Master of German Opera – Richard Wagner

Richard Wagner is the ace of German drama. He formed drama as indicated by his own inventive definition with progressive enthusiasm (Richard Wagner Biography, Arizona Opera). Adolph Hitler and his Nazi gathering delighted in a considerable lot of Wagner's works; this adverse exposure has caused individuals despise Wagner and his music. Today Wagner is acknowledged, yet his music is as yet prohibited in Israel. The most youthful of nine youngsters, Wagner was conceived in Leipzig, Germany to a hands on family, on May 22, 1813. His dad, Friedrich Wagner, a police agent, kicked the bucket when Richard was just a half year old. His mom before long remarried to an on-screen character and writer named Ludwig Geyer and the family moved to Dresden. A few students of history accept that Geyer was Richard's genuine natural dad; there is proof that shows that Wagner may have accepted this as well. Egocentric from adolescence, Wagner cherished writing. He was particularly entranced by crafted by Shakespeare. With his head consistently in the books, he had a go at composing catastrophes yet that never came to anything. He likewise started piano exercises, yet not at all like numerous other notable arrangers, he never got talented on this or some other instrument. Through his youngsters creating pulled in him. In 1829, at age sixteen, he composed his first creations, which were not gotten well by people in general. At that point he took a half year of formal preparing Theodor Weinlig, cantor of the Thomasschule, in 1831. Those examinations brought about the arrangement of a Wagner orchestra, which was generally welcomed in Leipzig and Prague. He started deal with a show, Die Hochzeit, and hurled it aside incomplete. After that he finished Die Feen, yet it was not performed until five years after his demise. At 20, he started keeping diaries in order to write a life account later on. He found a new line of work as the tune ace for the Wurzburg Theater when he was just 20 years of age. He likewise began to compose shows. In 1836, he got hitched to the entertainer, Minna Planner, this marriage was to last just until 1862. He was exceptionally discontent with Minna, and lamented this marriage nearly when it became. In 1837, he and his better half got away from leasers to Paris. Wagner attempted to set up himself in Paris. More often than not they were living nearly starvation; he was captured and detained on a couple of various events because of his obligations. Makers dismissed his primer ketches of the shows La Rienzi and Das Liebesverbot. Wagner quit composing all together in view of the humiliation of being dismissed. At that point Wagner had another thought and begun deal with The Flying Dutchman, despite the fact that he was ruined and obscure he felt triumphant at its finish in 1841. La Rienzi opened in Dresden in 1842 to huge achievement. A triumph followed the following year for The Wagner became Kapellmeister of the Dresden drama and had money related security finally. Be that as it may, he proceeded with his poor cash the board, collecting unimaginable obligations. Inside the five years that followed, he had finished Tannhauser, and Lohengrin. In any case, Lohengrin, which he thought about his most prominent exertion to date, was dismissed by Dresden show and, out of resentment, Wagner assisted with beginning an upset. He composed letters to Dresden agitators who were making a developing defiance in the province of Saxony. In 1849, when the insurgency fizzled, Wagner was ousted, and compelled to escape to Switzerland. In Zurich, 1851, he finished his angrily against Semitic Jewishness in Music. During his thirteen-year oust, he focused on composing papers, which told his hypotheses on melodic dramatization. He likewise started take a shot at his goliath creation, a pattern of four melodic shows named Der Ring es Nibelungen (The Ring of the Nibelungs). This cycle was comprised of these four dramatizations Das Rheingold, Die Walkure, Siegfried and Die Gotterdammerung . Der Ring des Nibelungen took 22 years to finish, and stands as one of the most amazing and very persuasive accomplishments in music. During the numerous long stretches of Wagner's outcast, Lohengrin was introduced in Weimar and was gotten gradually similarly as Tannhauser had been. Nonetheless, in the decade that followed, German crowds adored the two shows. Indeed, at the time his outcast finished in 1860, Wagner was one of only a handful hardly any Germans who had never observed a presentation of Lohengrin. During the extensive stretch of work on The Ring of the Nibelungs, Wagner's life experienced some significant changes. He composed, perhaps, his most mainstream show, Tristan und Isolde in 1859, and another significant work, Die Meistersinger Von Nurnberg in 1867. In 1864, the King of Bavaria, Ludwig II, brought Richard to Munich to offer money related help. There Wagner fell profoundly infatuated with a little girl of Franz Liszt, Cosima von Bulow, who was hitched at the chance to one of Wagner's partners. Inevitably they got hitched. They started an undertaking that would demonstrate Wagner's greatest heritage to people in the future (Richard Wagner, classicalmus. m), the structure of a show house that was committed to just Wagner's works. Set in the Bavarian town Bayreuth, the Festspielhaus was the area for the main complete presentation of the Ring cycle, in 1876. This was likely Wagner's greatest accomplishment, to have his most noteworthy work acted in his own drama house. I don't by and by tune in to exemplary music; I loath a mess. I did, however, similar to Wagner's music. I didn't believe that I would yet I did. My main tune was Lohengrin in light of the fact that it moves from extremely quiet and calm to exceptionally energizing and boisterous all through the entire piece. Wagner has been grouped politically as a revolutionary and communist, and all the while, an extremist, patriot, and hostile to Semite. His name has been associated with practically all the significant patterns in German history of the nineteenth and twentieth hundreds of years (Richard Wagner, Bena. com). A few people don't care for him or his music since a portion of the thoughts that has been related with his name. Individuals need to look past the contention and simply tune in to his music, and until individuals can do this, his magnificent music will never be completely delighted in.

Primate evolution Assignment Example | Topics and Well Written Essays - 250 words

Primate development - Assignment Example The shortening of arms likewise happens and its noteworthiness is to make running smooth since balance is kept up (Gebo and Severson 11). Cranial advancement is a prominent anatomical event. The size and limit of the mind change over the different developmental gatherings. Primates built up a bigger cranial limit when contrasted with their quick forerunners. For example, Homo habilis had a surmised cranial limit of 600 cubic centimeters while Homo erectus had a cerebrum limit that went somewhere in the range of 800 and 1100 cubic centimeters. The expansion in the cerebrum limit was a persistent procedure all through the advancement stages. The toes and fingers of the early primates were touchy. The most punctual structures had nails with a paw like alteration making chasing attainable. The nails likewise filled in as defensive apparatus against outside hostility. The forelimbs and the rear appendages had an opposable finger and an opposable toe separately. The opposable finger makes it simple to get a handle on articles and food. Since certain primates explored trees, the opposable fingers and toes made the getting a handle on of tree limbs simple in this manner empowering development along trees. The early types of man had an optically based life structures portrayed by front oriented eyes. Among people, the eyes face the sides of the skull. The front oriented eyes gave the primates a three-dimensional perspective on their condition. The vision is stereoscopic. Along these lines, the primates had a bigger field of vision covering before their

Which of Those 8 Learning Style Suits You Best (Hint School Probably Taught You Wrong)

