Which of the following is an IS auditor's BEST recommendation to protect an organization from attacks when its file server needs to be accessible to external users?

• A.Enforce a secure tunnel connection.
• B.Enhance internal firewalls.
• C.Set up a demilitarized zone (DMZ).
• D.Implement a secure protocol.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is best suited for searching for address field duplications?

• A.Text search forensic utility software
• B.Generalized audit software
• C.Productivity audit software
• D.Manual review

Comment: *

Name: *

Email: *

Verification: *

An organization's IT security policy requires annual security awareness training for all employees. Which of the following would provide the BEST evidence of the training's effectiveness?

• A.Results of a social engineering test
• B.Interviews with employees
• C.Surveys completed by randomly selected employees
• D.Decreased calls to the incident response team

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a detective control that can be used to uncover unauthorized access to information systems?

• A.Requiring long and complex passwords for system access
• B.Implementing a security information and event management (SIEM) system
• C.Requiring internal audit to perform periodic reviews of system access logs
• D.Protecting access to the data center with multifactor authentication

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST critical element impacting the success of an information security program?

• A.Senior management commitment to information security initiatives
• B.Adequate budget to support the information security strategy
• C.Implementation of industry-standard information security tools
• D.Mandatory information security awareness training

Comment: *

Name: *

Email: *

Verification: *