Which of the following conditions would be of MOST concern to an IS auditor assessing the risk of a successful brute force attack against encrypted data at test?

• A.Use of asymmetric encryption
• B.Short key length
• C.Random key generation
• D.Use of symmetric encryption

Comment: *

Name: *

Email: *

Verification: *

Which of the following findings should be of GREATEST concern for an IS auditor when auditing the effectiveness of a phishing simulation test administered for staff members?

• A.Staff members were not notified about the test beforehand.
• B.Staff members who failed the test did not receive follow-up education
• C.Security awareness training was not provided prior to the test.
• D.Test results were not communicated to staff members.

Comment: *

Name: *

Email: *

Verification: *

in a post-implantation Nation review of a recently purchased system it is MOST important for the iS auditor to determine whether the:

• A.user requirements were met.
• B.test scenarios reflected operating activities.
• C.vendor product offered a viable solution.
• D.stakeholder expectations were identified

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a detective control?

• A.Verification of hash totals
• B.Programmed edit checks for data entry
• C.Backup procedures
• D.Use of pass cards to gain access to physical facilities

Comment: *

Name: *

Email: *

Verification: *

An IS auditor finds a high-risk vulnerability in a public-facing web server used to process online customer payments. The IS auditor should FIRST

• A.review security incident reports.
• B.identify compensating controls.
• C.notify the audit committee.
• D.document the exception in an audit report.

Comment: *

Name: *

Email: *

Verification: *