Which of Those 8 Learning Style Suits You Best (Hint School Probably Taught You Wrong) When you think of learning you probably associate it with school or university. We learn to develop ourselves or our careers, or to educate ourselves how to handle challenging situations â€" for example, how to go about being good parents or how to lose weight.While effects of learning is most definitely beneficial, the process itself is often considered boring, mundane and frustrating.This article will lay out for you 8 learning styles, separated by 4 axes. Prepare to be amazed by how many different learning style combinations there are.If you read this article to the end you might learn why you have success learning in one course but not in others, why you study well with some people and with others you can’t.  Why some teachers manage to intrigue and educate you, while others seem like they want to torture you while they try to do the same.WHEN IS IT IMPORTANT?Knowing your learning style will help you immensely to improve your technique. It will give you a full perspective on t he way your brain perceives information.You will be surprised to discover the little quirks you always felt made your learning process unique. You will get to know how you can improve your learning process and what learning sources you need to seek out.You will discover why you study well with some people and not with others.ACTIVE LEARNINGIf you are an active learner you are the type that has to interact with the subject in order to understand it. You find it difficult to comprehend a subject just from the book. Thinking about it does not help you. Reading about it is pointless.Ideally, you want to be able to touch the subject of your studying, to dismantle it, to see it from the inside.You want to go to the place where the events happened, feel the vibe and the history and see the consequences of the actions of people who lived before you.You learn by testing, tasting, examining, listening to, seeing and watching closely. You love experiments!Sitting through a boring lecture witho ut having anything to do with your hands horrifies you.An interesting coincidence here is that active learners prefer learning in a group rather than alone. When you have the chance to discuss the subject with others you feel you experience it from different points of view and that enables you to discover more of its features or meanings.This is how active learners learn the most:Seek out opportunities to discuss the subject. If the class does not involve discussions try and raise the topic with friends or family â€" people outside of your learning group.Look for opportunities to experiment with the subject. Anything that brings you closer than the written word. Rely on your senses. Sight, hearing, taste, smell and touch.Organize study parties. Aim for between 3 and 6 people. That is the ultimate learning combination. Bring snacks. Make sure you have an precise agenda for learning. If it is possible, do a test at the end of the day to determine who learned the most. Gamify the occas ion. Give a gold star for the best score, or note-worthy discussion participation.If you are having heavy difficulties with a particular subject, talk to your teacher. Use your new-found knowledge to support the argument that you are an active learner and probably not the only one. You will need them to adapt their teaching style to fit your needs.REFLECTIVE LEARNINGIn contrast to active learners, where you have to interact with the subject in order to understand it, reflective learners think about the subject. They do not understand the need to touch or see something to know it well â€" they do not need that and do not understand how that would help. All they need is facts, facts and facts.If you are a reflective learner, you do not need too many examples, you are completely satisfied with learning about something via a well-structured account from your teacher.You do not need or understand the need of interaction â€" using your senses will not really tell you the history of the su bject or tell you how it was made, will it? It will barely show you their current state.Most probably you even have your strategy for learning about something. First, you need to know what it is called and why. Then, you need to understand how the object was made, or what led to the event that happened. Then you like to know what are the consequences of it happening, or how people use it nowadays.You do not like group learning sessions. They are distracting, if anything. In fact, you learn about things best by yourself, in some peace and quiet.This is how reflective learners learn the most:If you have your favorite strategy of learning, it is probably a logical sequence of questions. The first time you come across a topic you need to learn about, write down the most important questions you come up with. Try to remember your thought process behind asking those exact questions. Write down the answers. You are halfway there.If you feel distracted during discussions or group study sessi ons, do not despair. Try and listen more than you speak. You do not need to pay full attention. Be comfortable in following your own train of thought. If you do have to participate at some point, your contribution will be very appreciated if you ask the right questions â€" look through your list. Because of your natural way of thinking about learning, you will most probably come up with unique and important topics to be discussed about the subject.At home do not hesitate and look off your learn book to let yourself think creatively for a prolonged period of time about the issue.SENSING LEARNINGThe axis between the sensing and the intuitive learners has everything to do with whether the learner trusts their brain or their guts. Intuitive learners go with the flow and learn by discovering and thinking about possibilities and relationships. Sensing learners think about facts predominantly.The difference between the two types of learners is most prominent during history class.Sensing le arners, or sensors, are very good at keeping track of time and eras. They love imagining how history was happening parallel on the different continents for example. Or how one event from the economy of a country influenced another event, politically.Sensors like exact sciences â€" maths, physics, chemistry, astronomy and history.Sensors cannot study well unless they have impeccable sources, full of statistics, facts, and they mostly seek out numerical proof of their conclusions. If their materials do not contain enough information, they will look for it somewhere else. They will never except their materials giving them ready answers instead of giving them information, based on which, they can make their conclusions.You will hear them sighing and huffing and puffing over their text books asking questions like ‘Oh yeah, the economy was bad? Tell me how much the GDP was? How do I know if it was bad’ or ‘Oh, okay, some children find it difficult to be honest with their parents? Wh at percentage? Where are your statistics?’This is how sensing learners learn the most:If you do not have the facts in front of you in your materials, look for them, if that will make you feel more confident in your knowledge.If you cannot find any facts to support the ‘allegations’, trust your source. Just because they do not give you the numbers, that does not mean the overall conclusion is wrong. Let go, you are being arrogant. The author is an authority on the subject. Believe them.If you find it difficult to just believe the source of some theoretical knowledge, ask your teacher to connect the theory to some real life events. More often than not, you will find the connection with other cases and events where statistics and numbers are available. Now you will see for yourself.INTUITIVE LEARNINGAs we said, the difference between the two types of learners is most prominent during history class.During history class, intuitive learners love thinking about the characters. They a re fascinated by famous historical figures. They love imagining the personality behind the name.Intuitive learners are very much put off by anything without character. They are not the best at exact sciences. Anything with too many repetitive rules or facts would never be their cup of tea.Intuitives are fascinated by art, history, literature, psychology and politics.More often than not they will have a high level of emotional intelligence. They will see right behind people’s intentions and could often see where things are going before even hearing the whole story.They are great empaths. They are great at learning about historical figures because they love imagining themselves in those other people’s shoes.On the other hand, they are not so great with numbers. Because ‘I am putting myself in their place today, then why would the year mean anything? Relationships are always the same. People have always been the same.’This is how intuitive learners learn the most:You are not go od at memorization. Most classes nowadays are not aimlessly focused on memorization, but if you do get such tasks, try and see the connections between the numbers. Try and figure out the connection to real human lives and fates.Repetition is key. Write down memorizable data on focus cards and test yourself, score yourself, and play with them until you win 100%.Exercise patience and logic. You may not be strong with numbers, but your logic is strong. At closed tests, do not give up if you do not know the right answer. It is enough to know all the wrong answers. You will probably be tempted to select any option of you are not sure in the answer, but rather try the method of elimination.VISUAL LEARNINGPictures, diagrams, flow charts, bars, time lines, restorations… This is your jam. Never ever do you have more success with remembering information than when you see it laid out in a colorful graphic. You might feel giddy and warm on the inside when you find it. Even if you have pages a nd pages written on the subject in your notebook. Finally, you will get the entire picture.This is how visual learners learn the most:Limit the amount of information you write down. Instead, only write down some key points. Then, forward your full attention to your teacher, your class, the materials that are being shown in class, the presentation. Absorb the most information you can.Grab a marker. Grab ten. Color your notebook in the color of the rainbow. One color for each paragraph. It will really help you remember the structure of your lesson. You will never forget a detail.Create your own bar diagrams, pie diagrams, and (most importantly) flow charts. Play with various shapes and colors.Accompany your notebook with self-drawn images and cartoons if you feel inspired and if you have the time. Something that is very easy to keep up with are symbols. Put them around your writing to remind you the point of the story you are up to.Work with Maps whenever it is appropriate.Create your own lists of pros and cons, venn diagrams, and box diagrams. Always draw lines out of your chart explaining connections between the objects.Always Google Image the subject of interestLearn more about visual learning: VERBAL LEARNINGStatistics show most students are visual learners. So, unfortunately you are in the minority. This is the bad news. You will find little understanding if you confess you are better at remembering and comprehending text rather than images.The good news is images and diagrams are less accessible than textual information on any subject. The reason is the visual relies on analysis, whereas text is strictly informational.That means for no particular reason, most classes are geared toward verbal learners (who prefer spoken or written information)This is how verbal learners learn the most:Give yourself homework. Write about the issue at hand. Find external sources and incorporate them into your notes in order to create new, supercharged notes.Share your notes w ith friends. Read about their recollection of how the topic was discussed.Speak out your notes out loud. Discuss them with friends or family (if they are so kind to support your learning efforts, of course)Rewrite your notes on focus cards. Write analyses not just about each of your classes but about the connections between the different topics you have covered.Look for other sources of information â€" movies, speeches, documentaries, videos on the Inernet â€" scripted and unscripted.Participate in study parties. Discuss. Talk more about the issues you do not understand than the issues you do. Ask a lot of questions. Hear to various perspectives.If nothing else helps, ask your teacher for help directly. Explain you want to clear out several details. Try and prepare precise questions. They will not enjoy you asking generally about the topic â€" they provide general information over the course of the class.SEQUENTIAL LEARNINGSequential learners follow the dominos effect. They start fr om learning the basic facts, then they elaborate on the more complex information. Then they tackle the most intricate details.One by one, from the most simple, to the hardest challenge, they follow the routine of learning, patiently building from the base up, never losing confidence they will get the full picture at the end.Sequential learners are people with great confidence, high intelligence, and feeling very secure with their learning strategies. They respect greatly the authority of their teachers and instructors. They are very particular in their ways and like doing things a certain way.This is how sequential learners learn the most:Just because your learning is sequential, that does not mean it is very logical. Try and figure out what the steps towards learning are for you â€" is there a pattern? Try and write down a plan for your learning and then fill in keypoints as you go along.Luck is already on your side because most courses go in a sequential manner. However, if the se quence comes in contrast with the way your logic goes, you will feel it particularly difficult to find connections. Draw up flow charts and explain the connections to yourself.You will also find it difficult to take notes form teachers whose way of providing information you find chaotic. Try, instead of taking down notes, to concentrate on creating a study plan â€" your notes should be in bullet point instead of textual.GLOBAL LEARNINGGlobal learners will be the ones truly interested to read this article. The way they perceive information is fascinating. They either see the entire picture or nothing at all.They find it difficult to follow the thought of the instructor. They grasp only some of the details but fail to build and see the entire picture until the very end.Their way of learning has usually brought them some confusion, some frustration, and some lack of confidence in their own learning powers.The way it happens for them is that they find it difficult to see the entire pict ure until they do. They seem to be unable to grasp what the basics are. Instead, they see little parts of the story before it all snaps into place.Sequential learners follow the dominos effect. And global learners, follow the puzzle effect. Yes, they see the image partially but they cannot tell what it means, what emotions it is supposed to evoke, or whatThis is how global learners learn the most:First of all, try and remain calm. Your brain is built in a way where different parts of the materials will grab your attention and those are the ones you will remember first. Those will not necessarily be connected or consequential. That is okay.Try and build around the details that already grabbed your attention. Ask yourself questions to help you get the timeline and the connections: ‘What led to that?’, ‘And then what’, ‘What does that mean for…’When you are reading an article, a lesson, or a book chapter, always scan through the pages and read the first several words from each paragraph. Once you know where the story is going, you will find it way easier to pay attention â€" because you will have an idea of the full picture.WHAT LEARNING STYLE DO I HAVE?There is an easy test available online that will tell you what your learning style is. You will just answer several questions about your learning habits and capabilities such as:‘I understand something better after I…’ ‘…try it out.’ Or ‘think it through’When I think about what I did yesterday, I am most likely to get…’ ‘…a picture.’ Or ‘…words.’‘Once I understand…’ ‘…all the parts, I understand the whole thing.’ Or ‘…the whole thing, I see how the parts fit.‘When I start a homework problem, I am more likely to…’ ‘…start working on the solution immediately.’ Or ‘try to fully understand the problem first.’‘When I am reading for enjoyment, I like writers to…’ ‘…clearly say what they mean.’ Or ‘…say things in creative, inter esting ways.’The test is completely free of charge and, in addition to this article, provides valuable information that could help you in your struggles with learning.CONCLUSIONThe most important thing you need to remember about your learning style is, you will have tendencies and could probably recognize the thinking of each one of the learning types. The idea is to find out whether you have strong, moderate or mild connection to the categoryThe test and the information from this article are only supposed to help you learn faster and more efficiently, as well as make you more empathetic and understanding of people with different learning styles than yours â€" an effort that could greatly benefit you in your academic career and learning your entire life.

Discrimination Complaint and Civil Litigation Process.

This paper will outline a complaint process and illustrate the civil litigation that could follow if the Equal Employment Opportunity Commission, through mediation and arbitration cannot resolve a charge. The complaint is based on a scenario of an employee, named John. John works for a private sector business and he wishes to lodge a complaint of discrimination against the company he works for. This paper will explain the steps that are taken, from the beginning with the (EEOC), Equal Employment Opportunity Commission. The paper will continue explaining the process by illustrating the civil litigation steps from the state level to the highest level of the United States Supreme Courts. John works for a private sector business and want to†¦show more content†¦After a charge is rejected, both parties will receive a notice stating this. This is allowing the charging employee a 90 day time limit, to decide if they which to file a lawsuit against the employer (www.eeoc.gov, 2003). The charging employee has the right to pursue their grievance in civil litigation, but only after finishing the whole administrative procedure through the Equal Employment Opportunity Commission office. The processes of the civil litigation lawsuit are familiar to the prior claim processes that the charging employee experienced with the Equal Employment Opportunity Commission. Nonetheless, there are a few steps that are different. With civil litigation, counseling of the charging employee is not needed. The employer or the defendant will be given a copy of the complaint as well as the summons of the lawsuit pending. These documents are distributed to the employer by a representative from the Sheriffs division. A ruling can be delivered a judge if the company neglects to send a reply to the complaint and summons. The progression moves forward with discovery when the company or defendant responds. The discovery stage is when both parties have to reveal documents or facts pertaining to the grievance (www.uscourts.gov, 2005). At this point, the judge will try to resolve the complaint with the attorneys, in the pre-trial meeting. This could avoid a lengthy trial. If a settlement cannot be reached between bothShow MoreRelatedEmployment Law: Legal Process for a Discrimination Complaint1424 Words   |  6 PagesEmployment Law: Legal Process for a Discrimination Complaint The purpose of this assignment is two-fold: (1) analyze a scenario in which an employee wishes to file a discrimination complaint against his/her private sector organization and (2) explain the civil litigation process for such a claim. Litigation refers to the process by which cases are brought and prosecuted in the court system (Legal Advice for Free, 2005a). In the case of a discrimination suit, the civil litigation process begins with filingRead MoreEssay on Employment Law1310 Words   |  6 Pagesaddress employee grievances and discrimination that occur in the workplace environment. The foundation of this system is the United States Constitution, which provides two sources of laws and regulations. These two sources are individual state constitutions and the national constitution. Under this system of federalism, there is also the Bill of Rights, which provides the origins of the majority of employment law. The most widely known document is Title VII of the Civil Rights Act o f 1964 (42 U.S.CRead MoreThe Perspective Of A Human Resource Manager964 Words   |  4 Pages2014 â€Å"had 88,778 charges of workplace discrimination† (EEOC, 2015). In contrast, the comparatively low number of cases publicized is a testament to the efficiency of the EEOC’s processes. The EEOC is not out to get employers, but was â€Å"Established to administer and enforce the Civil Rights Act at work† (Dessler, 2015, p. 28). The EEOC’s processes are well defined, fair and offer various options and opportunities that can lead to resolution rather than litigation. They are an impartial body, just asRead MoreOverview of Equal Employment Opportunity Commission1006 Words   |  4 Pagesemployees are protected against any form of discrimination. This text concerns itself with a typical discrimination complaint and the civil litigation process the same would follow. In so doing, the paper will amongst other things also highlight the Equal Employment Opport unity Commission (EEOC) process. Discussion It is important to note from the onset that the U.S. Equal Employment Opportunity Commission enforces Federal laws prohibiting employment discrimination (EEOC, 2012). Thus employees who areRead MoreLegal Implications Of Todays School Climate Are Real1730 Words   |  7 PagesLegal implications in today’s school climate are real. Regardless of proactive training methods, the necessity of having a legal confidant at the disposal central administration office cannot be denied. From employment discrimination laws, Americans with Disabilities Act, Title IX, and a slew of individual student issues, having a retained law firm available to the superintendent and related staff is a necessary practice. Andrew Manna represents a variety of school districts around IndianapolisRead MoreLegal, Safety, and Regulatory Requirements Paper775 Words   |  4 Pageslegal responsibility to uphold a workplace free of such harms. With the falling trend of the EEO, and the records of complaints t hat are reported in the years; businesses should not ignore the issue of sexual harassment in the workplace. In addition, putting proper guidelines and, measures in place does help. Orientation and incessant sporadic training are the best ways to avert litigation problems from happening. The article that Sarah read also points out that embracing a sexual harassment policyRead MoreTexas Labor Code Anti Discrimination Provisions1467 Words   |  6 PagesTexas Labor Code Anti-Discrimination Provisions Texas has its own laws for employment discrimination but employers who abide by the federal statute will be safe under the Texas state law as well. The reason for this is that the Texas Labor Code Anti-Discrimination Provisions are parallel with the Federal Discrimination guidelines. However, there is a trend throughout cities and counties within America that allow these local municipalities to have their own ordinances. In Texas, local government canRead MoreEeoc Presentation788 Words   |  4 Pageswas established shortly after the passage of the Civil Rights Acts of 1964 by the US federal agency empowered by Congress. The EEOC is to enforce the laws prohibiting discrimination in the workplace. The EEOC was giving the right to oversee the practices of private and government employers to combat discrimination (What Is The Equal Employment Opportunity Commission (eeoc)?†, 2012). The EEOC wins cases based on sexual harassment, discrimination, racial profiling, and other employ ment cases dailyRead MoreCase Analysis : V The City Of Chicago Case No866 Words   |  4 Pagesaction litigations in the workplace. As told within the case, it allowed for a settlement agreement. There was a guilty verdict on charges of gender discrimination. The court pointed out on the inconsistency of the ruling in this case due to the relation to the constitutional necessities of the Title VII of the Equal Employment Act. The court placed a ban because of this result. All physical ability tests relating to the career of becoming a fire fighter would be no more based on the process of preRead MoreEssay about Civil Rights and Equal Employment Opportunity1121 Words   |  5 Pagesthe idea of discrimination, and the turmoil our country once faced in its efforts to end the intolerant treatment of our fellow Americans. Part of this is due to the massive strides our country has taken since the Civil Rights Act of 1964 took effect nearly 50 years ago. Our current President is of A frican American decent, we not only have women sitting on the U.S. Supreme Court, but minority Justices as well. Still, with the leaps and bounds we as a country have made, discrimination still exists

