An information security policy stating that ‘the display of passwords must be masked or suppressed’
addresses which of the following attack methods?

To ensure compliance with a security policy requiring that passwords be a combination of letters
and numbers, an IS auditor should recommend that:

An IS auditor has identified the lack of an authorization process for users of an application. The IS
auditor’s main concern should be that:

An IS auditor reviewing digital rights management (DRM) applications should expect to find an
extensive use for which of the following technologies?

The information security policy that states ‘each individual must have their badge read at every
controlled door’ addresses which of the following attack methods?

Which of the following presents an inherent risk with no distinct identifiable preventive controls?

Which of the following is a general operating system access control function?

Which of the following BEST restricts users to those functions needed to perform their duties?

For a discretionary access control to be effective, it must:

An IS auditor examining a biometric user authentication system establishes the existence of a
control weakness that would allow an unauthorized individual to update the centralized database on
the server that is used to store biometric templates. Ofthe following, which is the BEST control
against this risk?