- (Exam Topic 3)
A review of Internet security disclosed that users have individual user accounts with Internet service providers (ISPs) and use these accounts for downloading business data. The organization wants to ensure that only the corporate network is used. The organization should FIRST:

1. A. use a proxy server to filter out Internet sites that should not be accessed.
2. B. keep a manual log of Internet access.
3. C. monitor remote access activities.
4. D. include a statement in its security policy about Internet use.

Correct Answer: D

- (Exam Topic 3)
Which of the following is MOST important to determine during the planning phase of a cloud-based messaging and collaboration platform acquisition?

1. A. Role-based access control policies
2. B. Types of data that can be uploaded to the platform
3. C. Processes for on-boarding and off-boarding users to the platform
4. D. Processes for reviewing administrator activity

Correct Answer: B

- (Exam Topic 2)
Which of the following is MOST important to verify when determining the completeness of the vulnerability scanning process?

1. A. The organization's systems inventory is kept up to date.
2. B. Vulnerability scanning results are reported to the CISO.
3. C. The organization is using a cloud-hosted scanning tool for Identification of vulnerabilities
4. D. Access to the vulnerability scanning tool is periodically reviewed

Correct Answer: B

- (Exam Topic 4)
An organization has implemented a distributed security administration system to replace the previous centralized one. Which of the following presents the GREATEST potential concern?

1. A. Security procedures may be inadequate to support the change
2. B. A distributed security system is inherently a weak security system
3. C. End-user acceptance of the new system may be difficult to obtain
4. D. The new system will require additional resources

Correct Answer: A

- (Exam Topic 4)
An IS auditor is reviewing a bank's service level agreement (SLA) with a third-party provider that hosts the bank's secondary data center, which of the following findings should be of GREATEST concern to the auditor?

1. A. The recovery time objective (RTO) has a longer duration than documented in the disaster recovery plan (ORP).
2. B. The SLA has not been reviewed in more than a year.
3. C. Backup data is hosted online only.
4. D. The recovery point objective (RPO) has a shorter duration than documented in the disaster recovery plan (DRP).

Correct Answer: D
The recovery point objective (RPO) is the maximum amount of data that can be lost due to a system failure or disaster. If the SLA specifies a shorter RPO than the DRP, this could indicate a lack of adequate backup systems or procedures to ensure data integrity, which is of great concern to an IS auditor. Additionally, the IS auditor should also be sure to check that the SLA is up to date and that the RTO and RPO align with the DRP.