An off-site processing facility should be easily identifiable externally because easy identification helps
ensure smoother recovery. True or false?

• A.True
• B.False

Comment: *

Name: *

Email: *

Verification: *

An organization decides to establish a formal incident response capability with clear roles and responsibilities facilitating centralized reporting of security incidents. Which type of control is being implemented?

• A.Detective control
• B.Compensating control
• C.Corrective control
• D.Preventive control

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important IS audit consideration when an organization outsources a customer credit review system to a third-party service provider? The provider:

• A.meets or exceeds industry security standards.
• B.agrees to be subject to external security reviews.
• C.has a good market reputation for service and experience.
• D.complies with security policies of the organization.

Comment: *

Name: *

Email: *

Verification: *

Which of the following are BIST suited for continuous auditing?

• A.Effectiveness of the security program
• B.Security incidents vs. industry benchmarks
• C.Total number of false positives
• D.Total number of hours budgeted to security

Comment: *

Name: *

Email: *

Verification: *

For an organization which uses a VoIP telephony system exclusively, the GREATEST concern associated with leaving a connected telephone in an unmonitored public area is the possibility of:

• A.unauthorized use leading to theft of services and financial loss,
• B.network compromise due to the introduction of malware.
• C.connectivity issues when used with an analog local exchange earner.
• D.theft of destruction of an expensive piece of electronic equipment.

Comment: *

Name: *

Email: *

Verification: *