Which of the following is the PRIMARY concern if a business continuity plan (BCP) is not based on a business impact analysis (BIA)?

• A.Management was not involved in the early stages of the BCP
• B.The knowledge of key people within the organization was not considered in the BCP.
• C.The critical systems were not identified but all systems are covered tn the BCP.
• D.The strategy of the BCP does not reflect estimated potential losses.

Comment: *

Name: *

Email: *

Verification: *

Which of the following are designed to detect network attacks in progress and assist in post-attack forensics?

• A.Intrusion Detection Systems
• B.Audit trails
• C.System logs
• D.Tripwire
• E.None of the choices.

Comment: *

Name: *

Email: *

Verification: *

Which of the following findings should be of GREATEST concern to an IS auditor reviewing an organization s newly implemented online security awareness program'?

• A.Only new employees are required to attend the program
• B.Metrics have not been established to assess training results
• C.Employees do not receive immediate notification of results
• D.The timing for program updates has not been determined

Comment: *

Name: *

Email: *

Verification: *

When developing customer-facing IT applications, in which stage of the system development life cycle (SDLC) is it MOST beneficial to consider data privacy principles?

• A.Systems design and architecture
• B.Software selection and acquisition
• C.User acceptance testing (UAT)
• D.Requirements definition

Comment: *

Name: *

Email: *

Verification: *

An IS auditor is reviewing results from the testing of an organization's disaster recovery plan (DRP). Which of the following findings should be of GREATEST concern?

• A.The backups at the DR site are unreadable.
• B.The testing was done during critical business hours.
• C.The testing was done after implementing a business application.
• D.The backups at the DR site are not encrypted.

Comment: *

Name: *

Email: *

Verification: *