EMT Practice Test

1. Question Content...


Question List

Question1: An IS auditor discovered abnormalities in a monthly report generated from a system upgraded six months ago.
Which of the following should be the auditor's FIRST course of action?

Question2: An IS auditor learns a server administration team regularly applies work arounds to address repeated failures of critical data processing services. Which of the following would BEST enable the organization to resolve the issue?

Question3: Which of the following is a detective control?

Question4: Which of the following methodologies is MOST appropriate to use for developing software with incomplete requirements?

Question5: To create a digital signature in a message using asymmetric encryption, it is necessary to:

Question6: The BEST way to prevent fraudulent payments is to implement segregation of duties between payment processing and:

Question7: Which of the following would BEST detect logic bombs in new programs?

Question8: What is an IS auditor's BEST recommendation for management if a network vulnerability assessment confirms that critical patches have not been applied since the last assessment?

Question9: Which of the following would be the PRIMARY benefit of replacing physical keys with an electronic badge system for access to a data center?

Question10: An IS auditor notes that the anticipated benefits from an ongoing infrastructure projects have changed due to recent organizational restructuring. Which of the following is the IS auditor's BEST recommendation?

Question11: An IS auditor observes an organization is performing data backup and restoration testing on an ad hoc basis without a defined process. What is the MOST likely result of a data disruption event?

Question12: During business process reengineering (BPR) of a bank's teller activities, an IS auditor should evaluate:

Question13: An organization implements a data loss prevention tool as a control to mitigate the risk of sensitive data leaving the organization via electronic mail. Which of the following would provide the BEST indication of adequate control design?

Question14: An organization using instant messaging to communicate with customers prevent legitimate customers from being impersonated by:

Question15: As part of an IS audit, the auditor notes the practices listed below.
Which of the following would be a segregation of duties concern?

Question16: The BEST method an organization can employ to align its business continuity plan (BCP) and disaster recovery plan (DRP) with core business needs is to:

Question17: Which of the following is MOST likely to enable a hacker to successfully penetrate a system?

Question18: Which of the following protects against the impact of temporary and rapid decreases or increases in electricity?

Question19: Which of the following would be an auditor's GREATEST concern when reviewing data inputs from spreadsheets into the core finance system?

Question20: When auditing a quality assurance plan, an IS auditor should be MOST concerned if the:

Question21: An organization was recently notified by its regulatory body of significant discrepancies in its reporting data.
A preliminary investigation revealed that the discrepancies were caused by problems with the organization's data quality. Management has directed the data quality team to enhance their program The audit committee has asked internal audit to be advisors to the process. To ensure that management concerns are addressed, which data set should internal audit recommend be reviewed FIRST?

Question22: Which of the following should be of GREATEST concern to an IS auditor conducting an audit of incident response procedures?

Question23: Which of the following entities is BEST suited to define the data classification levels within an organization?

Question24: An IS audit manager finds that data manipulation logic developed by the audit analytics team leads to incorrect conclusions This inaccurate logic is MOST likely an indication of lich of the following?

Question25: When introducing a maturity model to the IT management process, it is BEST to align the maturity level to a point that reflects which of the following?

Question26: Which of the following IS audit findings should be of GREATEST concern when preparing to migrate to a new core system using a direct cut-over?

Question27: Which of the following a recent internal data breach, an IS auditor was asked to evaluate information security practices within the organization. Which of the following findings would be MOST important to report to senior management?

Question28: Which of the following is the PRIMARY role of an IS auditor with regard to data privacy?

Question29: Which of the following provides an IS auditor the MOST assurance that an organization is compliant with legal and regulatory requirements?

Question30: An organization allows employees to use personally owned mobile devices to access customer's personal information. An IS auditor's GREATEST concern should be whether

Question31: What is the FIRST step an auditor should take when beginning a follow-up audit?

Question32: An IS auditor conducting audit follow-up activities learns that some previously agreed-upon corrective actions have not been taken and that the associated risk has been accepted by senior management. If the auditor disagrees with management s decision what is the BEST way to address the situation?

Question33: When conducting a requirements analysis for a project, the BEST approach would be to:

Question34: An IS auditor is conducting a review of an organization s information systems and discovers data that is no longer needed by business applications. Which of the following would b IS auditor's BEST recommendation?

Question35: Due to the increasing size of a database, user access times and daily backups continue to increase. Which of the following would be the BEST way to address this situation?

