An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing
organization has discovered the following:
-The existing disaster recovery plan was compiled two years earlier by a systems analyst in the
organization's IT department using transaction flow projections from the operations department.
-The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting their
attention.
- the plan has never been updated, tested or circulated to key management and staff, though interviews
show that each would know what action to take for its area in the event of a disruptive incident.
The IS auditor's report should recommend that:

• A.the deputy CEO be censured for their failure to approve the plan.
• B.a board of senior managers is set up to review the existing plan.
• C.the existing plan is approved and circulated to all key management and staff.
• D.a manager coordinates the creation of a new or revised plan within a defined time limit.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor is conducting a review of a data center. Which of the following observations could indicate an access control Issue?

• A.Antistatic mats deployed at the computer room entrance
• B.Security cameras deployed outside main entrance
• C.Fencing around facility is two meters high
• D.Muddy footprints directly inside the emergency exit

Comment: *

Name: *

Email: *

Verification: *

Library control software restricts source code to:

• A.Read-only access
• B.Write-only access
• C.Full access
• D.Read-write access

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (lDS)?

• A.An increase in the number of unfamiliar sources of intruders
• B.An increase in the number of identified false positives
• C.An increase in the number of internally reported critical incidents
• D.An increase in the number of detected Incidents not previously identified

Comment: *

Name: *

Email: *

Verification: *

A healthcare facility offers patients health tracking devices that can be monitored remotely by healthcare professionals. Which of the following is the BEST way to protect patient personal information from unauthorized exfiltration?

• A.Add a digital certificate to the devices that limits communication to specific servers.
• B.Configure the devices to reboot automatically every 7 days.
• C.Restrict the devices to using Internet Protocol (IP) version 6 only.
• D.Provide the patients with Internet security training and education programs.

Comment: *

Name: *

Email: *

Verification: *