Following a security breach in which a hacker exploited a well-known vulnerability in the domain controller, an IS audit has been asked to conduct a control assessment. the auditor's BEST course of action would be to determine if:

• A.The domain controller was classified for high availability.
• B.the patches were updated.
• C.The logs were monitored.
• D.The network traffic was being monitored.

Comment: *

Name: *

Email: *

Verification: *

In an online application, which of the following would provide the MOST information about the transaction audit trail?

• A.File layouts
• B.System/process flowchart
• C.Source code documentation
• D.Data architecture

Comment: *

Name: *

Email: *

Verification: *

Following an unauthorized disclosure of data, an organization needs to implement data loss prevention (DLP) measures. The IS auditor's BEST recommendation should be to:

• A.install DLP software on corporate servers to prevent recurrence.
• B.monitor and block outgoing emails based on common DLP criteria.
• C.restrict removable media access on all computer systems.
• D.establish a risk and control framework.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST control to minimize the risk of unauthorized access to lost company-owned mobile devices?

• A.Device encryption
• B.Password/PIN protection
• C.Device tracking software
• D.Periodic backup

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important for the IS auditor to verify when reviewing the development
process of a security policy?

• A.Evidence of active involvement of key stakeholders
• B.Output from the enterprise's risk management system
• C.Identification of the control framework
• D.Evidence of management approval

Comment: *

Name: *

Email: *

Verification: *