As a FIRST step, the security manager should:
During the security review of organizational servers it was found that a file server containing
confidential human resources (HR) data was accessible to all user IDs. As a FIRST step, the
security manager should:
Which of the following would be the MOST secure way of updating open-source software?
The application systems of an organization using open-source software have no single recognized
developer producing patches. Which of the following would be the MOST secure way of updating
open-source software?
If an organization considers taking legal action on a security incident, the information security manager shou
If an organization considers taking legal action on a security incident, the information security
manager should focus PRIMARILY on:
Which of the following controls wou Id BEST mitigate the risk of undetected and unauthorized program changes t
An IS auditor discovers that developers have operator access to the command line of a
production environment operating system. Which of the following controls wou Id BEST mitigate
the risk of undetected and unauthorized program changes to the production environment?
Which of the following has the highest priority when defining an emergency response plan?
Which of the following has the highest priority when defining an emergency response plan?
Which of the following processes should an IS auditor recommend to assist in the recording of baselines for so
Which of the following processes should an IS auditor recommend to assist in the
recording of baselines for software releases?
The PRIMARY purpose of involving third-party teams for carrying out post event reviews of information security
The PRIMARY purpose of involving third-party teams for carrying out post event reviews of
information security incidents is to:
The MOST significant concern an IS auditor should have with this practice is the nonconsideration bylT of:
An IS auditor notes that patches for the operating system used by an organization are
deployed by the IT department as advised by the vendor. The MOST significant concern an IS
auditor should have with this practice is the nonconsideration bylT of:
The MOST important objective of a post incident review is to:
The MOST important objective of a post incident review is to:
Which of the following will BEST control the risk in this situation?
In a small organization, developers may release emergency changes directly to production. Which
of the following will BEST control the risk in this situation?