At the completion of a system development project, a post project review should include which of the following?

• A.Assessing risks that may lead to downtime after the production release
• B.Identifying lessons learned that may be applicable to future projects
• C.Verifying the controls in the delivered system are working
• D.Ensuring that test data are deleted

Comment: *

Name: *

Email: *

Verification: *

A web organization is developed in-house by an organization. Which of the following would provide the BEST evidence to an IS auditor that the application is secure from external attack?

• A.Code review by a third party
• B.Web application firewall implementation
• C.Penetration test results
• D.Database application monitoring logs

Comment: *

Name: *

Email: *

Verification: *

.What are used as the framework for developing logical access controls?

• A.Information systems security policies
• B.Organizational security policies
• C.Access Control Lists (ACL)
• D.Organizational charts for identifying roles and responsibilities

Comment: *

Name: *

Email: *

Verification: *

There are many types of audit logs analysis tools available in the market. Which of the following audit logs analysis tools will look for anomalies in user or system behavior?

• A.Attack Signature detection tool
• B.Variance detection tool
• C.Audit Reduction tool
• D.Heuristic detection tool

Comment: *

Name: *

Email: *

Verification: *

in a small IT web development company where developers must have write access to production the BEST recommendation of an IS auditor would be to

• A.implement continuous monitoring controls
• B.perform a user access review (or the development team
• C.hire another person to perform migration to production
• D.remove production access from the developers

Comment: *

Name: *

Email: *

Verification: *