Which of the following is normally a responsibility of …
Which of the following is normally a responsibility of the chief security officer (CSO)?
Which of the following is a risk of cross-training?
Which of the following is a risk of cross-training?
Which of the following is the BEST performance criterio…
Which of the following is the BEST performance criterion for evaluating the adequacy of an
organization’s security awareness training?
To gain an understanding of the effectiveness of an org…
To gain an understanding of the effectiveness of an organization’s planning and management of
investments in IT assets, an IS auditor should review the:
Which of the following activities performed by a databa…
Which of the following activities performed by a database administrator (DBA) should be performed
by a different person?
Which of the following reduces the potential impact of …
Which of the following reduces the potential impact of social engineering attacks?
Which of the following controls would an IS auditor loo…
Which of the following controls would an IS auditor look for in an environment where duties cannot
be appropriately segregated?
An IS auditor reviewing an organization that uses cross…
An IS auditor reviewing an organization that uses cross-training practices should assess the risk
of:
what would be a suitable compensating control?
When segregation of duties concerns exist between IT support staff and end users, what would be
a suitable compensating control?
An IS auditor should be concerned when a telecommunicat…
An IS auditor should be concerned when a telecommunication analyst: