Which of the following is MOST important for an IS auditor to consider when performing the risk assessment prior to an audit engagement?

• A.The amount of time since the previous audit
• B.The design of controls
• C.The results of the previous audit
• D.Industry standards and best practices

Comment: *

Name: *

Email: *

Verification: *

Following a security breach, an IS auditor finds an organization's transport layer security (TLS) certificate is compromised. Which of the following would be the auditor's BEST recommendation to the system administrator?

• A.Re-issue TLS certificates with a new effective date
• B.Disable and retrieve the key from escrow
• C.Repurchase the key from the certification authority (CA)
• D.Revoke and regenerate TLS certificates

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be reviewed FIRST when assessing the effectiveness of an organization's
network security procedures and controls?

• A.Data recovery capability
• B.Inventory of authorized devices
• C.Vulnerability remediation
• D.Malware defenses

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important consideration for patching mission critical business application servers against known vulnerabilities?

• A.Patches are implemented in a test environment prior to rollout into production.
• B.Network vulnerability scans are conducted after patches are implemented.
• C.Vulnerability assessments are periodically conducted according to defined schedules.
• D.Roles and responsibilities for implementing patches are defined

Comment: *

Name: *

Email: *

Verification: *

In the context of physical access control, what is known as the process of verifying user identities?

• A.Authentication
• B.Authorization
• C.Accounting
• D.Encryption
• E.Compression
• F.None of the choices.

Comment: *

Name: *

Email: *

Verification: *