS auditor expect to find in a console log? A. Names of system users B. Shift supervisor identification C. System errors D. Data edit errors The correct answer is: C. System errors Explanation: System errors are the only ones that you would expect to find in the console log. 50. In a TCP/IP-based network, an IP address specifies a: A. network connection. B. router/gateway. C. computer in the network. D. device on the network. The correct answer is: A. network connection. Explanation: An IP address specifies a network connection. An IP address encodes both a network and a host on that network; it does not specify an individual computer, but provides a connection to a network. A router/gateway connects two networks and has two IP addresses. Hence, an IP address cannot specify a router. A computer in the network can be connected to other networks as well. It will then use many IP addresses. Such computers are called multihomed hosts. Here, again, an IP address cannot refer to the computer. IP addresses do not refer to individual devices on the network, but refer to the connections by which they are connected to the network. 51. Capacity monitoring software is used to ensure: A. maximum use of available capacity. B. that future acquisitions meet user needs. C. concurrent use by a large number of users. D. continuity of efficient operations. The correct answer is: D. continuity of efficient operations. Explanation: Capacity monitoring software shows the actual usage of online systems vs. their maximum capacity. The aim is to enable software support staff to ensure that efficient operation, in the form of response times, is maintained in the event that use begins to approach the maximum available capacity. Systems should never be allowed to operate at maximum capacity. Monitoring software is intended to prevent this. Although the software reports may be used to support a business case for future acquisitions, it would not provide information on the effect of user requirements and it would not ensure concurrent usage of the system by users, other than to highlight levels of user access. 52. An organization provides information to its supply-chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture? A. A Secure Sockets Layer (SSL) has been implemented for user authentication and remote administration of the firewall. B. On the basis of changing requirements, firewall policies are updated. C. Inbound traffic is blocked unless the traffic type and connections have been specifically permitted. D. The firewall is placed on top of the commercial operating system with all installation options. The correct answer is: D. The firewall is placed on top of the commercial operating system with all installation options. Explanation: The greatest concern when implementing firewalls on top of commercial operating systems is the potential presence of vulnerabilities that could undermine the security posture of the firewall platform itself. In most circumstances when commercial firewalls are breached, that breach is facilitated by vulnerabilities in the underlying operating system. Keeping all installation options available on the system further increases the risks of vulnerabilities and exploits. Using SSL for firewall administration (choice A) is important, changes in user and supply chain partners' roles and profiles will be dynamic. Therefore, it is appropriate to maintain the firewall policies daily (choice B), and prudent to block all inbound traffic unless permitted (choice C). 53. Which of the following would be considered an essential feature of a network management system? A. A graphical interface to map the network topology B. Capacity to interact with the Internet to solve the problems C. Connectivity to a help desk for advice on difficult issues D. An export facility for piping data to spreadsheets The correct answer is: A. A graphical interface to map the network topology Explanation: To trace the topology of the network, a graphical interface would be essential. It is not necessary that each network be on the Internet and connected to a help desk, and the ability to export to a spreadsheet is not an essential element. 54. What is a risk associated with attempting to control physical access to sensitive areas, such as computer rooms, using card keys or locks? A. Unauthorized individuals wait for controlled doors to open and walk in behind those authorized. B. The contingency plan for the organization cannot effectively test controlled access practices. C. Access cards, keys and pads can be easily duplicated allowing easy compromise of the control. D. Removing access for those who are no longer authorized is complex. The correct answer is: A. Unauthorized individuals wait for controlled doors to open and walk in behind those authorized. Explanation: The concept of piggybacking compromises all physical control established. Choice B would be of minimal concern in a disaster recovery environment. Items in choice C are not easily duplicated. Regarding choice D, while technology is constantly changing, card keys have existed for some time and appear to be a viable option for the foreseeable future. 55. Which of the following is an example of the defense in-depth security principle? A. Using two firewalls of different vendors to consecutively check the incoming network traffic B. Using a firewall as well as logical access controls on the hosts to control incoming network traffic C. Having no physical signs on the outside of a computer center building D. Using two firewalls in parallel to check different types of incoming traffic The correct answer is: B. Using a firewall as well as logical access controls on the hosts to control incoming network traffic Explanation: Defense in-depth means using different security mechanisms that back up each other. When network traffic passes the firewall unintentionally, the logical access controls form a second line of defense. Using two firewalls of different vendors to consecutively check the incoming network traffic is an example of diversity in defense. The firewalls are the same security mechanisms. By using two different products the probability of both products having the same vulnerabilities is diminished. Having no physical signs on the outside of a computer center building is a single security measure. Using two firewalls in parallel to check different types of incoming traffic is a single security mechanism and therefore no different than having a single firewall checking all traffic. 56. When reviewing system parameters, an IS auditor's PRIMARY concern should be that: A. they are set to meet security and performance requirements. B. changes are recorded in an audit trail and periodically reviewed. C. changes are authorized and supported by appropriate documents. D. access to parameters in the system is restricted. The correct answer is: A. they are set to meet security and performance requirements. Explanation: The primary concern is to find the balance between security and performance. Recording changes in an audit trail and periodically reviewing it is a detective control; however, if parameters are not set according to business rules, monitoring of changes may not be an effective control. Reviewing changes to ensure they are supported by appropriate documents is also a detective control. If parameters are set incorrectly, the related documentation and the fact that these are authorized does not reduce the impact. Restriction of access to parameters ensures that only authorized staff can access the parameters; however, if the parameters are set incorrectly, restricting access will still have an adverse impact. 57. Which of the following BEST ensures the integrity of a server's operating system? A. Protecting the server in a secure location B. Setting a boot password C. Hardening the server configuration D. Implementing activity logging The correct answer is: C. Hardening the server configuration Explanation: Hardening a system means to configure it in the most secure manner (install latest security patches, properly define the access authorization for users and administrators, disable insecure options and uninstall unused services) to prevent nonprivileged users from gaining the right to execute privileged instructions and thus take control of the entire machine, jeopardizing the OS's integrity. Protecting the server in a secure location and setting a boot password are good practices, but do not ensure that a user will not try to exploit logical vulnerabilities and compromise the OS. Activity logging has two weaknesses in this scenario-it is a detective control (not a preventive one) and the attacker who already gained privileged access can modify logs or disable them. 58. Which of the following is the MOST probable cause for a mail server being used to send spam? A. Installing an open relay server B. Enabling Post Office Protocol (POP3) C. Using Simple Mail Transfer Protocol (SMTP) D. Activating user accounting The correct answer is: A. Installing an open relay server Explanation: An open proxy (or open relay) allows unauthorized people to route their spam through someone else's mail server. POP3 and SMTP are commonly used mail protocols. Activating user accounting does not relate to using a server to send spam. 59. The MOST significant security concern when using flash memory (e.g., USB removable disk) is that the: A. contents are highly volatile. B. data cannot be backed up. C. data can be copied. D. device may not be compatible with other peripherals. The correct answer is: C. data can be copied. Explanation: Unless properly controlled, flash memory provides an avenue anyone to copy any content with ease. The contents stored in flash memory are not volatile. Backing up flash memory data is not a control concern, as the data are sometimes stored as a backup. Flash memory will be accessed through a PC rather than any other periphereal; therefore, compatibility is not an issue. 60. Which of the following BEST reduces the ability of one device to capture the packets that are meant for another device? A. Filters B. Switches C. Routers D. Firewalls The correct answer is: B. Switches Explanation: Switches are at the lowest level of network security and transmit a packet to the device to which it is addressed. This reduces the ability of one device to capture the packets that are meant for another device. Filters allow for some basic isolation of network traffic based on the destination addresses. Routers allow packets to be given or denied access based on the addresses of the sender and receiver and the type of packet. Firewalls are a collection of computer and network equipment used to allow communications to flow out of the organization and restrict communications flowing into the organization. 61. Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them? A. A neural network B. Database management software C. Management information systems D. Computer-assisted audit techniques The correct answer is: A. A neural network Explanation: A neural network will monitor and learn patterns, reporting exceptions for investigation. Database management software is a method of storing and retrieving data. Management information systems provide management statistics but do not normally have a monitoring and detection function. Computer-assisted audit techniques detect specific situations, but are not intended to learn patterns and detect abnormalities. 62. A Ping command is used to measure: A. attenuation. B. throughput. C. delay distortion. D. latency. The correct answer is: D. latency. Explanation: Latency, which is measured using a Ping command, represents the delay that a message/packet will have in traveling from source to destination. A decrease in amplitude as a signal propagates through a transmission medium is called attenuation. Throughput, which is the quantity of work per unit of time, is measured in bytes per second. Delay distortion represents delay in transmission because the rate of propagation of a signal along a transmission line varies with the frequency. 63. Which of the following hardware devices relieves the central computer from performing network control, format conversion and message handling tasks? A. Spool B. Cluster controller C. Protocol converter D. Front-end processor The correct answer is: D. Front-end processor Explanation: A front-end processor is a hardware device that connects all communication lines to a central computer to relieve the central computer. 64. The GREATEST risk when end users have access to a database at its system level, instead of through the application, is that the users can: A. make unauthorized changes to the database directly, without an audit trail. B. make use of a system query language (SQL) to access information. C. remotely access the database. D. update data without authentication. The correct answer is: A. make unauthorized changes to the database directly, without an audit trail. Explanation: Having access to the database could provide access to database utilities, which can update the database without an audit trail and without using the application. Using SQL only provides read access to information. In a networked environment, accessing the database remotely does not make a difference. What is critical is what is possible or completed through this access. To access a database, it is necessary that a user is authenticated using a user ID. 65. The most likely error to occur when implementing a firewall is: A. incorrectly configuring the access lists. B. compromising the passwords due to social engineering. C. connecting a modem to the computers in the network. D. inadequately protecting the network and server from virus attacks. The correct answer is: A. incorrectly configuring the access lists. Explanation: An updated and flawless access list is a significant challenge and, therefore, has the greatest chance for errors at the time of the initial installation. Passwords do not apply to firewalls, a modem bypasses a firewall and a virus attack is not an element in implementing a firewall. 66. Which of the following controls will detect MOST effectively the presence of bursts of errors in network transmissions? A. Parity check B. Echo check C. Block sum check D. Cyclic redundancy check The correct answer is: D. Cyclic redundancy check Explanation: The cyclic redundancy check (CRC) can check for a block of transmitted data. The workstations generate the CRC and transmit it with the data. The receiving workstation computes a CRC and compares it to the transmitted CRC. If both of them are equal, then the block is assumed error free. In this case (such as in parity error or echo check), multiple errors can be detected. In general, CRC can detect all single-bit and bubble-bit errors. Parity check (known as vertical redundancy check) also involves adding a bit (known as the parity bit) to each character during transmission. In this case, where there is a presence of bursts of errors (i.e., impulsing noise during high transmission rates), it has a reliability of approximately 50 percent. In higher transmission rates, this limitation is significant. Echo checks detect line errors by retransmitting data back to the sending device for comparison with the original transmission. 67. Neural networks are effective in detecting fraud because they can: A. discover new trends since they are inherently linear. B solve problems where large and general sets of training data are not obtainable. C. attack problems that require consideration of a large number of input variables. D. make assumptions about the shape of any curve relating variables to the output. The correct answer is: C. attack problems that require consideration of a large number of input variables. Explanation: Neural networks can be used to attack problems that require consideration of numerous input variables. They are capable of capturing relationships and patterns often missed by other statistical methods, and they will not discover new trends. Neural networks are inherently nonlinear and make no assumption about the shape of any curve relating variables to the output. Neural networks will not work well at solving problems for which sufficiently large and general sets of training data are not obtainable. 68. Which of the following would enable an enterprise to provide access to its intranet (i.e., extranet) to its business partners across the Internet? A. Virtual private network B. Client-server C. Dial-in access D. Network service provider The correct answer is: A. Virtual private network Explanation: A virtual private network (VPN) allows external partners to securely participate in the extranet using public networks as a transport or shared private networks. Because of its low cost, using public networks (Internet) as a transport is the principal method. VPNs rely on tunneling/encapsulation techniques, which allow the Internet protocol (IP) to carry a variety of different protocols (e.g., SNA, IPX, NETBEUI). A client-server (choice B) does not address extending the network to business partners (i.e., client-server refers to a group of computers within an organization connected by a communications network where the client is the requesting machine and the server is the supplying machine). Choice C refers to remote users accessing a secured environment. It is the means, not the method, of providing access to a network. A network service provider (choice D) may provide services to a shared private network by providing Internet services, but it does not extend to an organization's intranet. 69. By establishing a network session through an appropriate application, a sender transmits a message by breaking it into packets, but the packets may reach the receiver out of sequence. Which OSI layer addresses the out-of-sequence message through segment sequencing? A. Network layer B. Session layer C. Application layer D. Transport layer The correct answer is: D. Transport layer Explanation: The function of resequencing packets (segment) received out of order is taken care of by the transport layer. Neither the network, session or application layers address resequencing. 70. The interface that allows access to lower- or higher-level network services is called: A. firmware. B. middleware. C. X.25 interface. D. utilities. The correct answer is: B. middleware. Explanation: Middleware, a class of software employed by client-server applications, provides services, such as identification, authentication, directories and security. It facilitates client-server connections over the network and allows client applications to access and update remote databases and mainframe files. Firmware consists of memory chips with embedded program code that hold their content when the power is turned off. X.25 interface is the interface between data terminal equipment and data circuit terminating equipment for terminals operating in the packet mode on some public data networks. Utilities are system software used to perform system maintenance and routines that are required during normal processing, such as sorting or backup. 