An organization's security policy mandates that all new employees must receive appropriate security awareness training. Which of the following metrics would BEST assure compliance with this policy?

• A.Number of new hires who have violated enterprise security policies
• B.Percentage of new hires who report incidents
• C.Number of reported incidents by new hires
• D.Percentage of new hires that have completed the training .

Comment: *

Name: *

Email: *

Verification: *

An IS auditor can verify that an organization's business continuity plan (BCP) is effective by reviewing the:

• A.alignment of the BCP with industry best practices.
• B.results of business continuity tests performed by IS and end-user personnel.
• C.off-site facility, its contents, security and environmental controls.
• D.annual financial cost of the BCP activities versus the expected benefit of implementation of the plan.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would provide the highest degree of server access control?

• A.A mantrap-monitored entryway to the server room
• B.Host-based intrusion detection combined with CCTV
• C.Network-based intrusion detection
• D.A fingerprint scanner facilitating biometric access control

Comment: *

Name: *

Email: *

Verification: *

Which of the following types of attack works by taking advantage of the unenforced and unchecked
assumptions the system makes about its inputs?

• A.format string vulnerabilities
• B.integer overflow
• C.code injection
• D.command injection
• E.None of the choices.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor has been asked to advise on measures to improve IT governance within the organization. Which at the following is the BEST recommendation?

• A.Benchmark organizational performance against industry peers.
• B.Implement key performance indicators (KPIs)
• C.Implement annual third-party audits.
• D.Require executive management to draft IT strategy

Comment: *

Name: *

Email: *

Verification: *