An IT organization's incident response plan is which type of control?

• A.Directive
• B.Corrective
• C.Detective
• D.Preventive

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important for an IS auditor to verify after finding repeated unauthorized
access attempts were recorded on a security report?

• A.Password reset requests have been confirmed as legitimate
• B.There is evidence that the incident was investigated
• C.System configuration changes are properly tracked
• D.A comprehensive access policy has been established

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a passive attack to a network?

• A.Message modification
• B.Masquerading
• C.Denial of service
• D.Traffic analysis

Comment: *

Name: *

Email: *

Verification: *

When should systems administrators first assess the impact of applications or systems patches?

• A.Within five business days following installation
• B.Prior to installation
• C.No sooner than five business days following installation
• D.Immediately following installation

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST source of information when assessing the amount of time a project will
take?

• A.GANTT chart
• B.Workforce estimate
• C.Critical path analysis
• D.Scheduling budget

Comment: *

Name: *

Email: *

Verification: *