.Rather than simply reviewing the adequacy of access control, appropriateness of access policies, and effectiveness of safeguards and procedures, the IS auditor is more concerned with effectiveness and utilization of assets. True or false?

• A.True
• B.False

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important reason to classify a Jiiimr recovery plan (DRP) as confidential

• A.Protect the plan from unauthorized alteration.
• B.Comply with business continuity beet practice.
• C.Ensure compliance with the data classification policy.
• D.Reduce the risk of data leakage that could lead to an attack.

Comment: *

Name: *

Email: *

Verification: *

.What increases encryption overhead and cost the most?

• A.A long symmetric encryption key
• B.A long asymmetric encryption key
• C.A long Advance Encryption Standard (AES) key
• D.A long Data Encryption Standard (DES) key

Comment: *

Name: *

Email: *

Verification: *

A vendor service level agreement (SLA) requires backups to be physically secured. An IS audit of the backup system revealed a number of the backup media were missing. Which of the following should be the auditor's NEXT step?

• A.Recommend a review of the vendor's contract.
• B.Recommend identification of the data stored on the missing media.
• C.Notify executive management.
• D.Include the missing backup media finding in the audit report.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor has been asked to audit the proposed acquisition of new computer hardware. The auditor's PRIMARY concern is that:

• A.the implementation plan meets user requirements.
• B.a clear business case has been established.
• C.the new hardware meets established security standards.
• D.a full, visible audit trail will be included.

Comment: *

Name: *

Email: *

Verification: *