Coding standards provide which of the following?

• A.Field naming conventions
• B.Program documentation
• C.Access control tables
• D.Data flow diagrams

Comment: *

Name: *

Email: *

Verification: *

Which of the following should an IS auditor recommend be done FIRST when an organization is made aware of a new regulation that is likely to impact IT security requirements?

• A.Update security policies based on the new regulation.
• B.Determine which systems and IT-related processes may be impacted.
• C.Evaluate how security awareness and training content may be impacted.
• D.Review the design and effectiveness of existing IT controls.

Comment: *

Name: *

Email: *

Verification: *

During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor's NEXT step should be to:

• A.issue an audit memorandum identifying the noncompliance.
• B.determine why the procedures were not followed.
• C.note the noncompliance in the audit working papers.
• D.include the noncompliance in the audit report.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a challenge in developing a service level agreement (SLA) for network services?

• A.Reducing the number of entry points into the network
• B.Establishing a well-designed framework for network servirces.
• C.Ensuring that network components are not modified by the client
• D.Finding performance metrics that can be measured properly

Comment: *

Name: *

Email: *

Verification: *

In which phase of penetration testing would host detection and domain name system (DNS) interrogation be performed?

• A.Reporting
• B.Attacks
• C.Planning
• D.Discovery

Comment: *

Name: *

Email: *

Verification: *