An IS auditor Is reviewing a recent security incident and is seeking information about me approval of a recent modification to a database system's security settings Where would the auditor MOST likely find this information?

• A.System event correlation report
• B.Security incident and event management (SIEM) report
• C.Database log
• D.Change log

Comment: *

Name: *

Email: *

Verification: *

An IS auditor reviewing security incident processes realizes incidents are resolved and closed, but root causes are not investigated. Which of the following should be the MAJOR concern with this situation?

• A.Abuses by employees have not been reported.
• B.vulnerabilities have not been properly addressed
• C.Lessons learned have not been properly documented
• D.Security incident policies are out of date.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST effective for controlling visitor access to a data center?

• A.Visitors sign in at the front desk upon arrival
• B.Closed-circuit television (CCTV) is used to monitor the facilities
• C.Pre-approval of entry requests
• D.Visitors are escorted by an authorized employee

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be the BEST criteria for monitoring an IT vendor's service levels?

• A.Service auditor's report
• B.Interview with vendor
• C.Performance metrics
• D.Surprise visit to vendor

Comment: *

Name: *

Email: *

Verification: *

Which of the following business continuity activities prioritizes the recovery of critical functions?

• A.Business continuity plan (BCP) testing
• B.Risk assessment
• C.Disaster recovery plan (DRP) testing
• D.Business impact analysis (BIA)

Comment: *

Name: *

Email: *

Verification: *