During an audit, an IS auditor notices that the IT department of a medium-sized organization has no separate risk management function, and the organization's operational risk documentation only contains a few broadly described IT risks. What is the MOST appropriate recommendation in this situation?

• A.Create an IT risk management department and establish an IT risk framework with the aid of external risk management experts.
• B.Use common industry standard aids to divide the existing risk documentation into several individual risks which will be easier to handle.
• C.No recommendation is necessary since the current approach is appropriate for a medium-sized organization.
• D.Establish regular IT risk management meetings to identify and assess risks, and create a mitigation plan as input to the organization's risk management.

Comment: *

Name: *

Email: *

Verification: *

What is the best defense against Distributed DoS Attack?

• A.patch your systems.
• B.run a virus checker.
• C.run an anti-spy software.
• D.find the DoS program and kill it.
• E.None of the choices.

Comment: *

Name: *

Email: *

Verification: *

Which of the following encryption methods offers the BEST wireless security?

• A.Secure Sockets Layer (SSL)
• B.Wi-Fi Protected Access 2 (WPA2)
• C.Data encryption standard (DES)
• D.Wired equivalent privacy (WEP)

Comment: *

Name: *

Email: *

Verification: *

An IS auditor is using a statistical sample to inventory the tape library. What type of test would this be considered?

• A.Substantive
• B.Compliance
• C.Integrated
• D.Continuous audit

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the GREATEST benefit of implementing an IT governance strategy within an organization?

• A.Employees understand roles and responsibilities
• B.IT projects are delivered on time and under budget
• C.Management is aware of IT-related risks.
• D.Reporting and metrics become higher priority.

Comment: *

Name: *

Email: *

Verification: *