Which of the following provides the MOST useful information regarding an organization's risk appetite and tolerance?

• A.Risk profile
• B.Gap analysis
• C.Audit reports
• D.Risk register

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST addresses the availability of an online store?

• A.Clustered architecture
• B.Online backups
• C.A mirrored site at another location
• D.RAID level 5 storage devices

Comment: *

Name: *

Email: *

Verification: *

An IS auditor identifies that a legacy application to be decommissioned in three months cannot meet the security requirements established by the current policy. What is the BEST way (or the auditor to address this issue?

• A.Inform the IT director of the policy noncompliance.
• B.Take no action since the application will be decommissioned in three months.
• C.Verify management has approved a policy exception to accept the risk.
• D.Recommend the application be patched to meet requirements.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to prevent social engineering incidents?

• A.Include security responsibilities in job descriptions and require signed acknowledgment.
• B.Maintain an onboarding and annual security awareness program.
• C.Enforce strict email security gateway controls
• D.Ensure user workstations are running the most recent version of antivirus software.

Comment: *

Name: *

Email: *

Verification: *

When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:

• A.the organization's network.
• B.the demilitarized zone (DMZ).
• C.the organization's web server.
• D.the Internet.

Comment: *

Name: *

Email: *

Verification: *