An IS auditor reviews change control tickets and finds an emergency change request where an IT manager approved the change, modified the code on the production platform, an solved the ticket Which of the following should be the auditor's GREATEST concern?

• A.There was no testing prior to making the change in production
• B.The change was made less than an hour after the request
• C.The IT manager performed the change and resolved the ticket
• D.There was no follow-up approval from the business

Comment: *

Name: *

Email: *

Verification: *

During a "clean desk" audit, a USB flash drive labeled "confidential" was found on the desk of a terminated employee. Which of the following would be the BEST way to safety review its contents?

• A.Access the USB flash drive in an offline sandbox environment
• B.Disable autorun on the PC used to plug in the flash drive
• C.Scan the USB flash drive with anti-virus software
• D.Copy the files to a secure USB flash drive

Comment: *

Name: *

Email: *

Verification: *

As part of the business continuity planning process, which of the following should be identified FIRST in the
business impact analysis?

• A.Organizational risks, such as single point-of-failure and infrastructure risk
• B.Threats to critical business processes
• C.Critical business processes for ascertaining the priority for recovery
• D.Resources required for resumption of business

Comment: *

Name: *

Email: *

Verification: *

Two-factor authentication can be circumvented through which of the following attacks?

• A.Denial-of-service
• B.Man-in-the-middle
• C.Key logging
• D.Brute force

Comment: *

Name: *

Email: *

Verification: *

.A primary benefit derived from an organization employing control self-assessment (CSA) techniques is that it can:

• A.Identify high-risk areas that might need a detailed review later
• B.Reduce audit costs
• C.Reduce audit time
• D.Increase audit accuracy

Comment: *

Name: *

Email: *

Verification: *