- All Exams Instant Download
Which of the following is MOST important for an IS auditor to verify after finding repeated unauthorized access attempts were recorded on a security report?
Which of the following is MOST important for an IS auditor to verify after finding repeated unauthorized access attempts were recorded on a security report?A . Password reset requests have been confirmed as legitimateB . There is evidence that the incident was investigatedC . System configuration changes are properly trackedD...
Which of the following should be the GREATEST IS audit concern?
An organization allows employee use of personal mobile devices for corporate email. Which of the following should be the GREATEST IS audit concern?A . Email forwarding to private devices requires excessive network bandwidthB . There is no corporate policy for the acceptable use of private devicesC . There is no...
Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?
During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?A...
The BEST way to validate whether a malicious act has actually occurred in an application is to review:
The BEST way to validate whether a malicious act has actually occurred in an application is to review:A . segregation of dutiesB . access controlsC . activity logsD . change management logsView AnswerAnswer: C
The PRIMARY reason for an IS auditor to use data analytics techniques is to reduce which type of audit risk?
The PRIMARY reason for an IS auditor to use data analytics techniques is to reduce which type of audit risk?A . Technology riskB . Inherent riskC . Detection riskD . Control riskView AnswerAnswer: C
Which of the following should the auditor recommend FIRST?
An IS auditor finds that application servers had inconsistent configurations leading to potential security vulnerabilities. Which of the following should the auditor recommend FIRST?A . Enforce server baseline standards.B . Improve change management processes using a workflow tool.C . Hold the application owner accountable for monitoring metrics.D . Use a...
Which of the following findings should be of GREATEST concern to the auditor?
An IS auditor is reviewing a bank’s service level agreement (SLA) with a third-party provider that hosts the bank’s secondary data center. Which of the following findings should be of GREATEST concern to the auditor?A . The recovery point objective (RPO) has a shorter duration than documented in the disaster...
Which of the following is MOST likely to be included among the benefits in the project proposal?
An IS auditor reviewed the business case for a proposed investment to virtualize an organization’s server infrastructure. Which of the following is MOST likely to be included among the benefits in the project proposal?A . Fewer operating system licensesB . Better efficiency of logical resourcesC . Reduced hardware footprintD ....
Which of the following is the auditor’s BEST course of action?
An IS auditor has assessed a payroll service provider’s security policy and finds significant topics are missing. Which of the following is the auditor’s BEST course of action?A . Recommend the service provider update their policy.B . Notify the service provider of the discrepancies.C . Report the risk to internal...
Which of the following findings would be of GREATEST concern to an IS auditor reviewing an organization’s newly implemented online security awareness program?
Which of the following findings would be of GREATEST concern to an IS auditor reviewing an organization’s newly implemented online security awareness program?A . Only new employees are required to attend the programB . The timing for program updates has not been determinedC . Metrics have not been established to...
