- All Exams Instant Download
Which of the following should MOST concern an IS auditor reviewing an intrusion detection system (IDS)?
Which of the following should MOST concern an IS auditor reviewing an intrusion detection system (IDS)?A . Number of false-negativesB . Number of false-positivesC . Legitimate traffic blocked by the systemD . Reliability of IDS logsView AnswerAnswer: A
You are part of a security staff at a highly profitable bank and each day, all traffic on the network is logged for later review. Every Friday when major deposits are made you're seeing a series of bits placed in the "Urgent Pointer" field of a TCP packet.
You are part of a security staff at a highly profitable bank and each day, all traffic on the network is logged for later review. Every Friday when major deposits are made you're seeing a series of bits placed in the "Urgent Pointer" field of a TCP packet. This is...
Which of the following is the manager’s BEST response to this situation?
An IS audit manager has been asked to perform a quality review on an audit that the same manager also supervised. Which of the following is the manager’s BEST response to this situation?A . Notify the audit committee of the situation.B . Escalate the situation to senior audit leadership.C ....
Which of the following would be MOST helpful to an IS auditor to determine whether duplicate vendor payments exist?
An organization is concerned about duplicate vendor payments on a complex system with a high volume of transactions. Which of the following would be MOST helpful to an IS auditor to determine whether duplicate vendor payments exist?A . Computer-assisted techniqueB . Stop-and-go testingC . Statistical samplingD . Judgmental samplingView AnswerAnswer:...
In a follow-up audit, an IS auditor notes that management has addressed the original findings in a different way than originally agreed upon. The auditor should FIRST:
In a follow-up audit, an IS auditor notes that management has addressed the original findings in a different way than originally agreed upon. The auditor should FIRST:A . mark the recommendation as satisfied and close the findingB . verify if management’s action mitigates the identified riskC . re-perform the audit...
Which of the following is the PRIMARY reason for an IS auditor to issue an interim audit report?
Which of the following is the PRIMARY reason for an IS auditor to issue an interim audit report?A . To avoid issuing a final audit reportB . To enable the auditor to complete the engagement in a timely mannerC . To provide feedback to the auditee for timely remediationD ....
Which of the following data protection principles MUST be implemented to address this gap?
An IS auditor reviewing an organization’s data privacy controls observes that privacy notices do not clearly state how the organization uses customer data for its processing operations. Which of the following data protection principles MUST be implemented to address this gap?A . Maintenance of data integrityB . Access to collected...
What is the BEST control to detect errors in the system?
An IS auditor is mapping controls to risk for an accounts payable system. What is the BEST control to detect errors in the system?A . Alignment of the process to business objectivesB . Quality control review of new paymentsC . Management approval of paymentsD . Input validationView AnswerAnswer: D
Which of the following should be evaluated FIRST?
A multinational organization is introducing a security governance framework. The information security manager’s concern is that regional security practices differ. Which of the following should be evaluated FIRST?A . Local regulatory requirementsB . Local IT requirementsC . Cross-border data mobilityD . Corporate security objectivesView AnswerAnswer: A
Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things?
Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things? A. Governing B. Culture C. Enabling and support D. EmergenceView AnswerAnswer: B Explanation: Culture is a pattern of behaviors, beliefs, assumptions, attitudes and...
