- All Exams Instant Download
Cross-site scripting (XSS) attacks are BEST prevented through:
Cross-site scripting (XSS) attacks are BEST prevented through:A . application firewall policy settings. B. a three-tier web architecture. C. secure coding practices. D. use of common industry frameworks.View AnswerAnswer: C
Which of the following is the BEST control to prevent the transfer of files to external parties through instant messaging (IM) applications?
Which of the following is the BEST control to prevent the transfer of files to external parties through instant messaging (IM) applications?A . File level encryption B. File Transfer Protocol (FTP) C. Instant messaging policy D. Application level firewallsView AnswerAnswer: D
When reviewing an organization's information security policies, an IS auditor should verify that the policies have been defined PRIMARILY on the basis of:
When reviewing an organization's information security policies, an IS auditor should verify that the policies have been defined PRIMARILY on the basis of:A . a risk management process. B. an information security framework. C. past information security incidents. D. industry best practices.View AnswerAnswer: B
Which of the following is MOST important to ensure when planning a black box penetration test?
Which of the following is MOST important to ensure when planning a black box penetration test?A . The management of the client organization is aware of the testing. B. The test results will be documented and communicated to management. C. The environment and penetration test scope have been determined. D....
What should the auditor recommend be done FIRST?
An IS auditor finds that a key Internet-facing system is vulnerable to attack and that patches are not available . What should the auditor recommend be done FIRST?A . Implement a new system that can be patched. B. Implement additional firewalls to protect the system. C. Decommission the server. D....
During the design phase of a software development project, the PRIMARY responsibility of an IS auditor is to evaluate the:
During the design phase of a software development project, the PRIMARY responsibility of an IS auditor is to evaluate the:A . Future compatibility of the application. B. Proposed functionality of the application. C. Controls incorporated into the system specifications. D. Development methodology employed.View AnswerAnswer: C
Which of the following should be the FIRST course of action?
A data breach has occurred due lo malware . Which of the following should be the FIRST course of action?A . Notify the cyber insurance company. B. Shut down the affected systems. C. Quarantine the impacted systems. D. Notify customers of the breach.View AnswerAnswer: C
To confirm integrity for a hashed message, the receiver should use:
To confirm integrity for a hashed message, the receiver should use:A . the same hashing algorithm as the sender's to create a binary image of the file. B. a different hashing algorithm from the sender's to create a binary image of the file. C. the same hashing algorithm as the...
Which of the following is the IS auditor's BEST recommendation to facilitate compliance with the regulation?
A new regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification . Which of the following is the IS auditor's BEST recommendation to facilitate compliance with the regulation?A . Include the requirement in the incident management response plan. B. Establish key performance indicators...
Which of the following is the BEST detective control for a job scheduling process involving data transmission?
Which of the following is the BEST detective control for a job scheduling process involving data transmission?A . Metrics denoting the volume of monthly job failures are reported and reviewed by senior management. B. Jobs are scheduled to be completed daily and data is transmitted using a Secure File Transfer...
