organization. The project manager reports suspicious system activities on
one of the servers that is accessible to the whole team. What would be of
GREATEST concern if discovered during a forensic investigation?
A
、
Audit logs are not enabled for the system
B
、
A logon ID for the technical lead still exists
C
、
Spyware is installed on the system
D
、
A Trojan is installed on the system
ANSWER:A
NOTE:Audit logs are critical to the investigation of the event; however,
if not enabled, misuse of the logon ID of the technical lead and the guest
account could not be established. The logon ID of the technical lead
should have been deleted as soon as the employee left the organization
but, without audit logs, misuse of the ID is difficult to prove. Spyware
installed on the system is a concern but could have been installed by any
user and, again, without the presence of logs, discovering who installed
the spyware is difficult. A Trojan installed on the system is a concern,
but it can be done by any user as it is accessible to the whole group and,
without the presence of logs, investigation would be difficult.
547
、
Which of the following issues should be the GREATEST concern to the
IS auditor when reviewing an IT disaster recovery test?
A
、
Due to the limited test time window, only the most essential systems
were tested. The other systems were tested separately during the rest of
the year.
B
、
During the test it was noticed that some of the backup systems were
defective or not working, causing the test of these systems to fail.
C
、
The procedures to shut down and secure the original production site
before starting the backup site required far more time than planned.
D
、
Every year, the same employees perform the test. The recovery plan
documents are not used since every step is well known by all participants.
ANSWER:D
NOTE:A disaster recovery test should test the plan, processes, people and
IT systems. Therefore, if the plan is not used, its accuracy and adequacy
cannot be verified. Disaster recovery should not rely on key staff since a
disaster can occur when they are not available. It is common that not all
systems can be tested in a limited test time frame. It is important,
however, that those systems which are essential to the business are
tested, and that the other systems are eventually tested throughout the
year. One aim of the test is to identify and replace defective devices so
that all systems can be replaced in the case of a disaster. Choice B would