During an audit, an IS auditor notes that an organization's business continuity plan (BCP) does not adequately address information confidentiality during a recovery process. The IS auditor should recommend that the plan be modified to include:

• A.the level of information security required when business recovery procedures are invoked.
• B.information security roles and responsibilities in the crisis management structure.
• C.information security resource requirements.
• D.change management procedures for information security that could affect business continuity arrangements.

Comment: *

Name: *

Email: *

Verification: *

Which of the following fire-suppression methods is considered to be the most environmentally friendly?

• A.Halon gas
• B.Deluge sprinklers
• C.Dry-pipe sprinklers
• D.Wet-pipe sprinklers

Comment: *

Name: *

Email: *

Verification: *

Of the following, who are the MOST appropriate staff for ensuring the alignment of user authorization tables with approved authorization forms?

• A.System owners
• B.Database administrators (DBAs)
• C.IT managers
• D.Security administrators

Comment: *

Name: *

Email: *

Verification: *

The most likely error to occur when implementing a firewall is:

• A.incorrectly configuring the access lists.
• B.compromising the passwords due to social engineering.
• C.connecting a modem to the computers in the network.
• D.inadequately protecting the network and server from virus attacks.

Comment: *

Name: *

Email: *

Verification: *

The MAIN criterion for determining the severity level of a service disruption incident is:

• A.cost of recovery.
• B.negative public opinion.
• C.geographic location.
• D.downtime.

Comment: *

Name: *

Email: *

Verification: *