An IS auditor inspected a windowless room containing phone switching and networking equipment
and documentation binders. The room was equipped with two handheld fire extinguishers-one filled
with CO2, the other filled with halon. Which ofthe following should be given the HIGHEST priority in
the auditor’s report?

Which of the following would be BEST prevented by a raised floor in the computer machine room?

A penetration test performed as part of evaluating network security:

Users are issued security tokens to be used in combination with a PIN to access the
corporate virtual private network (VPN). Regarding the PIN, what is the MOST important rule to be
included in a security policy?

Which of the following fire suppression systems is MOST appropriate to use in a data center
environment?

During the review of a biometrics system operation, an IS auditor should FIRST review the stage of:

An accuracy measure for a biometric system is:

What is a risk associated with attempting to control physical access to sensitive areas such as
computer rooms using card keys or locks?

An organization with extremely high security requirements is evaluating the effectiveness of
biometric systems. Which of the following performance indicators is MOST important?

The MOST effective control for addressing the risk of piggybacking is: