Which of the following would be of GREATEST concern to an IS auditor reviewing an organization's security incident handling procedures?

• A.Workstation antivirus software alerts are not regularly reviewed.
• B.Roles for computer emergency response learn (CERT) members have not been formally documented.
• C.Annual tabletop exercises are performed instead of functional incident response exercises.
• D.Guidelines for prioritizing incidents have not been identified.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to increase the effectiveness of security incident detection?

• A.Determining containment activities based on the type of incident
• B.Establishing service level agreements (SLAs) with appropriate forensic service providers
• C.Educating end users on identifying suspicious activity
• D.Documenting root cause analysis procedures

Comment: *

Name: *

Email: *

Verification: *

A company uses a bank to process its weekly payroll. Time sheets and payroll adjustment forms (e.g., hourly rate changes, terminations) are completed and delivered to the bank, which prepares checks (cheques) and reports for distribution. To BEST ensure payroll data accuracy:

• A.payroll reports should be compared to input forms.
• B.gross payroll should be recalculated manually.
• C.checks (cheques) should be compared to input forms.
• D.checks (cheques) should be reconciled with output reports.

Comment: *

Name: *

Email: *

Verification: *

Over the last year, an information security manager has performed risk assessments on multiple third-party vendors. Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?

• A.Compensating controls in place to protect information security
• B.Corresponding breaches associated with each vendor
• C.Criticality of the service to the organization
• D.Compliance requirements associated with the regulation

Comment: *

Name: *

Email: *

Verification: *

Email required for business purposes is being stored on employees' personal devices.
Which of the following is an IS auditor's BEST recommendation?

• A.Require employees to utilize passwords on personal devices
• B.Prohibit employees from storing company email on personal devices
• C.Ensure antivirus protection is installed on personal devices
• D.Implement an email containerization solution on personal devices

Comment: *

Name: *

Email: *

Verification: *