EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following should be the PRIMARY consideration for IT management when selecting a new information security tool that monitors suspicious file access patterns?

Question2: Following the sale of a business division, employees will be transferred to a new organization, but they will retain access to IT equipment from the previous employer. An IS auditor has recommended that both organizations agree to and document an acceptable use policy for the equipment. What type of control has been recommended?

Question3: Which of the following is the PRIMARY advantage of using virtualization technology for corporate applications?

Question4: When migrating critical systems to a cloud provider, the GREATEST data security concern for an organization would be that data from different clients may be:

Question5: Which of the following is MOST likely to improve the portability of an application connected to a database?

Question6: Which of the following would be of MOST concern during an audit of an end-user computing system containing sensitive information?

Question7: Which of the following would BEST facilitate the detection of internal fraud perpetrated by an individual?

Question8: An auditor is creating an audit program in which the objective is to establish the adequacy of personal data privacy controls in a payroll process. Which of the following would be MOST important to include?

Question9: What is an IS auditor's BEST recommendation to management if a review of the incident management process finds multiple instances of incident tickets remaining open for an unusually long time?

Question10: During an integrated audit at a retail bank, an IS auditor is evaluating whether monthly service fees are appropriately charged for business accounts and waived for individual consumer accounts. Which of the following test approaches would utilize data analytics to facilitate the testing?

Question11: When reviewing a contract for a disaster recovery hot site, which of the following would be the MOST significant omission?

Question12: A company has implemented an IT segregation of duties policy In a role-based environment, which of the following roles may be assigned to an application developer?

Question13: Which of the following is the BEST physical security solution for granting and restricting access to individuals based on their unique access needs?

Question14: An IS auditor was involved in the design phase for a new system's security architecture. For the planned post-implementation audit which of the following would be the MOST appropriate course of action for the auditor?

Question15: During a network security review the system log indicates an unusually high number of unsuccessful login attempts Which of the following sampling techniques is MOST appropriate for selecting a sample of user IDs for further investigation?

Question16: Which of the following is the BEST development methodology to help manage project requirements in a rapidly changing environment?

Question17: During an audit of a mission-critical system hosted in an outsourced data center, an IS auditor discovers that contracted routine maintenance for the alternate power generator was not performed. Which of the following should be the auditor's MAIN concern?

Question18: The IS auditor's PRIMARY role in control self-assessment (CSA) is to:

Question19: Which of the following activities is MOST important to consider when conducting IS audit planning?

Question20: Which the following is MOST critical for the effective implementation of IT governance?

Question21: A new regulatory standard for data privacy requires an organization to protect personally identifiable information (Pll). Which of the following is MOST important to include in the audit engagement plan to assess compliance with the new standard?

Question22: Which of the following tasks should be performed during an organization's business continuity plan (BCP) test?

Question23: Privileged account access is require to start an ad hoc batch job. Which of the following would MOST effectively detect unauthorized job execution?

Question24: The maturity level of an organization s problem management support function is optimized when the function

Question25: Which of the following is the MOST important consideration when deploying closed-circuit television (CCTV) systems that use wireless communication links to transmit images between cameras and a receiver?

Question26: When reviewing user access to an application containing sensitive company data, which of the following should be the GREATEST concern with regard to segregation of duties?

Question27: Which of the following is MOST important for the improvement of an organization's incident response processes

Question28: The risk that is created if a single sign-on is implemented for all systems is that a/an:

Question29: An organization was recently notified by its regulatory body of significant discrepancies in its reporting data.
A preliminary investigation revealed that the discrepancies were caused problems with the organization's data quality. Management has directed the data quality team to enhance their program. The audit committee has asked internal audit to be visors to the process. After the data quality team identifies the system data at fault which of the following should internal audit recommend as the NEXT step m the process?

Question30: An IS auditor discovered abnormalities in a monthly report generated from a system upgraded six months ago.
Which of the following should be the auditor's FIRST course of action?

Question31: Which of the following is MOST likely to be prevented by a firewall connected to the Internet?

Question32: As part of business continuity planning. Which of the following is MOST important to include in a business impact analyst (BIA)?

Question33: Which of the following should an IS auditor use when verifying a three-way match has occurred in an enterprise resource planning (ERP) system?

Question34: An employee loses a mobile device resulting in loss of sensitive corporate data. Which of the following would have BEST prevented data leakage?

Question35: Which of the following would BEST indicate the effectiveness of a security awareness training program?

Question36: An IS auditor has discovered that unauthorized customer management software was installed on a workstation.
The auditor determines the software has been uploading customer ita to an external party. Which of the following is the IS auditor's BEST course of action?

Question37: Which of the following BEST supports an organization's planning efforts for investments in IT initiatives?

Question38: Which of the following is a key success factor for implementing IT governance?

Question39: Which of the following is the BEST indication of an effective incident management process?

Question40: A small organization is experiencing rapid growth and plans to create a new information security policy.
Which of the following is MOST relevant to creating the policy?

Question41: When an intrusion into an organizations network is detected, which of the foflomng should be performed FIRST?

Question42: Which of ihe following should be done FIRST to effectively define the IT audit universe for an entity with multiple business lines?

Question43: An IS auditor finds ad hoc vulnerability scanning is in place with no clear alignment to the organization's wider security threat and vulnerability management program. Which of the following would BEST enable the organization to work toward improvement in this area?

Question44: Which of the following is the MOST significant obstacle to establishing a new privacy program?

Question45: Which of the following would be the GREATEST concern to an IS auditor reviewing an IT outsourcing arrangement?

Question46: Which of the following should the IS auditor do FIRST to ensure data transfer integrity for Internet of Things (loT) devices?

Question47: Which of the following should an IS auditor verify when auditing the effectiveness of virus protection?

Question48: Which of the following would provide the BEST evidence for use in a forensic investigation of an employee's hard drive?

Question49: Two organizations will share ownership of a new enterprise resource management (ERM) system To help ensure the successful implementation of the system, it k MOST important to define:

Question50: Which of the following BEST determines if a batch update job was completed?

Question51: Adopting a service-oriented architecture would MOST likely:

Question52: During a vulnerability assessment, an IS auditor finds a high-risk vulnerability in a public-facing web server used to process online customer orders via credit card. The IS auditor could FIRST:

Question53: Which of the following should an IS auditor be MOST concerned with when a system uses ratio frequency identification (RFID)?

Question54: The objective of using coding standards for systems development is to:

Question55: After the release of an application system, an IS auditor wants to verify that the system is providing value to the organization. The auditor's BEST course of action would be to:

Question56: Which of the following controls should be implemented to BEST minimize system downtime for maintenance?

Question57: An IS auditor concludes that a local area network (LAN) access security satisfactory. In reviewing the work, the audit manager should

Question58: Digital signatures are an effective control method for information exchange over an insecure network because they:

Question59: Which of the following is a substantive test procedure?

Question60: Which of the following should be reviewed FIRST when planning an IS audit?

Question61: An organization is currently replacing its accounting system. Which of the following strategies will BEST minimize risk associated with the loss of data integrity from the upgrade?

Question62: While reviewing similar issues in an organization's help desk system. An IS auditor finds that they were analysed independently and resolved differently. This situation MOST likely indicates a deficiencies in

Question63: A recent audit concluded that an organization's information security system was weak and that monitoring would likely fail to detect penetration. Which of the following would be the MOST appropriate recommendation?

Question64: A company laptop has been stolen and all photos on the laptop have been published on social media. Which of the following is the IS auditor's BEST course of action?

Question65: A review of Internet security disclosed that users have individual user accounts with Internet service providers (ISPs) and use these accounts for downloading business data. The organization wants to ensure that only the corporate network is used. The organization should FIRST:

Question66: A database is denormalized in order to:

Question67: Which of the following would provide the MOST assurance that an application will work in a live environment?

Question68: When developing a business continuity plan (BCP), which of the following steps should be completed FIRST?

Question69: A security review reveals an organization b struggling with a large number of findings from vulnerability scans. What should the IS auditor recommend be done FIRST.

Question70: An IS auditor has discovered that a cloud-based application was not included in an application inventory that was used to confirm the scope of an audit. The business process owner explained that the application will be audited by a third party in the next year. The auditor's NEXT step should be to:

Question71: An IS auditor has assessed a payroll service provider's security policy and finds significant topics are missing.
Which of the following is the auditor's BEST course of action?

Question72: Which of the following could be used to evaluate the effectiveness of IT operations?

Question73: Which of the following should an IS auditor recommend as MOST critical to an effective performance improvement process for IT services?

Question74: Which of the following is MOST important to ensure when planning a black box penetration test?

Question75: When replacing a critical software application, which of the following provides for the LOWEST risk of interruption to business processes?

Question76: Which of the following observations should be of concern to an IS auditor in the fieldwork stage of a procurement audit?

Question77: As part of a mergers and acquisitions activity, an acquiring organization wants to consolidate data and systems from the organization being acquired into existing systems. To ensure the data is relevant the acquiring organization should:

Question78: Which of the following is the PRIMARY responsibility of an organization's IT steering committee?

Question79: An IS auditor discovered that a firewall has more services than needed The IS auditor's FIRST recommendation should be to:

Question80: An IS auditor is reviewing IT policies and found that most policies have not been reviewed in over 3 years.
The MOST significant risk is that the policies do not reflect.

Question81: An organization using development operations (DevOps) processes has deployed tools to provide automated configuration management functionality. Which of the following is the BEST way to ensure changes to system configuration do not inadvertently introduce security vulnerabilities into production platforms?

Question82: An IS auditor discovers that validation controls in a web application have been moved from the server side into the browser to boost performance. This would MOST likely increase the risk of a successful attack by:

Question83: Which of the following would be MOST helpful in ensuring security procedures are followed by employees in a multinational organization?

Question84: A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization. Which of the following is MOST effective in detecting such an intrusion?

Question85: Which of the following would BEST enable effective IT resource management?

Question86: Which of the following components of a scheduling tool BEST prevents job failures due to insufficient system resources?

Question87: internal IS auditor recommends that incoming accounts payable payment files be encrypted. Which type of control is the auditor recommending?

Question88: Which of the following is MOST important for an IS auditor to consider when evaluating a Software as a Service (SaaS) arrangement?

Question89: Which of the following is the BEST time for an IS auditor to perform hich of the following is the BEST way to protect the confidentiality of data on a corporate smartphone?

Question90: Which of the following is MOST important for an IS auditor to confirm when reviewing the effectiveness of an incident response program?

Question91: An organization has software that is not compliant with data protection requirements. To help ensure that appropriate and relevant data protection controls are implemented in the future, the auditor s BEST course of action would be to:

Question92: Due to cost restraints, a company defers the replacement of hardware supporting core applications. Which of the following represents the GREATEST risk?

Question93: During an audit of information security procedures of a large retailer s online store, an IS auditor notes that operating system (OS) patches are automatically deployed upon -. Which of the following should be of GREATEST concern to the auditor?

Question94: Which of the following is MOST important for an IS auditor to verify when reviewing a critical business application that requires high availability?

Question95: While reviewing an organization s business continuity plan (BCP) an IS auditor observes that a recently developed application is not included. The IS auditor should:

Question96: Which of the following findings should hr of GREATEST concern for an IS auditor when auditing the effectiveness of a phishing simulation test administered for staff members?

Question97: When developing a business continuity plan (BCP) business unit management's involvement is MOST important during the

Question98: Which of the following should be reviewed as part of a data integrity test?

Question99: An internal audit department recently established a quality assurance (QA) program as part of its overall audit program. Which of the following activities is MOST important to rlude as part of the QA program requirements?

Question100: The objectives of business process improvement should PRIMARILY include

Question101: Which of the following BEST enables an audit department to improve the quality of work performed by its auditors?

Question102: Which of the following is the BEST way to reduce the risk of vulnerabilities during the rapid deployment of container-based applications to a hybrid cloud?

Question103: When conducting a follow-up audit on an organization s firewall configuration, the IS auditor discovered that the firewall had been integrated into a new system that provides both firewall and intrusion detection capabilities. The IS auditor should:

Question104: When evaluating the recent implementation of an intrusion detection system (IDS), an IS auditor should be MOST concerned with inappropriate:

Question105: Which of the following is the BEST source for describing the objectives of an organization s information systems?

Question106: Which of the following is MOST helpful in preventing a systems failure from occurring when an application is replaced using the abrupt changeover technique?

Question107: An organization wants to reuse company-provided smartphones collected from staff leaving the organization.
Which of the following would be the BEST recommendation?

Question108: Which of the following could an IS auditor recommend to improve the estimated resources required in system development?

Question109: Which of the following should be of concern to an IS auditor performing a software audit on virtual machines?

Question110: Which of the following is the GREATEST risk posed by denial-of-service attacks?

