A maturity model is useful in the assessment of IT service management because it:

• A.provides a benchmark for process improvement
• B.defines the level of control required to meet business needs
• C.indicates the service levels required for the business area
• D.specifies the mechanism needed to achieve defined service levels

Comment: *

Name: *

Email: *

Verification: *

Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)?

• A.A user from within could send a file to an unauthorized person.
• B.FTP services could allow a user to download files from unauthorized sources.
• C.A hacker may be able to use the FTP service to bypass the firewall.
• D.FTP could significantly reduce the performance of a DMZ server.

Comment: *

Name: *

Email: *

Verification: *

An information systems security officer's PRIMARY responsibility for business process applications is to:

• A.Authorize secured emergency access.
• B.Ensure access rules agree with policies
• C.Create role-based rules for each business process.
• D.Approve the organization's security policy.

Comment: *

Name: *

Email: *

Verification: *

During an audit, the client learns that the IS auditor has recently completed a similar security review at a competitor. The client inquires about the competitor's audit results. What is the BEST way for the auditor to address this inquiry?

• A.Obtain permission from the competitor to use the audit results as examples for future clients.
• B.Explain that it would be inappropriate to discuss the results of another audit client
• C.Escalate the question to the audit manager for further action.
• D.Discuss the results of the audit omitting specifics related to names and products.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the PRIMARY reason for using a digital signature?

• A.Provide availability to the transmission
• B.Authenticate the sender of a message
• C.Provide confidentiality to the transmission
• D.Verify the integrity of the data and the identity of the recipient

Comment: *

Name: *

Email: *

Verification: *