Which of the following should MOST concern an IS auditor reviewing an intrusion detection system (IDS)?

• A.Number of false negatives
• B.Number of false positives
• C.Legitimate traffic blocked by the system
• D.Reliability of IDS logs

Comment: *

Name: *

Email: *

Verification: *

What is the MOST difficult aspect of access control in a multiplatform, multiple-site client/server environment?

• A.Maintaining consistency throughout all platforms
• B.Restricting a local user to necessary resources on the host server
• C.Restricting a local user to necessary resources on a local platform
• D.Creating new user IDs valid only on a few hosts

Comment: *

Name: *

Email: *

Verification: *

When reviewing a database supported by a third-party service provider, an IS auditor found minor control deficiencies. The auditor should FIRST

• A.organization's chief information officer (CIO)
• B.service provider support team manager
• C.organization's service level manager
• D.service provider contract liaison

Comment: *

Name: *

Email: *

Verification: *

How can minimizing single points of failure or vulnerabilities of a common disaster best be controlled?

• A.By implementing redundant systems and applications onsite
• B.By geographically dispersing resources
• C.By retaining onsite data backup in fireproof vaults
• D.By preparing BCP and DRP documents for commonly identified disasters

Comment: *

Name: *

Email: *

Verification: *

An IS auditor is evaluating an organization's IT strategy and plans. Which of the following would be of GREATEST concern?

• A.There is inadequate documentation of IT strategic planning
• B.There is not a defined IT security policy.
• C.IT is not engaged in business strategic planning.
• D.The business strategy meeting minutes are not distributed.

Comment: *

Name: *

Email: *

Verification: *