Which of the following is a benefit of a risk-based approach to audit planning? Audit:

• A.scheduling may be performed months in advance.
• B.budgets are more likely to be met by the IS audit staff.
• C.staff will be exposed to a variety of technologies.
• D.resources are allocated to the areas of highest concern

Comment: *

Name: *

Email: *

Verification: *

An organization has a recovery time objective (RTO) equal to zero and a recovery point objective (RPO) close to 1 minute for a critical system. This implies that the system can tolerate:

• A.a data loss of up to 1 minute, but the processing must be continuous.
• B.a 1-minute processing interruption but cannot tolerate any data loss.
• C.a processing interruption of 1 minute or more.
• D.both a data less and processing interruption longer than 1 minute.

Comment: *

Name: *

Email: *

Verification: *

The computer security incident response team (CSIRT) of an organization disseminates detailed descriptions of recent threats. An IS auditor's GREATEST concern should be that the users might:

• A.use this information to launch attacks.
• B.forward the security alert.
• C.implement individual solutions.
• D.fail to understand the threat.

Comment: *

Name: *

Email: *

Verification: *

Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?

• A.Write access to production program libraries
• B.Write access to development data libraries
• C.Execute access to production program libraries
• D.Execute access to development program libraries

Comment: *

Name: *

Email: *

Verification: *

Which of the following intrusion detection systems (IDSs) will MOST likely generate false alarms resulting from normal network activity?

• A.Statistical-based
• B.Signature-based
• C.Neural network
• D.Host-based

Comment: *

Name: *

Email: *

Verification: *