Security should ALWAYS be an all or nothing issue.

• A.True
• B.True for trusted systems only
• C.True for untrusted systems only
• D.False
• E.None of the choices.

Comment: *

Name: *

Email: *

Verification: *

Which of the following should concern an IS auditor when reviewing security in a client- server
environment?

• A.Protecting data using an encryption technique
• B.Preventing unauthorized access using a diskless workstation
• C.The ability of users to access and modify the database directly
• D.Disabling floppy drives on the users' machines

Comment: *

Name: *

Email: *

Verification: *

An IS auditor evaluating the change management process must select a sample from the change log. What is the BEST way tor the auditor to confirm the change log is complete?

• A.Interview change management personnel about completeness.
• B.Take an item from the log and trace it back to the system.
• C.Obtain management attestation of completeness.
• D.Take the last change from the system and trace it back to the log.

Comment: *

Name: *

Email: *

Verification: *

What would be an IS auditor's BEST recommendation upon finding that a third-party IT service provider
hosts the organization's human resources (HR) system in a foreign country?

• A.Conduct a privacy impact analysis.
• B.Implement change management review.
• C.Review third-party audit reports.
• D.Perform background verification checks.

Comment: *

Name: *

Email: *

Verification: *

When conducting a penetration test of an organization's internal network, which of the following
approaches would BEST enable the conductor of the test to remain undetected on the network?

• A.Use the IP address of an existing file server or domain controller.
• B.Pause the scanning every few minutes to allow thresholds to reset.
• C.Conduct the scans during evening hours when no one is logged-in.
• D.Use multiple scanning tools since each tool has different characteristics.

Comment: *

Name: *

Email: *

Verification: *