The Happiest Refugee Essay - 817 Words

The development of acceptance is a process laid upon several significant factors, and by belonging in community settings, one may gain confidence and feel tolerated. Likewise, being alienated and ostracised because of racial and social insecurities can have a negative influence on how one may act, and thus outcasts are made to feel inferior as a result of the harmful manner in which they are treated. These concepts of inclusion and discrimination are explored through the contemporary memoir of Anh Do, which focuses on a refugee’s journey from Vietnam to Australia. The Happiest Refugee (2010) methodically displays an array of perspectives surrounding belonging and presents factors of both family and community allegiance. Families and their†¦show more content†¦This sample utilizes emotive language in the words ‘scarred and distorted’ as Anh is unsure of his feelings towards his father and is lacking self-confidence. The simile of ‘bubbling poison’ describing the pain and discomfort of crossing ‘that line’ demonstrates how torn Anh was between protecting his sense of self or protecting his family. This fractured self-belief leads to a dilemma of patriotism versus antagonism with the relationship between him and his father. The ruptured devotion of family traditions encountered by individuals creates different aspects of camaraderie and subsequently, The Happiest Refugee portrays various perspectives on the essence of belonging. An individual’s ability to vary their own judgement of others, and influence others viewpoint, can lead to a more tolerant and permissive community. The intrinsic nature of citizenry alliance is highly relatable to Anh Do’s experiences in The Happiest Refugee, revealed through the constant repetition of gratitude, along with vulnerability. Ideas of positivity and empathy are made apparent with the quote ‘What a great country! Almost every day we discovered something that made mum and dad shake their heads at how lucky we’d been†¦ What a great country!’ as the repetition of the words ‘What a great country’ demonstrates the highShow MoreRelatedHappiest Refugee Essay781 Words   |  4 PagesBelonging in Anh Do’s Happiest Refugee Belonging in society is challenging for specific groups of people and they can be demoralised by this greatly and that can have a huge effect on their working life or social life but after being accepted or being resilient, their life can become much better. In The Happiest Refugee Anh Do overcomes exclusion is various ways after he has fled from his own country to Australia. Sometimes Anh is affected by the ostracisation by some people in the new communityRead MoreEssay on The Happiest Refugee1202 Words   |  5 PagesAnh Do’s story is a timely reminder of the plight of refugee in our country. Discuss the Happiest Refugee in the light of Do’s universal message about the suffering of human beings during times of war and the struggle to make a better life in a foreign country. The Happiest Refugee is a memoir written by Anh Do which was first published on the 1st of August in 2010. It is regarded as one of the most influential and well-received novels in the world of literature for its great insight on the lifeRead MoreBelonging Essay1459 Words   |  6 PagesPeter Skrzynecki Belonging Essay Significant moments in time shape an understanding of belonging. Explore how this is evident in you prescribed text and at least ONE other related text of your own choosing. Belonging is defined as fitting in to a particular environment or having the right personal or social qualities to be a member of a particular group. Our belonging to or connections with people, places and groups allows one to develop a distinct identity characterised by affiliation, acceptanceRead MoreYin And Yang Complementary Rather Than Contrary1903 Words   |  8 PagesHappiness focused on the one side of a coin and another seemed still obscure for me. I found myself being ambivalent once again while working on the happiness profile. A straightforward friend of mine gave me an astounding advice: â€Å"If you need the happiest person, look for the stupidest one†. Although the answer was disappointing and humiliating, instead of opposing, I asked myself:† How can one maintain happiness when life is full of contradictions, failures, and ambiguity? Does a happy person JalagoniaRead MoreImmigration Is The International Movement Of Personnel Into A Destination Country1773 Words   |  8 Pagesthis is to the vision for Canada. Ordinarily, the book provides information on the economic benefits of immigrants and how positively they affect our society. By stating the common advantages that immigration can give Canada, will help me prove my essay topic. The issues should be a part of the city’s central agenda to maximize money and build better cities: socially, politically and economically. (Building Our Cities the Importance of Immigration, 2005.) As mentioned before, immigration contributes

Deception Point Page 15 Free Essays

Finally, Rachel spotted the hazy outline of land. But it was not what she had expected. Looming out of the ocean before the plane was an enormous snowcapped mountain range. We will write a custom essay sample on Deception Point Page 15 or any similar topic only for you Order Now â€Å"Mountains?† Rachel asked, confused. â€Å"There are mountains north of Greenland?† â€Å"Apparently,† the pilot said, sounding equally surprised. As the nose of the F-14 tipped downward, Rachel felt an eerie weightlessness. Through the ringing in her ears she could hear a repeated electronic ping in the cockpit. The pilot had apparently locked on to some kind of directional beacon and was following it in. As they passed below three thousand feet, Rachel stared out at the dramatic moonlit terrain beneath them. At the base of the mountains, an expansive, snowy plain swept wide. The plateau spread gracefully seaward about ten miles until it ended abruptly at a sheer cliff of solid ice that dropped vertically into the ocean. It was then that Rachel saw it. A sight like nothing she had ever seen anywhere on earth. At first she thought the moonlight must be playing tricks on her. She squinted down at the snowfields, unable to comprehend what she was looking at. The lower the plane descended, the clearer the image became. What in the name of God? The plateau beneath them was striped†¦ as if someone had painted the snow with three huge striations of silver paint. The glistening strips ran parallel to the coastal cliff. Not until the plane dropped past five hundred feet did the optical illusion reveal itself. The three silver stripes were deep troughs, each one over thirty yards wide. The troughs had filled with water and frozen into broad, silvery channels that stretched in parallel across the plateau. The white berms between them were mounded dikes of snow. As they dropped toward the plateau, the plane started bucking and bouncing in heavy turbulence. Rachel heard the landing gear engage with a heavy clunk, but she still saw no landing strip. As the pilot struggled to keep the plane under control, Rachel peered out and spotted two lines of blinking strobes straddling the outermost ice trough. She realized to her horror what the pilot was about to do. â€Å"We’re landing on ice?† she demanded. The pilot did not respond. He was concentrating on the buffeting wind. Rachel felt a drag in her gut as the craft decelerated and dropped toward the ice channel. High snow berms rose on either side of the aircraft, and Rachel held her breath, knowing the slightest miscalculation in the narrow channel would mean certain death. The wavering plane dropped lower between the berms, and the turbulence suddenly disappeared. Sheltered there from the wind, the plane touched down perfectly on the ice. The Tomcat’s rear thrusters roared, slowing the plane. Rachel exhaled. The jet taxied about a hundred yards farther and rolled to a stop at a red line spray-painted boldly across the ice. The view to the right was nothing but a wall of snow in the moonlight-the side of an ice berm. The view on the left was identical. Only through the windshield ahead of them did Rachel have any visibility†¦ an endless expanse of ice. She felt like she had landed on a dead planet. Aside from the line on the ice, there were no signs of life. Then Rachel heard it. In the distance, another engine was approaching. Higher pitched. The sound grew louder until a machine came into view. It was a large, multitreaded snow tractor churning toward them up the ice trough. Tall and spindly, it looked like a towering futuristic insect grinding toward them on voracious spinning feet. Mounted high on the chassis was an enclosed Plexiglas cabin with a rack of floodlights illuminating its way. The machine shuddered to a halt directly beside the F-14. The door on the Plexiglas cabin opened, and a figure climbed down a ladder onto the ice. He was bundled from head to foot in a puffy white jumpsuit that gave the impression he had been inflated. Mad Max meets the Pillsbury Dough Boy, Rachel thought, relieved at least to see this strange planet was inhabited. The man signaled for the F-14 pilot to pop the hatch. The pilot obeyed. When the cockpit opened, the gust of air that tore through Rachel’s body chilled her instantly to the core. Close the damn lid! â€Å"Ms. Sexton?† the figure called up to her. His accent was American. â€Å"On behalf of NASA, I welcome you.† Rachel was shivering. Thanks a million. â€Å"Please unhook your flight harness, leave your helmet in the craft, and deplane by using the fuselage toe-holds. Do you have any questions?† â€Å"Yes,† Rachel shouted back. â€Å"Where the hell am I?† 17 Marjorie Tench-senior adviser to the President-was a loping skeleton of a creature. Her gaunt six-foot frame resembled an Erector Set construction of joints and limbs. Overhanging her precarious body was a jaundiced face whose skin resembled a sheet of parchment paper punctured by two emotionless eyes. At fifty-one, she looked seventy. Tench was revered in Washington as a goddess in the political arena. She was said to possess analytical skills that bordered on the clairvoyant. Her decade running the State Department’s Bureau of Intelligence and Research had helped hone a lethally sharp, critical mind. Unfortunately, accompanying Tench’s political savvy came an icy temperament that few could endure for more than a few minutes. Marjorie Tench had been blessed with all the brains of a supercomputer-and the warmth of one, too. Nonetheless, President Zach Herney had little trouble tolerating the woman’s idiosyncrasies; her intellect and hard work were almost single-handedly responsible for putting Herney in office in the first place. â€Å"Marjorie,† the President said, standing to welcome her into the Oval Office. â€Å"What can I do for you?† He did not offer her a seat. The typical social graces did not apply to women like Marjorie Tench. If Tench wanted a seat, she would damn well take one. â€Å"I see you set the staff briefing for four o’clock this afternoon.† Her voice was raspy from cigarettes. â€Å"Excellent.† Tench paced a moment, and Herney sensed the intricate cogs of her mind turning over and over. He was grateful. Marjorie Tench was one of the select few on the President’s staff who was fully aware of the NASA discovery, and her political savvy was helping the President plan his strategy. â€Å"This CNN debate today at one o’clock,† Tench said, coughing. â€Å"Who are we sending to spar with Sexton?† Herney smiled. â€Å"A junior campaign spokesperson.† The political tactic of frustrating the â€Å"hunter† by never sending him any big game was as old as debates themselves. â€Å"I have a better idea,† Tench said, her barren eyes finding his. â€Å"Let me take the spot myself.† Zach Herney’s head shot up. â€Å"You?† What the hell is she thinking? â€Å"Marjorie, you don’t do media spots. Besides, it’s a midday cable show. If I send my senior adviser, what kind of message does that send? It makes us look like we’re panicking.† â€Å"Exactly.† Herney studied her. Whatever convoluted scheme Tench was hatching, there was no way in hell Herney would permit her to appear on CNN. Anyone who had ever laid eyes on Marjorie Tench knew there was a reason she worked behind the scenes. Tench was a frightful-looking woman-not the kind of face a President wanted delivering the White House message. â€Å"I am taking this CNN debate,† she repeated. This time she was not asking. â€Å"Marjorie,† the President maneuvered, feeling uneasy now, â€Å"Sexton’s campaign will obviously claim your presence on CNN is proof the White House is running scared. Sending out our big guns early makes us look desperate.† The woman gave a quiet nod and lit a cigarette. â€Å"The more desperate we look, the better.† How to cite Deception Point Page 15, Essay examples