Question111: Which of the following is a prerequisite to help ensure that IS hardware and software support the delivery of mission-critical functions?

Question112: An IS auditor has completed a service level management audit related to order management services provided by a third party Which of the following is the MOST significant finding?

Question113: Which of the following is the MOST effective control to minimize the risk of cross-site scripting (XSS)?

Question114: What is the MOST difficult aspect of access control in a multiplatfotm, multiple-site client/server environment?

Question115: Which of the following should be an IS auditor's PRIMARY concern when evaluating an organization's information security policies, procedures, and controls for third-party vendors?

Question116: An IS auditor has observed gaps in the data available to the organization for detecting incidents. Which of the following would be the BEST recommendation to improve the organization's security incident response capability?

Question117: Which of the following is the PRIMARY advantage of the IT portfolio management approach over the balanced scorecard approach when managing IT investments?

Question118: Which of the following should be of GREATEST concern to an IS auditor conducting an audit of an organization's backup processes?

Question119: Which of the following access control situations represents the MOST serious control weakness?

Question120: As part of a post-implementation review, the BEST way to assess the realization of outcomes is by:

Question121: An IS auditor reviews change control tickets and finds an emergency change request where an IT manager approved the change, modified the code on the production platform, an solved the ticket Which of the following should be the auditor's GREATEST concern?

Question122: Which of the following would be MOST helpful when assessing how applications exchange data with other applications?

Question123: Which of the following would be an IS auditor's GREATEST concern when reviewing an organization s security controls for policy compliance?

Question124: An information systems security officer's PRIMARY responsibility for business process applications is to:

Question125: Which of the following would BEST prevent data from being orphaned?

Question126: A PRIMARY benefit derived by an organization employing control self-assessment (CSA) techniques s that CSA.

Question127: An IS auditor discovers that management has created a system interface to receive financial data and store it in a data warehouse. Which of the following provides the BEST assurance that data in the data warehouse is accurate?

Question128: Which of the following presents the GREATEST security risk to an organization using peer-to-peer (P2P) file-sharing networks?

Question129: When reviewing business continuity plan (BCP) test results, it is MOST important for the IS auditor to determine whether the test:

Question130: An organization has implemented application whitelisting in response to the discovery of a large amount of unapproved software. Which type of control has been deployed?

Question131: Within a payroll department, which of the following responsibilities should be assigned to two or more individuals to avoid a segregation of duties conflict?

Question132: Which of the following is MOST important for an IS auditor to understand when planning an IS audit?

Question133: Which of the following BEST ensures that only authorized software is moved into a production environment?

Question134: Which of the following is MOST important to include in forensic data collection and preservation procedure?

Question135: Which of the following provides the MOST assurance that a newly developed web application does not have IT security issues?

Question136: Which of the following is the GREATEST risk associated with instant messaging?

Question137: An organization has outsourced its data leakage monitoring to an Internet service provider (ISP). Which of the following is the BEST way for an IS auditor to determine the effectiveness of this service?

Question138: Which of the following stakeholders should be PRIMARILY responsible for developing, implementing, and monitoring metrics for security activities?

Question139: Which of the following controls MOST effectively reduces the risk associated with use of instant messaging (IM) in the workplace?

Question140: When reviewing the effectiveness of data center operations, the IS auditor would FIRST -stablish that system performance:

Question141: Which of the following is the PRIMARY benefit of including IT management and staff when conducting control self-assessments (CSAs) within an organization?

Question142: When auditing the effectiveness of a biometric system, which of the following indicators would be MOST important to review?

Question143: maturity model is useful in the assessment of IT service management because it:

Question144: Which of the following is the MOST appropriate action to formalize IT governance in an organization?

Question145: When connecting to an organization's intranet from the Internet, security against unauthorized access is BEST achieved by using:

Question146: Which of the following projects would be MOST important to review in an audit of an organizations financial statements?

Question147: A retirement system verifies that the field for employee status has either a value of A (for active) or R (for retired). This is an example of which type of check?

Question148: Which of the following is the GREATEST concern when an organization allows personal devices to connect to its network?

Question149: In assessing the priority given to systems covered in an organization's business continuity plan (BCP), an IS auditor should FIRST:

Question150: An IS auditor discovers instances where software with the same license key is depbyed to multiple workstations, in breach of the licensing agreement. Which of the following is the auditor's BEST recommendation?

