An IT auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late night shift a week as the senior computer operator.
The most appropriate course of action for the IT auditor is to:
A. Review the system log for each of the late night shifts to determine whether any irregular actions occurred.
B. Inform senior management of the risk involved.
C. Develop a computer-assisted audit technique to detect instances of abuses of the arrangement.
D. Agree to work with the security officer on these shifts as a form of preventative control.
What two methods are used to assess risk impact?
A. Quantitative and qualitative
B. Qualitative and percent of loss realized
C. Subjective and Objective
D. Cost and annual rate of expectance
An organization information security policy serves to___________________.
A. define security configurations for systems
B. establish budgetary input in order to meet compliance requirements
C. establish acceptable systems and user behavior
D. define relationships with external law enforcement agencies
E. None
When creating a vulnerability scan schedule, who is the MOST critical person to communicate with in order to ensure impact of the scan is minimized?
A. The asset manager
B. The project manager
C. The asset owner
D. The data custodian
Which of the following tests is performed by an Information Systems (IS) auditor when a sample of programs is selected to determine if the source and object versions are the same?
A. Substantive test of program library controls
B. A compliance test of the program compiler controls
C. A compliance test of program library controls
D. A substantive test of the program compiler controls
What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?
A. Mitigate risk
B. Perform a risk assessment
C. Determine appetite
D. Evaluate risk avoidance criteria
Which of the following is the MOST important goal of risk management?
A. Finding economic balance between the impact of the risk and the cost of the control
B. Identifying the victim of any potential exploits
C. Identifying the risk
D. Assessing the impact of potential threats
Which of the following is used to establish and maintain a framework to provide assurance that information security strategies are aligned with organizational objectives?
A. Governance
B. Compliance
C. Awareness
D. Management
As the new CISO at the company you are reviewing the audit reporting process and notice that it includes only detailed technical diagrams.
What else should be in the reporting process?
A. Names and phone numbers of those who conducted the audit
B. Executive summary
C. Penetration test agreement
D. Business charter
Which of the following provides an audit framework?
A. Control Objectives for IT (COBIT)
B. International Organization Standard (ISO) 27002
C. Payment Card Industry η’‚ata Security Standard (PCI-DSS)
D. National Institute of Standards and technology (NIST) SP 800-30
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.