Which of the following is a feature of an intrusion detection system (IDS)?

• A.Gathering evidence on attack attempts
• B.Identifying weaknesses in the policy definition
• C.Blocking access to particular sites on the Internet
• D.Preventing certain users from accessing specific servers

Comment: *

Name: *

Email: *

Verification: *

Which of the following observations would an IS auditor consider the GREATEST risk when conducting an audit of a virtual server farm tor potential software vulnerabilities?

• A.Guest operating systems are updated monthly
• B.The hypervisor is updated quarterly.
• C.A variety of guest operating systems operate on one virtual server
• D.Antivirus software has been implemented on the guest operating system only.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor discovers that validation controls in a web application have been moved from the server side into the browser to boost performance. This would MOST likely increase the risk of a successful attack by:

• A.structured query language (SQL) injection
• B.buffer overflow.
• C.denial of service (DoS).
• D.phishing.

Comment: *

Name: *

Email: *

Verification: *

The GREATEST benefit of using a prototyping approach in software development is that it helps to:

• A.improve efficiency of quality assurance (QA) testing
• B.decrease the time allocated for user testing and review.
• C.conceptualize and classify requirements.
• D.minimize scope changes to the system.

Comment: *

Name: *

Email: *

Verification: *

The GREATEST concern for an IS auditor reviewing vulnerability assessments by the auditee would be if the assessments are:

• A.Conducted once per year just before system audits are scheduled.
• B.Conducted by the internal technical team instead of external experts.
• C.Performed for critical systems, not for the entire infrastructure.
• D.Performed using open-source testing tools.

Comment: *

Name: *

Email: *

Verification: *