Michael Horton Case Study

Table of Contents Executive summary Decision Criteria Alternatives Solutions Implications Works Cited Footnotes Executive summary Michael Horton is a high-ranking management professional in the Computer Sciences Corporation (CSC). He is responsible for a company with huge revenue and over 2,000 people. Through his managerial capacity, he is adequately placed for the provision of insights regarding his company, collaborators and management.Advertising We will write a custom essay sample on Michael Horton: Case Study specifically for you for only $16.05 $11/page Learn More In his interview, he highlights the assumptions people make regarding management without any clear understanding of how to conduct activities in a real managerial situation. In his input, managers require training for the spearheading of management needs and execution of projects through their life cycles. Training is an aspect highly emphasized for the avoidance of problems and help ing of staffs and the organization to reach success limits. Michael Horton provides some managerial ideas relevant to his company and industry making the role of project management a success amidst market challenges. He also focused on the treatment of customers as a means of maintaining a cut above competitors. On his focus about struggling with competitors, he gives an interesting insight of venturing into unique markets so that a company does not have to struggle for the same customers. Employees should be prepared to operate within strict safety conditions to avoid unnecessary legal challenges. This should act for internal staffs and even to offshore staffs so that the positive relationship with staffs can remain to the advantage of the company. It has a great relationship with its collaborators though faces growing competition from new entrants into the market. It is necessary for an I.T company to have its staffs well trained on people skills, time management and always mainta in a focus on the changing needs of the market. Decision Criteria It is also important that a company use the professionalism of its staff in fields of their experiences such as the use of Michael Horton’s I.T expertise in natural resources1. Having a market share of 56 percent gives adequate recognition in the market and its maintenance is a challenge a company must deal with. Dependency on references is not adequate within the growing competition and that leaves the company with the need of identifying new market areas with less competition. Having to push competitors into the niche market segment can come with legal implications for the company if not carefully executed2.Advertising Looking for essay on business economics? Let's see if we can help you! Get your first paper with 15% OFF Learn More It is the call of a manager to ensure a smooth flow of activities within a company. As Michael Horton says, the business of selling people is a challenging one and requires constant meetings and updating of staffs and clients. The manager also has the role of creating of a vision and mission of a company. This needs constant review and enforcement to the staff so the provision of services to customers remains within the legal limits prescribed in the company. Managing economies of scale through effective serving of large organizations can be a complex venture3. For this reason, leadership plays a major role for ensuring success. Since this is an I.T company, it is important for the company staffs need the necessary skills for licensing of software for large organizations and data protection in the data centre. There is a considerable amount of competition from competitors presenting new alternatives in the market4. The company cannot rely solely on the trust and relationship with its customers. The I.T service area keeps changing and maintaining an old form of operations inadequate for satisfying the changing needs in the market. Alternatives Achieving the vision of a company is never easy and with the changes in the market, it is necessary to have a regular review of the company mission and vision. The needs of government entities and corporate keep changing and there may be need for an evaluation of the current mission and vision to meet their new needs. It is inadequate focusing on markets and industries while leaving big and consistent customers because of the entry of competitors into the market. Training of staffs is essential in equipping of staffs with relevant knowledge for carrying out their activities in a legal manner without any sort of breaches5. This company managed to set its edge amidst little competition. Its global capability builds from the trust it built with customers. It has the capability of opting for liability capping within its contracts should it face compromising legal implications on areas of security and safety. The challenge in this company is in its lack of contentious contractual linkage for IT outsourcing deals. It is the responsibility of an outsourcing customer to secure data. However, service outsourcers insert liability caps into the contracts giving them responsibility over confidential information accessible by a service provider. Outsourcers also want to have limited linkage to any instances of contractual breaches.Advertising We will write a custom essay sample on Michael Horton: Case Study specifically for you for only $16.05 $11/page Learn More This is a tricky situation in the company as customers are becoming tough on issues of data breaches. Therefore, the service provider stays on the hook of data breaches because of the limitations of liability. In addition, there exists very minimal requirements and special terms for ensuring the process of data security. However, the new federal regulations protect customers from data breach forcing service providers into honoring compulsory data notifications. The price tag for such regulations is high making it mandatory for service providers to ensure no instances of data breaches. This can be very expensive for a company having a large customer base like CSC. Solutions Because of the need to protect company revenues, service providers pushed for the creation of liability caps for particular data protection and confidentiality breaches. It was the major concern of those with customer base and huge retailers such as the client base handled by Michael Horton on a daily basis. Outsourcing providers have the tendency of capping liability at duration of two to three months. This acts unfairly on offshore venders who have to accept the responsibility of data security and liability for them to get new business6. Staying firm on not accepting the stake on limited liability leaves some negotiators unable to handle the limits of breach on data liability ob basis of their being financially unfeasible. It is necessary for the company to collaborate with companies such as S.A.P. for the creation of a solution for provision of deliverables to customers. Such expertise can help the organization in enhancing appropriate dealings with corporate within Australia and globally. For the benefits of pushing competitors into niche markets, it is necessary for the company to act from an informed angle to enjoy value proposition sales. Implications The implementation of these solutions in the market is easy for this company, which already boasts of a reasonable market share. It is important for the company to maintain its trust with clients and ensure that its staffs have adequate training for effective operation within the industry7. Being a large firm and an incumbent in the industry, there is a possibility of enjoying a small competitive landscape from entrants into the market for I.T service provision. Since there is considerable amount of discipline in the industry, it is within the mandates of the law to maintain a legal stance by ensuring that the compan y works within given codes of conduct.Advertising Looking for essay on business economics? Let's see if we can help you! Get your first paper with 15% OFF Learn More It will not have to change its pricing because of its relationship with its customers and the skepticism, which surrounds the I.T outsourcing industry. However, it is required to improve on service differentiation so it can target a different target market than that it competes for with the entrants into the market. Michael Horton has a vertical positioning for influencing of the performance of the company and this gives the company a chance to continue scaling the global market. There is a considerable need for effective people skills management to keep a company on the right path. Since an I.T company deal with numerous people ambiguities, it is just necessary that staffs knowhow to handle issues in the most polite manner. This gives the opportunity for maintaining clients who remain in need of company services and that translates to success8. Works Cited Blackstone, John H., James F. Cox, and John G. Schleier. 2009. â€Å"A tutorial on project management from a theory of constra ints perspective.† International Journal Of Production Research 47, no. 24: 7029-7046. Business Source Complete, EBSCOhost. Camacho, Alejandro E. 2010. â€Å"Assisted Migration: Redefining Nature and Natural Resource Law Under Climate Change.† Yale Journal On Regulation 27, no. 2: 171-255. Business Source Complete, EBSCOhost. Krause, Mark. â€Å"Impacts of Product Differentiation on the Crop Input Supply Industry.† Choices 26, no. 1 (1st Quarter 2011): EconLit with Full Text, EBSCOhost. Morley, Kristi M. 2008. â€Å"Limitation-of-Liability Provisions.† Reeves Journal: Plumbing, Heating, Cooling 88, no. 12: 8. MasterFILE Premier, EBSCOhost. Pringle, James, and Jeroen, Huisman. 2011. â€Å"Understanding Universities in Ontario, Canada: An Industry Analysis Using Porter’s Five Forces Framework.† Canadian Journal Of Higher Education 41, no. 3: 36-58. Education Research Complete, EBSCOhost. Spell, Stephanie M. 2010. â€Å"Capping Auditor Liabilit y: Unsuitable Fiscal Policy In Our Current Financial Crisis.† Brooklyn Journal Of Corporate, Financial Commercial Law 4, no. 2: 323-351. Business Source Complete, EBSCOhost. ZdanytÄâ€", Kristina, and Bronius Neverauskas. 2011. â€Å"The Theoretical Substation Of Project Management Challenges.† Economics Management 16, 1013-1018. Business Source Complete, EBSCOhost. Zekić, Zdravko, and Luka, SamarÃ… ¾ija. 2012. â€Å"Project Management of Dynamic Optimization of Business Performance.† International Business Research 5, no. 12: 99-111. Business Source Complete, EBSCOhost. Footnotes 1 Blackstone, John H., James F. Cox, and John G. Schleier. 2009. â€Å"A tutorial on project management from a theory of constraints perspective.† International Journal Of Production Research 47, no. 24: 7029-7046. Business Source Complete, EBSCOhost. 2 Camacho, Alejandro E. 2010. â€Å"Assisted Migration: Redefining Nature and Natural Resource Law Under Climate Change.â⠂¬  Yale Journal On Regulation 27, no. 2: 171-255. Business Source Complete, EBSCOhost. 3 Krause, Mark. â€Å"Impacts of Product Differentiation on the Crop Input Supply Industry.† Choices 26, no. 1 (1st Quarter 2011): EconLit with Full Text, EBSCOhost . 4 ZdanytÄâ€", Kristina, and Bronius Neverauskas. 2011. â€Å"The Theoretical Substation Of Project Management Challenges.† Economics Management 16, 1013-1018. Business Source Complete, EBSCOhost. 5 Morley, Kristi M. 2008. â€Å"Limitation-of-Liability Provisions.† Reeves Journal: Plumbing, Heating, Cooling 88, no. 12: 8. MasterFILE Premier, EBSCOhost. 6 Spell, Stephanie M. 2010. â€Å"Capping Auditor Liability: Unsuitable Fiscal Policy In Our Current Financial Crisis.† Brooklyn Journal Of Corporate, Financial Commercial Law 4, no. 2: 323-351. Business Source Complete, EBSCOhost. 7 Pringle, James, and Jeroen Huisman. 2011. â€Å"Understanding Universities in Ontario, Canada: An Industry Analysis Using Porter’s Five Forces Framework.† Canadian Journal Of Higher Education 41, no. 3: 36-58. Education Research Complete, EBSCOhost. 8 Zekić, Zdravko, and Luka SamarÃ… ¾ija. 2012. â€Å"Project Management of Dynamic Optimization of Business Performance.† International Business Research 5, no. 12: 99-111. Business Source Complete, EBSCOhost. This essay on Michael Horton: Case Study was written and submitted by user Ultimo to help you with your own studies. You are free to use it for research and reference purposes in order to write your own paper; however, you must cite it accordingly. You can donate your paper here.

