Question 1

An IS auditor reviewing an information processing environment decides to conduct external penetration testing. Which of the following is MOST appropriate to include in the audit scope for the organization to distinguish between the auditor's penetration attacks and actual attacks?

Options :

A : Restricted host IP addresses of simulated attacks

B : Testing techniques of simulated attacks

C : Source IP addresses of simulated attacks

D : Timing of simulated attacks

Answer: C

Question 2

An organization is running servers with critical business applications that are in an area subject to frequent but brief power outages. Knowledge of which of the following would allow the organization's management to monitor the ongoing adequacy of the uninterruptible power supply (UPS)?

Options :

A : Duration and interval of the power outages

B : Business impact of server downtime

C : Number of servers supported by the UPS

D : Mean time to recover servers after failure

Answer: A

Question 3

Which of the following BEST addresses the availability of an online store?

Options :

A : Online backups

B : A mirrored site at another location

C : Clustered architecture

D : RAID level 5 storage devices

Answer: B

Question 4

The record-locking option of a database management system (DBMS) serves to:

Options :

A : allow users to lock others out of their files.

B : eliminate the risk of concurrent updates to a record.

C : restrict users from changing certain values within records.

D : allow database administrators (DBAs) to record the activities of users.

Answer: B

Question 5

Which of the following is MOST important to include in forensic data collection and preservation procedures?

Options :

A : Maintaining chain of custody

B : Preserving data integrity

C : Assuring the physical security of devices

D : Determining tools to be used

Answer: A