A manager identifies active privileged accounts belonging to staff who have left the organization. Which of the following is the threat actor In this scenario?

• A.Terminated staff
• B.Unauthorized access
• C.Deleted log data
• D.Hacktivists

Comment: *

Name: *

Email: *

Verification: *

Which of the following would BEST indicate the effectiveness of a security awareness training program?

• A.Results of third-party social engineering tests
• B.Employee satisfaction with training
• C.Increased number of employees completing training
• D.Reduced unintentional violations

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important consideration when establishing vulnerability scanning on critical IT infrastructure?

• A.The scanning will not degrade system performance.
• B.The scanning will be cost-effective.
• C.The scanning will be performed during non-peak hours.
• D.The scanning will be followed by penetration testing.

Comment: *

Name: *

Email: *

Verification: *

An IS auditor should expect which of the following items to be included in the request for proposal (RFP) when IS is procuring services from an independent service provider (ISP)?

• A.References from other customers
• B.Service level agreement (SLA) template
• C.Maintenance agreement
• D.Conversion plan

Comment: *

Name: *

Email: *

Verification: *

During a security access review, an IS auditor identifies a segregation of duties issue involving financial reporting for which there are no mitigating controls. Which of the following stakeholders should be notified of this finding FIRST?

• A.External auditors
• B.The board of directors
• C.The audit committee
• D.Operational management

Comment: *

Name: *

Email: *

Verification: *