Question151: When developing metrics to measure the contribution of IT to the achievement of business goals, the MOST

Question152: An organization has implemented a distributed security administration system to replace the previous centralized one. The IS auditor's GREATEST concern should be that:

Question153: Which of the following auditing techniques would be used to detect the validity of a credit card transaction based on time, location, and date of purchase?

Question154: The CIO of an organization is concerned that the information security policies may not be comprehensive.
Which of the following should an IS auditor recommend be performed FIRST?

Question155: During a security audit, which of the following is MOST important to review to ensure data confidentiality is managed?

Question156: Which of the following would be the MOST effective method to address software license violations on employee workstations?

Question157: To ensure the integrity of a recovered database, which of the following would be MOST useful?

Question158: When designing metrics for information security, the MOST important consideration is that the metrics:

Question159: Assessments of critical information systems are based on a cyclical audit plan that has not been updated for several years. Which of the following should the IS auditor recommend to BEST address this situation?

Question160: A maturity model can be used to aid the implementation of IT governance by identifying:

Question161: When physical destruction is not practical, which of the following is the MOST effective measure of disposing of sensitive data on a hard disk?

Question162: What is the BEST way for an IS auditor to address the risk associated with over-retention of personal data after identifying a large number of customer records retained beyond the retention period defined by law?

Question163: Which of the following key performance indicators (KPIs) provides the BEST indication of a security awareness campaign's effectiveness?

Question164: An advantage of installing a thin client architecture in a local area network (LAN) is that this would:

Question165: Which of the following will BEST help to ensure that an in-house application in the production environment is current?

Question166: An organization performs nightly backups but does not have a formal policy. An IS auditor should FIRST

Question167: A database administrator (DBA) extracts a user listing for an auditor as testing evidence. Which of the following will provide the GREATEST assurance that the user listing is reliable'

Question168: An IS auditor is using data analytics in an audit and has obtained the data to be used for testing. Which of the following is the MOST important task before testing begins?

Question169: Which of the following should be of MOST concern to an IS auditor reviewing an organization's disaster recovery plan (DRP)?

Question170: Which of the following an IS audit, which of the following types of risk would be MOST critical to communicate to key stakeholders?

Question171: An IS auditor finds that confidential company data has been inadvertently leaked through social engineering.
The MOST effective way to help prevent a recurrence of this issue is to implement:

Question172: During an audit, the client learns that the IS auditor has recently completed a similar security review at a competitor. The client inquires about the competitor's audit results. What is the BEST way for the auditor to address this inquiry?

Question173: An IS auditor is a member of an application development team that is selecting software. Which of the following would impair the auditor's independence?

Question174: An IS auditor is conducting a pre-implementation review to determine a new system's production readiness.
The auditor's PRIMARY concern should be whether:

Question175: What is an IS auditor's BEST course of action when provided with a status update indicating audit recommendations related to segregation of duties for financial staff have been implemented?

Question176: An IS auditor reviewing an incident management process identifies client information was lost due to ransomware attacks. Which of the following would MOST effectively minimize the impact of future occurrences?

Question177: An IS auditor is reviewing the upgrading of an operating system. Which of the following would be the GREATEST audit concern?

Question178: Which of the following attacks is BEST detected by an intrusion detection system (IDS)?

Question179: While planning a security audit, an IS auditor is made aware of a security review carried out by external consultants. It is MOST implement for the auditor to:

Question180: The PRIMARY purpose of an internal audit department's quality assurance improvement program is to evaluate which of the following?

Question181: Which of the following is the PRIMARY concern if a business continuity plan (BCP) is not based on a business impact analysis (BIA)?

Question182: An IS auditor is using data analytics for an accounts payable audit. Which of the following potential risk scenarios will MOST likely be identified using this approach?

Question183: An IS auditor has found that an organization is unable to add new servers on demand in a cost-efficient manner Which of the following is the auditor s BEST recommendation?

Question184: Which of the following indicates the HIGHEST level of maturity for an organization's information systems internal control environment?

Question185: Which of the following is MOST influential when defining disaster recovery strategies?

Question186: Which of the following roles combined with the role of a database administrator (DBA) will create a segregation of duties conflict?

Question187: Buffer overflow in an Internet environment is of particular concern to the IS auditor because it can:

Question188: An IS auditor is evaluating the log management system for an organization with devices and systems in multiple geographic locations. Which of the following is MOST important for e auditor to verify?

Question189: In reviewing the project timeline for a significant application software development project the IS auditor notes that no time was allocated for the design and performance of program code unit tests. Which of the following should (he auditor recommend?

Question190: An IS auditor finds that the process for removing access for terminated employee is not documented. What is the MOST significant risk from this observation?

Question191: The performance of an order-processing system can be measured MOST reliably by monitoring:

Question192: During an audit of an organization's financial statements, an IS auditor finds that the IT general controls are deficient. What should the IS auditor recommend?

Question193: Which of the following would BEST assist senior management in evaluating IT performance as well as the alignment between corporate and IT strategic objectives?

Question194: Which of the following is the BEST approach to help ensure evidence from a computer forensics investigation is legally admissible?

Question195: When using a wireless device, which of the following BEST ensures confidential access to email via web mail?

Question196: Which of the following requirements in a document control standard would provide nonrepudiation to digitally signed legal documents?

Question197: Which of the following is MOST important for an IS auditor to consider during a review of the IT governance of an organization?

Question198: During an audit of an organization s incident management process, an IS auditor teams that the security operations team includes detailed reports of recent attacks in its communications to employees. Which of the following is the GREATEST concern with this situation?

Question199: A technology service organization has recently acquired a new subsidiary. What should be the IS auditor's NEXT course of action when considering the impact on the development of the IT audit plan?

Question200: Which of the following should an IS auditor recommend to reduce the likelihood of potential intruders using social engineering?

Question201: Which of the following is the MOST important process to ensure planned IT system changes are completed in an efficient manner?

Question202: Which of the following is MOST important to the effective management of an end user developed application?

Question203: An organization is choosing key performance indicators (KPIs) for its information security management.
Which of the following KPIs would provide stakeholders with the MOST useful information about whether information security risk is being managed?

Question204: Which of the following is the MOST likely cause of a successful firewall penetration?

Question205: Internal audit reports should be PRIMARILY written for and communicated to:

Question206: When testing segregation of duties, which of the following audit techniques provides the MOST reliable evidence?

Question207: An organization has agreed to perform remediation related to high-risk audit findings. The remediation process involves a complex reorganization of user roles as well as the Implementation of several compensating controls that may not be completed within the next audit cycle Which of the following is the BEST way for an IS auditor to follow up on their activities?

Question208: Which of the following is an IS auditor's BEST course of action upon learning that preventive controls have been replaced with detective and corrective controls'

Question209: An IS auditor concludes that a local area network's (LAN's) access security is satisfactory. In reviewing the work, the audit manager should:

Question210: An organization using instant messaging to communicate with customers prevent legitimate customers from being impersonated by:

Question211: Which of the following is the BEST detective control for a job scheduling process involving data transmission?

Question212: An organization is considering replacing physical backup tapes stored offsite with real-time on-line backup to a storage area network (SAN) located in the primary data center. Which of the following is the GREATEST risk?

Question213: Which of the following communication modes should be of GREATEST concern to an IS auditor evaluating end user networking?

Question214: An organization plans to allow third parties to collect customer personal data from a retail loyalty platform via an application programming interface (API). Which of the following should be the PRIMARY consideration when designing this API?

Question215: An organization s data retention policy states that all data will be backed up, retained for 10 years, and then destroyed. When conducting an audit of the long-term offsite backup program, an IS auditor should:

Question216: Which of the following would MOST effectively and executive management in achieving IT and business alignment?

Question217: What is the purpose of using a write blocker during the acquisition phase of a digital forensics investigation?

Question218: A security company and service provider have merged and the CEO has requested one comprehensive set of security policies be developed for the newly formed company. The IS auditor s BEST recommendation would be to:

Question219: A review of an organization's IT portfolio revealed several applications that are not in use. The BEST way to prevent this situation from recurring would be to implement.

Question220: After an external IS audit, which of the following should be IT management's MAIN consideration when determining the prioritization of follow-up activities?

Question221: To help ensure the organization s information assets are adequately protected, which of the following considerations is MOST important when developing an information classification and handling policy?

Question222: Which of the following is the MOST important factor when an organization is developing information security policies and procedures?

Question223: An organization wants to test business continuity using a scenario in which there are many remote workers trying to access production data at the same time. Which of the following is the BEST testing method in this situation?

Question224: Which of the following is the MOST significant concerns when backup tapes are encrypted?

Question225: An IS auditor determines that an online retailer processing credit card information does not have a data classification process. The auditor's NEXT step should be

Question226: Which of the following is the MOST effective way to minimize the risk of a SQL injection attack?

Question227: An operations manager has recently moved to internal audit Which of the following would be of GREATEST concern when assigning audit projects to this individual?

Question228: Which of the following BEST demonstrates to an IS auditor that an organization has implemented effective risk management processes?

Question229: The PRIMARY advantage of object oriented technology is enhanced:

Question230: Which of the following is the BEST reason to utilize blockchain technology to record accounting transactions?

Question231: Which of the following are BEST suited for continuous auditing?

Question232: Which of the following is the MOST important consideration when planning a penetration test for a financial management system?

Question233: Which of the following it BEST enabled by following a configuration management process for new applications?

Question234: Following a breach, what is the BEST source to determine the maximum amount of time before customers must be notified that their personal information may have been compromised?

Question235: An IS auditor learns a server administration team regularly applies work arounds to address repeated failures of critical data processing services. Which of the following would BEST enable the organization to resolve the issue?

Question236: Which type of control is being implemented when a biometric access device is installed at the entrance to a facility?

Question237: Which of the following is an example of audit risk?

Question238: Which of the following findings should be of MOST concern to an IS auditor when evaluating information security governance within an organization?

Question239: An IS auditor is reviewing an organization's implementation of a bring your own device (BYOD) program.
Which of the following would be the BEST recommendation to help ensure sensitive data is protected if a device is in the possession of an unauthorized individual?

Question240: An IS auditor is analysing a sample of assesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found. Which sampling method would be appropriate?

Question241: Which of the following is MOST important for an IS auditor to verify during a disaster recovery audit?

Question242: A vendor service level agreement (SLA) requires backup to be physically secured. An IS audit of the backup system revealed a number of the backup media were missing. Which of the following should be the auditor's NEXT step?

Question243: An accounts receivable data entry routine prevents the entry of the same customer with different account numbers. Which of the following is the BEST way to test if this programmed control is effective?

Question244: In a decentralized organization, the selection and purchase of IS products is acceptable as long as which of the following conditions exists?

Question245: An organization is in the process of deciding whether to allow a bring your own device (BYOD) program. If approved, which of the following should be the FIRST control required before implementation?

Question246: A bank is selecting a server for its retail accounts application. To ensure that the server can handle a high volume of transactions with the required response times, which test should the IS auditor recommend?

Question247: An employee transfers from an organization's risk management department to become the lead IS auditor.
While in the risk management department, the employee helped developed the key performance indicators (KPIs) now used by the organization. Which of the following would pose the GREATEST threat to the independence of this auditor?

Question248: Which of the following would be the MOST likely reason for an intrusion prevention system (IPS) being unable to block an ongoing web attack?

Question249: Reorganization of databases is undertaken PRIMARILY to:

Question250: An audit team has a completed schedule approved by the audit committee. After starting some of the scheduled audits, executive management asked the team to immediately audit an additional process. There are not enough resources available to add the additional audit to the schedule. Which of the following is the BEST course of action?

Question251: Both statistical and nonstatistical sampling techniques:

Question252: Which of the following is the BEST time for an IS auditor to perform a post-implementation review?

Question253: During a follow-up audit, an IS auditor finds that some critical recommendations have not been addressed as management has decided to accept the risk. Which of the following is the IS auditor's BEST course of action?

Question254: An organization recently experienced a phishing attack that resulted in a breach of confidential information.
Which of the following would be MOST relevant for an IS auditor to review when determining the root cause of the incident?

Question255: Which of the following is a reason for implementing a decentralized IT governance model?

Question256: select a sample for testing, which must include the 80 largest client balances and a random sample of the rest, the IS auditor should recommend:

Question257: Which of the following is MOST important for an IS auditor to determine when evaluating a database for privacy-related risks?

Question258: When preparing to evaluate the effectiveness of an organizations IT strategy, an IS auditor should FIRST review;

Question259: The prioritization of incident response actions should be PRIMARILY based on which of the following?

Question260: Which of the following BEST describes a common risk in implementing a new application software package?

Question261: A security review focused on data loss prevention (DLP) revealed the organization has no visibility to data stored in the cloud. What is the IS auditors BEST recommendation to address this issue?

