An IS auditor reviewing a financial organization's identity management solution found thai some critical business applications do not have identified owners. Which of the following should the auditor do NEXT?

• A.Revoke access rights to the critical applications.
• B.Write a finding in the audit report.
• C.Discuss the issue with the auditee.
• D.Request a business risk acceptance.

Comment: *

Name: *

Email: *

Verification: *

After installing a network, an organization installed a vulnerability assessment tool or security scanner to identify possible weaknesses. Which is the MOST serious risk associated with such tools?

• A.Differential reporting
• B.False-positive reporting
• C.False-negative reporting
• D.Less-detail reporting

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important for an IS auditor to ensure is included in a global organization's online data privacy notification to customers?

• A.Consent terms including the purpose of data collection
• B.Consequences to the organization for mishandling the data
• C.Industry standards for data breach notification
• D.Contact information for reporting violations of consent

Comment: *

Name: *

Email: *

Verification: *

Which of the following types of testing would determine whether a new or modified system can operate in its target environment without adversely impacting other existing systems?

• A.Parallel testing
• B.Pilot testing
• C.Interface/integration testing
• D.Sociability testing

Comment: *

Name: *

Email: *

Verification: *

What is the best defense against Distributed DoS Attack?

• A.patch your systems.
• B.run a virus checker.
• C.run an anti-spy software.
• D.find the DoS program and kill it.
• E.None of the choices.

Comment: *

Name: *

Email: *

Verification: *