EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is MOST important for the IS auditor to verify when reviewing the development process of a security policy?

Question2: When determining the specifications for a server supporting an online application using more than a hundred endpoints, which of the following is the MOST important factor to be Considered?

Question3: Which of the following would be the MOST effective control to mitigate unintentional misuse of authorized access?

Question4: An IS Auditor is performing a business continuity plan (BCP) audit and identifies that the plan has not been tested for five years, however, the plan was successfully activated during a recent extended power outage.
Which of the following is the 15 auditor's BEST count of action?

Question5: An IS auditor is planning an audit of an organization s payroll processes. Which of the following is the BEST procedure to provide assurance against internal fraud?

Question6: Which of the following roles combined with the role of a database administrator (DBA) will create a segregation of duties conflict?

Question7: Which of the following sampling techniques is commonly used in fraud detection when the expected occurrence rate is small and the specific controls are critical?

Question8: Which of the following is the GREATEST risk associated with in-house program development and customization?

Question9: The quality assurance (QA) function should be prevented from

Question10: A recent audit identified duplicate software licenses and technologies Which of the following would be MOST helpful to prevent this type of duplication in the future?

Question11: Which of the following would provide the MOST reliable evidence to indicate whether employee access has been deactivated in a timely manner following termination?

Question12: Which of the following is MOST important to include in forensic data collection and preservation procedure?

Question13: After an external IS audit, which of the following should be IT management's MAIN consideration when determining the prioritization of follow-up activities?

Question14: Which of the following should MOST concern an IS auditor reviewing an intrusion detection system (IDS)?

Question15: Which of the following would BEST facilitate the successful implementation of an [T-related framework?

Question16: When preparing to evaluate the effectiveness of an organizations IT strategy, an IS auditor should FIRST review;

Question17: An IS auditor is reviewing an organization's method to transport sensitive data between offices. Which of the following would cause the auditor MOST concern?

Question18: Which of the following is the BEST IS audit strategy?

Question19: When physical destruction is not practical, which of the following is the MOST effective measure of disposing of sensitive data on a hard disk?

Question20: Which of the following provides an IS auditor the MOST assurance that an organization is compliant with legal and regulatory requirements?

Question21: An organization transmits large amount of data from one internal system to another. The IS auditor is reviewing quality of the data at the originating point. Which of the following should the auditor verify first?

Question22: Which of the following is the MOST significant driver of efficient handling of information security incidents?

Question23: An IS auditor notes that a number of application plug-ins currently in use are no longer supported. Which of the following is the auditor's BEST recommendation to management?

Question24: An enterprise receiving email should have procedures to control:

Question25: To effectively classify data, which of the following MUST be determined?

Question26: Which of the following communication modes should be of GREATEST concern to an IS auditor evaluating end user networking?

Question27: As part of a mergers and acquisitions activity, an acquiring organization wants to consolidate data and systems from the organization being acquired into existing systems. To ensure the data is relevant the acquiring organization should:

Question28: An organization with high security requirements is evaluating the effectiveness of biometric systems. Which of the following performance indicators is MOST important?

Question29: Which of the following sampling methods is the BEST approach for drawing conclusions based on frequency of occurrence?

Question30: Which of the following is the MAIN purpose of implementing an incident response process?

Question31: Which of the following is the MOST effective way to identify anomalous transactions when performing a payroll fraud audit?

Question32: An IS auditor has performed an agreed-upon procedures engagement for the organization's IT steering committee. Which of the following would be the MOST important element to include in the report?

Question33: What is an IS auditor's BEST recommendation to management if a review of the incident management process finds multiple instances of incident tickets remaining open for an unusually long time?

Question34: A potential risk of executing a program on an Internet site is that it may:

Question35: An IS auditor is planning to audit an organization's infrastructure for access, patching, and change management. Which of the following is the BEST way to prioritize the systems?

Question36: Which of the following would BEST prevent data from being orphaned?

Question37: internal IS auditor recommends that incoming accounts payable payment files be encrypted. Which type of control is the auditor recommending?

Question38: Which of the following would be considered the BEST compensating control to use when an emergency process, rather than the established control procedures, is used for database changes?

