Which of the following is the BEST type of program for an organization to implement to aggregate,
correlate and store different log and event files, and then produce weekly and monthly reports for IS
auditors?

• A.A security information event management (SIEM) product
• B.An open-source correlation engine
• C.A log management tool
• D.An extract, transform, load (ETL) system

Comment: *

Name: *

Email: *

Verification: *

An IS auditor reviewing incident response management processes notices that resolution times for reoccurring incidents have not shown improvement. Which of the following is the auditor's BEST recommendation?

• A.Harden IT system and application components based on best practices.
• B.Incorporate a security information and event management (SIEM) system into incident response
• C.Implement a survey to determine future incident response training needs.
• D.Introduce problem management into incident response.

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST minimizes performance degradation of servers used to authenticate users of an e-commerce website?

• A.Configure a single server as a primary authentication server and a second server as a secondary authentication server.
• B.Configure each authentication server as belonging to a cluster of authentication servers.
• C.Configure each authentication server and ensure that each disk of its RAID is attached to the primary controller.
• D.Configure each authentication server and ensure that the disks of each server form part of a duplex.

Comment: *

Name: *

Email: *

Verification: *

Which of the following provides the BEST evidence of the effectiveness of an organization s audit quality management procedures?

• A.Number of resources dedicated to quality control procedures
• B.Number of audits completed within the annual audit plan
• C.Quality of independent review scores
• D.Quality of auditor performance reviews

Comment: *

Name: *

Email: *

Verification: *

There are many types of audit logs analysis tools available in the market. Which of the following audit logs analysis tools will look for anomalies in user or system behavior?

• A.Attack Signature detection tool
• B.Variance detection tool
• C.Audit Reduction tool
• D.Heuristic detection tool

Comment: *

Name: *

Email: *

Verification: *