Question 36
The implementation of anti-malware and anti-phishing controls on centralized email servers is an example of what type of security control?
Question 37
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
What type of control is being implemented by supervisors and data owners?
Question 38
Which of the following is a benefit of a risk-based approach to audit planning?
Question 39
Acceptable levels of information security risk tolerance in an organization should be determined by?
Question 40
A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the MOST LIKELY cause of this situation?