Question39: In the IT department where segregation of duties is not feasible due to a limited number of resources, a team member is performing the functions of computer operator and reviewer of application logs. Which of the following would be the IS auditor's BEST recommendation?

Question40: Which of the following would provide the BEST evidence of successfully completed batch uploads?

Question41: Which of the following would BEST indicate the effectiveness of a security awareness training program?

Question42: A security company and service provider have merged and the CEO has requested one comprehensive set of security policies be developed for the newly formed company. The IS auditor s BEST recommendation would be to:

Question43: Which of the following is the PRIMARY benefit of implementing configuration management for IT?

Question44: A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization. Which of the following is MOST effective in detecting such an intrusion?

Question45: Which of the following is the PRIMARY benefit of using an integrated audit approach?

Question46: When an organization is having new software implemented under contract, which of the following is key to controlling escalating costs due to scope creep?

Question47: An IS auditor discovers that validation controls in a web application have been moved from the server side into the browser to boost performance. This would MOST likely increase the risk of a successful attack by:

Question48: Which of the following findings should hr of GREATEST concern for an IS auditor when auditing the effectiveness of a phishing simulation test administered for staff members?

Question49: MOST effective way to determine if IT is meeting business requirements is to establish:

Question50: During an audit of an organization's financial statements, an IS auditor finds that the IT general controls are deficient. What should the IS auditor recommend?

Question51: The recovery time objective (RTO) is normally determined on the basis of the:

Question52: Which of the following is MOST important for an IS auditor to consider when determining an appropriate sample size in situations where selecting the entire population is not feasible?

Question53: When reviewing a disaster recovery plan (DRP) an IS auditor should examine the:

Question54: Which of the following requirements in a document control standard would provide nonrepudiation to digitally signed legal documents?

Question55: Which of the following is the MOST important consideration when establishing vulnerability scanning on critical IT infrastructure?

Question56: An IS auditor has observed gaps in the data available to the organization for detecting incidents. Which of the following would be the BEST recommendation to improve the organization's security incident response capability?

Question57: An IS auditor notes that due to the small size of the organization, human resources staff can create new employees in the payroll system as well as process payroll. Which of the following is the BEST recommendation to address this situation?

Question58: Reorganization of databases is undertaken PRIMARILY to:

Question59: An IS auditor is assessing a recent migration of mission critical applications to a virtual platform. Which of the following observations poses the GREATEST risk to the organization?

Question60: Which of the following controls can BEST detect accidental corruption during transmission of data across a network?

Question61: Which of the following attacks is BEST detected by an intrusion detection system (IDS)?

Question62: Which of the following is a prerequisite to help ensure that IS hardware and software support the delivery of mission-critical functions?

Question63: When auditing a quality assurance plan, an IS auditor should be MOST concerned if the:

Question64: IT service engineers at a large organization are unable to effectively prioritize system-generated alerts from hundreds of applications running across multiple servers and databases. As a result many alerts are often ignored, leading to major problems including downtime. Which of the following is the BEST IS audit recommendation to address this situation?

Question65: When assessing a business case as part of a post-implementation review, the IS auditor MUST ensure that the:

Question66: When initiating an IT project, which of the following should be completed FIRST:'

Question67: Which of the following would be an appropriate role of internal audit in helping to establish an organization's privacy program?

Question68: During an ERP post-implementation review, it was noted that operating costs have been significantly higher than anticipated. Which of the following should the organization have done to detect this issue?

Question69: An organization was recently notified by its regulatory body of significant discrepancies in its reporting data.
A preliminary investigation revealed that the discrepancies were caused problems with the organization's data quality. Management has directed the data quality team to enhance their program. The audit committee has asked internal audit to be visors to the process. After the data quality team identifies the system data at fault which of the following should internal audit recommend as the NEXT step m the process?

Question70: Buffer overflow in an Internet environment is of particular concern to the IS auditor because it can:

Question71: An organization recently experienced a phishing attack that resulted in a breach of confidential information.
Which of the following would be MOST relevant for an IS auditor to review when determining the root cause of the incident?

Question72: Which of the following poses the GREATEST risk to data security and integrity in a cloud environment?

Question73: An employee transfers from an organization's risk management department to become the lead IS auditor.
While in the risk management department, the employee helped developed the key performance indicators (KPIs) now used by the organization. Which of the following would pose the GREATEST threat to the independence of this auditor?

Question74: Communicating which of the following would BEST encourage management to initiate appropriate actions following the receipt of report findings?

Question75: A legacy application is running on an operating system that is no longer supported by vendor, if the organization continues to use the current application, which of the application should be the IS auditor's GREATEST concern?

Question76: Which of the following would be MOST important to update once a decision has been made to outsource a critical application to a cloud service provider?

Question77: A small startup organization does not have the resources to implement segregation of duties. Which of the following would be the MOST effective compensating control?

Question78: An IS auditor suspects an organization's computer may have been used to commit a crime. Which of the following is the auditor s BEST course of action?

Question79: An IS auditor would MOST likely recommend that IT management use a balanced scorecard to:

Question80: A financial institution suspects that a manager has been crediting customer accounts without authorization.
Which of the following is the MOST effective method to validate this concern?

Question81: An internal audit has revealed a large number of incidents for which root cause analysis has not been performed. Which of the following is MOST important for the IS auditor to verify to determine whether there is an audit issue?

Question82: Which of the following is the BEST evidence that an organization is aware of applicable laws and regulations?

Question83: What is the purpose of using a write blocker during the acquisition phase of a digital forensics investigation?

Question84: An IS auditor is conducting a review of an organization s information systems and discovers data that is no longer needed by business applications. Which of the following would b IS auditor's BEST recommendation?

Question85: As part of business continuity planning. Which of the following is MOST important to include in a business impact analyst (BIA)?

Question86: The operations team of an organization has reported an IS security attack. Which of the following should be the NEXT step for the security incident response team?

Question87: Which of the following key performance indicators (KPIs) provides the BEST indication of a security awareness campaign's effectiveness?

Question88: The BEST way to prevent fraudulent payments is to implement segregation of duties between payment processing and:

Question89: To help ensure the accuracy and completeness of end-user computing output it is MOST important to include strong:

Question90: Which of the following is the MOST effective mechanism for ensuring that critical IT operational problems are reported to executive management in a timely manner?

Question91: An IS auditor observes that an organization s critical IT systems nave experienced several failures throughout the year. Which of the following is the BEST recommendation?

Question92: Which of the following BEST indicates the effectiveness of an organization's risk management program?

Question93: A development team has designed a new application and incorporated best practices for secure coding. Prior to launch, which of the following is the IS auditor's BEST recommendation to mitigate the associated security risk?

Question94: An IS auditor finds that the process for removing access for terminated employee is not documented. What is the MOST significant risk from this observation?

Question95: Which of the following is the MOST important reason for updating and retesting a business continuity plan (BCP)7

Question96: Within a payroll department, which of the following responsibilities should be assigned to two or more individuals to avoid a segregation of duties conflict?

Question97: Which of the following is the KST source of information for assessing the effectiveness of IT process monitoring?

Question98: An IS auditor is assigned to review the development of a specific application. Which of the following would be the MOST significant step following the feasibility study?

Question99: A technology service organization has recently acquired a new subsidiary. What should be the IS auditor's NEXT course of action when considering the impact on the development of the IT audit plan?

Question100: Which of the following findings should be an IS auditor's GREATEST concern when reviewing an organization's purchase of new IT infrastructure hardware?

Question101: An IS auditor reviewing the acquisition of new equipment would consider which of the following to be a significant weakness?

Question102: Two organizations will share ownership of a new enterprise resource management (ERM) system To help ensure the successful implementation of the system, it k MOST important to define:

Question103: What is the GREASTEST concern for an IS auditory reviewing contracts for licensed software that executes a critical business process?

Question104: Which of the following tasks should be performed during an organization's business continuity plan (BCP) test?

Question105: Which of the following is the MOST important consideration when developing an incident response program?

Question106: Which of the following is MOST important to include in a contract to outsource data processing that involves customer personally identifiable information (Pit)?

Question107: During a vulnerability assessment, an IS auditor finds a high-risk vulnerability in a public-facing web server used to process online customer orders via credit card. The IS auditor could FIRST:

Question108: An IS auditor is using data analytics in an audit and has obtained the data to be used for testing. Which of the following is the MOST important task before testing begins?

Question109: Which of the following should be a PRIMARY control objective when designing controls for system interfaces?

Question110: An IS auditor is evaluating a virtual server environment and learns that the production server, development server, and management console are housed in the same physical host. What should be the auditor's PRIMARY concern?

Question111: An IS auditor finds the timeliness and depth of information regarding the organization's IT projects varies based on which project manager is assigned. Which of the following recommendations would be A MOST helpful in achieving predictable and repeatable project management processes?

Question112: Which combination of access controls provides the BEST physical protection for a server room?

Question113: Which of the following helps to ensure the integrity of data for an interface between a new billing system and an accounts receivable system?

Question114: Which of the following should be of GREATEST concern to an IS auditor conducting an audit of an organization's backup processes?

Question115: Which of the following data would be used when performing a business impact analysis (BIA)?

Question116: When planning for the implementation of a new system, an organization will opt for a parallel run PRIMARILY to:

Question117: An IS auditor is reviewing an organization's implementation of a bring your own device (BYOD) program.
Which of the following would be the BEST recommendation to help ensure sensitive data is protected if a device is in the possession of an unauthorized individual?

Question118: Which of the following is corrective control?

Question119: The BEST method an organization can employ to align its business continuity plan (BCP) and disaster recovery plan (DRP) with core business needs is to:

Question120: Which of the following findings would have the GREATEST impact on the objective of a business intelligence system?

Question121: In attribute sampling, what is the relationship between expected error rate and sample size?

Question122: Prior to the migration of acquired software into production, it is MOST important that the IS auditor review the:

Question123: Which of the following procedures would BEST contribute to the reliability of information in a data warehouse?

Question124: The demilitarized zone (DMZ) is the part of a network where servers that are placed are:

Question125: An IS auditor is planning a risk-based audit of the human resources department. The department uses separate systems for its payroll, training and employee performance review functions. What should the IS auditor do FIRST before identifying the key controls to be tested?

Question126: An organization considers implementing a system that uses a technology that is not in line with the organization's IT strategy. Which of the following is the BEST justification for deviating from the IT strategy?

Question127: An operations manager has recently moved to internal audit Which of the following would be of GREATEST concern when assigning audit projects to this individual?

Question128: While reviewing an organization s business continuity plan (BCP) an IS auditor observes that a recently developed application is not included. The IS auditor should:

Question129: Which of the following should the IS auditor do FIRST to ensure data transfer integrity for Internet of Things (loT) devices?

Question130: When introducing a maturity model to the IT management process, it is BEST to align the maturity level to a point that reflects which of the following?

Question131: During a review of an insurance company s claims system, the IS auditor learns that claims for specific medical procedures are acceptable only from females This is an example of a:

Question132: To confirm integrity for a hashed message, the receiver should use

Question133: During an audit, which of the following would be MOST helpful in establishing a baseline for measuring data quality?

Question134: Which of the following is MOST important for an IS auditor to verify when reviewing a critical business application that requires high availability?

Question135: When testing segregation of duties, which of the following audit techniques provides the MOST reliable evidence?

Question136: During an audit, the client learns that the IS auditor has recently completed a similar security review at a competitor. The client inquires about the competitor's audit results. What is the BEST way for the auditor to address this inquiry?

Question137: Privileged account access is require to start an ad hoc batch job. Which of the following would MOST effectively detect unauthorized job execution?

Question138: An organization is replacing a mission-critical system. Which of the following is the BEST implementation strategy to mitigate and reduce the risk of system failure?

Question139: Which of the following is MOST important to helping incident response managers quickly and accurately estimate the overall business impact of security incidents?

Question140: Spreadsheets are used to calculate project cost estimates Totals for each cost category are then keyed into the job-costing system. What is the BIST control to ensure that data are accurately entered into the system?

Question141: When engaging services from external auditors, which of the following should be established FIRST7

Question142: An organization has decided to migrate payroll processing to a new platform hosted by a third party in a different country. Which of the following is MOST important for the IS auditor to consider?

