Which of the following is an indication of possible hacker activity involving voice communications?

A. A significant percentage of lines are busy during early morning and late afternoon hours.
B. Outbound calls are found to significantly increase in frequency during non-business hours.
C. Inbound calls experience significant fluctuations based on time-of-day and day-of-week.
D. Direct inward system access (DISA) is found to be disabled on the company's exchange.

When using a wireless device, which of the following BEST ensures confidential access to email via web mail?

A. Simple object access protocol (SOAP)
B. Hypertext transfer protocol secure (HTTPS)
C. Extensible markup language (XML)
D. Wired equivalent privacy (WEP)

Which of the following is the GREATEST risk associated with instant messaging?

A. Data governance may become ineffective.
B. Data classification procedures may not be followed.
C. Data logging is more difficult.
D. Data exfiltration is more likely to occur.

Which of the following is the BEST reason to utilize blockchain technology to record accounting transactions?

A. Integrity of records
B. Confidentiality of records
C. Availability of records
D. Distribution of records

When reviewing a contract for a disaster recovery hot site, which of the following would be the MOST significant omission?

A. Audit rights
B. Testing procedures
C. Exposure coverage
D. Equipment provided

During a post-incident review of a security breach, what type of analysis should an IS auditor expect to be performed by the organization's information security team?

A. Gap analysis
B. Business impact analysis (BIA)
C. Qualitative risk analysis
D. Root cause analysis

Which of the following is the BEST way to mitigate the impact of ransomware attacks?

A. Backing up data frequently
B. Invoking the disaster recovery plan (DRP)
C. Requiring password changes for administrative accounts
D. Paying the ransom

Which of the following threats is MOST effectively controlled by a firewall?

A. Network congestion
B. Denial of service (DoS) attack
C. Network sniffing
D. Password cracking

An organization is designing an application programming interface (API) for business-to-business data sharing with a vendor. Which of the following is the BEST way to reduce the potential risk of data leakage?

A. Implement a policy to require data transfer over hypertext transfer protocol (HTTP)
B. Implement the API on a secure server and encrypt traffic between both organizations
C. Restrict the allowable number of API calls within a specified period
D. Conduct an independent review of the application architecture and service level agreements (SLAs)

Which of the following is the BEST way to transmit documents classified as confidential over the Internet?

A. Hashing the document contents and destroying the hash value
B. Sending documents as multiple packets over different network routes
C. Converting documents to proprietary format before transmission
D. Using a virtual private network (VPN)