Which of the following should be the FIRST step when conducting an IT risk assessment?

• A.Identify assets to be protected.
• B.Evaluate controls in place.
• C.Identify potential threats.
• D.Assess vulnerabilities.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor is planning an audit of an organization's accounts payable processes. Which of the following controls is MOST important to assess in the audit?

• A.Segregation of duties between receiving invoices and setting authorization limits
• B.Segregation of duties between issuing purchase orders and making payments.
• C.Management review and approval of purchase orders
• D.Management review and approval of authorization tiers

Comment: *

Name: *

Email: *

Verification: *

What is the Most critical finding when reviewing an organization's information security management?

• A.No periodic assessments to identify threats and vulnerabilities
• B.No official charier for the information security management system
• C.No dedicated security officer
• D.No employee awareness training and education program

Comment: *

Name: *

Email: *

Verification: *

An IS auditor Is reviewing a recent security incident and is seeking information about me approval of a recent modification to a database system's security settings Where would the auditor MOST likely find this information?

• A.Security incident and event management (SIEM) report
• B.Change log
• C.Database log
• D.System event correlation report

Comment: *

Name: *

Email: *

Verification: *

When testing the adequacy of tape backup procedures, which step BEST verifies that regularly scheduled Backups are timely and run to completion?

• A.Interviewing key personnel evolved In the backup process
• B.Evaluating the backup policies and procedures
• C.Observing the execution of a daily backup run
• D.Reviewing a sample of system-generated backup logs

Comment: *

Name: *

Email: *

Verification: *