An IS auditor is reviewing a software-based firewall configuration. Which of the following represents the GREATEST vulnerability? The firewall software:

• A.is configured with an implicit deny rule as the last rule in the rule base.
• B.is installed on an operating system with default settings.
• C.has been configured with rules permitting or denying access to systems or networks.
• D.is configured as a virtual private network (VPN) endpoint.

Comment: *

Name: *

Email: *

Verification: *

Of the three major types of off-site processing facilities, what type is characterized by at least providing for electricity and HVAC?

• A.Cold site
• B.Alternate site
• C.Hot site
• D.Warm site

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST significant obstacle to establishing a new privacy program?

• A.Unresolved overlap of security and privacy roles and responsibilities
• B.An insufficient privacy awareness training program
• C.A Complex legal and regulatory landscape
• D.Failure to perform a business impact analysis (BIA)

Comment: *

Name: *

Email: *

Verification: *

A third-party consular* is managing the replacement of an accounting system Which of the following should be the IS auditor's GREATEST concern?

• A.Data migration a not part of the contracted activities
• B.The replacement is occurring near year-end reporting
• C.Testing was performed by the third-party consultant.
• D.The user department will manage access rights.

Comment: *

Name: *

Email: *

Verification: *

Effective IT governance requires organizational structures and processes to ensure that:

• A.the organization's strategies and objectives extend the IT strategy.
• B.the business strategy is derived from an IT strategy.
• C.IT governance is separate and distinct from the overall governance.
• D.the IT strategy extends the organization's strategies and objectives.

Comment: *

Name: *

Email: *

Verification: *