To ensure that an organization is complying with privacy requirements, an IS auditor should FIRST review:

legal and regulatory requirements.

organizational policies,standards and procedures.

adherence to organizational policies,standards and procedures.

A human resources company offers wireless Internet access to its guests, after authenticating with a generic user ID and password. The generic ID and password are requested from the reception desk. Which of the following controls BEST addresses the situation?

The public wireless network is physically segregated from the company network.

The password for the wireless network is changed on a weekly basis

A stateful inspection firewall is used between the public wireless and company networks.

An intrusion detection system is deployed within the wireless network.

An IS auditor is reviewing a third-party agreement for a new cloud-based accounting service provider. Which of the following considerations is the MOST’ important with regard to the privacy of the accounting data?

Return or destruction of information

Data retention, backup and recovery

Network and intrusion detection

Which of the following is the MOST effective control when granting temporary access to vendors?

User accounts are created with expiration dates and are based on services provided.

Vendor access corresponds to the service level agreement.

Administrator access is provided for a limited period.

User IDs are deleted when the work is completed.

During a logical access controls review, an IS auditor observes that user accounts are shared. The GREATEST risk resulting from this situation is that:

user accountability may not be established

an unauthorized user may use the ID to gain access

user access management is time consuming

An IS auditor is assessing a biometric system used to protect physical access to a data center containing regulated data. Which of the following observations is the GREATEST concern to the auditor?

Data transmitted between the biometric scanners and the access control system do not use a securely encrypted tunnel.

Administrative access to the biometric scanners or the access control system is permitted over a virtual private network.

Biometric scanners are not installed in restricted areas.

Biometric system risk analysis was last conducted three years ago.

When auditing a role-based access control system, the IS auditor noticed that some IT security employees have system administrator privileges on some servers, which allows them to modify or delete transaction logs. Which would be the BEST recommendation that the IS auditor should make?

Write transaction logs in real time to Write Once and Read Many drives.

Ensure that these employees are adequately supervised.

Ensure that backups of the transaction logs are retained.

Implement controls to detect the changes.

When reviewing an organization’s logical access security to its remote systems, which of the following would be of GREATEST concern to an IS auditor?

Unencrypted passwords are used.

Third-party users possess administrator access.

Which of the following is the responsibility of information asset owners?

Assignment of criticality levels to data

Implementation of information security within applications

Implementation of access rules to data and programs

Provision of physical and logical security for data

An IS auditor is reviewing an organization to ensure that evidence related to a data breach case is preserved. Which of the following choices would be of MOST concern to the IS auditor?

There is no chain of custody policy.

End users are not aware of incident reporting procedures.

Log servers are not on a separate network.

Backups are not performed consistently

An IS auditor is reviewing access controls for a manufacturing organization. During the review, the IS auditor discovers that data owners have the ability to change access controls for a low-risk application. The BEST course of action for the IS auditor is to:

not report this issue because discretionary access controls are in place.

recommend that mandatory access control be implemented.

report this as a finding to upper management.

report this to the data owners to determine whether it is an exception.

The implementation of access controls FIRST requires:

a classification of IS resources

the creation of an access control list.

Which of the following is an example of the defense in-depth security principle?

Using a firewall as well as logical access controls on the hosts to control incoming network traffic

Using two firewalls to consecutively check the incoming network traffic

Lack of physical signs on the outside of a computer center building

Using two firewalls in parallel to check different types of incoming traffic

Which of the following would MOST effectively reduce social engineering incidents?

Increased physical security measures

To ensure compliance with a security policy requiring that passwords be a combination of letters and numbers, an IS auditor should recommend that:

an automated password management tool be used.

passwords are periodically changed.

security awareness training is delivered.

Which of the following is the BEST way for an IS auditor to determine the effectiveness of a security awareness and training program?

Interview a sample of employees.

Review the security training program.

Ask the security administrator.

Review the security reminders to employees

An IS auditor is reviewing the physical security controls of a data center and notices several areas for concern. Which of the following areas is the MOST important?

The emergency exit door is blocked.

The emergency power off button cover is missing

Scheduled maintenance of the fire suppression system was not performed.

There are no security cameras inside the data center.

An IS auditor inspected a windowless room containing phone switching and networking equipment and documentation binders. The room was equipped with two handheld fire extinguishers—one filled with carbon dioxide (CO2), the other filled with halon gas. Which of the following should be given the HIGHEST priority in the IS auditor’s report?

Both fire suppression systems present a risk of suffocation when used in a closed room.

