Which of the following can only be provided by asymmetric encryption?

• A.Data availability
• B.256-brt key length
• C.Information privacy
• D.Nonrepudiation

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be of GREATEST concern to an IS auditor conducting an audit of an organization that recently experienced a ransomware attack?

• A.Backups were only performed within the local network.
• B.Antivirus software was unable to prevent the attack even though it was properly updated.
• C.Employees were not trained on cybersecurity policies and procedures.
• D.The most recent security patches were not tested prior to implementation.

Comment: *

Name: *

Email: *

Verification: *

When testing the adequacy of tape backup procedures, which step BEST verifies that regularly scheduled Backups are timely and run to completion?

• A.Observing the execution of a daily backup run
• B.Interviewing key personnel evolved In the backup process
• C.Evaluating the backup policies and procedures
• D.Reviewing a sample of system-generated backup logs

Comment: *

Name: *

Email: *

Verification: *

Prior to a follow-up engagement, an IS auditor learns that management has decided to accept a level of residual risk related to an audit finding without remediation. The IS auditor is concerned about management's decision. Which of the following should be the IS auditor's NEXT course of action?

• A.Present the issue to executive management.
• B.Report the disagreement to the board.
• C.Accept management's decision and continue the follow-up.
• D.Report the issue to IS audit management.

Comment: *

Name: *

Email: *

Verification: *

An IT governance body wants to determine whether IT service delivery is based on consistently effective processes. Which of the following is the BEST approach?

• A.Develop a maturity model.
• B.Implement a control self-assessment (CSA).
• C.Evaluate key performance indicators (KPIs).
• D.Conduct a gap analysis.

Comment: *

Name: *

Email: *

Verification: *