- All Exams Instant Download
Which of the following is the IS auditor's BEST course of action?
During an ongoing audit, management requests a briefing on the findings to date. Which of the following is the IS auditor's BEST course of action?A . Review working papers with the auditee. B. Request the auditee provide management responses. C. Request management wait until a final report is ready for...
Coding standards provide which of the following?
Coding standards provide which of the following?A . Program documentation B. Access control tables C. Data flow diagrams D. Field naming conventionsView AnswerAnswer: D
The implementation of an IT governance framework requires that the board of directors of an organization:
The implementation of an IT governance framework requires that the board of directors of an organization:A . Address technical IT issues. B. Be informed of all IT initiatives. C. Have an IT strategy committee. D. Approve the IT strategy.View AnswerAnswer: D
Which of the following is the PRIMARY concern when negotiating a contract for a hot site?
Which of the following is the PRIMARY concern when negotiating a contract for a hot site?A . Availability of the site in the event of multiple disaster declarations B. Coordination with the site staff in the event of multiple disaster declarations C. Reciprocal agreements with other organizations D. Complete testing...
Which of the following components of a risk assessment is MOST helpful to management in determining the level of risk mitigation to apply?
Which of the following components of a risk assessment is MOST helpful to management in determining the level of risk mitigation to apply?A . Risk identification B. Risk classification C. Control self-assessment (CSA) D. Impact assessmentView AnswerAnswer: D
Which of the following is the PRIMARY advantage of parallel processing for a new system implementation?
Which of the following is the PRIMARY advantage of parallel processing for a new system implementation?A . Assurance that the new system meets functional requirements B. More time for users to complete training for the new system C. Significant cost savings over other system implemental or approaches D. Assurance that...
What is the MOST important task before implementing any associated email controls?
Management is concerned about sensitive information being intentionally or unintentionally emailed as attachments outside the organization by employees. What is the MOST important task before implementing any associated email controls?A . Require all employees to sign nondisclosure agreements (NDAs). B. Develop an acceptable use policy for end-user computing (EUC). C....
Which of the following is MOST important to ensure when developing an effective security awareness program?
Which of the following is MOST important to ensure when developing an effective security awareness program?A . Training personnel are information security professionals. B. Phishing exercises are conducted post-training. C. Security threat scenarios are included in the program content. D. Outcome metrics for the program are established.View AnswerAnswer: D
Which of the following is a social engineering attack method?
Which of the following is a social engineering attack method?A . An unauthorized person attempts to gam access to secure premises by following an authonzed person through a secure door. B. An employee is induced to reveal confidential IP addresses and passwords by answering questions over the phone. C. A...
Which of the following is the BEST way to address segregation of duties issues in an organization with budget constraints?
Which of the following is the BEST way to address segregation of duties issues in an organization with budget constraints?A . Rotate job duties periodically. B. Perform an independent audit. C. Hire temporary staff. D. Implement compensating controls.View AnswerAnswer: D