The halon extinguisher should be removed because halon has a negative impact on the atmospheric ozone layer.

The CO2 extinguisher should be removed, because CO2 is ineffective for suppressing fires involving solid combustibles (paper).

The documentation binders should be removed from the equipment room to reduce potential risk.

What is a risk associated with attempting to control physical access to sensitive areas such as computer rooms using card keys or locks?

Unauthorized individuals wait for controlled doors to open and walk in behind those authorized.

The contingency plan for the organization cannot effectively test controlled access practices.

Access cards, keys and pads can be easily duplicated allowing easy compromise of the control.

Removing access for those who are no longer authorized is complex.

Which of the following is the MOST effective control over visitor access to a data center?

Visitors are spot-checked by operators.

AIS51313 C1 Review

Authored by Marvin Soriano

Other

University

Used 57+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

30 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following is the BEST way to minimize unauthorized access to unattended end-user PC systems?

Enforce use of a password-protected screen saver

Implement proximity-based authentication system

Terminate user session at predefined intervals

Adjust power management settings so the monitor screen is blank

MULTIPLE CHOICE QUESTION

1 min • 1 pt

The implementation of which of the following would MOST effectively prevent unauthorized access to a system administration account on a web server?

Host intrusion detection software installed on the server

Password expiration and lockout policy

Password complexity rules

Two-factor authentication

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A new business application has been designed in a large, complex organization and the business owner has requested that the various reports be viewed on a “need to know” basis. Which of the following access control methods would be the BEST method to achieve this requirement?

Mandatory

Role-based

Discretionary

Single sign-on

MULTIPLE CHOICE QUESTION

1 min • 1 pt

Which of the following is an effective preventive control to ensure that a database administrator (DBA) complies with the custodianship of the enterprise’s data?

Exception reports

Segregation of duties

Review of access logs and activities

Management supervision

MULTIPLE CHOICE QUESTION

1 min • 1 pt

An employee has received a digital photo frame as an gift and has connected it to his/her work PC to transfer digital photos. The PRIMARY risk that this scenario introduces is that:

the photo frame storage media could be used to steal corporate data.

the drivers for the photo frame may be incompatible and crash the user’s PC.

the employee may bring inappropriate photographs into the office.

the photo frame could be infected with malware.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

An organization discovers that the computer of the chief financial officer has been infected with malware that includes a keystroke logger and a rootkit. The FIRST action to take would be to:

Contact the appropriate law enforcement authorities to begin an investigation.

Immediately ensure that no additional data are compromised.

Disconnect the PC from the network.

Update the antivirus signature on the pc to ensure that the malware or virus is detected and removed.

MULTIPLE CHOICE QUESTION

1 min • 1 pt

The IS auditor is reviewing Findings from a prior IS audit of a hospital. One finding indicates that the organization was using email to communicate sensitive patient issues.The IT manager indicates that to address this finding, the organization has implemented digital signatures for all email users. What should the IS auditor’s response be?

Digital signatures are not adequate to protect confidentiality

Digital signatures are adequate to protect confidentiality

The IS auditor should gather more information about the specific implementation.

The IS auditor should recommend implementation of digital watermarking for secure email.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

25 questions

Astro Quiz 2025

Quiz

•

University

25 questions

James’s Quiz

Quiz

•

1st Grade - University

25 questions

2025 North Dakota Parliamentary Procedure Exam State Exam

Quiz

•

9th Grade - University

26 questions

Professional Sellling Unit 5 Practice Exam

Quiz

•

University

26 questions

Exam 7-9

Quiz

•

University

28 questions

Chapter 1-5 Speech craft

Quiz

•

University

26 questions

Food allergies

Quiz

•

3rd Grade - Professio...

25 questions

Acct. Test Bank #4 Adjusting Entries

Quiz

•

9th Grade - University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

29 questions

Alg. 1 Section 5.1 Coordinate Plane

Quiz

•

9th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

11 questions

FOREST Effective communication

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Other

12 questions

IREAD Week 4 - Review

Quiz

•

3rd Grade - University

7 questions

Fragments, Run-ons, and Complete Sentences

Interactive video

•

4th Grade - University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

10 questions

DNA Structure and Replication: Crash Course Biology

Interactive video

•

11th Grade - University

5 questions

Inherited and Acquired Traits of Animals

Interactive video

•

4th Grade - University

5 questions

Examining Theme

Interactive video

•

4th Grade - University

20 questions

Implicit vs. Explicit

Quiz

•

6th Grade - University

7 questions

Comparing Fractions

Interactive video

•

1st Grade - University