What is the BEST way for an IS auditor to address the risk associated with over-retention of personal data after identifying a large number of customer records retained beyond the retention period defined by law?

• A.Escalate the over-retention issue to the data privacy officer for follow up
• B.Schedule regular internal audits to identify records for deletion
• C.Recommend automatic deletion of records beyond the retention period
• D.Report the retention period noncompliance to the regulatory authority

Comment: *

Name: *

Email: *

Verification: *

Which of the following should an IS auditor recommend for the protection of specific sensitive information stored in the data warehouse?

• A.implement column- and row-level permissions
• B.Enhance user authentication via strong passwords
• C.Organize the data warehouse into subject matter-specific databases
• D.Log user access to the data warehouse

Comment: *

Name: *

Email: *

Verification: *

When reviewing the configuration of network devices, an IS auditor should FIRST identify:

• A.the best practices for the type of network devices deployed.
• B.whether components of the network are missing.
• C.the importance of the network device in the topology.
• D.whether subcomponents of the network are being used appropriately.

Comment: *

Name: *

Email: *

Verification: *

Why is it not preferable for a firewall to treat each network frame or packet in isolation?

• A.Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet.
• B.Such a firewall is costly to setup.
• C.Such a firewall is too complicated to maintain.
• D.Such a firewall is CPU hungry.
• E.Such a firewall offers poor compatibility.
• F.None of the choices.

Comment: *

Name: *

Email: *

Verification: *

When conducting a post-implementation review of a new software application, an IS auditor should be MOST concerned with an increasing number of

• A.change requests approved to add new services
• B.updates required for the end-user operations manual
• C.help desk calls requesting future enhancements
• D.operational errors impacting service delivery

Comment: *

Name: *

Email: *

Verification: *