Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization’s change control procedures?

  • Post author:
  • Post category:Uncategorized
  • Post comments:0 Comments
  • Post last modified:December 26, 2021
  • Reading time:1 mins read

Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures? Review software migration records and verify…

Continue ReadingWhich of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization’s change control procedures?

In this situation, which of the following would be considered an adequate set of compensating controls?

  • Post author:
  • Post category:Uncategorized
  • Post comments:0 Comments
  • Post last modified:December 26, 2021
  • Reading time:2 mins read

An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours…

Continue ReadingIn this situation, which of the following would be considered an adequate set of compensating controls?

An organization utilizes a third party to classify its customers’ personally identifiable information (PII). What is the BEST way to hold the third party accountable for data leaks?

  • Post author:
  • Post category:Uncategorized
  • Post comments:0 Comments
  • Post last modified:December 26, 2021
  • Reading time:1 mins read

An organization utilizes a third party to classify its customers' personally identifiable information (PII). What is the BEST way to hold the third party accountable for data leaks? Include detailed…

Continue ReadingAn organization utilizes a third party to classify its customers’ personally identifiable information (PII). What is the BEST way to hold the third party accountable for data leaks?

Which of the following would be the BEST way for an information security manager to justify ongoing annual maintenance fees associated with an intrusion prevention system (IPS)?

  • Post author:
  • Post category:Uncategorized
  • Post comments:0 Comments
  • Post last modified:December 26, 2021
  • Reading time:1 mins read

Which of the following would be the BEST way for an information security manager to justify ongoing annual maintenance fees associated with an intrusion prevention system (IPS)? Perform a penetration…

Continue ReadingWhich of the following would be the BEST way for an information security manager to justify ongoing annual maintenance fees associated with an intrusion prevention system (IPS)?

When developing an escalation process for an incident response plan, the information security manager should PRIMARILY consider the:

  • Post author:
  • Post category:Uncategorized
  • Post comments:0 Comments
  • Post last modified:December 26, 2021
  • Reading time:1 mins read

When developing an escalation process for an incident response plan, the information security manager should PRIMARILY consider the: media coverage. availability of technical resources. incident response team.  affected stakeholders.

Continue ReadingWhen developing an escalation process for an incident response plan, the information security manager should PRIMARILY consider the:

Which of the following is the PRIMARY purpose of establishing an information security governance framework?

  • Post author:
  • Post category:Uncategorized
  • Post comments:0 Comments
  • Post last modified:December 26, 2021
  • Reading time:1 mins read

Which of the following is the PRIMARY purpose of establishing an information security governance framework? To minimize security risks To proactively address security objectives To reduce security audit issues To…

Continue ReadingWhich of the following is the PRIMARY purpose of establishing an information security governance framework?

When facilitating the alignment of corporate governance and information security governance, which of the following is the MOST important role of an organization’s security steering committee?

  • Post author:
  • Post category:Uncategorized
  • Post comments:0 Comments
  • Post last modified:December 26, 2021
  • Reading time:1 mins read

When facilitating the alignment of corporate governance and information security governance, which of the following is the MOST important role of an organization's security steering committee? Obtaining support for the…

Continue ReadingWhen facilitating the alignment of corporate governance and information security governance, which of the following is the MOST important role of an organization’s security steering committee?

To integrate security into system development life cycle (SDLC) processes, an organization MUST ensure that security:

  • Post author:
  • Post category:Uncategorized
  • Post comments:0 Comments
  • Post last modified:December 26, 2021
  • Reading time:1 mins read

To integrate security into system development life cycle (SDLC) processes, an organization MUST ensure that security: is represented on the configuration control board. performance metrics have been met. roles and…

Continue ReadingTo integrate security into system development life cycle (SDLC) processes, an organization MUST ensure that security:

For an enterprise implementing a bring your own device (BYOD) program, which of the following would provide the BEST security of corporate data residing on unsecured mobile devices?

  • Post author:
  • Post category:Uncategorized
  • Post comments:0 Comments
  • Post last modified:December 26, 2021
  • Reading time:1 mins read

For an enterprise implementing a bring your own device (BYOD) program, which of the following would provide the BEST security of corporate data residing on unsecured mobile devices? Acceptable use…

Continue ReadingFor an enterprise implementing a bring your own device (BYOD) program, which of the following would provide the BEST security of corporate data residing on unsecured mobile devices?

Which of the following is the BEST reason for reevaluating an information security program?

  • Post author:
  • Post category:Uncategorized
  • Post comments:0 Comments
  • Post last modified:December 26, 2021
  • Reading time:1 mins read

Which of the following is the BEST reason for reevaluating an information security program? Ineffectiveness of the information security strategy execution Misalignment between information security priorities and business objectives  Change…

Continue ReadingWhich of the following is the BEST reason for reevaluating an information security program?