Stress testing should ideally be carried out under a:

• A.test environment with production workloads.
• B.production environment with production workloads.
• C.test environment with test data.
• D.production environment with test data.

Comment: *

Name: *

Email: *

Verification: *

A reduction in which of the following would indicate improved performance in the administration of information security?

• A.IT security awareness training days
• B.Number of staff involved in security administration
• C.Systems subject to an intrusion detection process
• D.Turnaround time for requests for new user access

Comment: *

Name: *

Email: *

Verification: *

When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:

• A.the Internet.
• B.the demilitarized zone (DMZ).
• C.the organization's web server.
• D.the organization's network.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST effective control to mitigate unintentional misuse of authorized access?

• A.Security awareness training
• B.Regular monitoring of user access logs
• C.Annual sign-off of acceptable use policy
• D.Formalized disciplinary action

Comment: *

Name: *

Email: *

Verification: *

Upon completion of audit work, an IS auditor should:

• A.provide a report to senior management prior to discussion with the auditee.
• B.distribute a summary of general findings to the members of the auditing team.
• C.provide a report to the auditee stating the initial findings.
• D.review the working papers with the auditee.

Comment: *

Name: *

Email: *

Verification: *