Which of the following is the MOST effective way to verify an organization's ability to continue its essential business operations after a disruption event?

• A.Analysis of end-to-end recovery flow
• B.Analysis of recovery point objectives (RPOs)
• C.Analysis of call trees
• D.Analysis of business impact

Comment: *

Name: *

Email: *

Verification: *

Vendors have released patches fixing security flaws in their software. Which of the following should an IS auditor recommend in this situation?

• A.Assess the impact of patches prior to installation.
• B.Ask the vendors for a new software version with all fixes included.
• C.install the security patch immediately.
• D.Decline to deal with these vendors in the future.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be of GREATEST concern to an IS auditor reviewing a critical spreadsheet during a financial audit?

• A.Changes to the file are not always documented.
• B.Access requests are manually processed.
• C.Periodic access reviews are manually performed.
• D.A copy of the current validated file is not available.

Comment: *

Name: *

Email: *

Verification: *

Which of the following it BEST enabled by following a configuration management process for new applications?

• A.Maintaining adequate control over changes to production
• B.Ensuring proper testing of code before deployment
• C.Managing successful implementation of acquired software
• D.Deploying approved emergence changes to production

Comment: *

Name: *

Email: *

Verification: *

Creating which of the following is how a hacker can insure his ability to return to the hacked system at will?

• A.rootsec
• B.checksum
• C.CRC
• D.backdoors
• E.None of the choices.

Comment: *

Name: *

Email: *

Verification: *