An organization is shifting to a remote workforce. In preparation, the IT department is performing stress and capacity testing of remote access infrastructure and systems. What type of control is being implemented?

• A.Detective
• B.Compensating
• C.Directive
• D.Preventive

Comment: *

Name: *

Email: *

Verification: *

An IS auditor finds that a key Internet-facing system is vulnerable to attack and that patches are not available. What should the auditor recommend be done FIRST?

• A.Implement a new system that can be patched.
• B.Evaluate the associated risk.
• C.Implement additional firewalls to protect the system.
• D.Decommission the server.

Comment: *

Name: *

Email: *

Verification: *

Management has learned the implementation of a new IT system will not be completed on time and has requested an audit. Which of the following audit findings should be of GREATEST concern?

• A.Tasks defined on the critical path do not have resources allocated.
• B.Milestones have not been defined for all project products.
• C.The project manager lacks formal certification.
• D.The actual start times of some activities were later than originally scheduled.

Comment: *

Name: *

Email: *

Verification: *

Demonstrated support from which of the following roles in an organization has the MOST influence over information security governance?

• A.Information security steering committee
• B.Chief information officer (CIO)
• C.Board of directors
• D.Chief information security officer (CISO)

Comment: *

Name: *

Email: *

Verification: *