Which of the following is the MOST effective control to ensure electronic records beyond their retention periods are deleted from IT systems?
Correct Answer: D
Question 472
As part of the IEEE 802.11 standard ratified in September 1999, WEP uses which stream cipher for confidentiality?
Correct Answer: E
Section: Protection of Information Assets Explanation: As part of the IEEE 802.11 standard ratified in September 1999, WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity.
Question 473
Which of the following be of GREATEST concern to an IS auditor reviewing on-site preventive maintenance for an organization's business-critical server hardware?
Correct Answer: C
Explanation The answer C is correct because preventive maintenance is outsourced to multiple vendors without requiring nondisclosure agreements (NDAs) would be of greatest concern to an IS auditor reviewing on-site preventive maintenance for an organization's business-critical server hardware. This is because outsourcing preventive maintenance to multiple vendors without NDAs exposes the organization to the risk of unauthorized access, disclosure, or modification of sensitive data and information stored on the servers. NDAs are legal contracts that bind the vendors to protect the confidentiality and security of the data and information they access or handle during the preventive maintenance. Without NDAs, the vendors may not have any obligation or incentive to safeguard the data and information, and they may misuse, leak, or compromise them for malicious or commercial purposes. This could result in financial losses, reputational damage, legal liabilities, or regulatory penalties for the organization. The other options are not as concerning as option C. Preventive maintenance costs exceed the business allocated budget (option A) is a financial issue that may affect the profitability or efficiency of the organization, but it does not directly impact the security or availability of the server hardware. Preventive maintenance has not been approved by the information system (option B) is a procedural issue that may indicate a lack of coordination or communication between the IT department and the business units, but it does not necessarily affect the quality or effectiveness of the preventive maintenance. The preventive maintenance schedule is based on mean time between failures (MTBF) parameters (option D) is a technical issue that may influence the frequency or timing of the preventive maintenance, but it does not imply any risk or deficiency in the preventive maintenance itself. References: What is a Maintenance Audit? How to audit your preventative maintenance schedule 5 Step Maintenance Management Program Audit How do you get effective Preventive Maintenance really? What is a Planned Preventative Maintenance Audit?
Question 474
When using an integrated test facility (ITF), an IS auditor should ensure that:
Correct Answer: B
An integrated test facility (ITF) creates a fictitious file in the database, allowing for test transactions to be processed simultaneously with live datA . While this ensures that periodic testing does not require a separate test process, there is a need to isolate test data from production datA . An IS auditor is not required to use production data or a test data generator. Production master files should not be updated with test data.
Question 475
Which of the following should be considered FIRST when implementing a risk management program?
Correct Answer: A
Implementing risk management, as one of the outcomes of effective information security governance, would require a collective understanding of the organization's threat, vulnerability and risk profile as a first step. Based on this, an understanding of risk exposure and potential consequences of compromise could be determined. Risk management priorities based on potential consequences could then be developed. This would provide a basis for the formulation of strategies for risk mitigation sufficient to keep the consequences from risk at an acceptable level.