Cisa Essays

Cisa Essays Cisa Essay Cisa Essay 1. A benefit of open system architecture is that it: A. facilitates interoperability. B. facilitates the integration of proprietary components. C. will be a basis for volume discounts from equipment vendors. D. allows for the achievement of more economies of scale for equipment. ANSWER: A NOTE: Open systems are those for which suppliers provide components whose interfaces are defined by public standards, thus facilitating interoperability between systems made by different vendors. In contrast, closed system components are built to proprietary standards so that other suppliers systems cannot or will not interface with existing systems. . An IS auditor discovers that developers have operator access to the command line of a production environment operating system. Which of the following controls would BEST mitigate the risk of undetected and unauthorized program changes to the production environment? A. Commands typed on the command line are logged B. Hash keys are calculated periodical ly for programs and matched against hash keys calculated for the most recent authorized versions of the programs C. Access to the operating system command line is granted through an access restriction tool with preapproved rights D. Software development tools and compilers have been removed from the production environment ANSWER: B NOTE: The matching of hash keys over time would allow detection of changes to files. Choice A is incorrect because having a log is not a control, reviewing the log is a control. Choice C is incorrect because the access was already granted- it does not matter how. Choice D is wrong because files can be copied to and from the production environment. 3. In the context of effective information security governance, the primary objective of value delivery is to: A. optimize security investments in support of business objectives. B. implement a standard set of security practices. C. institute a standards-based solution. D. implement a continuous improvement culture. ANSWER: A NOTE: In the context of effective information security governance, value delivery is implemented to ensure optimization of security investments in support of business objectives. The tools and techniques for implementing value delivery include implementation of a standard set of security practices, institutionalization and commoditization of standards-based solutions, and implementation of a continuous improvement culture considering security as a process, not an event. 4. During a review of a business continuity plan, an IS auditor noticed that the point at which a situation is declared to be a crisis has not been defined. The MAJOR risk associated with this is that: A. assessment of the situation may be delayed. B. execution of the disaster recovery plan could be impacted. C. notification of the teams might not occur. D. potential crisis recognition might be ineffective. ANSWER: B NOTE: Execution of the business continuity plan would be impacted if the organization does not know when to declare a crisis. Choices A, C and D are steps that must be performed to know whether to declare a crisis. Problem and severity assessment would provide information necessary in declaring a disaster. Once a potential crisis is recognized, the teams responsible for crisis management need to be notified. Delaying this step until a disaster has been declared would negate the effect of having response teams. Potential crisis recognition is the first step in responding to a disaster. 5. When implementing an IT governance framework in an organization the MOST important objective is: A. IT alignment with the business. B. accountability. C. value realization with IT. D. enhancing the return on IT investments. ANSWER: A NOTE: The goals of IT governance are to improve IT performance, to deliver optimum business value and to ensure regulatory compliance. The key practice in support of these goals is the strategic alignment of IT with the business (choice A). To achieve alignment, all other choices need to be tied to business practices and strategies. 6. When reviewing an implementation of a VoIP system over a corporate WAN, an IS auditor should expect to find: A. an integrated services digital network (ISDN) data link. B. traffic engineering. C. wired equivalent privacy (WEP) encryption of data. D. analog phone terminals. ANSWER: B NOTE: To ensure that quality of service requirements are achieved, the Voice-over IP (VoIP) service over the wide area network (WAN) should be protected from packet losses, latency or jitter. To reach this objective, the network performance can be managed using statistical techniques such as traffic engineering. The standard bandwidth of an integrated services digital network (ISDN) data link would not provide the quality of services required for corporate VoIP services. WEP is an encryption scheme related to wireless networking. The VoIP phones are usually connected to a corporate local area network (LAN) and are not analog. 7. An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. Which of the following is MOST important? A. The tools used to conduct the test B. Certifications held by the IS auditor C. Permission from the data owner of the server D. An intrusion detection system (IDS) is enabled ANSWER: C NOTE: The data owner should be informed of the risks associated with a penetration test, what types of tests are to be conducted and other relevant details. All other choices are not as important as the data owners responsibility for the security of the data assets. 8. Which of the following is a risk of cross-training? A. Increases the dependence on one employee B. Does not assist in succession planning C. One employee may know all parts of a system D. Does not help in achieving a continuity of operations ANSWER: C NOTE: When cross-training, it would be prudent to first assess the risk of any person knowing all parts of a system and what exposures this may cause. Cross-training has the advantage of decreasing dependence on one employee and, hence, can be part of succession planning. It also provides backup for personnel in the event of absence for any reason and thereby facilitates the continuity of operations. 9. The use of digital signatures: A. requires the use of a one-time password generator. B. provides encryption to a message. C. validates the source of a message. D. ensures message confidentiality. ANSWER: C NOTE: The use of a digital signature verifies the identity of the sender, but does not encrypt the whole message, and hence is not enough to ensure confidentiality. A one-time password generator is an option, but is not a requirement for using digital signatures. 0. A retail outlet has introduced radio frequency identification (RFID) tags to create unique serial numbers for all products. Which of the following is the PRIMARY concern associated with this initiative? A. Issues of privacy B. Wavelength can be absorbed by the human body C. RFID tags may not be removable D. RFID eliminates line-of-sight reading ANSWER: A NOTE: The purchaser of an item wil l not necessarily be aware of the presence of the tag. If a tagged item is paid for by credit card, it would be possible to tie the unique ID of that item to the identity of the purchaser. Privacy violations are a significant concern because RFID can carry unique identifier numbers. If desired it would be possible for a firm to track individuals who purchase an item containing an RFID. Choices B and C are concerns of less importance. Choice D is not a concern. 11. A lower recovery time objective (RTO) results in: A. higher disaster tolerance. B. higher cost. C. wider interruption windows. D. more permissive data loss. ANSWER: B NOTE: A recovery time objective (RTO) is based on the acceptable downtime in case of a disruption of operations. The lower the RTO, the higher the cost of recovery strategies. The lower the disaster tolerance, the narrower the interruption windows, and the lesser the permissive data loss. 12. During the requirements definition phase of a software development project, the aspects of software testing that should be addressed are developing: A. test data covering critical applications. B. detailed test plans. C. quality assurance test specifications. D. user acceptance testing specifications. ANSWER: D NOTE: A key objective in any software development project is to ensure that the developed software will meet the business objectives and the requirements of the user. The users should be involved in the requirements definition phase of a development project and user acceptance test specification should be developed during this phase. The other choices are generally performed during the system testing phase. 13. The BEST filter rule for protecting a network from being used as an amplifier in a denial of service (DoS) attack is to deny all: A. outgoing traffic with IP source addresses external to the network. B. incoming traffic with discernible spoofed IP source addresses. C. incoming traffic with IP options set. D. incoming traffic to critical hosts. ANSWER: A NOTE: Outgoing traffic with an IP source address different than the IP range in the network is invalid. In most of the cases, it signals a DoS attack originated by an internal user or by a previously compromised internal machine; in both cases, applying this filter will stop the attack. 14. What is the BEST backup strategy for a large database with data supporting online sales? A. Weekly full backup with daily incremental backup B. Daily full backup C. Clustered servers D. Mirrored hard disks ANSWER: A NOTE: Weekly full backup and daily incremental backup is the best backup strategy; it ensures the ability to recover the database and yet reduces the daily backup time requirements. A full backup normally requires a couple of hours, and therefore it can be impractical to conduct a full backup every day. Clustered servers provide a redundant processing capability, but are not a backup. Mirrored hard disks will not help in case of disaster. 15. Which of the following is a feature of Wi-Fi Protected Access (WPA) in wireless networks? A. Session keys are dynamic B. Private symmetric keys are used C. Keys are static and shared D. Source addresses are not encrypted or authenticated ANSWER: A NOTE: WPA uses dynamic session keys, achieving stronger encryption than wireless encryption privacy (WEP), which operates with static keys (same key is used for everyone in the wireless network). All other choices are weaknesses of WEP. 16. The ultimate purpose of IT governance is to: A. encourage optimal use of IT. B. reduce IT costs. C. decentralize IT resources across the organization. D. centralize control of IT. ANSWER: A NOTE: IT governance is intended to specify the combination of decision rights and accountability that is best for the enterprise. It is different for every enterprise. Reducing IT costs may not be the best IT governance outcome for an enterprise. Decentralizing IT resources across the organization is not always desired, although it may be desired in a decentralized environment. Centralizing control of IT is not always desired. An example of where it might be desired is an enterprise desiring a single point of customer contact. 17. The MAIN purpose of a transaction audit trail is to: A. reduce the use of storage media. B. determine accountability and responsibility for processed transactions. C. help an IS auditor trace transactions. D. provide useful information for capacity planning. ANSWER: B NOTE: Enabling audit trails aids in establishing the accountability and responsibility for processed transactions by tracing them through the information system. Enabling audit trails increases the use of disk space. A transaction log file would be used to trace transactions, but would not aid in determining accountability and responsibility. The objective of capacity planning is the efficient and effective use of IT resources and requires information such as CPU utilization, bandwidth, number of users, etc. 18. An IS auditor invited to a development project meeting notes that no project risks have been documented. When the IS auditor raises this issue, the project manager responds that it is too early to identify risks and that, if risks do start impacting the project, a risk manager will be hired. The appropriate response of the IS auditor would be to: A. tress the importance of spending time at this point in the project to consider and document risks, and to develop contingency plans. B. accept the project managers position as the project manager is accountable for the outcome of the project. C. offer to work with the risk manager when one is appointed. D. inform the project manager that the IS auditor will conduct a review of the risks at the completion of the requirements definition phase of the project. ANSWER: A NO TE: The majority of project risks can typically be identified before a project begins, allowing mitigation/avoidance plans to be put in place to deal with these risks. A project should have a clear link back to corporate strategy and tactical plans to support this strategy. The process of setting corporate strategy, setting objectives and developing tactical plans should include the consideration of risks. Appointing a risk manager is a good practice but waiting until the project has been impacted by risks is misguided. Risk management needs to be forward looking; allowing risks to evolve into issues that adversely impact the project represents a failure of risk management. With or without a risk manager, persons within and outside of the project team need to be consulted and encouraged to comment when they believe new risks have emerged or risk priorities have changed. The IS auditor has an obligation to the project sponsor and the organization to advise on appropriate project management practices. Waiting for the possible appointment of a risk manager represents an unnecessary and dangerous delay to implementing risk management. 19. A data center has a badge-entry system. Which of the following is MOST important to protect the computing assets in the center? A. Badge readers are installed in locations where tampering would be noticed B. The computer that controls the badge system is backed up frequently C. A process for promptly deactivating lost or stolen badges exists D. All badge entry attempts are logged ANSWER: C NOTE: Tampering with a badge reader cannot open the door, so this is irrelevant. Logging the entry attempts may be of limited value. The biggest risk is from unauthorized individuals who can enter the data center, whether they are employees or not. Thus, a process of deactivating lost or stolen badges is important. The configuration of the system does not change frequently, therefore frequent backup is not necessary. 20. Which of the following would impair the independence of a quality assurance team? A. Ensuring compliance with development methods B. Checking the testing assumptions C. Correcting coding errors during the testing process D. Checking the code to ensure proper documentation ANSWER: C NOTE: Correction of code should not be a responsibility of the quality assurance team as it would not ensure segregation of duties and would impair the teams independence. The other choices are valid quality assurance functions. 