Which of the following data would be used when performing a business impact analysis (BIA)?
When an intrusion into an organization network is deleted, which of the following should be done FIRST?
An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?
IS management has recently disabled certain referential integrity controls in the database management system (DBMS) software to provide users increased query performance. Which of the following controls will MOST effectively compensate for the lack of referential integrity?
Which of the following is MOST useful for determining whether the goals of IT are aligned with the organization's goals?
Which of the following would be to MOST concern when determine if information assets are adequately safequately safeguarded during transport and disposal?
An IS auditor finds that firewalls are outdated and not supported by vendors. Which of the following should be the auditor's NEXT course of action?
During an exit interview, senior management disagrees with some of me facts presented m the draft audit report and wants them removed from the report. Which of the following would be the auditor's BEST course of action?
An information systems security officer's PRIMARY responsibility for business process applications is to:
An organization conducted an exercise to test the security awareness level of users by sending an email offering a cash reward 10 those who click on a link embedded in the body of the email. Which of the following metrics BEST indicates the effectiveness of awareness training?
An organization has recently acquired and implemented intelligent-agent software for granting loans to customers. During the post-implementation review, which of the following is the MOST important procedure for the IS auditor to perform?
An IS auditor finds that a key Internet-facing system is vulnerable to attack and that patches are not available. What should the auditor recommend be done FIRST?
Which of the following is the BEST way to address segregation of duties issues in an organization with budget constraints?
Which of the following tests would provide the BEST assurance that a health care organization is handling patient data appropriately?
Which of the following attack techniques will succeed because of an inherent security weakness in an Internet firewall?
When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:
When implementing Internet Protocol security (IPsec) architecture, the servers involved in application delivery:
The waterfall life cycle model of software development is BEST suited for which of the following situations?
An IS auditor has been asked to assess the security of a recently migrated database system that contains personal and financial data for a bank's customers. Which of the following controls is MOST important for the auditor to confirm is in place?
In a 24/7 processing environment, a database contains several privileged application accounts with passwords set to never expire. Which of the following recommendations would BEST address the risk with minimal disruption to the business?
When evaluating the design of controls related to network monitoring, which of the following is MOST important for an IS auditor to review?
A new regulation in one country of a global organization has recently prohibited cross-border transfer of personal data. An IS auditor has been asked to determine the organization's level of exposure In the affected country. Which of the following would be MOST helpful in making this assessment?
The performance, risks, and capabilities of an IT infrastructure are BEST measured using a:
Which of the following should an IS auditor recommend as a PRIMARY area of focus when an organization decides to outsource technical support for its external customers?
A manager Identifies active privileged accounts belonging to staff who have left the organization. Which of the following is the threat actor In this scenario?
Which of the following should be an IS auditor's PRIMARY focus when developing a risk-based IS audit program?
Which of the following is the MOST effective control to mitigate unintentional misuse of authorized access?
Which of the following should be GREATEST concern to an IS auditor reviewing data conversion and migration during the implementation of a new application system?
Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?
Which of the following is the BEST control to prevent the transfer of files to external parties through instant messaging (IM) applications?
An IS auditor is analyzing a sample of accesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found Which sampling method would be appropriate?
Which of the following occurs during the issues management process for a system development project?
An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization s objectives?
An IS auditor is reviewing the release management process for an in-house software development solution. In which environment Is the software version MOST likely to be the same as production?