Which of the following Is the MOST effective way for an IS auditor to evaluate whether an organization is well positioned to defend against an advanced persistent threat (APT)?

• A.Assess the skill set within the security function
• B.Verify that the organization is using correlated data for security monitoring
• C.Verify that the organization has adequate levels of cyber insurance
• D.Review the validity of external Internet Protocol (IP) addresses accessing the network

Comment: *

Name: *

Email: *

Verification: *

Which of the following intrusion detection systems (IDSs) monitors the general patterns of activity and traffic on a network and creates a database?

• A.Signature-based
• B.Neural networks-based
• C.Statistical-based
• D.Host-based

Comment: *

Name: *

Email: *

Verification: *

While reviewing similar issues in an organization s help desk system, an IS auditor finds that they were analyzed independently and resolved differently This situation MOST likely indicates a deficiency in:

• A.configuration management
• B.change management
• C.IT service level management
• D.problem management

Comment: *

Name: *

Email: *

Verification: *

Which of the following would an IS auditor use to determine if unauthorized modifications were made to production programs?

• A.System log analysis
• B.Compliance testing
• C.Forensic analysis
• D.Analytical review

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be the BEST population to take a sample from when testing program changes?

• A.Test library listings
• B.Source program listings
• C.Program change requests
• D.Production library listings

Comment: *

Name: *

Email: *

Verification: *