1. Which of the following is the BEST type of program for an organization to implement to aggregate, correlate and store different log and event files, and then produce weekly and monthly reports for IS auditors? A. A security information event management (SIEM) product B. An open-source correlation engine C. A log management tool D. An extract, transform, load (ETL) system A NSWER: C NOTE: A log management tool is a product designed to aggregate events from many log files (with distinct formats and from different sources), store them and typically correlate them offline to produce many reports (e. . , exception reports showing different statistics including anomalies and suspicious activities), and to answer time-based queries (e. g. , how many users have entered the system between 2 a. m. and 4 a. m. over the past three weeks? ). A SIEM product has some similar features. It correlates events from log files, but does it online and normally is not oriented to storing many weeks of historical information and producing audit reports. A correlation engine is part of a SIEM product. It is oriented to making an online correlation of events. An extract, transform, load (ETL) is part of a business intelligence system, dedicated to extracting operational or production data, transforming that data and loading them to a central repository (data warehouse or data mart); an ETL does not correlate data or produce reports, and normally it does not have extractors to read log file formats. 22. To ensure authentication, confidentiality and integrity of a message, the sender should encrypt the hash of the message with the senders: A. public key and then encrypt the message with the receivers private key. B. private key and then encrypt the message with the receivers public key. C. public key and then encrypt the message with the receivers public key. D. private key and then encrypt the message with the receivers private key. ANSWER: B NOTE: Obtaining the hash of the message ensures integrity; signing the hash of the message with the senders private key ensures the authenticity of the origin, and encrypting the resulting message with the receivers public key ensures confidentiality. The other choices are incorrect. 23. An IS auditor observes a weakness in the tape management system at a data center in that some parameters are set to bypass or ignore tape header records. Which of the following is the MOST effective compensating control for this weakness? A. Staging and job set up B. Supervisory review of logs C. Regular back-up of tapes D. Offsite storage of tapes ANSWER: A NOTE: If the IS auditor finds that there are effective staging and job set up processes, this can be accepted as a compensating control. Choice B is a detective control while choices C and D are corrective controls, none of which would serve as good compensating controls. 24. What is the MOST prevalent security risk when an organization implements remote virtual private network (VPN) access to its network? A. Malicious code could be spread across the network B. VPN logon could be spoofed C. Traffic could be sniffed and decrypted D. VPN gateway could be compromised ANSWER: A NOTE: VPN is a mature technology; VPN devices are hard to break. However, when remote access is enabled, malicious code in a remote client could spread to the organizations network. Though choices B, C and D are security risks, VPN technology largely mitigates these risks. 25. The activation of an enterprises business continuity plan should be based on predetermined criteria that address the: A. duration of the outage. B. ype of outage. C. probability of the outage. D. cause of the outage. ANSWER: A NOTE: The initiation of a business continuity plan (action) should primarily be based on the maximum period for which a business function can be disrupted before the disruption threatens the achievement of organizational objectives. 26. After observing suspicious activities in a server, a manager requests a forensic anal ysis. Which of the following findings should be of MOST concern to the investigator? A. Server is a member of a workgroup and not part of the server domain B. Guest account is enabled on the server C. Recently, 100 users were created in the server D. Audit logs are not enabled for the server ANSWER: D NOTE: Audit logs can provide evidence which is required to proceed with an investigation and should not be disabled. For business needs, a server can be a member of a workgroup and, therefore, not a concern. Having a guest account enabled on a system is a poor security practice but not a forensic investigation concern. Recently creating 100 users in the server may have been required to meet business needs and should not be a concern. 27. Minimum password length and password complexity verification are examples of: A. etection controls. B. control objectives. C. audit objectives. D. control procedures. ANSWER: D NOTE: Control procedures are practices established by management to achieve specific control objectives. Password controls are preventive controls, not detective controls. Control objectives are declarations of expected results from implementing controls and audit objectives a re the specific goals of an audit. 28. Which of the following is an advantage of the top-down approach to software testing? A. Interface errors are identified early B. Testing can be started before all programs are complete C. It is more effective than other testing approaches D. Errors in critical modules are detected sooner ANSWER: A NOTE: The advantage of the top-down approach is that tests of major functions are conducted early, thus enabling the detection of interface errors sooner. The most effective testing approach is dependent on the environment being tested. Choices B and D are advantages of the bottom-up approach to system testing. 29. After initial investigation, an IS auditor has reasons to believe that fraud may be present. The IS auditor should: A. expand activities to determine whether an investigation is warranted. B. report the matter to the audit committee. C. report the possibility of fraud to top management and ask how they would like to proceed. D. consult with external legal counsel to determine the course of action to be taken. ANSWER: A NOTE: An IS auditors responsibilities for detecting fraud include evaluating fraud indicators and deciding whether any additional action is necessary or whether an investigation should be recommended. The IS auditor should notify the appropriate authorities within the organization only if it has determined that the indicators of fraud are sufficient to recommend an investigation. Normally, the IS auditor does not have authority to consult with external legal counsel. 30. As a driver of IT governance, transparency of ITs cost, value and risks is primarily achieved through: A. performance measurement. B. strategic alignment. C. value delivery. D. resource management. ANSWER: A NOTE: Performance measurement includes setting and monitoring measurable objectives of what the IT processes need to deliver (process outcome) and how they deliver it (process capability and performance). Strategic alignment primarily focuses on ensuring linkage of business and IT plans. Value delivery is about executing the value proposition throughout the delivery cycle. Resource management is about the optimal investment in and proper management of critical IT resources. Transparency is primarily achieved through performance measurement as it provides information to the stakeholders on how well the enterprise is performing when compared to objectives. 31. A technical lead who was working on a major project has left the organization. The project manager reports suspicious system activities on one of the servers that is accessible to the whole team. What would be of GREATEST concern if discovered during a forensic investigation? A. Audit logs are not enabled for the system B. A logon ID for the technical lead still exists C. Spyware is installed on the system D. A Trojan is installed on the system ANSWER: A NOTE: Audit logs are critical to the investigation of the event; however, if not enabled, misuse of the logon ID of the technical lead and the guest account could not be established. The logon ID of the technical lead should have been deleted as soon as the employee left the organization but, without audit logs, misuse of the ID is difficult to prove. Spyware installed on the system is a concern but could have been installed by any user and, again, without the presence of logs, discovering who installed the spyware is difficult. A Trojan installed on the system is a concern, but it can be done by any user as it is accessible to the whole group and, without the presence of logs, investigation would be difficult. 32. When using a universal storage bus (USB) flash drive to transport confidential corporate data to an offsite location, an effective control would be to: A. carry the flash drive in a portable safe. B. assure management that you will not lose the flash drive. C. equest that management deliver the flash drive by courier. D. encrypt the folder containing the data with a strong key. ANSWER: D NOTE: Encryption, with a strong key, is the most secure method for protecting the information on the flash drive. Carrying the flash drive in a portable safe does not guarantee the safety of the information in the event that the safe is stolen or lost. No matter what measures you take, the chance of losing the flash drive still exists. It is possible that a courier might lose the flash drive or that it might be stolen. 33. The FIRST step in a successful attack to a system would be: A. gathering information. B. aining access. C. denying services. D. evading detection. ANSWER: A NOTE: Successful attacks start by gathering information about the target system. This is done in advance so that the attacker gets to know the target systems and their vulnerabilities. All of the other choices are based on the information gathered. 34. An IS auditor finds that conference rooms have active network ports. Which of the following is MOST important to ensure? A. The corporate network is using an intrusion prevention system (IPS) B. This part of the network is isolated from the corporate network C. A single sign-on has been implemented in the corporate network D. Antivirus software is in place to protect the corporate network ANSWER: B NOTE: If the conference rooms have access to the corporate network, unauthorized users may be able to connect to the corporate network; therefore, both networks should be isolated either via a firewall or being physically separated. An IPS would detect possible attacks, but only after they have occurred. A single sign-on would ease authentication management. Antivirus software would reduce the impact of possible viruses; however, unauthorized users would still be able to access the corporate network, which is the biggest risk. 5. While observing a full simulation of the business continuity plan, an IS auditor notices that the notification systems within the organizational facilities could be severely impacted by infrastructural damage. The BEST recommendation the IS auditor can provide to the organization is to ensure: A. the salvage team is trained to use the notification system. B. the notification system pro vides for the recovery of the backup. C. redundancies are built into the notification system. D. the notification systems are stored in a vault. ANSWER: C NOTE: If the notification system has been severely impacted by the damage, redundancy would be the best control. The salvage team would not be able to use a severely damaged notification system, even if they are trained to use it. The recovery of the backups has no bearing on the notification system and storing the notification system in a vault would be of little value if the building is damaged. 36. The human resources (HR) department has developed a system to allow employees to enroll in benefits via a web site on the corporate Intranet. Which of the following would protect the confidentiality of the data? A. SSL encryption B. Two-factor authentication C. Encrypted session cookies D. IP address verification ANSWER: A NOTE: The main risk in this scenario is confidentiality, therefore the only option which would provide confidentiality is Secure Socket Layer (SSL) encryption. The remaining options deal with authentication issues. 37. Regarding a disaster recovery plan, the role of an IS auditor should include: A. identifying critical applications. B. determining the external service providers involved in a recovery test. C. observing the tests of the disaster recovery plan. D. etermining the criteria for establishing a recovery time objective (RTO). ANSWER: C NOTE: The IS auditor should be present when disaster recovery plans are tested, to ensure that the test meets the targets for restoration, and the recovery procedures are effective and efficient. As appropriate, the auditor should provide a report of the test results. All other choices are a responsibility of management. 38. Which o f the following is the BEST practice to ensure that access authorizations are still valid? A. Information owner provides authorization for users to gain access B. Identity management is integrated with human resource processes C. Information owners periodically review the access controls D. An authorization matrix is used to establish validity of access ANSWER: B NOTE: Personnel and departmental changes can result in authorization creep and can impact the effectiveness of access controls. Many times when personnel leave an organization, or employees are promoted, transferred or demoted, their system access is not fully removed, which increases the risk of unauthorized access. The best practices for ensuring access authorization is still valid is to integrate identity management with human resources processes. When an employee transfers to a different function, access rights are adjusted at the same time. 39. The application systems of an organization using open-source software have no single recognized developer producing patches. Which of the following would be the MOST secure way of updating open-source software? A. Rewrite the patches and apply them B. Code review and application of available patches C. Develop in-house patches D. Identify and test suitable patches before applying them ANSWER: D NOTE: Suitable patches from the existing developers should be selected and tested before applying them. Rewriting the patches and applying them is not a correct answer because it would require skilled resources and time to rewrite the patches. Code review could be possible but tests need to be performed before applying the patches. Since the system was developed outside the organization, the IT department may not have the necessary skills and resources to develop patches. 40. Which of the following is a prevalent risk in the development of end-user computing (EUC) applications? A. Applications may not be subject to testing and IT general controls B. Increased development and maintenance costs C. Increased application development time D. Decision-making may be impaired due to diminished responsiveness to requests for information ANSWER: A NOTE: End-user developed applications may not be subjected to an independent outside review by systems analysts and frequently are not created in the context of a formal development methodology. These applications may lack appropriate standards, controls, quality assurance procedures, and documentation. A risk of end-user applications is that management may rely on them as much as traditional applications. End-user computing (EUC) systems typically result in reduced application development and maintenance costs, and a reduced development cycle time. EUC systems normally increase flexibility and responsiveness to managements information requests. 