Prepared by Kamal Khan,
CISA, CISSP, CITP, MBCS
Based on Volume 1, 2011—Virtualization Security, Challenges and Solutions
Value— 1 Hour of CISA/CISM/CGEIT/CRISC Continuing Professional Education (CPE) Credit
TRUE OR FALSE
CHAUDHURI, VON SOLMS AND CHAUDHURI ARTICLE
1. Virtualization is a software technology that divides a physical
resource into virtual resources called virtual machines (VMs).
2. Network virtualization hides the physical nature of server
resources, including the number and identity of individual
servers, processors and operating systems (OSs).
3. According to Gartner, 50 percent of virtualized servers will
be less secure than the physical servers they replaced through
4. The most important software in a virtual IT system is the
hypervisor. Any security vulnerability in the hypervisor
software will put VMs at risk of failure.
5. A Gartner study indicates that by 2012, almost 50 percent of
servers will be virtualized throughout the world.
KANDRA, SEWELL AND NYAMARI ARTICLE
6. It is as important to develop and tune soft skills as it is to
demonstrate the right knowledge through certifications and
have experience with relevant standards, legislation and
7. The auditor’s focus is to be critical of the individual rather
than the organizational policies, procedures and process.
8. A KPMG report examining financial services firms in the UK
and India highlights the “soft skills gap” by noting that 58
percent of organizations in the UK and more than 62 percent
of organizations in India struggle to recruit the right talent.
9. ISACA’s Young Professional Subcommittee (YPS) was
formed in 2009 to facilitate the development of a community
that meets the needs of young professionals.
SOOD AND ENBODY ARTICLE
10. Cross-site Scripting (XSS) worms are self-replicating in nature
and spread rapidly on social networking sites because of the
interconnection among various profiles.
11. The first step of the model to explain the working of worms
occurs when the malware waits for the user to visit and log in
to a specific social networking web site.
12. The major factor that contributes to the spreading of malware
is user ignorance regarding the technology used on social
networking web sites.
13. Users should run unpatched OSs to avoid the exploitation of
vulnerabilities in various components of installed software.
14. Any business that accepts credit or debit payments is likely
required to comply with the Payment Card Industry Data
Security Standard (PCI DSS)—measures created in 2005.
15. Members of the National Retail Federation have collectively
spent more than US $10 billion so far on PCI DSS compliance
as part of their security programs.
16. Information integrity is a key information security component
related to player trust.
17. Architecture represents how security processes are automated
by the use of technology.