Key verification is one of the best controls for ensuring that:

• A.Data is entered correctly
• B.Only authorized cryptographic keys are used
• C.Input is authorized
• D.Database indexing is performed properly

Comment: *

Name: *

Email: *

Verification: *

When reviewing procedures for emergency changes to programs, the IS auditor should verify that the procedures:

• A.allow changes, which will be completed using after-the-fact follow-up.
• B.allow undocumented changes directly to the production library.
• C.do not allow any emergency changes.
• D.allow programmers permanent access to production programs.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is an effective method for controlling downloading of files via FTP? Choose the BEST answer.

• A.An application-layer gateway, or proxy firewall, but not stateful inspection firewalls
• B.An application-layer gateway, or proxy firewall
• C.A circuit-level gateway
• D.A first-generation packet-filtering firewall

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way for an IS auditor to validate that employees have been made aware of the organization's information security policy?

• A.Review HR records for employee violations of the information security policy.
• B.Review the training process to determine how policies are explained to employees
• C.Compare the employee roster against a list of those who attended security training
• D.Interview employees to determine their level of understanding of the policy

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be an indicator of the effectiveness of a computer security incident response
team?

• A.Financial impact per security incident
• B.Number of security vulnerabilities that were patched
• C.Percentage of business applications that are being protected
• D.Number of successful penetration tests

Comment: *

Name: *

Email: *

Verification: *