41. The MAJOR consideration for an IS auditor reviewing an organizations IT project portfolio is the: A. IT budget. B. existing IT environment. C. business plan. D. investment plan. ANSWER: C NOTE: One of the most important reasons for which projects get funded is how well a project meets an organizations strategic objectives. Portfolio management takes a holistic view of a companys overall IT strategy. IT strategy should be aligned with the business strategy and, hence, reviewing the business plan should be the major consideration. Choices A, B and D are important but secondary to the importance of reviewing the business plan. 42. Which of the following is an attribute of the control self-assessment (CSA) approach? A. Broad stakeholder involvement B. Auditors are the primary control analysts C. Limited employee participation D. Policy driven ANSWER: A NOTE: The control self-assessment (CSA) approach emphasizes management of and accountability for developing and monitoring the controls of an organizations business processes. The attributes of CSA include empowered employees, continuous improvement, extensive employee participation and training, all of which are representations of broad stakeholder involvement. Choices B, C and D are attributes of a traditional audit approach. 43. The BEST method for assessing the effectiveness of a business continuity plan is to review the: A. plans and compare them to appropriate standards. B. results from previous tests. C. emergency procedures and employee training. D. offsite storage and environmental controls. ANSWER: B NOTE: Previous test results will provide evidence of the effectiveness of the business continuity plan. Comparisons to standards will give some assurance that the plan addresses the critical aspects of a business continuity plan but will not reveal anything about its effectiveness. Reviewing emergency procedures, offsite storage and environmental controls would provide insight into some aspects of the plan but would fall short of providing assurance of the plans overall effectiveness. 4. An organization has just completed their annual risk assessment. Regarding the business continuity plan, what should an IS auditor recommend as the next step for the organization? A. Review and evaluate the business continuity plan for adequacy B. Perform a full simulation of the business continuity plan C. Train and educate employees regarding the business continuity plan D. Notify critical contac ts in the business continuity plan ANSWER: A NOTE: The business continuity plan should be reviewed every time a risk assessment is completed for the organization. Training of the employees and a simulation should be performed after the business continuity plan has been deemed adequate for the organization. There is no reason to notify the business continuity plan contacts at this time. 45. Which of the following insurance types provide for a loss arising from fraudulent acts by employees? A. Business interruption B. Fidelity coverage C. Errors and omissions D. Extra expense ANSWER: B NOTE: Fidelity insurance covers the loss arising from dishonest or fraudulent acts by employees. Business interruption insurance covers the loss of profit due to the disruption in the operations of an organization. Errors and omissions insurance provides legal liability protection in the event that the professional practitioner commits an act that results in financial loss to a client. Extra expense insurance is designed to cover the extra costs of continuing operations following a disaster/disruption within an organization. 46. An IS auditor reviewing the risk assessment process of an organization should FIRST: A. identify the reasonable threats to the information assets. B. analyze the technical and organizational vulnerabilities. C. identify and rank the information assets. D. evaluate the effect of a potential security breach. ANSWER: C NOTE: Identification and ranking of information assets- e. g. , data criticality, locations of assets- will set the tone or scope of how to assess risk in relation to the organizational value of the asset. Second, the threats facing each of the organizations assets should be analyzed according to their value to the organization. Third, weaknesses should be identified so that controls can be evaluated to determine if they mitigate the weaknesses. Fourth, analyze how these weaknesses, in absence of given controls, would impact the organization information assets. 47. An organization is using an enterprise resource management (ERP) application. Which of the following would be an effective access control? A. User-level permissions B. Role-based C. Fine-grained D. Discretionary ANSWER: B NOTE: Role-based access controls the system access by defining roles for a group of users. Users are assigned to the various roles and the access is granted based on the users role. User-level permissions for an ERP system would create a larger administrative overhead. Fine-grained access control is very difficult to implement and maintain in the context of a large nterprise. Discretionary access control may be configured or modified by the users or data owners, and therefore may create inconsistencies in the access control management. 48. The sender of a public key would be authenticated by a: A. certificate authority. B. digital signature. C. digital certificate. D. registration authority. ANSWER: C NOTE: A digital certificate is an electronic document that declar es a public key holder is who the holder claims to be. The certificates do handle data authentication as they are used to determine who sent a particular message. A certificate authority issues the digital certificates, and distributes, generates and manages public keys. A digital signature is used to ensure integrity of the message being sent and solve the nonrepudiation issue of message origination. The registration authority would perform most of the administrative tasks of a certificate authority, i. e. , registration of the users of a digital signature plus authenticating the information that is put in the digital certificate. 49. Which of the following is the MOST reliable form of single factor personal identification? A. Smart card B. Password C. Photo identification D. Iris scan ANSWER: D NOTE: Since no two irises are alike, identification and verification can be done with confidence. There is no guarantee that a smart card is being used by the correct person since it can be shared, stolen or lost and found. Passwords can be shared and, if written down, carry the risk of discovery. Photo IDs can be forged or falsified. 50. A business application system accesses a corporate database using a single ID and password embedded in a program. Which of the following would provide efficient access control over the organizations data? A. Introduce a secondary authentication method such as card swipe B. Apply role-based permissions within the application system C. Have users input the ID and password for each database transaction D. Set an expiration period for the database password embedded in the program ANSWER: B NOTE: When a single ID and password are embedded in a program, the best compensating control would be a sound access control over the application layer and procedures to ensure access to data is granted based on a users role. The issue is user permissions, not authentication, therefore adding a stronger authentication does not improve the situation. Having a user input the ID and password for access would provide a better control because a database log would identify the initiator of the activity. However, this may not be efficient because each transaction would require a separate authentication process. It is a good practice to set an expiration date for a password. However, this might not be practical for an ID automatically logged in from the program. Often, this type of password is set not to expire. 51. Which of the following should be the MOST important consideration when deciding areas of priority for IT governance implementation? A. Process maturity B. Performance indicators C. Business risk D. Assurance reports ANSWER: C NOTE: Priority should be given to those areas which represent a known risk to the enterprises operations. The level of process maturity, process performance and audit reports will feed into the decision making process. Those areas that represent real risk to the business should be given priority. 52. An IS auditor has been asked to participate in project initiation meetings for a critical project. The IS auditors MAIN concern should be that the: A. omplexity and risks associated with the project have been analyzed. B. resources needed throughout the project have been determined. C. project deliverables have been identified. D. a contract for external parties involved in the project has been completed. ANSWER: A NOTE: Understanding complexity and risk, and actively managing these throughout a project are critical to a successful outcome. The other choices, while important during the course of the project, cannot be fully determined at the time the project is initiated, and are often contingent upon the risk and complexity of the project. 3. Which of the following would MOST effectively control the usage of universal storage bus (USB) storage devices? A. Policies that require instant dismissal if such devices are found B. Software for tracking and managing USB storage devices C. Administratively disabling the USB port D. Searching personnel for USB storage devices at the facilitys entrance ANSWER: B NOTE: Software for centralized tracking and monitoring would allow a USB usage policy to be applied to each user based on changing business requirements, and would provide for monitoring and reporting exceptions to management. A policy requiring dismissal may result in increased employee attrition and business requirements would not be properly addressed. Disabling ports would be complex to manage and might not allow for new business needs. Searching of personnel for USB storage devices at the entrance to a facility is not a practical solution since these devices are small and could be easily hidden. 54. When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next: A. recommend that the database be normalized. B. review the conceptual data model. C. review the stored procedures. D. review the justification. ANSWER: D NOTE: If the database is not normalized, the IS auditor should review the justification since, in some situations, denormalization is recommended for performance reasons. The IS auditor should not recommend normalizing the database until further investigation takes place. Reviewing the conceptual data model or the stored procedures will not provide information about normalization. 55. Which of the following would be the GREATEST cause for concern when data are sent over the Internet using HTTPS protocol? A. Presence of spyware in one of the ends B. The use of a traffic sniffing tool C. The implementation of an RSA-compliant solution D. A symmetric cryptography is used for transmitting data ANSWER: A NOTE: Encryption using secure sockets layer/transport layer security (SSL/TLS) tunnels makes it difficult to intercept data in transit, but when spyware is running on an end users computer, data are collected before encryption takes place. The other choices are related to encrypting the traffic, but the presence of spyware in one of the ends captures the data before encryption takes place. 56. At the completion of a system development project, a postproject review should include which of the following? A. Assessing risks that may lead to downtime after the production release B. Identifying lessons learned that may be applicable to future projects C. Verifying the controls in the delivered system are working D. Ensuring that test data are deleted ANSWER: B NOTE: A project team has something to learn from each and every project. As risk assessment is a key issue for project management, it is important for the organization to accumulate lessons learned and integrate them into future projects. An assessment of potential downtime should be made with the operations group and other specialists before implementing a system. Verifying that controls are working should be covered during the acceptance test phase and possibly, again, in the postimplementation review. Test data should be retained for future regression testing. 57. While reviewing the IT infrastructure, an IS auditor notices that storage resources are continuously being added. The IS auditor should: A. recommend the use of disk mirroring. B. review the adequacy of offsite storage. C. eview the capacity management process. D. recommend the use of a compression algorithm. ANSWER: C NOTE: Capacity management is the planning and monitoring of computer resources to ensure that available IT resources are used efficiently and effectively. Business criticality must be considered before recommending a disk mirroring solution and offsite storage is unrelated to the problem. Though data compression may save disk space, it coul d affect system performance. 58. Which of the following would be MOST important for an IS auditor to verify when conducting a business continuity audit? A. Data backups are performed on a timely basis B. A recovery site is contracted for and available as needed C. Human safety procedures are in place D. Insurance coverage is adequate and premiums are current ANSWER: C NOTE: The most important element in any business continuity process is the protection of human life. This takes precedence over all other aspects of the plan. 59. While reviewing sensitive electronic work papers, the IS auditor noticed that they were not encrypted. This could compromise the: A. audit trail of the versioning of the work papers. B. approval of the audit phases. C. access rights to the work papers. D. confidentiality of the work papers. ANSWER: D NOTE: Encryption provides confidentiality for the electronic work papers. Audit trails, audit phase approvals and access to the work papers do not, of themselves, affect the confidentiality but are part of the reason for requiring encryption. 60. An IS auditor reviewing an accounts payable system discovers that audit logs are not being reviewed. When this issue is raised with management the response is that additional controls are not necessary because effective system access controls are in place. The BEST response the auditor can make is to: A. review the integrity of system access controls. B. accept managements statement that effective access controls are in place. C. stress the importance of having a system control framework in place. D. review the background checks of the accounts payable staff. ANSWER: C NOTE: Experience has demonstrated that reliance purely on preventative controls is dangerous. Preventative controls may not prove to be as strong as anticipated or their effectiveness can deteriorate over time. Evaluating the cost of controls versus the quantum of risk is a valid management concern. However, in a high-risk system a comprehensive control framework is needed. Intelligent design should permit additional detective and corrective controls to be established that dont have high ongoing costs, e. g. , automated interrogation of logs to highlight suspicious individual transactions or data patterns. Effective access controls are, in themselves, a positive but, for reasons outlined above, may not sufficiently compensate for other control weaknesses. In this situation the IS auditor needs to be proactive. The IS auditor has a fundamental obligation to point out control weaknesses that give rise to unacceptable risks to the organization and work with management to have these corrected. Reviewing background checks on accounts payable staff does not provide evidence that fraud will not occur. 