EMT Practice Test

1. Question Content...


Question List

Question1: Following the sale of a business division, employees will be transferred to a new organization, but they will retain access to IT equipment from the previous employer. An IS auditor has recommended that both organizations agree to and document an acceptable use policy for the equipment. What type of control has been recommended?

Question2: Which of the following procedures would BEST contribute to the reliability of information in a data warehouse?

Question3: A critical function of a firewall is to act as a:

Question4: Following an unauthorized disclosure of data, an organization needs to implement data loss prevention (DLP) measures The IS auditor's BEST recommendation should be to:

Question5: The PRIMARY advantage of object-oriented technology is enhanced:

Question6: The IS auditor's PRIMARY role in control self-assessment (CSA) is to:

Question7: Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:

Question8: Which of the following will BEST help to ensure that an in-house application in the production environment is current?

Question9: What is the BEST population to select from when testing that programs are migrated to production with proper approval?

Question10: Which of the following is MOST likely to be prevented by a firewall connected to the Internet?

Question11: Which of the following provides the BEST evidence of the effectiveness of an organization s audit quality management procedures?

Question12: To develop a robust data security program, the FIRST course of action should be to:

Question13: Which of the following is the GREATEST risk of cloud computing?

Question14: An organization plans to launch a social media presence as part of a new customer service campaign. Which of the following is the MOST significant risk from the perspective of potential litigation?

Question15: Which of the following could be determined by an entity-relationship diagram?

Question16: The information security function in a large organization is MOST effective when:

Question17: A company has implemented an IT segregation of duties policy In a role-based environment, which of the following roles may be assigned to an application developer?

Question18: What is the primary objective of a control self-assessment (CSA) program?

Question19: An IS auditor has found that a vendor has gone out of business and the escrow has an older version of the source code What is the auditor's BEST recommendation for the organization?

Question20: .After an IS auditor has identified threats and potential impacts, the auditor should:

Question21: .Who is ultimately accountable for the development of an IS security policy?

Question22: MOST effective way to determine if IT is meeting business requirements is to establish:

Question23: A typical network architecture used for e-commerce, a load balancer is normally found between the:

Question24: Which of the following should be done FIRST when planning a penetration test?

Question25: Which of the following is the BCST way to determine the effectiveness of a recently installed intrusion detection system (IDS)?

Question26: The BEST way to prevent fraudulent payments is to implement segregation of duties between payment processing and:

Question27: In a public key infrastructure (PKI), the authority responsible for the identification and authentication of an applicant for a digital certificate (i.e., certificate subjects) is the:

Question28: A company laptop has been stolen and all photos on the laptop have been published on social media. Which of the following is the IS auditor's BEST course of action?

Question29: Two organizations will share ownership of a new enterprise resource management (ERM) system To help ensure the successful implementation of the system, it k MOST important to define:

Question30: Which of the following systems-based approaches would a financial processing company employ to monitor spending patterns to identify abnormal patterns and report them?

Question31: A stockbroker accepts orders over the Internet. Which of the following is the MOST appropriate control to ensure confidentiality of the orders?

Question32: Which of the following is the BEST approach for performing a business impact analysis (BIA) of a supply-chain management application?

Question33: Which of the following a recent internal data breach, an IS auditor was asked to evaluate information security practices within the organization. Which of the following findings would be MOST important to report to senior management?

Question34: The grants management system is used to calculate grant payments. Once per day, a batch interface extracts grant amounts and payee details from this system for import into the once system so payments can be made overnight Which of the following controls provides the GREATEST assurance of the accuracy and completeness of the imported payment

Question35: Which of the following would be the MOST likely reason for an intrusion prevention system (IPS) being unable to block an ongoing web attack?

Question36: An IS auditor is conducting a review of an organization s information systems and discovers data that is no longer needed by business applications. Which of the following would b IS auditor's BEST recommendation?

Question37: Which of the following is the PRIMARY advantage of using virtualization technology for corporate applications?

Question38: An organization has established three IS processing environments: development, test, and production. The MAJOR reason for separating the development and test environments is

Question39: An organization implements a data loss prevention tool as a control to mitigate the risk of sensitive data leaving the organization via electronic mail. Which of the following would provide the BEST indication of adequate control design?

Question40: Which of the following is the BEST source of information when assessing the amount of time a project will take?

Question41: Management decided to accept the residual risk of an audit finding and not take the recommended actions. The internal. Audit team believes the acceptance is inappropriate and has discussed the situation with executive management. After this discussion, there is still disagreement regarding the decision. Which of the following is the BEST course of action by internal audit.

Question42: Which of the following is the BEST source for describing the objectives of an organization s information systems?

Question43: During a review of information security procedures for disabling user accounts, an IS auditor discovers that IT is only disabling network access for terminated employees IT management maintains if terminated users cannot access the network, they will not be able to access any applications Which of the following is the GREATEST risk associated with application access?

Question44: A recent audit identified duplicate software licenses and technologies Which of the following would be MOST helpful to prevent this type of duplication in the future?

Question45: An organization is replacing a mission-critical system. Which of the following is the BEST implementation strategy to mitigate and reduce the risk of system failure?

Question46: A security regulation requires the disabling of direct administrator access. Such access must occur through an intermediate server that holds administrator passwords for all systems d records all actions. An IS auditor s PRIMARY concern with this solution would be that:

Question47: An advantage of installing a thin client architecture in a local area network (LAN) is that this would:

Question48: An organization has implemented a control to help ensure databases containing personal information will not be updated with online transactions that are incomplete due to connectivity issues. Which of the following information attributes is PRIMARILY addressed by this control?

Question49: Which of the following is a passive attack on a network?

Question50: Which of the following would be the PRIMARY benefit of replacing physical keys with an electronic badge system for access to a data center?

Question51: An effective implementation of security roles and responsibilities is BEST evidenced across an enterprise when:

Question52: An IS auditor is observing transaction processing and notes that a high-priority update job ran out of sequence.
What is the MOST significant risk from this observation'

Question53: Both statistical and nonstatistical sampling techniques:

Question54: MOST critical security weakness of a packet level firewall is that it can be circumvented by:

Question55: An organization has software that is not compliant with data protection requirements. To help ensure that appropriate and relevant data protection controls are implemented in the future, the auditor s BEST course of action would be to:

Question56: The use of a GANTT chart can:

Question57: The CIO of an organization is concerned that the information security policies may not be comprehensive.
Which of the following should an IS auditor recommend be performed FIRST?

Question58: When migrating critical systems to a cloud provider, the GREATEST data security concern for an organization would be that data from different clients may be:

Question59: An IS auditor is conducting a review of a healthcare organization's IT policies for handling medical records.
Which of the following is MOST important to verify?

Question60: Which of the following would an IS auditor recommend as the MOST effective preventive control to reduce the risk of data leakage'

Question61: A number of system failures are occurring when corrections to previously detected errors are resubmitted for acceptance testing. This would indicate that the maintenance team is probably not adequately performing which of the following types of testing?

Question62: A bank is relocating its servers to a vendor that provides data center hosting services to multiple clients. Which of the following controls would restrict other clients from physical access to the bank servers?

Question63: select a sample for testing, which must include the 80 largest client balances and a random sample of the rest, the IS auditor should recommend:

Question64: The BEST way to evaluate the effectiveness of a newly developed application is to:

Question65: Which of the following IS audit findings should be of GREATEST concern when preparing to migrate to a new core system using a direct cut-over?

Question66: Which of the following is the GREATEST risk posed by denial-of-service attacks?

Question67: When conducting a follow-up audit on an organization s firewall configuration, the IS auditor discovered that the firewall had been integrated into a new system that provides both firewall and intrusion detection capabilities. The IS auditor should:

Question68: Which audit technique provides the GREATEST assurance that incident management procedures are effective?

Question69: Which of the following projects would be MOST important to review in an audit of an organizations financial statements?

Question70: Which of the following would BEST indicate the effectiveness of a security awareness training program?

Question71: Which of the following is the BEST time for an IS auditor to perform a post-implementation review?

Question72: Which of the following is the BEST approach to identify whether a vulnerability is actively being exploited?

Question73: A LAN administrator normally would be restricted from:

Question74: While reviewing similar issues in an organization s help desk system, an IS auditor finds that they were analyzed independently and resolved differently This situation MOST likely indicates a deficiency in:

Question75: In an EDI process, the device which transmits and receives electronic documents is the:

Question76: Which of the following is the MOST effective control for a utility program?

Question77: Which of the following would be an appropriate role of internal audit in helping to establish an organization's privacy program?

Question78: A security review reveals an organization b struggling with a large number of findings from vulnerability scans. What should the IS auditor recommend be done FIRST.

Question79: Which of the following communication modes should be of GREATEST concern to an IS auditor evaluating end user networking?

Question80: What is the MOST important business concern when an organization is about to migrate a mission-critical application to a virtual environment?

Question81: Which of the following metrics would be MOST helpful to an IS auditor in evaluating an organizations security incident response management capability?

Question82: Which of the following would be MOST helpful when assessing how applications exchange data with other applications?

Question83: Which of the following is the MOST important process to ensure planned IT system changes are completed in an efficient manner?

Question84: An organization offers an online information security awareness program to employees on an annual basis.
Which of the following findings from an audit of the program should be the IS auditor's GREATEST concern?

Question85: An IS auditor is a member of an application development team that is selecting software. Which of the following would impair the auditor's independence?

Question86: Which of the following would be the MOST efficient audit approach, given that a compliance-based approach was adopted in the previous year?

Question87: Which of the following provides an IS auditor the MOST assurance that an organization is compliant with legal and regulatory requirements?

Question88: IS management has decided to rewrite a legacy customer relations system using fourth generation languages (4GLs). Which of the following risks is MOST often associated with system development using 4GLs?

Question89: Which of the following would be an IS auditor's GREATEST concern when reviewing an organization s security controls for policy compliance?

Question90: Requiring that passwords contain a combination of numeric and alphabetic characters is MOST effective against which type of attack?

Question91: Which of the following should be an IS auditor's PRIMARY consideration when evaluating the development and design of a privacy program?

Question92: Structured programming is BEST described as a technique that:

Question93: The MOST important reason for documenting all aspects of a digital forensic investigation is that documentation:

Question94: Which of the following is the BEST reason for an organization to develop a business continuity plan?

Question95: Which of the following would BEST detect logic bombs in new programs?

Question96: Which of the following is the MOST important determining factor when establishing appropriate timeframes for follow-up activities related to audit findings?

Question97: .IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. True or false?

Question98: Which of the following should the IS auditor use to BEST determine whether a project has met its business objectives?

Question99: These members of an emergency incident response team should be:

Question100: An IS auditor finds that firewalls are outdated and not supported by vendors. Which of the following should be the auditor s NEXT course of action?