Which of the following should be of GREATEST concern to an IS auditor assessing the effectiveness of an organization's vulnerability scanning program''

• A.Results are not approved by senior management
• B.Scans are performed less frequently than required by the organization's vulnerability scanning schedule
• C.Results are not reported to individuals with authority to ensure resolution
• D.Steps taken to address identified vulnerabilities are not formally documented

Comment: *

Name: *

Email: *

Verification: *

Which of the following provides the MOST useful information for performing a business impact analysis (B1A)?

• A.Policies for business procurement
• B.Documentation of application configurations
• C.inventory of relevant business processes
• D.Results of business resumption planning efforts

Comment: *

Name: *

Email: *

Verification: *

When evaluating information security governance within an organization which of the following findings should be of MOST concern to an IS auditor?

• A.Information security policies are updated annually
• B.The information security department has difficulty filling vacancies
• C.An information security governance audit was not conducted within the past year
• D.The data center manager has final sign-off on security projects.

Comment: *

Name: *

Email: *

Verification: *

The operations team of an organization has reported an IS security attack. Which of the following should be the FIRST step for the security incident response team?

• A.Report results to management.
• B.Document lessons learned.
• C.Prioritize resources for corrective action.
• D.Perform a damage assessment.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to ensure that an application is performing according to its specifications?

• A.Pilot testing
• B.System testing
• C.Unit testing
• D.Integration testing

Comment: *

Name: *

Email: *

Verification: *