An organization has virtualized its server environment without making any other changes to the network or security infrastructure. Which of the following is the MOST significant risk?

• A.Inability of the network intrusion detection system (IDS) to monitor virtual server-lo-server communications
• B.System documentation not being updated to reflect changes in the environment
• C.Vulnerability in the virtualization platform affecting multiple hosts
• D.Data center environmental controls not aligning with new configuration

Comment: *

Name: *

Email: *

Verification: *

Which of the following security measures will reduce the risk of propagation when a cyberattack occurs?

• A.Web application firewall
• B.Data loss prevention (DLP) system
• C.Perimeter firewall
• D.Network segmentation

Comment: *

Name: *

Email: *

Verification: *

An IS auditor is evaluating an organization's IT strategy and plans. Which of the following would be of GREATEST concern?

• A.IT is not engaged in business strategic planning.
• B.There is not a defined IT security policy.
• C.There is inadequate documentation of IT strategic planning
• D.The business strategy meeting minutes are not distributed.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities. Which of the following is the BEST recommendation by the IS auditor?

• A.Establish security metrics.
• B.Perform a penetration test
• C.Improve the change management process
• D.Perform a configuration review

Comment: *

Name: *

Email: *

Verification: *

Which of the following would provide the MOST important input during the planning phase for an audit on the implementation of a bring your own device (BYOD) program?

• A.Results of a risk assessment
• B.Findings from prior audits
• C.An inventory of personal devices to be connected to the corporate network
• D.Policies including BYOD acceptable user statements

Comment: *

Name: *

Email: *

Verification: *