- All Exams Instant Download
Which of the following is MOST important to ensure when planning a black box penetration test?
Which of the following is MOST important to ensure when planning a black box penetration test?A . The management of the client organization is aware of the testing. B. The test results will be documented and communicated to management. C. The environment and penetration test scope have been determined. D....
Which of the following is MOST important for an IS auditor to review when evaluating the accuracy of a spreadsheet that contains several macros?
Which of the following is MOST important for an IS auditor to review when evaluating the accuracy of a spreadsheet that contains several macros?A . Encryption of the spreadsheet B. Version history C. Formulas within macros D. Reconciliation of key calculationsView AnswerAnswer: D
Which of the following is the PRIMARY concern when negotiating a contract for a hot site?
Which of the following is the PRIMARY concern when negotiating a contract for a hot site?A . Availability of the site in the event of multiple disaster declarations B. Coordination with the site staff in the event of multiple disaster declarations C. Reciprocal agreements with other organizations D. Complete testing...
Which of the following BEST indicates the effectiveness of an organization's risk management program?
Which of the following BEST indicates the effectiveness of an organization's risk management program?A . Inherent risk is eliminated. B. Residual risk is minimized. C. Control risk is minimized. D. Overall risk is quantified.View AnswerAnswer: B
The implementation of an IT governance framework requires that the board of directors of an organization:
The implementation of an IT governance framework requires that the board of directors of an organization:A . Address technical IT issues. B. Be informed of all IT initiatives. C. Have an IT strategy committee. D. Approve the IT strategy.View AnswerAnswer: D
Which of the following metrics BEST indicates the effectiveness of awareness training?
An organization conducted an exercise to test the security awareness level of users by sending an email offering a cash reward 10 those who click on a link embedded in the body of the email. Which of the following metrics BEST indicates the effectiveness of awareness training?A . The number...
Which of the following is MOST important for an IS auditor to understand when reviewing this decision?
An organization's enterprise architecture (EA) department decides to change a legacy system's components while maintaining its original functionality. Which of the following is MOST important for an IS auditor to understand when reviewing this decision?A . The current business capabilities delivered by the legacy system B. The proposed network topology...
Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organization's information security policy?
Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organization's information security policy?A . Alignment with the IT tactical plan B. IT steering committee minutes C. Compliance with industry best practice D. Business objectivesView AnswerAnswer: D
Which of the following should be the IS auditor's NEXT course of action?
Prior to a follow-up engagement, an IS auditor learns that management has decided to accept a level of residual risk related to an audit finding without remediation. The IS auditor is concerned about management's decision. Which of the following should be the IS auditor's NEXT course of action?A . Accept...
When an intrusion into an organization network is deleted, which of the following should be done FIRST?
When an intrusion into an organization network is deleted, which of the following should be done FIRST?A . Block all compromised network nodes. B. Contact law enforcement. C. Notify senior management. D. Identity nodes that have been compromised.View AnswerAnswer: D