Question36: Management decided to accept the residual risk of an audit finding and not take the recommended actions. The internal. Audit team believes the acceptance is inappropriate and has discussed the situation with executive management. After this discussion, there is still disagreement regarding the decision. Which of the following is the BEST course of action by internal audit.

Question37: Which of the following is the MOST effective control to ensure electronic records beyond their retention periods are deleted from IT systems?

Question38: An IS auditor concludes that a local area network's (LAN's) access security is satisfactory. In reviewing the work, the audit manager should:

Question39: Which of the following is MOST important for an IS auditor to verify when reviewing a critical business application that requires high availability?

Question40: Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:

Question41: Both statistical and nonstatistical sampling techniques:

Question42: Which of the following should be of MOST concern to an IS auditor reviewing an organization's disaster recovery plan (DRP)?

Question43: Which of the following is the GREATEST concern associated with migrating computing resources to a cloud virtualized environment?

Question44: To ensure efficient and economic use of limited resources in supporting a local area network (LAN) infrastructure, it is advisable to:

Question45: Which of the following would be the MOST likely reason for an intrusion prevention system (IPS) being unable to block an ongoing web attack?

Question46: Which of the following group is MOST likely responsible for the implementation of IT projects?

Question47: Which of the following should be an IS auditor's PRIMARY focus when developing a risk-banned IS audit program?

Question48: Which of the following IS audit recommendations would BEST help to ensure appropriate mitigation will occur on control weaknesses identified during an audit?

Question49: When determining the specifications for a server supporting an online application using more than a hundred endpoints, which of the following is the MOST important factor to be Considered?

Question50: An IS auditor finds that periodic reviews of read-only users for a reporting system are not being performed.
Which of the following should be the IS auditor's NEXT course of action?

Question51: Which of the following provides the GREATEST assurance that any confidential information on a disk is no longer accessible but the device is still usable by the other internal users?

Question52: Which of the following is the MOST important consideration when deploying closed-circuit television (CCTV) systems that use wireless communication links to transmit images between cameras and a receiver?

Question53: A CIO has asked an IS to implement several security controls for an organization's IT process and system. The auditor should:

Question54: During an ERP post-implementation review, it was noted that operating costs have been significantly higher than anticipated. Which of the following should the organization have done to detect this issue?

Question55: While reviewing the project plan for a new system prior to go-live, an IS auditor notes that the project team has not documented a fallback plan. Which of the following would be the BEST go-live approach in this situation?

Question56: Which of the following controls will MOST effectively detect inconsistent records resulting from the lack of referential integrity in a database management system?

Question57: An organization wants to test business continuity using a scenario in which there are many remote workers trying to access production data at the same time. Which of the following is the BEST testing method in this situation?

Question58: Which of the following should be an IS auditor's PRIMARY consideration when evaluating the development and design of a privacy program?

Question59: During a vulnerability assessment, an IS auditor finds a high-risk vulnerability in a public-facing web server used to process online customer orders via credit card. The IS auditor could FIRST:

Question60: An organization has established hiring policies and procedures designed specifically to ensure network administrators are well qualified. Which type of control is in place?

Question61: What is the PRIMARY benefit of prototyping as a method of system development?

Question62: The grants management system is used to calculate grant payments. Once per day, a batch interface extracts grant amounts and payee details from this system for import into the once system so payments can be made overnight Which of the following controls provides the GREATEST assurance of the accuracy and completeness of the imported payment

Question63: Which of the following sampling techniques is commonly used in fraud detection when the expected occurrence rate is small and the specific controls are critical?

Question64: Before concluding that internal controls can be relied upon, the IS auditor should:

Question65: To preserve chain-of-custody following an internal server compromise, which of the following should be the FIRST step?

Question66: A user of a telephone banking system has forgotten his personal identification number (PIN), after the user has been authenticated, the BEST method of issuing a new pin is to have:

Question67: Spreadsheets are used to calculate project cost estimates Totals for each cost category are then keyed into the job-costing system. What is the BIST control to ensure that data are accurately entered into the system?

Question68: Which of the following is the PRIMARY benefit of including IT management and staff when conducting control self-assessments (CSAs) within an organization?

Question69: Which of the following is the PRIMARY advantage of single sign-on (SSO)?

Question70: Which of the following is corrective control?

Question71: An organization has implemented an automated match between purchase orders, goods receipts, and invoices.
Which of the following risks will this control BEST mitigate?

Question72: A 5 year audit plan provides for general audits every year and application audits on alternating years. To achieve higher efficiency, the IS audit manager would MOST likely:

Question73: The use of the Transport Layer Security (TLS) protocol enables the client in a network to be:

Question74: IT service engineers at a large organization are unable to effectively prioritize system-generated alerts from hundreds of applications running across multiple servers and databases. As a result many alerts are often ignored, leading to major problems including downtime. Which of the following is the BEST IS audit recommendation to address this situation?

Question75: ..risk that the IS auditor will not find an error that has occurred is identified by which of the following terms?

Question76: The risk that the IS auditor will not find an error that has occurred is identified by which of the following terms?

Question77: The MAJOR reason for segregating test programs from production programs is to:

Question78: Which of the following is BEST addressed when using a timestamp within a digital signature to deliver sensitive financial information?

Question79: Which of the following is the GREATEST concern with conducting penetration testing on an internally developed application in the production environment?

Question80: An intruder accesses an application server and makes changes to the system log. Which of the following would enable the identification of the changes?

Question81: Which of the following features can be provided only by asymmetric encryption?

Question82: Which of the following components of a scheduling tool BEST prevents job failures due to insufficient system resources?

Question83: Which of the following is the BEST source of information when assessing the amount of time a project will take?

Question84: Intrusion detection systems (IDSs) can:

Question85: Which of the following would be MOST helpful when assessing how applications exchange data with other applications?

Question86: An organization considers implementing a system that uses a technology that is not in line with the organization's IT strategy. Which of the following is the BEST justification for deviating from the IT strategy?

Question87: Which of the following should be of GREATEST concern to an IS auditor reviewing the controls for a continuous software release process?

Question88: An IS auditor has completed a review of an outsourcing agreement and has communicating the issues at a meeting with senior management?

Question89: Which of the following is an example of audit risk?

Question90: Which of the following should be of concern to an IS auditor performing a software audit on virtual machines?

Question91: As part of business continuity planning. Which of the following is MOST important to include in a business impact analyst (BIA)?

Question92: An IS auditor has been asked to advise on the design and implementation of IT management best practices Which of the following actions would impair the auditor's independence?

Question93: An IS auditor conducts a review of a third-party vendor's reporting of key performance indicators (KPI).
Which of the following findings should be of MOST concern to the audition?

Question94: The GREATEST risk of database renormalization is:

Question95: Which of the following BEST provides continuous availability of network bandwidth for critical application services?

Question96: Which of the following should be the PRIMARY consideration for IT management when selecting a new information security tool that monitors suspicious file access patterns?

Question97: Which of the following is MOST important when an incident may lead to prosecution?

Question98: Which of the following cloud deployment models would BEST meet the needs of a startup software development organization with limited initial capital?

Question99: Following a security breach, in which a hacker exploited a well-known vulnerability in the domain controller, an IS auditor has been asked to conduct a control assessment. The auditor's BEST course of action would be to determine it:

Question100: A vulnerability in which of the following virtual systems would be of GREATEST concern to the IS auditor?

Question101: Which of the following BEST determines if a batch update job was completed?

Question102: Which of the following is the MOST likely cause of a successful firewall penetration?

Question103: Which of the following would be the MOST appropriate reason for an organization to purchase fault-tolerant hardware?

Question104: Which of the following is MOST likely to be prevented by a firewall connected to the Internet?

Question105: Which of the following procedures should be implemented prior to disposing of surplus computer equipment to employees?

Question106: A legacy application is running on an operating system that is no longer supported by vendor, if the organization continues to use the current application, which of the application should be the IS auditor's GREATEST concern?

Question107: To confirm integrity for a hashed message, the receiver should use

Question108: The demilitarized zone (DMZ) is the part of a network where servers that are placed are:

Question109: During a network security review the system log indicates an unusually high number of unsuccessful login attempts Which of the following sampling techniques is MOST appropriate for selecting a sample of user IDs for further investigation?

Question110: An organization has implemented a control to help ensure databases containing personal information will not be updated with online transactions that are incomplete due to connectivity issues. Which of the following information attributes is PRIMARILY addressed by this control?

Question111: Which of the following should the IS auditor use to BEST determine whether a project has met its business objectives?

Question112: Which of the following is the GREATEST risk resulting from conducting periodic reviews of IT over several years based on the same audit program?

Question113: An organization has installed blade server technology in its data server. To determine whether higher cooling demands are maintained, which of the following should the IS auditor review?

Question114: Which of the following a the MOST important prerequisite for Implementing a data loss prevention (DLP) tool?

Question115: An IS auditor is involved in the user testing phase of a development project. The developers wish to use a copy of a peak volume transaction file from the production process to should that the development can cope with the required volume What is the auditor s PRIMARY concern?

Question116: An IS auditor has been asked to audit the proposed acquisition of new computer hardware. The auditor's PRIMARY concern is that:

Question117: To BEST evaluate the effectiveness of a disaster recovery plan, the IS auditor should review the:

Question118: Capacity management enables organizations to:

Question119: To help ensure the organization s information assets are adequately protected, which of the following considerations is MOST important when developing an information classification and handling policy?

Question120: Which of the following scenarios would enable a forensic investigation?

Question121: An auditor is creating an audit program in which the objective is to establish the adequacy of personal data privacy controls in a payroll process. Which of the following would be MOST important to include?

Question122: mission-critical applications with a low recovery time objective (RTO). which of the following is the BEST backup strategy?

Question123: Which of the following would an IS auditor recommend as the MOST effective preventive control to reduce the risk of data leakage'

Question124: Which of the following would BEST detect that a distributed-denial-of-service attack (DDoS) is occurring?

Question125: When engaging services from external auditors, which of the following should be established FIRST7

Question126: Which of the following is the BEST way to facilitate proper follow-up for audit finding?

Question127: An organization's IT security policy requires annual security awareness training for all employees. Which of the following would provide the BEST evidence of the training's effectiveness?

Question128: An IS auditor has assessed a payroll service provider's security policy and finds significant topics are missing.
Which of the following is the auditor's BEST course of action?

Question129: An employee transfers from an organization's risk management department to become the lead IS auditor.
While in the risk management department, the employee helped developed the key performance indicators (KPIs) now used by the organization. Which of the following would pose the GREATEST threat to the independence of this auditor?

Question130: During an audit, it is discovered that several suppliers with standing orders have been deleted from the supplier master file Which of the following controls would have BEST evented such an occurrence?

Question131: An IS auditor is mapping controls to risk for an accounts payable system What is the BEST control to detect errors in the system?

Question132: Which of the following is MOST important to include in a business continuity plan (BCP)?

Question133: Which of the following is the MOST important requirement for an IS auditor to evaluate when reviewing a transmission of personally identifiable information between two organizations?

Question134: An IS auditor is a member of an application development team that is selecting software. Which of the following would impair the auditor's independence?

Question135: internal IS auditor recommends that incoming accounts payable payment files be encrypted. Which type of control is the auditor recommending?

Question136: After the release of an application system, an IS auditor wants to verify that the system is providing value to the organization. The auditor's BEST course of action would be to:

Question137: While reviewing similar issues in an organization s help desk system, an IS auditor finds that they were analyzed independently and resolved differently This situation MOST likely indicates a deficiency in:

Question138: An airlines online booking system uses an automated script that checks whether fares are within the defined threshold of what is reasonable before the fares are displayed on the website. Which type of control is in place?

Question139: An IS auditor auditing the effectiveness of utilizing a hot site will MOST likely:

Question140: An IS auditor is analysing a sample of assesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found. Which sampling method would be appropriate?

Question141: Which of the following is the GREATEST risk posed by denial-of-service attacks?

Question142: Which of the following is MOST important for an IS auditor to verify during a disaster recovery audit?

Question143: Which of the following management decisions presents the GREATEST risk associated with data leakage?

Question144: During audit planning, an IS auditor walked through the design of controls related to a new data loss prevention tool. It was noted that the tool will be configured to alert. IT management when large files are sent outside of the organization via email. What type of control will be tested?

Question145: An IS auditor has discovered that a cloud-based application was not included in an application inventory that was used to confirm the scope of an audit. The business process owner explained that the application will be audited by a third party in the next year. The auditor's NEXT step should be to:

Question146: Loss-site scripting (XSS) attacks are BEST prevented through:

Question147: An organization has decided to migrate payroll processing to a new platform hosted by a third party in a different country. Which of the following is MOST important for the IS auditor to consider?

Question148: Which of the following is MOST important to consider when creating audit follow-up procedures?

Question149: An organization is replacing its financial processing system. To help ensure that transactions in the new system are processed accurately, which of the following is MOST appropriate?

Question150: While reviewing an organization s business continuity plan (BCP) an IS auditor observes that a recently developed application is not included. The IS auditor should:

Question151: Which of the following would BEST assist senior management in evaluating IT performance as well as the alignment between corporate and IT strategic objectives?

Question152: A company has implemented an IT segregation of duties policy In a role-based environment, which of the following roles may be assigned to an application developer?

Question153: A database administrator (DBA) extracts a user listing for an auditor as testing evidence. Which of the following will provide the GREATEST assurance that the user listing is reliable'

Question154: The IS auditor's PRIMARY role in control self-assessment (CSA) is to:

Question155: During the planning stage of compliance audit, an IS auditor discovers that the bank's inventory of compliance requirements does not include recent regulatory changes related to managing data risk. What would the auditor do FIRST?

Question156: An organization is considering replacing physical backup tapes stored offsite with real-time on-line backup to a storage area network (SAN) located in the primary data center. Which of the following is the GREATEST risk?

Question157: An IT governance framework provides an organization with:

Question158: Which of the following findings should be of MOST concern to an IS auditor when evaluating information security governance within an organization?

Question159: Which of the following could be determined by an entity-relationship diagram?

Question160: The quality assurance (QA) function should be prevented from

Question161: The maturity level of an organization s problem management support function is optimized when the function

Question162: Due to the small size of the payroll department, an organization is unable to segregate the employee setup and payroll processing functions. Which of the following would be the BEST compensating control for the lack of segregation of duties?

Question163: Which of the following is the BEST way to control the concurrent use of licensed software?

Question164: Due to cost restraints, a company defers the replacement of hardware supporting core applications. Which of the following represents the GREATEST risk?

Question165: A typical network architecture used for e-commerce, a load balancer is normally found between the:

Question166: A large insurance company is about to replace a major financial application. Which of the following is the IS auditor's PRIMARY focus when conducting the pre-implementation review?

Question167: An IS auditor is evaluating the log management system for an organization with devices and systems in multiple geographic locations. Which of the following is MOST important for e auditor to verify?

Question168: During a review of an application system, an IS auditor identifies automated controls designed to prevent the entry of duplicate transactions. What is the BEST way to verify that the controls work as designed?

Question169: An IS auditor is reviewing the upgrading of an operating system. Which of the following would be the GREATEST audit concern?

Question170: Which of the following are BEST suited for continuous auditing?

Question171: When designing metrics for information security, the MOST important consideration is that the metrics:

Question172: When reviewing a disaster recovery plan (DRP) an IS auditor should examine the:

Question173: MOST critical security weakness of a packet level firewall is that it can be circumvented by:

Question174: An IS auditor can BEST help management fulfill risk management responsibilities by:

Question175: Which of the following provides the BEST evidence of the effectiveness of an organization s audit quality management procedures?

Question176: An organization is in the process of deciding whether to allow a bring your own device (BYOD) program. If approved, which of the following should be the FIRST control required before implementation?

Question177: Which of the following is a prerequisite to help ensure that IS hardware and software support the delivery of mission-critical functions?

Question178: An organization offers an online information security awareness program to employees on an annual basis.
Which of the following findings from an audit of the program should be the IS auditor's GREATEST concern?

Question179: Which of the following controls would BEST ensure that payroll system rate charges are valid?

Question180: Which of the following would BEST indicate the effectiveness of a security awareness training program?

Question181: ..control that MOST effectively addresses the risk of piggybackingAailgating into a restricted area without a dead-man door is:

Question182: During an audit, which of the following would be MOST helpful in establishing a baseline for measuring data quality?

Question183: After an external IS audit, which of the following should be IT management's MAIN consideration when determining the prioritization of follow-up activities?

Question184: During an audit of a data center, an IS auditor's BEST way to gain an understanding of physical security controls is to:

Question185: On a daily basis, an in-house development team moves duplicate copies of production data containing personally identifiable information (Pll) to the test environment Which of the following is the BEST way to mitigate the privacy risk involved?

Question186: Which of the following is the BEST detective control for a job scheduling process involving data transmission?

Question187: An IS auditor has found that a vendor has gone out of business and the escrow has an older version of the source code What is the auditor's BEST recommendation for the organization?

Question188: Which of the following is a directive control?

Question189: What is the MOST important business concern when an organization is about to migrate a mission-critical application to a virtual environment?

Question190: While performing a risk-based audit, which of the following would BEST enable an IS auditor to identify and category risk?

Question191: The BEST data backup strategy for mobile users is to:

Question192: Which of the following is a key success factor for implementing IT governance?

Question193: Inherent risk rating are determined by assessing the impact and likelihood of a threat or vulnerability occurring:

Question194: Software quality assurance (QA) reviews are planned as part of system development. At which stage in the development process should the first review be initiated?

Question195: A review of an organization's IT portfolio revealed several applications that are not in use. The BEST way to prevent this situation from recurring would be to implement.

Question196: Which of the following controls is MOST appropriate against brute force attacks at login?

Question197: Digital signatures are an effective control method for information exchange over an insecure network because they:

Question198: Which of the following should be reviewed FIRST when planning an IS audit?

Question199: Which of the following is MOST likely to result from compliance testing?

Question200: Which of the following should be reviewed as part of a data integrity test?

Question201: An IS auditor plans to review all access attempts to a video-monitored and proximity card-controlled communications room. Which of the following would be MOST useful to the auditor?

Question202: Which of the following is the BEST approach to identify whether a vulnerability is actively being exploited?

Question203: An organization uses two data centers. Which of the following would BEST address the organization's need for high resiliency?

Question204: Which of the following is the BEST indication of an effective incident management process?

Question205: Which of the following should an IS auditor be MOST concerned with when a system uses ratio frequency identification (RFID)?

Question206: Nonrepudiation of the client for e-commerce transactions is accomplished through which of the following control mechanisms?

Question207: Which type of risk would MOST influence the selection of a sampling methodology?

Question208: An organization allows its employees to use personal mobile devices for work. Which of the following would BEST maintain information security without compromising employee privacy?

Question209: Which of the following is MOST important for an IS auditor to verify when reviewing an organization's information security practices following the adoption of a bring your own device (8YOD) program?

Question210: What is the GREASTEST concern for an IS auditory reviewing contracts for licensed software that executes a critical business process?

Question211: Which of the following activities is MOST important to consider when conducting IS audit planning?

Question212: At a project steering committee meeting, it is stated that adding controls to business processes undergoing re-engineering is an unnecessary cost. The IS auditor's BEST response is that the actual control overhead for a business process is:

Question213: Which of the following is the MOST significant concerns when backup tapes are encrypted?

Question214: Which of the following would be MOST important for an IS auditor to review during an audit of an automated continuous monitoring process being used by the finance department.

Question215: The objectives of business process improvement should PRIMARILY include

Question216: Which of the following is the BEST reason for an organization to develop a business continuity plan?

Question217: A PRIMARY benefit derived by an organization employing control self-assessment (CSA) techniques s that CSA.

Question218: Which of the following is a reason for implementing a decentralized IT governance model?

Question219: The MOST efficient way to confirm that an ERP system being implemented satisfies business expectations is to utilize which of the following types of testing?

Question220: An is auditor discovers a recurring software control process issue that severely impacts the efficiency of a critical business process. Which of the following is the BEST recommendation?

Question221: An organization has purchased a replacement mainframe computer to cope with the demands of increased business. Which of the following should be the PRIMARY concern of an IS auditor?

Question222: Which of the following is MOST important to ensure when planning a black box penetration test?

Question223: During an audit of a mission-critical system hosted in an outsourced data center, an IS auditor discovers that contracted routine maintenance for the alternate power generator was not performed. Which of the following should be the auditor's MAIN concern?

Question224: An employee loses a mobile device resulting in loss of sensitive corporate data. Which of the following would have BEST prevented data leakage?

Question225: Which of the following controls should be implemented to BEST minimize system downtime for maintenance?

Question226: A sales representative is reviewing the organization's feedback blog and gets redirected to a site that sells illegal prescription drugs. The blog site is MOST likely susceptible to which of the following types of attacks?

Question227: Which of the following is the BEST type of backup to minimize the associated time and media?

Question228: Which of the following will BEST protect the confidentiality of data stored on the hard drive of a laptop computer?

Question229: An IS auditor has completed a service level management audit related to order management services provided by a third party Which of the following is the MOST significant finding?

Question230: The scheduling of audit follow-ups should be based PRIMARILY on