Question: 1
An IS auditor notes that several of a client's servers are vulnerable to attack due to open unused ports and
protocols. The auditor recommends management implement minimum security requirements. Which type of
control has been recommended?
Question: 2
An organization wants to classify database tables according to its data classification scheme. From an IS
Auditor's perspective, the tables should be classified based on the:
Question: 3
Following an IT audit, management has decided to accept the risk highlighted in the audit report. Which of the
following would provide the MOST assurance to the IS auditor that management is adequately balancing the
needs of the business with the need to manage risk?
Question: 4
What should an IS auditor review FIRST when assessing the results of a recent penetration test to identify potential vulnerabilities?
Question: 5
Which of the following would be of GREATEST concern to an IS auditor when auditing a small organization's
purchasing department?