An IS auditor finds that an organization's data loss prevention (DLP) system is configured to use vendor default settings to identify violations. The auditor's MAIN concern should be that:

• A.a significant number of false positive violations may be reported.
• B.violations may not be categorized according to the organization's risk profile.
• C.violation reports may not be reviewed in a timely manner.
• D.violation reports may not be retained according to the organization's risk profile.

Comment: *

Name: *

Email: *

Verification: *

Following an unauthorized disclosure of data, an organization needs to implement data loss prevention (DLP) measures The IS auditor's BEST recommendation should be to:

• A.restrict removable media access on all computer systems
• B.establish a risk and control framework.
• C.install DLP software on corporate servers to prevent recurrence
• D.monitor and block outgoing emails based on common DLP criteria,

Comment: *

Name: *

Email: *

Verification: *

While auditing an IT department s cloud service provider, the IS auditor found that privileged access monitoring is not being performed as required by the contract. The provider disagrees with this issue and notes that compensating controls are in place. The IS auditor's NEXT course of action should be to:

• A.test compensating controls as part of the audit
• B.review privileged access logs.
• C.define a remediation plan.
• D.recommend revising the service level agreement (SLA).

Comment: *

Name: *

Email: *

Verification: *

TEMPEST is a hardware for which of the following purposes?

• A.Eavedropping
• B.Social engineering
• C.Virus scanning
• D.Firewalling
• E.None of the choices.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST appropriate and effective fire suppression method for an unstaffed computer room?

• A.Water sprinkler
• B.Dry pipe
• C.Carbon dioxide (CO2)
• D.Fire extinguishers

Comment: *

Name: *

Email: *

Verification: *