Question262: Which of the following could be determined by an entity-relationship diagram?

Question263: A 5 year audit plan provides for general audits every year and application audits on alternating years. To achieve higher efficiency, the IS audit manager would MOST likely:

Question264: An IS auditor is asked to review a large organization's change management process. Which of the following practices presents the GREATEST risk?

Question265: Which of the following is MOST important for the successful completion of a new application system?

Question266: During a review of system access, an IS auditor notes that an employee who has recently changed roles within the organization still has previous access rights. The auditor s NEXT step should be to:

Question267: To test the integrity of the data in the accounts receivable master file, an IS auditor particularly interested in reviewing customers with balances over $400.000. the selection technique the IS auditor would use to obtain such a sample is called:

Question268: A disk management system's PRIMARY function is to:

Question269: An IS audit report highlighting inadequate network internal controls is challenged because no serious incident has ever occurred. Which of the following actions performed during the audit would have BEST supported the findings?

Question270: Which procedure provides the GREATEST assurance that corrective action to an audit report has been taken?

Question271: Which of the following sampling techniques is commonly used in fraud detection when the expected occurrence rate is small and the specific controls are critical?

Question272: mission-critical applications with a low recovery time objective (RTO). which of the following is the BEST backup strategy?

Question273: Which of the following control? MOST efficiently ensures that orders transmitted from a sales office to a production warehouse are received accurately and completely?

Question274: Which of the following reflects inadequate segregation of duties?

Question275: IT help desk statistics show a high number of recurring incidents with known solutions. Which of the following is the BEST IS audit recommendation?

Question276: Which of the following access fights presents the GREATEST risk when granted to a new member of the system development staff?

Question277: The quality assurance (QA) function should be prevented from

Question278: An organization's IT security policy states that user ID's must uniquely identify individual's and that user should not disclose their passwords. An IS auditor discovers that several generic user ID's are being used.
Which of the following is the MOST appropriate course of action for the auditor/

Question279: Which of the following activities should an IS auditor perform FIRST during an external network security assessment?

Question280: The information security function in a large organization is MOST effective when:

Question281: An organization allows employees to use personally owned mobile devices to access customer's personal information. An IS auditor's GREATEST concern should be whether

Question282: An audit group is conducting a risk assessment as part of a risk-based audit strategy. To help ensure the risk assessment results are relevant to the organization, it is MOST important to:

Question283: Which of the following is the MOST appropriate document for granting authority to an external IS auditor in an audit engagement with a client organization?

Question284: The MOST important reason for documenting all aspects of a digital forensic investigation is that documentation:

Question285: When conducting a post implementation review which of the following is the BEST way to determine whether the value from an IT project has been achieved?

Question286: Which of the following access rights in the production environment should be granted to a developer to maintain segregation of duties?

Question287: Which of the following would MOST effectively minimize the risk of unauthorized online banking customer transactions due to phishing?

Question288: In a small organization, an IS auditor finds that security administration and system analysis functions are performed by the same employee. Which of the following is the MOST significant finding?

Question289: An IS auditor finds the timeliness and depth of information regarding the organization's IT projects varies based on which project manager is assigned. Which of the following recommendations would be A MOST helpful in achieving predictable and repeatable project management processes?

Question290: Which of the following would BEST enable alignment of IT with business objectives?

Question291: Management has agreed to perform multiple remediation actions in response to an audit issue, including the implementation of a new control. Which of the following is the BEST time for an IS auditor to perform an audit follow-up of this issue?

Question292: An organization transmits large amount of data from one internal system to another. The IS auditor is reviewing quality of the data at the originating point. Which of the following should the auditor verify first?

Question293: Which of the following should be the PRIMARY consideration when developing an IT strategy?

Question294: Which of the following would BEST detect logic bombs in new programs?

Question295: The MAJOR reason for segregating test programs from production programs is to:

Question296: Which of the following is MOST likely to enable a hacker to successfully penetrate a system?

Question297: During an audit, which of the following would be MOST helpful in establishing a baseline for measuring data quality?

Question298: An IS auditor determines that a business continuity plan has not been reviewed and approved by management.
Which of the following is the MOST significant risk associated with this situation?

Question299: Which of the following provides the BEST evidence of the effectiveness of an organization s audit quality management procedures?