Question143: A large insurance company is about to replace a major financial application. Which of the following is the IS auditor's PRIMARY focus when conducting the pre-implementation review?

Question144: Which of the following would be an auditor's GREATEST concern when reviewing data inputs from spreadsheets into the core finance system?

Question145: Which of the following would provide the BEST evidence for an IS auditor to determine whether segregation of duties is in place?

Question146: An organization uses two data centers. Which of the following would BEST address the organization's need for high resiliency?

Question147: A manufacturing company is implementing application software for its sales and distribution system. Which of the following is the MOST important reason for the company to choose a centralized online database?

Question148: Which of the following cloud deployment models would BEST meet the needs of a startup software development organization with limited initial capital?

Question149: In a decentralized organization, the selection and purchase of IS products is acceptable as long as which of the following conditions exists?

Question150: An organization implements a data loss prevention tool as a control to mitigate the risk of sensitive data leaving the organization via electronic mail. Which of the following would provide the BEST indication of adequate control design?

Question151: Which of the following methods should be used to effectively erase sensitive data from portable storage devices that are to be reused?

Question152: Which of the following is a key success factor for implementing IT governance?

Question153: Which of the following documents would be MOST useful in detecting a weakness in segregation of duties?

Question154: An IS auditor should ensure that an application's audit trail:

Question155: A small organization is experiencing rapid growth and plans to create a new information security policy.
Which of the following is MOST relevant to creating the policy?

Question156: Loss-site scripting (XSS) attacks are BEST prevented through:

Question157: An organization is developing a web portal using some external components. Which of the following should be of MOST concern to an IS auditor?

Question158: Which of the following controls is MOST appropriate against brute force attacks at login?

Question159: Following a breach, what is the BEST source to determine the maximum amount of time before customers must be notified that their personal information may have been compromised?

Question160: Which of the following is the GREATEST concern with conducting penetration testing on an internally developed application in the production environment?

Question161: Which of the following auditing techniques would be used to detect the validity of a credit card transaction based on time, location, and date of purchase?

Question162: Which of the following functions is MOST likely to be performed by an operating system utility residing on a web server?

Question163: Audit management has just completed the annual audit plan for the upcoming year, which consists entirely of high-risk processor. However it is determined that there are insufficient resources to execute the plan. What should be done NEXT?

Question164: An audit committee is reviewing an annual IT risk assessment Which of the following is the BEST justification for the audits selected?

Question165: After the release of an application system, an IS auditor wants to verify that the system is providing value to the organization. The auditor's BEST course of action would be to:

Question166: An IS audit had identified that default passwords for a newly implemented application were not changed.
During the follow-up audit which of the
following would provide the BEST evidence that the finding was effectively addressed?

Question167: Which of the following activities would allow an IS auditor to maintain independence while facilitating a control self-assessment (CSA)?

Question168: A digital signature addresses which of the following concerns?

Question169: Which of the following is MOST important when an incident may lead to prosecution?

Question170: Which of the following is the MOST effective way for an IS auditor to identify unauthorized changes to the production state of a critical business application?

Question171: Which function in the purchasing module of an enterprise resource planning (ERP) system ensures payments are not issued for incorrect invoices'

Question172: For an organization which uses a VoIP telephony system exclusively, the GREATEST concern associated with leaving a connected telephone in an unmonitored public area is the possibility of:

Question173: When connecting to an organization's intranet from the Internet, security against unauthorized access is BEST achieved by using:

Question174: Which of the following is the BEST way to control the concurrent use of licensed software?

Question175: An organization is choosing key performance indicators (KPIs) for its information security management.
Which of the following KPIs would provide stakeholders with the MOST useful information about whether information security risk is being managed?

Question176: Which of the following is the BEST way to ensure enterprise architectural objectives are aligned with business and technology objectives?

Question177: A sales representative is reviewing the organization's feedback blog and gets redirected to a site that sells illegal prescription drugs. The blog site is MOST likely susceptible to which of the following types of attacks?

Question178: Which of the following would BEST facilitate the detection of internal fraud perpetrated by an individual?

Question179: A review of Internet security disclosed that users have individual user accounts with Internet service providers (ISPs) and use these accounts for downloading business data. The organization wants to ensure that only the corporate network is used. The organization should FIRST:

Question180: An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?

Question181: An IS auditor has identified that some IT staff have administrative access to the enterprise resource planning (ERP) application, database, and server. IT management has responded that due to limited resources, the same IT staff members have to support all three layers of the ERP application. Which of the following would be the auditor's BEST recommendation to management?

Question182: Which of the following would BEST assist senior management in evaluating IT performance as well as the alignment between corporate and IT strategic objectives?

Question183: Which of the following would be an IS auditor's GREATEST concern when reviewing an organization s security controls for policy compliance?

Question184: An organization is deciding whether to outsource its customer relationship management systems to a provider located in another country. Which of the following should be the PRIMARY influence in the outsourcing decision?

Question185: An IS auditor is assessing an organization's data loss prevention (DLP) solution for protecting intellectual property from insider theft. Which of the following would the auditor consider MOST important for effective data protection?

Question186: An organization has performance metrics to track how well IT resources are being used, but there has been little progress on meeting the organization's goals. Which of the following would be MOST helpful to determine the underlying reason?

Question187: An IT governance body wants to determine whether IT service delivery is based on consistently efficient and effective processes. Which of the following would be the BEST approach?

Question188: An IS auditor finds that an organization's data loss prevention (DLP) system is configured to use vendor default settings to identify violations. The auditor's MAIN concern should be that:

Question189: Which of the following BEST describes the relationship between vulnerability scanning and penetration testing?

Question190: Which of the following is the PRIMARY advantage of using virtualization technology for corporate applications?

Question191: While reviewing similar issues in an organization s help desk system, an IS auditor finds that they were analyzed independently and resolved differently This situation MOST likely indicates a deficiency in:

Question192: Which of the following would be MOST helpful in ensuring security procedures are followed by employees in a multinational organization?

Question193: Which of the following access rights in the production environment should be granted to a developer to maintain segregation of duties?

Question194: Which of the following is the MOST important process to ensure planned IT system changes are completed in an efficient manner?

Question195: Which of the following should be the PRIMARY consideration when developing an IT strategy?

Question196: Which of the following is MOST important for an IS auditor to verify when reviewing an organization's information security practices following the adoption of a bring your own device (8YOD) program?

Question197: Which of the following is MOST important for an IS auditor to consider when evaluating a Software as a Service (SaaS) arrangement?

Question198: Which of the following is the MOST significant concerns when backup tapes are encrypted?

Question199: An organization has established three IS processing environments: development, test, and production. The MAJOR reason for separating the development and test environments is

Question200: An IS auditor is assessing an organization's implementation of a virtual network. Which of the following observations should be considered the MOST significant risk?

Question201: Which of the following activities is MOST important to consider when conducting IS audit planning?

Question202: To restore service at a large processing facility after a disaster, which of the following tasks should be performed FIRST?

Question203: Which of the following BEST determines if a batch update job was completed?

Question204: An airlines online booking system uses an automated script that checks whether fares are within the defined threshold of what is reasonable before the fares are displayed on the website. Which type of control is in place?

Question205: Which of the following should be done FIRST when planning a penetration test?

Question206: Which of the following tools is MOST helpful in estimating budgets for tasks within a large IT business application project?

Question207: An IS auditor discovers that management has created a system interface to receive financial data and store it in a data warehouse. Which of the following provides the BEST assurance that data in the data warehouse is accurate?

Question208: An IS auditor performing an application development review attends development team meetings. The IS auditor's independence will be compromised if the IS auditor:

Question209: An IS auditor notes that several users have not logged into an application for more than one year. Which of the following would be the BEST audit recommendation?

Question210: Which of the following should be an IS auditor's PRIMARY focus when developing a risk-banned IS audit program?

Question211: Which of the following would MOST effectively and executive management in achieving IT and business alignment?

Question212: Reviewing which of the following would be MOST helpful in assessing whether an organization s IT performance measures are comparable to other organizations in the same industry?

Question213: Which of the following should an IS auditor do FIRST when determining whether to employ data analytics in an audit?

Question214: Which audit technique provides the GREATEST assurance that incident management procedures are effective?

Question215: An audit team has a completed schedule approved by the audit committee. After starting some of the scheduled audits, executive management asked the team to immediately audit an additional process. There are not enough resources available to add the additional audit to the schedule. Which of the following is the BEST course of action?

Question216: Which of the following would BEST enable alignment of IT with business objectives?

Question217: An IS auditor performing an audit of backup procedures observes that backup tapes are picked up weekly and stored offsite at a deed party hosting faculty. Which of the following recommendations would be the BEST way to maintain data integrity during transport?

Question218: Which of the following is a reason for implementing a decentralized IT governance model?

Question219: An IS auditor has discovered that unauthorized customer management software was installed on a workstation.
The auditor determines the software has been uploading customer ita to an external party. Which of the following is the IS auditor's BEST course of action?

Question220: Which of the following is the FIRST consideration when developing a data retention policy?

Question221: Due to the increasing size of a database, user access times and daily backups continue to increase. Which of the following would be the BEST way to address this situation?

Question222: Which of the following is MOST important in the audit quality assurance process?

Question223: Which of the following controls would BEST ensure that payroll system rate charges are valid?

Question224: What is the MOST difficult aspect of access control in a multiplatfotm, multiple-site client/server environment?

Question225: The CIO of an organization is concerned that the information security policies may not be comprehensive.
Which of the following should an IS auditor recommend be performed FIRST?

Question226: Which of the following should an IS auditor be MOST concerned with when a system uses ratio frequency identification (RFID)?

Question227: Which of the following would represent an acceptable test of an organization s business continuity plan?

Question228: An organization is considering outsourcing the processing of customer insurance claims. An IS auditor notes that customer data will be sent offshore for processing. Which of the following would be the BEST way to address the risk of exposing customer data?

Question229: Which of the following is an example of a data analytics use case during the fieldwork phase of an IS audit?

Question230: Which of the following is the GREATEST risk of cloud computing?

Question231: Which of the following procedures should an IS auditor complete FIRST when evaluating the adequacy of IT key performance indicators (KPIs)?

Question232: An IS auditor has assessed a payroll service provider's security policy and finds significant topics are missing.
Which of the following is the auditor's BEST course of action?

Question233: During a help desk review, an IS auditor determines the call abandonment rate exceeds agreed-upon service levels. What conclusion can be drawn from this finding?

Question234: A database is denormalized in order to:

Question235: Which of the following BEST enables timely detection of changes in the IT environment to support informed decision making by management?

Question236: Which of the following would BEST detect that a distributed-denial-of-service attack (DDoS) is occurring?

Question237: Which of the following is MOST important when planning a network audit?

Question238: Which of the following is the MOST critical characteristic of a biometric system?

Question239: The PRIMARY purpose of an internal audit department's quality assurance improvement program is to evaluate which of the following?

Question240: Requiring that passwords contain a combination of numeric and alphabetic characters is MOST effective against which type of attack?

Question241: Which of the following is the PRIMARY objective of the IS audit function?

Question242: Which of the following should be of MOST concern to an IS auditor during the review of a quality management system?

Question243: An advantage of object-oriented system development is that it:

Question244: What is the MOST important role of a certificate authority (CA) when a private key becomes compromised?

Question245: Using swipe cards to limit employee access to restricted areas requires implementing which additional control?

Question246: An IS auditor notes that help desk personnel are required to make critical decisions during major service disruptions. Which of the following is the auditor's BEST recommendation to address this situation?

Question247: During an audit, it is discovered that several suppliers with standing orders have been deleted from the supplier master file Which of the following controls would have BEST evented such an occurrence?

Question248: Which of the following would be the MOST appropriate reason for an organization to purchase fault-tolerant hardware?

Question249: Previous audits have found that a large organization has had a number of segregation of duties conflicts between various roles, and the IT governance committee has asked the audit function for guidance on how to address this issue. Which of the following is the BEST recommendation?

Question250: Which of the following stakeholders should be PRIMARILY responsible for developing, implementing, and monitoring metrics for security activities?

