Q1. Which one of the following is not a security testing control?
Q2. Access is controlled through a retina scanner for the identification, authentication, and authorization of operators to a data center. A legitimate user was erroneously denied access during a scan. Such errors can be categorized under which one of the following?
Q3. The effectiveness of a security control is a measure for which one of the following?
Q4. The collection of security process, test data, and reporting is used to verify what?
Q5. Third-party audits are conducted for what?
Q6. Audit logs may include all of these except:
Q7. Identify some of the best practices in the information system audit control? (This is a drag-and-drop type of question. Here, and for similar drag-and-drop questions, you can draw a line from the list of answers from the left to the empty box on the right).
Q8. An organization engages an agency to conduct an independent audit on its systems. Such an audit is known as what?