71. Which of the following is a control over component communication failure/errors? A. Restricting operator access and maintaining audit trails B. Monitoring and reviewing system engineering activity C. Providing network redundancy D. Establishing physical barriers to the data transmitted over the network The correct answer is: C. Providing network redundancy Explanation: Redundancy by building some form of duplication into the network components, such as a link, router or switch, to prevent loss, delays or data duplication is a control over component communication failure or error. Other related controls are loop/echo checks to detect line errors, parity checks, error correction codes and sequence checks. Choices A, B and D are communication network controls 72. After installing a network, an organization installed a vulnerability assessment tool or security scanner to identify possible weaknesses. Which is the MOST serious risk associated with such tools? A. Differential reporting B. False-positive reporting C. False-negative reporting D. Less-detail reporting The correct answer is: C. False-negative reporting Explanation: False-negative reporting on weaknesses means the control weaknesses in the network are not identified and, hence, may not be addressed, leaving the network vulnerable to attack. False-positive reporting is one in which the controls are in place, but are evaluated as weak, which should prompt a rechecking of the controls. Less-detail reporting and differential reporting functions provided by these tools compare scan results over a period of time. 73. The following question refers to the diagram below. In the 2c area on the diagram, there are three hubs connected to each other. What potential risk might this indicate? A. Virus attack B. Performance degradation C. Poor management controls D. Vulnerability to external hackers The correct answer is: B. Performance degradation Explanation: Hubs are internal devices that usually have no direct external connectivity and, thus, are not prone to hackers. There are no known viruses that are specific to hub attacks. While this situation may be an indicator of poor management controls, choice B is more likely when the practice of stacking hubs and creating more terminal connections is used. 74. When reviewing the implementation of a LAN, the IS auditor should FIRST review the: A. node list. B. acceptance test report. C. network diagram. D. user's list. The correct answer is: C. network diagram. Explanation: To properly review a LAN implementation, the IS auditor should first verify the network diagram and confirm the approval. Verification of nodes from the node list and the network diagram would be next followed by a review of the acceptance test report and then the user's list. 75. To evaluate the referential integrity of a database, an IS auditor should review the: A. composite keys. B. indexed fields. C. physical schema. D. foreign keys. The correct answer is: D. foreign keys. Explanation: A foreign key is a column in a table that references a primary key of another table, thus providing the referential integrity. Composite keys consist of two or more columns designated together as a table's primary key. Field indexing speeds up searches, but does not ensure referential integrity. Referential integrity is related to the logical schema, not the physical schema. 76. For an online transaction processing system, transactions per second is a measure of: A. throughput. B. response time. C. turnaround time. D. uptime. The correct answer is: A. throughput. Explanation: Throughput measures how much work is done by a system over a period of time; it measures the productivity of the system. In an online transaction processing system, transactions per second is a throughput index. Response time is defined as the length of time that elapsed between submission of an input and receipt of the first character of output in an online system. Turnaround time is the length of time that elapsed between submission of a job and receipt of a completed output. It is a measure of timeliness in a batch system. The percentage of time that the system is available for processing is called uptime or a reliability index; thus, this is not the correct answer. 77. An IS auditor is performing a network security review of a telecom company that provides Internet connection services to shopping malls for their wireless customers. The company uses Wireless Transport Layer Security (WTLS) and Secure Socket Layers (SSL) technology for protecting their customer's payment information. The IS auditor should be MOST concerned, if a hacker: A. compromised the Wireless Application Protocol (WAP) gateway. B. installed a sniffing program in front of the server. C. stole a customer's PDA. D. listened to the wireless transmission. The correct answer is: A. compromised the Wireless Application Protocol (WAP) gateway. Explanation: In a WAP gateway, the encrypted messages from customers must be decrypted to transmit to the Internet and vice versa. Therefore, if the gateway is compromised all of the messages would be exposed. SSL protects the messages from sniffing on the Internet, limiting disclosure of the customer's information. WTLS provides authentication, privacy and integrity and prevents messages from eavesdropping. 78. An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review? A. Availability of online network documentation B. Support of terminal access to remote hosts C. Handling file transfer between hosts and interuser communications D. Performance management, audit and control The correct answer is: A. Availability of online network documentation Explanation: Network operating system user features include online availability of network documentation. Other features would be user access to various resources of network hosts, user authorization to access particular resources, and the network and host computers used without special user actions or commands. Choices B, C and D are examples of network operating systems functions among which the following are included: supporting terminal access to remote hosts, handling file transfer between hosts and interuser communications. 79. Which of the following would help to ensure the portability of an application connected to a database? The: A. verification of database import and export procedures. B. usage of a structured query language (SQL). C. analysis of stored procedures/triggers. D. synchronization of the entity-relation model with the database physical schema. The correct answer is: B. usage of a structured query language (SQL). Explanation: The use of SQL facilitates portability. Verification of import and export procedures with other systems ensures better interfacing with other systems, analyzing stored procedures/triggers ensures proper access/performance, and reviewing the design entity-relation model will all be helpful but do not contribute to the portability of an application connecting to a database. 80. In an online transaction processing system, data integrity is maintained by ensuring that a transaction is either completed in its entirety or not at all. This principle of data integrity is known as: A. isolation. B. consistency. C. atomicity. D. durability. The correct answer is: C. atomicity. Explanation: The principle of atomicity requires that a transaction be completed in its entirety or not at all. If an error or interruption occurs, all changes made up to that point are backed out. Consistency ensures that all integrity conditions in the database be maintained with each transaction. Isolation ensures that each transaction is isolated from other transactions, and hence, each transaction only accesses data that are part of a consistent database state. Durability ensures that, when a transaction has been reported back to a user as complete, the resultant changes to the database will survive subsequent hardware or software failures. 81. Which of the following would BEST support 24/7 availability? A. Daily backup B. Offsite storage C. Mirroring D. Periodic testing The correct answer is: C. Mirroring Explanation: Mirroring of critical elements is a tool that facilitates immediate recoverability. Daily backup implies that it is reasonable for restoration to take place within a number of hours but not immediately. Offsite storage and periodic testing of systems do not, of themselves, support continuous availability. 82. A hub is a device that connects: A. two LANs using different protocols. B. a LAN with a WAN. C. a LAN with a metropolitan area network (MAN). D. two segments of a single LAN. The correct answer is: D. two segments of a single LAN. Explanation: A hub is a device that connects two segments of a single LAN. A hub is a repeater. It provides transparent connectivity to users on all segments of the same LAN. It is a level 1 device. A bridge operates at level 2 of the OSI layer and is used to connect two LANs using different protocols (e.g., joining an ethernet and token network) to form a logical network. A gateway, which is a level 7 device, is used to connect a LAN to a WAN. A LAN is connected with a MAN, which operates in the network layer using a router. 83. In a LAN environment, which of the following minimizes the risk of data corruption during transmission? A. Using end-to-end encryption for data communication B. Using separate conduits for electrical and data cables C. Using check sums for checking the corruption of data D. Connecting the terminals using a star topology The correct answer is: B. Using separate conduits for electrical and data cables Explanation: Using separate conduits for data cables and electrical cables, minimizes the risk of data corruption due to an induced magnetic field created by electrical current. Data encryption minimizes the risk of data leakage in case of wire tapping; however, it cannot prevent corruption. A check sum will help detect the data corruption during communication, but will not prevent it. Using a star topology will increase the speed of communication, but will not detect the corruption. 84. Which of the following is widely accepted as one of the critical components in networking management? A. Configuration management B. Topological mappings C. Application of monitoring tools D. Proxy server trouble shooting The correct answer is: A. Configuration management Explanation: Configuration management is widely accepted as one of the key components of any network, since it establishes how the network will function both internally and externally. It also deals with the management of configuration and monitoring performance. Topological mappings provide outlines of the components of the network and its connectivity. Application monitoring is not essential and proxy server trouble shooting is used for trouble-shooting purposes. -------------------------------------------------------------------------------- Close Window | Instruction Page Copyright © 2002-5 Information Systems Audit and Control Association. All rights reserved. USE RESTRICTIONS The Question Database and Software ("CISA Sample Exam") is copyrighted. Licensee may not and Licensee may not permit others to (a) disassemble, decompile, or otherwise derive source code from the CISA Sample Exam, (b) reverse engineer the CISA Sample Exam, (c) modify or prepare derivative works of the CISA Sample Exam, (d) copy the CISA Sample Exam (e) rent or lease the CISA Sample Exam, (f) use the CISA Sample Exam in an on-line system, (g) use the CISA Sample Exam in any manner that infringes the intellectual property or other rights of another party, or (h) transfer the CISA Sample Exam or any copy thereof to another party. Unauthorized copying of the CISA Sample Exam is expressly forbidden. Licensee may not reproduce the CISA Sample Exam or any part thereof. You may not create derivative works, including translations, of the CISA Sample Exam or any part thereof without the prior written consent of ISACA. Licensee may make printed media copies of the quiz and scored results, so long as such copies do not include any part of the Software, for non-commercial, personal use including transmission by any means including electronic, mechanical, recording, or otherwise.