What is an IS auditor’s BEST recommendation to management if a review of the incident management process finds multiple instances of incident tickets remaining open for an unusually long time?

A. Implement reporting of key performance indicators (KPIs) for ticket closure.
B. Increase the number of help desk staff to enable faster ticket closure.
C. Manually review the identified tickets and mark as closed in the system.
D. Configure the system to automatically close tickets after a defined period.

Which of the following scenarios would enable a forensic investigation?

A. The suspected computer was rebooted, and the evidence log file was converted to a readable format for further analysis.
B. The incident response team prepared a final report for the forensic investigator and deleted the original file securely to avoid further damage.
C. The media in question was preserved using imaging, and chain of custody was documented according to the organization’s incident response plan.
D. Incident response team members extracted the logs showing the suspicious activity and added their notes before submitting for investigation.

An IS auditor finds that the process for removing access for terminated employees is not documented. What is the MOST significant risk from this observation?

A. Procedures may not align with best practices.
B. HR records may not match system access.
C. Unauthorized access cannot be identified.
D. Access rights may not be removed in a timely manner.

An IS auditor is assessing an organization’s data loss prevention (DLP) solution for protecting intellectual property from insider theft. Which of the following would the auditor consider MOST important for effective data protection?

A. Employee training on information handling
B. Creation of DLP policies and procedures
C. Encryption of data copied to flash drives
D. Identification and classification of sensitive data

A government organization uses standard Wi-Fi Protected Access 2 (WPA2) to protect confidential information transmitted to a file server. Which of the following is the IS auditor’s BEST recommendation to further strengthen security?

A. Certificate-based authentication
B. Network address translation (NAT)
C. Media access control (MAC) address filtering
D. Service set identifier (SSID) masking

An organization’s current end-user computing practices include the use of a spreadsheet for financial statements. Which of the following is the GREATEST concern?

A. Formulas are not protected against unintended changes.
B. The spreadsheet contains numerous macros.
C. Operational procedures have not been reviewed in the current fiscal year.
D. The spreadsheet is not maintained by IT.

A multinational company wants to establish a mandatory global standard for information security including data protection and privacy. Which of the following should be the GREATEST concern to an IS auditor?

A. Inconsistent roll-out of the standard across all countries.
B. Increased organizational effort without any tangible benefit
C. Noncompliance with local laws in the affected countries
D. Lack of adoption by organized labor groups in all affected countries

An IS auditor has been asked to perform a post-implementation assessment of a new corporate human resources (HR) system. Which of the following control areas would be MOST important to review for the protection of employee information?

A. Logging capabilities
B. Authentication mechanisms
C. Data retention practices
D. System architecture

To help ensure the organization’s information assets are adequately protected, which of the following considerations is MOST important when developing an information classification and handling policy?

A. The policy has been mapped against industry frameworks for classifying information assets.
B. The policy is owned by the head of information security, who has the authority to enforce the policy.
C. The policy specifies requirements to safeguard information assets based on their importance to the organization.
D. The policy is subject to periodic reviews to ensure its provisions are up to date.

Which of the following is the BEST way to protect the confidentiality of data on a corporate smartphone?

A. Disabling public wireless connections
B. Using remote data wipe capabilities
C. Using encryption
D. Changing the default PIN for Bluetooth connections