An IS auditor discovers that developers have operator access to the command line of a production
environment operating system. Which of the following controls wou Id BEST mitigate the risk of
undetected and unauthorized program changes to the production environment?

Which of the following processes should an IS auditor recommend to assist in the
recording of baselines for software releases?

An IS au itor notes that patches for the operating system used by an organization are
deployed by the IT department as advised by the vendor. The MOST significant concern an IS auditor
should have with this practice is the nonconsideration bylT of:

In a small organization, developers may release emergency changes directly to production. Which of
the following will BEST control the risk in this situation?

Time constraints and expanded needs have been found by an IS auditor to be the root causes for
recent violations of corporate data definition standards in a new business intelligence project. Which
of the following is the MOST appropriate suggestion for an auditor to make?

After installing a network, an organization installed a vulnerability assessment tool or security
scanner to identify possible weaknesses. Which is the MOST serious risk associated with such tools?

The FIRST step in managing the risk of a cyber attack is to:

Which of the following is the MOST effective method for dealing with the spreading of a network
worm that exploits vulnerability in a protocol?

The PRIMARY objective of performing a postincident review is that it presents an opportunity to:

The computer security incident response team (CSIRT) of an organization disseminates detailed
descriptions of recent threats. An IS auditor’s GREATEST concern should be that the users might: