An organization experienced a domain name system (DNS) attack caused by default user accounts not being removed from one of the servers. Which of the following would have been the BEST way to mitigate the risk of this DNS attack?

• A.Have a third party configure the virtual servers
• B.Configure the servers from an approved standard configuration
• C.Require all employees to attend training for secure configuration management
• D.Configure the intrusion prevention system (IPS) to identify DNS attacks

Comment: *

Name: *

Email: *

Verification: *

Which of the following findings should be of GREATEST concern for an IS auditor when auditing the effectiveness of a phishing simu-lation test administered for staff members?

• A.Staff members who failed the test did not receive follow-up education
• B.Test results were not communicated to staff members.
• C.Staff members were not notified about the test beforehand.
• D.Security awareness training was not provided prior to the test.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST effective control to minimize the risk of cross-site scripting (XSS)?

• A.Periodic vulnerability assessments
• B.Secure coding practices
• C.Network intrusion prevention system
• D.Web firewall policy

Comment: *

Name: *

Email: *

Verification: *

During which of the following phases in system development would user acceptance test plans normally be prepared?

• A.Feasibility study
• B.Requirements definition
• C.implementation planning
• D.Postimplementation review

Comment: *

Name: *

Email: *

Verification: *

Default permit is only a good approach in an environment where:

• A.security threats are non-existent or negligible.
• B.security threats are non-negligible.
• C.security threats are serious and severe.
• D.users are trained.
• E.None of the choices.

Comment: *

Name: *

Email: *

Verification: *