When reviewing a project where quality is a major concern, an IS auditor should use the project management tri
When reviewing a project where quality is a major concern, an IS auditor should use the project management triangle to explain that:
The MOST important concern for an IS auditor is the:
While evaluating software development practices in an organization, an IS auditor notes that the quality assurance (QA) function reports to project management. The MOST important concern for an IS auditor is the:
The appropriate response of the IS auditor would be to:
An IS auditor invited to a development project meeting notes that no project risks have been documented. When the IS auditor raises this issue, the project manager responds that it is too early to identify risks and that, if risks do start impactingthe project, a risk manager will be hired. The appropriate response of the IS auditor would be to:
Which of the following would BEST address the risk of data leakage?
Which of the following would BEST address the risk of data leakage?
Attackers who exploit cross-site scripting vulnerabilities take advantage of:
Attackers who exploit cross-site scripting vulnerabilities take advantage of:
What should the security manager do FIRST?
A project manager is developing a developer portal and requests that the security manager assign a public IP address so that it can be accessed by in-house staff and by external consultants outside the organization’s local are network (LAN).
What should the security manager do FIRST?
The IS auditor’s MAIN concern should be that the:
An IS auditor has been asked to participate in project initiation meetings for a critical project. The IS auditor’s MAIN concern should be that the:
At the completion of a system development project, a postproject review should include which of the following?
At the completion of a system development project, a postproject review should include which of the following?
Which of the following would be of GREATEST importance to the security manager in determining whether to accep
Which of the following would be of GREATEST importance to the security manager in determining whether to accept residual risk?
The institution determines that residual risk will always be too high and decides to:
An online banking institution is concerned that the breach of customer personal information will have a significant financial impact due to the need to notify and compensate customers whose personal information may have been compromised. The institution determines that residual risk will always be too high and decides to: