nerdexam
EC-Council

312-50V9 · Question #253

During a security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?

The correct answer is A. Identify and evaluate existing practices. The auditor should first evaluated existing policies and practices to identify problem areas and

Introduction to Ethical Hacking

Question

During a security audit of IT processes, an IS auditor found that there were no documented security procedures. What should the IS auditor do?

Options

  • AIdentify and evaluate existing practices
  • BCreate a procedures document
  • CConduct compliance testing
  • DTerminate the audit

How the community answered

(28 responses)
  • A
    75% (21)
  • B
    4% (1)
  • C
    14% (4)
  • D
    7% (2)

Explanation

The auditor should first evaluated existing policies and practices to identify problem areas and

Topics

#security audit#IS auditing#undocumented procedures#compliance assessment

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice