The initial step in establishing an information security program is the:

Which of the following factor is LEAST important in the measurement of critical success factors of productivity in the SDLC phases?

A malicious code that changes itself with each file it infects is called a:

Which of the following statement correctly describes the difference between QAT and UAT?

Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plans effectiveness?

Which of the following type of testing uses a set of test cases that focus on control structure of the procedural design?

Which of the following type of testing has two major categories: QAT and UAT?

An organization having a number of offices across a wide geographical area has developed a disaster recovery plan (DRP). Using actual resources, which of the following is the MOST cost-effective test of the DRP?

Which of the following type of testing validate functioning of the application under test with other system, where a set of data is transferred from one system to another?

The IS auditor learns that when equipment was brought into the data center by a vendor, the emergency power shutoff switch was accidentally pressed and the UPS was engaged. Which of the following audit recommendations should the IS auditor suggest?