Following a recent internal data breach, an IS auditor was asked to evaluate information security practices within the organization. Which of the following findings would be MOST important to report to senior management?

• A.Employees are not required to sign a non-compete agreement.
• B.Users lack technical knowledge related to security and data protection
• C.Security education and awareness workshops have not been completed
• D.Desktop passwords do not require special characters

Comment: *

Name: *

Email: *

Verification: *

Which of the following provides the BEST assurance of data integrity after file transfers?

• A.Reasonableness check
• B.Hash values
• C.Monetary unit sampling
• D.Cheek digits

Comment: *

Name: *

Email: *

Verification: *

An IS auditor notes that IDS log entries related to port scanning are not being analyzed. This lack of analysis will MOST likely increase the risk of success of which of the following attacks?

• A.Denial-of-service
• B.Replay
• C.Social engineering
• D.Buffer overflow

Comment: *

Name: *

Email: *

Verification: *

Which of the following management decisions presents the GREATEST risk associated with data leakage?

• A.There is no requirement for desktops to be encrypted
• B.Staff are allowed to work remotely
• C.Security awareness training is not provided to staff
• D.Security policies have not been updated in the past year

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be of GREATEST concern to an IS auditor reviewing backup and recovery controls?

• A.Restores from backups are not periodically tested
• B.Weekly and monthly backups are stored onsite
• C.Backups are stored in an external hard drive
• D.Backup procedures are not documented

Comment: *

Name: *

Email: *

Verification: *