An organization is using an enterprise resource management (ERP) application. Which of the
following would be an effective access control?

What should be the GREATEST concern to an IS auditor when employees use portable media
(MP3 players, flash drives)?

An IS auditor should expect the responsibility for authorizing access rights to production
data and systems to be entrusted to the:

An IS auditor has completed a network audit. Which of the following is the MOST significant logical

security finding?

Which of the following would MOST effectively enhance the security of a challenge-response
based authentication system?

Which of the following should an IS auditor recommend for the protection of specific sensitive
information stored in the data warehouse?

The responsibility for authorizing access to a business application system belongs to the:

An organization has created a policy that defines the types of web sites that users are

forbidden to access. What is the MOST effective technology to enforce this policy?

What would be the MOST effective control for enforcing accountability among database users
accessing sensitive information?

Which of the following intrusion detection systems (IDSs) monitors the general patterns of activity
and traffic on a network and creates a database?