After installing a network, an organization installed a vulnerability assessment tool or security scanner to identify
possible weaknesses. Which is the MOST serious risk associated with such tools?

Time constraints and expanded needs have been found by an IS auditor to be the root causes for recent
violations of corporate data definition standards in a new business intelligence project. Which of the following is
the MOST appropriate suggestion for an auditor to make?

In a small organization, developers may release emergency changes directly to production. Which of the
following will BEST control the risk in this situation?

An IS auditor notes that patches for the operating system used by an organization are deployed by the IT
department as advised by the vendor. The MOST significant concern an IS auditor should have with this
practice is the nonconsideration bylT of:

Which of the following processes should an IS auditor recommend to assist in the recording of baselines for
software releases?

An IS auditor discovers that developers have operator access to the command line of a production environment
operating system. Which of the following controls wou Id BEST mitigate the risk of undetected and
unauthorized program changes to the production environment?

The application systems of an organization using open-source software have no single recognized developer
producing patches. Which of the following would be the MOST secure way of updating open-source software?

To determine if unauthorized changes have been made to production code the BEST audit procedure is to:

When reviewing procedures for emergency changes to programs, the IS auditor should verify that the
procedures:

An organization has recently installed a security patch, which crashed the production server. To minimize the
probability of this occurring again, an IS auditor should: