An organization has been recently downsized, in light of this, an IS auditor decides to test logical
access controls. The IS auditor’s PRIMARY concern should be that:

From a control perspective, the PRIMARY objective of classifying information assets is to:

An IS auditor examining a biometric user authentication system establishes the existence of a
control weakness that would allow an unauthorized individual to update the centralized database
on the server that is used to store biometric templates. Ofthe following, which is the BEST control
against this risk?

For a discretionary access control to be effective, it must:

Which of the following BEST restricts users to those functions needed to perform their duties?

Which of the following is a general operating system access control function?

Which of the following presents an inherent risk with no distinct identifiable preventive controls?

The information security policy that states ‘each individual must have their badge read at every
controlled door’ addresses which of the following attack methods?

An IS auditor reviewing digital rights management (DRM) applications should expect to find an
extensive use for which of the following technologies?

An IS auditor has identified the lack of an authorization process for users of an application.
The IS auditor’s main concern should be that: