Which of the following types of auditing requires access to source code?



Question options:

Use Case Testing
Code Review


In order for a subject to be _____, the system must first ____ the subject and then record the subject's actions.



Question options:

accountable, identify
accountable, authorize


A company needs to conduct testing of technical controls as part of an IT Security Audit. Which of the following types of testing allows the auditor to have full knowledge of the internals for the system(s) under test at the time the tests are being designed or selected?



Question options:

White box testing
Gray box testing


What is the primary difference between second party and third party audits?



Question options:

Second party audit teams are granted inside access to the organization's operations. Third party audit teams are limited in their access to the organization's operations.
Second party audits are external audits conducted on behalf of a business partner. Third party audits are conducted to provide assurance of compliance with laws and regulations.


Red Team testing has revealed weaknesses in how a company provisions and deprovisions user accounts. These weaknesses allowed the Red Team to exploit the username/login for a privileged account assigned to a system administrator who recently left the IT department for another position within the company. Which of the following is the most important business process to investigate to learn why the weaknesses exist so that they can be addressed using a policy-based solution?



Question options:

User Account Review
Privileged identity management



Answer :

Other Questions