CISM Asset Protection Practical Information Exam

Sample Questions

Q) Which of the following functions should it be done by the application owners to ensure adequate segregation of duties between IS and end-users?

a) Analysis of the system

b) Access authorization data

c) Application Programming

d) Data Management

e) None

Q) Accountability for maintaining appropriate security measures about information assets reside in:

a) Security Manager

b) systems administrator

c) data and proprietary systems.

d) group operations systems.

e) None

Q) The greatest risk when end users have access to a database on your system level, rather than through the application is that users can:

a) making unauthorized changes to the database directly, without an audit trail.

b) make use of a query language (SQL) to access system information.

c) Remote access to the database.

d) Update without authentication.

e) None

Q) To determine who has been given permission to use a particular system resource, an auditor should review:

a) lists activities

b) The access control lists.

c) lists login ID

d) password lists.

e) None

Q) Which of the following user authentication satisfies two factors?

a) Iris scanning fingerprint scanning more

b) Terminal ID's global positioning system (GPS)

c) A smart card requiring the

d) user PIN User ID with a password

e) None