61. A firewall is being deployed at a new location. Which of the following is the MOST important factor in ensuring a successful deployment? A. Reviewing logs frequently B. Testing and validating the rules C. Training a local administrator at the new location D. Sharing firewall administrative duties ANSWER: B NOTE: A mistake in the rule set can render a firewall insecure. Therefore, testing and validating the rules is the most important factor in ensuring a successful deployment. A regular review of log files would not start until the deployment has been completed. Training a local administrator may not be necessary if the firewalls are managed from a central location. Having multiple administrators is a good idea, but not the most important. 62. When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned with the risk of: A. xcessive transaction turnaround time. B. application interface failure. C. improper transaction authorization. D. nonvalidated batch totals. ANSWER: C NOTE: Foremost among the risks associated with electronic data interchange (EDI) is improper transaction authorization. Since the interaction with the parties is electronic, there is no inherent authentication. The other choices, although risks, are not as significant. 63. The PRIMARY objective of implementing corporate governance by an organizations management is to: A. provide strategic direction. B. control business operations. C. align IT with business. D. implement best practices. ANSWER: A NOTE: Corporate governance is a set of management practices to provide strategic direction, thereby ensuring that goals are achievable, risks are properly addressed and organizational resources are properly utilized. Hence, the primary objective of corporate governance is to provide strategic direction. Based on the strategic direction, business operations are directed and controlled. 64. To determine if unauthorized changes have been made to production code the BEST audit procedure is to: A. xamine the change control system records and trace them forward to object code files. B. review access control permissions operating within the production program libraries. C. examine object code to find instances of changes and trace them back to change control records. D. review change approved designations established within the change control system. ANSWER: C NOTE: The procedure of examining object code files to establish in stances of code changes and tracing these back to change control system records is a substantive test that directly addresses the risk of unauthorized code changes. The other choices are valid procedures to apply in a change control audit but they do not directly address the risk of unauthorized code changes. 65. When reviewing an active project, an IS auditor observed that, because of a reduction in anticipated benefits and increased costs, the business case was no longer valid. The IS auditor should recommend that the: A. project be discontinued. B. business case be updated and possible corrective actions be identified. C. project be returned to the project sponsor for reapproval. D. project be ompleted and the business case be updated later. ANSWER: B NOTE: An IS auditor should not recommend discontinuing or completing the project before reviewing an updated business case. The IS auditor should recommend that the business case be kept current throughout the project since it is a key input to decisions made throughout the life of any project. 66. Which of the following audit techniques would BEST aid an auditor in determining whether there hav e been unauthorized program changes since the last authorized program update? A. Test data run B. Code review C. Automated code comparison D. Review of code migration procedures ANSWER: C NOTE: An automated code comparison is the process of comparing two versions of the same program to determine whether the two correspond. It is an efficient technique because it is an automated procedure. Test data runs permit the auditor to verify the processing of preselected transactions, but provide no evidence about unexercised portions of a program. Code review is the process of reading program source code listings to determine whether the code contains potential errors or inefficient statements. A code review can be used as a means of code comparison but it is inefficient. The review of code migration procedures would not detect program changes. 67. Doing which of the following during peak production hours could result in unexpected downtime? A. Performing data migration or tape backup B. Performing preventive maintenance on electrical systems C. Promoting applications from development to the staging environment D. Replacing a failed power supply in the core router of the data center ANSWER: B NOTE: Choices A and C are processing events which may impact performance, but ould not cause downtime. Enterprise-class routers have redundant hot-swappable power supplies, so replacing a failed power supply should not be an issue. Preventive maintenance activities should be scheduled for non-peak times of the day, and preferably during a maintenance window time period. A mishap or incident caused by a maintenance worker could result in unplanned downtime. 68. Which of the following is the MOST robust method for disposing of magnetic media that contains confidential information? A. Degaussing B. Defragmenting C. Erasing D. Destroying ANSWER: D NOTE: Destroying magnetic media is the only way to assure that confidential information cannot be recovered. Degaussing or demagnetizing is not sufficient to fully erase information from magnetic media. The purpose of defragmentation is to eliminate fragmentation in file systems and does not remove information. Erasing or deleting magnetic media does not remove the information; this method simply changes a files indexing information. 69. The MAIN criterion for determining the severity level of a service disruption incident is: A. cost of recovery. B. negative public opinion. C. geographic location. D. downtime. ANSWER: D NOTE: The longer the period of time a client cannot be serviced, the greater the severity of the incident. The cost of recovery could be minimal yet the service downtime could have a major impact. Negative public opinion is a symptom of an incident. Geographic location does not determine the severity of the incident. 70. During the design of a business continuity plan, the business impact analysis (BIA) identifies critical processes and supporting applications. This will PRIMARILY influence the: A. responsibility for maintaining the business continuity plan. B. criteria for selecting a recovery site provider. C. recovery strategy. D. responsibilities of key personnel. ANSWER: C NOTE: The most appropriate strategy is selected based on the relative risk level and criticality identified in the business impact analysis (BIA. ), The other choices are made after the selection or design of the appropriate recovery strategy. 71. What is the lowest level of the IT governance maturity model where an IT balanced scorecard exists? A. Repeatable but Intuitive B. Defined C. Managed and Measurable D. Optimized ANSWER: B NOTE: Defined (level 3) is the lowest level at which an IT balanced scorecard is defined. 2. During the system testing phase of an application development project the IS auditor should review the: A. conceptual design specifications. B. vendor contract. C. error reports. D. program change requests. ANSWER: C NOTE: Testing is crucial in determining that user requirements have been validated. The IS auditor should be involved in this phase and review error reports for their precision in re cognizing erroneous data and review the procedures for resolving errors. A conceptual design specification is a document prepared during the requirements definition phase. A vendor ontract is prepared during a software acquisition process. Program change requests would normally be reviewed as a part of the postimplementation phase. 73. When reviewing procedures for emergency changes to programs, the IS auditor should verify that the procedures: A. allow changes, which will be completed using after-the-fact follow-up. B. allow undocumented changes directly to the production library. C. do not allow any emergency changes. D. allow programmers permanent access to production programs. ANSWER: A NOTE: There may be situations where emergency fixes are required to resolve system problems. This involves the use of special logon IDs that grant programmers temporary access to production programs during emergency situations. Emergency changes should be completed using after-the-fact follow-up procedures, which ensure that normal procedures are retroactively applied; otherwise, production may be impacted. Changes made in this fashion should be held in an emergency library from where they can be moved to the production library, following the normal change management process. Programmers should not directly alter the production library nor should they be allowed permanent access to production programs. 4. Though management has stated otherwise, an IS auditor has reasons to believe that the organization is using software that is not licensed. In this situation, the IS auditor should: A. include the statement of management in the audit report. B. identify whether such software is, indeed, being used by the organization. C. reconfirm with management the usage of the software. D . discuss the issue with senior management since reporting this could have a negative impact on the organization. ANSWER: B NOTE: When there is an indication that an organization might be using nlicensed software, the IS auditor should obtain sufficient evidence before including it in the report. With respect to this matter, representations obtained from management cannot be independently verified. If the organization is using software that is not licensed, the auditor, to maintain objectivity and independence, must include this in the report. 75. Which of the following would be BEST prevented by a raised floor in the computer machine room? A. Damage of wires around computers and servers B. A power failure from static electricity C. Shocks from earthquakes D. Water flood damage ANSWER: A NOTE: The primary reason for having a raised floor is to enable power cables and data cables to be installed underneath the floor. This eliminates the safety and damage risks posed when cables are placed in a spaghetti-like fashion on an open floor. Static electricity should be avoided in the machine room; therefore, measures such as specially manufactured carpet or shoes would be more appropriate for static prevention than a raised floor. Raised floors do not address shocks from earthquakes. To address earthquakes, anti-seismic architecture would be required to establish a quake-resistant structural framework. Computer equipment needs to be protected against water. However, a raised floor would not prevent damage to the machines in the event of overhead water pipe leakage. 76. The network of an organization has been the victim of several intruders attacks. Which of the following measures would allow for the early detection of such incidents? A. Antivirus software B. Hardening the servers C. Screening routers D. Honeypots ANSWER: D NOTE: Honeypots can collect data on precursors of attacks. Since they serve no business function, honeypots are hosts that have no authorized users other than the honeypot administrators. All activity directed at them is considered suspicious. Attackers will scan and attack honeypots, giving administrators data on new trends and attack tools, particularly malicious code. However, honeypots are a supplement to, not a replacement for, properly securing networks, systems and applications. If honeypots are to be used by an organization, qualified incident handlers and intrusion detection analysts should manage them. The other choices do not provide indications of potential attacks. 77. The purpose of a deadman door controlling access to a computer facility is primarily to: A. prevent piggybacking. B. prevent toxic gases from entering the data center. C. starve a fire of oxygen. D. prevent an excessively rapid entry to, or exit from, the facility. ANSWER: A NOTE: The purpose of a deadman door controlling access to a computer facility is primarily intended to prevent piggybacking. Choices B and C could be accomplished with a single self-closing door. Choice D is invalid, as a rapid exit may be necessary in some circumstances, e. g. , a fire. 78. The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to: A. comply with regulatory requirements. B. rovide a basis for drawing reasonable conclusions. C. ensure complete audit coverage. D. perform the audit according to the defined scope. ANSWER: B NOTE: The scope of an IS audit is defined by its objectives. This involves identifying control weaknesses relevant to the scope of the audit. Obtaining sufficient and appropriate evidence assists the auditor in not only identifying control weakness es but also documenting and validating them. Complying with regulatory requirements, ensuring coverage and the execution of audit are all relevant to an audit but are not the reason why sufficient and relevant evidence is required. 9. During the audit of a database server, which of the following would be considered the GREATEST exposure? A. The password does not expire on the administrator account B. Default global security settings for the database remain unchanged C. Old data have not been purged D. Database activity is not fully logged ANSWER: B NOTE: Default security settings for the database could allow issues like blank user passwords or passwords that were the same as the username. Logging all database activity is not practical. Failure to purge old data may present a performance issue but is not an immediate security concern. Choice A is an exposure but not as serious as B. 80. An IS auditor finds that a DBA has read and write access to production data. The IS auditor should: A. accept the DBA access as a common practice. B. assess the controls relevant to the DBA function. C. recommend the immediate revocation of the DBA access to production data. D. review user access authorizations approved by the DBA. ANSWER: B NOTE: It is good practice when finding a potential exposure to look for the best controls. Though granting the database administrator (DBA) access to production data might be a common practice, the IS auditor should evaluate the relevant controls. The DBA should have access based on a need-to-know and need-to-do basis; therefore, revocation may remove the access required. The DBA, typically, may need to have access to some production data. Granting user authorizations is the responsibility of the data owner and not the DBA. 81. What should be the GREATEST concern to an IS auditor when employees use portable media (MP3 players, flash drives)? A. The copying of sensitive data on them B. The copying of songs and videos on them C. The cost of these devices multipl