- All Exams Instant Download
Which of the following is MOST relevant to creating the policy?
A small organization is experiencing rapid growth and plans to create a new information security policy. Which of the following is MOST relevant to creating the policy?A . Industry standardsB . The business impact analysisC . The business objectivesD . Previous audit recommendationsView AnswerAnswer: C
What is the MOST significant risk from this observation?
An IS auditor is observing transaction processing and notes that a high-priority update job ran out of sequence. What is the MOST significant risk from this observation?A . Previous jobs may have failed.B . The job may not have run to completion.C . Daily schedules may not be accurate.D ....
Which of the following should the IS auditor use to BEST determine whether a project has met its business objectives?
Which of the following should the IS auditor use to BEST determine whether a project has met its business objectives?A . Earned-value analysisB . Completed project planC . Issues log with resolutionsD . Benefits realization documentView AnswerAnswer: D
Which of the following audit risk is related to material errors or misstatements that have occurred that will not be detected by an IS auditor?
Which of the following audit risk is related to material errors or misstatements that have occurred that will not be detected by an IS auditor?A . Inherent RiskB . Control RiskC . Detection RiskD . Overall Audit RiskView AnswerAnswer: C The risk that material errors or misstatements that have occurred...
Which of the following would BEST help to ensure that IS audit still covers key risk areas within the IT environment as part of its annual plan?
An organization has made a strategic decision to split into separate operating entities to improve profitability. However, the IT infrastructure remains shared between the entities. Which of the following would BEST help to ensure that IS audit still covers key risk areas within the IT environment as part of its...
Which of the following cloud deployment model can be shared by several organizations?
Which of the following cloud deployment model can be shared by several organizations?A . Private CloudB . Community CloudC . Public CloudD . Hybrid CloudView AnswerAnswer: B Explanation: In Community cloud, the cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared...
Which of the following control helps to identify an incident’s activities and potentially an intruder?
Which of the following control helps to identify an incident’s activities and potentially an intruder?A . DeterrentB . PreventiveC . DetectiveD . CompensatingView AnswerAnswer: C Explanation: Detective control helps identify an incident’s activities and potentially an intruder For your exam you should know below information about different security controls Deterrent...
Which of the following security control is intended to avoid an incident from occurring?
Which of the following security control is intended to avoid an incident from occurring?A . DeterrentB . PreventiveC . CorrectiveD . RecoveryView AnswerAnswer: B Explanation: Preventive controls are intended to avoid an incident from occurring For your exam you should know below information about different security controls Deterrent Controls Deterrent...
Which of the following should an IS auditor expect to see in a network vulnerability assessment?
Which of the following should an IS auditor expect to see in a network vulnerability assessment?A . Misconfiguration and missing updatesB . Malicious software and spywareC . Security design flawsD . Zero-day vulnerabilitiesView AnswerAnswer: C
Which of the following is MOST important to consider when developing a bring your own device (BYOD) policy?
Which of the following is MOST important to consider when developing a bring your own device (BYOD) policy?A . Supported operating systemsB . Procedure for accessing the networkC . Application download restrictionsD . Remote wipe proceduresView AnswerAnswer: B
