Which of the following controls would an IS auditor look for in an environment where duties cannot be
appropriately segregated?

• A.Overlapping controls
• B.Boundary controls
• C.Access controls
• D.Compensating controls

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be the BEST way for an information security manager to justify ongoing annual maintenance fees associated with an intrusion prevention system (IPS)?

• A.Perform industry research annually and document the overall ranking of the IPS.
• B.Perform a penetration test to demonstrate the ability to protect.
• C.Establish and present appropriate metrics that track performance.
• D.Provide yearly competitive pricing to illustrate the value of the IPS.

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY goal of a web site certificate is:

• A.authentication of the web site that will be surfed.
• B.authentication of the user who surfs through that site.
• C.preventing surfing of the web site by hackers.
• D.the same purpose as that of a digital certificate.

Comment: *

Name: *

Email: *

Verification: *

Which of the following it BEST enabled by following a configuration management process for new applications?

• A.Deploying approved emergence changes to production
• B.Maintaining adequate control over changes to production
• C.Ensuring proper testing of code before deployment
• D.Managing successful implementation of acquired software

Comment: *

Name: *

Email: *

Verification: *

Which function in the purchasing module of an enterprise resource planning (ERP) system ensures payments are not issued for incorrect invoices?

• A.Sequential payment numbers
• B.Three-way match
• C.Purchasing authority levels
• D.Management workflow approval

Comment: *

Name: *

Email: *

Verification: *