- All Exams Instant Download
Which of the following should the auditor do FIRST?
An internal IS auditor discovers that a service organization did not notify its customers following a data breach. Which of the following should the auditor do FIRST?A . Notify audit management of the finding.B . Report the finding to regulatory authorities.C . Notify the service organization’s customers.D . Require the...
An organization has outsourced some of its subprocesses to a service provider. When scoping the audit of the provider, the organization’s internal auditor should FIRST:
An organization has outsourced some of its subprocesses to a service provider. When scoping the audit of the provider, the organization’s internal auditor should FIRST:A . evaluate operational controls of the providerB . discuss audit objectives with the providerC . review internal audit reports of the providerD . review the...
During a follow-up audit, an IS auditor concludes that a previously identified issue has not been adequately remediated. The auditee insists the risk has been addressed. The auditor should:
During a follow-up audit, an IS auditor concludes that a previously identified issue has not been adequately remediated. The auditee insists the risk has been addressed. The auditor should:A . recommend an independent assessment by a third partyB . report the disagreement according to established proceduresC . follow-up on the...
Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things?
Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things? A. Governing B. Culture C. Enabling and support D. EmergenceView AnswerAnswer: B Explanation: Culture is a pattern of behaviors, beliefs, assumptions, attitudes and...
Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a place to introduce possible solutions such as feedback loops; alignment with process improvement; and consideration of emergent issues in system design life cycle, change control, and risk management?
Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a place to introduce possible solutions such as feedback loops; alignment with process improvement; and consideration of emergent issues in system design life cycle, change control, and risk management? A. Governing B. Culture C. Enabling...
You are part of a security staff at a highly profitable bank and each day, all traffic on the network is logged for later review. Every Friday when major deposits are made you're seeing a series of bits placed in the "Urgent Pointer" field of a TCP packet.
You are part of a security staff at a highly profitable bank and each day, all traffic on the network is logged for later review. Every Friday when major deposits are made you're seeing a series of bits placed in the "Urgent Pointer" field of a TCP packet. This is...
An organization’s disposal policy emphasizes obtaining maximum value for surplus IT media. The IS auditor should obtain assurance that:
An organization’s disposal policy emphasizes obtaining maximum value for surplus IT media. The IS auditor should obtain assurance that:A . the media is returned to the vendor for creditB . any existing data is removed before disposalC . identification labels are removedD . the media is recycled to other groups...
Which of the following should be the IS auditor’s NEXT course of action?
Management disagrees with a finding in a draft audit report and provides supporting documentation. Which of the following should be the IS auditor’s NEXT course of action?A . Document management’s disagreement in the final reportB . Evaluate the supporting documentationC . Escalate the issue with supporting documentation to senior managementD...
What should the IS auditor recommend as the FIRST course of action by IT management?
An organization plans to deploy Wi-Fi location analytics to count the number of shoppers per day across its various retail outlets. What should the IS auditor recommend as the FIRST course of action by IT management?A . Conduct a privacy impact assessmentB . Mask media access control (MAC) addressesC ....
Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things?
Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things? A. Governing B. Culture C. Enabling and support D. EmergenceView AnswerAnswer: B Explanation: Culture is a pattern of behaviors, beliefs, assumptions, attitudes and...