Question251: Which of the following will BEST ensure that a proper cutoff has been established to reinstate transactions and records to their condition just prior to a computer system failure?

Question252: Which of the following is the BEST reason to perform root cause analysis after a critical server failure?

Question253: Which of the following is an IS auditor s GREATEST concern when an organization does not regularly update software on individual workstations in the internal environment?

Question254: An IS auditor auditing the effectiveness of utilizing a hot site will MOST likely:

Question255: When designing a data analytics process, which of the following should be the stakeholder's role in automating data extraction and validation?

Question256: Which of the following poses the GREATEST risk to the enforceability of networking policies in a virtualized environment?

Question257: When conducting a requirements analysis for a project, the BEST approach would be to:

Question258: Which of the following is the BEST physical security solution for granting and restricting access to individuals based on their unique access needs?

Question259: Which of the following provides the BEST audit evidence that a firewall is configured in compliance with the organization's security policy?

Question260: Which of the following system deployments requires the cloud provider to assume the widest range of responsibilities for data protection?

Question261: Which of the following provides the GREATEST assurance that any confidential information on a disk is no longer accessible but the device is still usable by the other internal users?

Question262: Which of the following is the BEST way to reduce the risk of vulnerabilities during the rapid deployment of container-based applications to a hybrid cloud?

Question263: Which of the following is MOST important to consider when reviewing a third-party service agreement for disaster recovery services'

Question264: The grants management system is used to calculate grant payments. Once per day, a batch interface extracts grant amounts and payee details from this system for import into the once system so payments can be made overnight Which of the following controls provides the GREATEST assurance of the accuracy and completeness of the imported payment

Question265: A security administrator should have read-only access for which of the following?

Question266: Which of the following is the BEST way to detect potentially fraudulent purchases where an employee can approve a receipt of an item or service that the employee also procured?

Question267: The PRIMARY advantage of object oriented technology is enhanced:

Question268: Which of the following is the BCST way to determine the effectiveness of a recently installed intrusion detection system (IDS)?

Question269: Which of the following should be an IS auditor's FIRST activity when planning an audit?

Question270: Which of the following is the GREATEST advantage of implementing an IT enterprise architecture framework within an organization?

Question271: Which of the following should be reviewed as part of a data integrity test?

Question272: Which of the following would BEST detect logic bombs in new programs?

Question273: Which of the following IS audit findings should be of GREATEST concern when preparing to migrate to a new core system using a direct cut-over?

Question274: An IS auditor finds ad hoc vulnerability scanning is in place with no clear alignment to the organization's wider security threat and vulnerability management program. Which of the following would BEST enable the organization to work toward improvement in this area?

Question275: Which of the following should the IS auditor use to BEST determine whether a project has met its business objectives?

Question276: Which of the following is the GREATEST risk associated with instant messaging?

Question277: An organization is moving its on-site application servers to a service provider that operates a virtualized environment shared by multiple customers. Which of the following is the MOST significant risk to the organization?

Question278: During a network security review the system log indicates an unusually high number of unsuccessful login attempts Which of the following sampling techniques is MOST appropriate for selecting a sample of user IDs for further investigation?

Question279: An IS auditor notes that the anticipated benefits from an ongoing infrastructure projects have changed due to recent organizational restructuring. Which of the following is the IS auditor's BEST recommendation?

Question280: An IS auditor previously worked in an organization s IT department and was involved with the design of the business continuity plan (BCP). The IS auditor has now been asked to review this same BCP. The auditor should FIRST.

Question281: Which of the following should be of GREATEST concern to an IS auditor reviewing the controls for a continuous software release process?

Question282: Which of the following areas are the MOST likely cause of an application producing several erroneous reports?

Question283: Which of the following is the BEST key performance indicator (KPI) for determining how well the IT policy is aligned to the business requirements?

Question284: A retirement system verifies that the field for employee status has either a value of A (for active) or R (for retired). This is an example of which type of check?

Question285: The risk that the IS auditor will not find an error that has occurred is identified by which of the following terms?

Question286: Which of the following metrics would BEST measure the agility of an organization's IT function?

Question287: Which of the following is a passive attack on a network?

Question288: An IS auditor learns that after each scheduled batch process runs, management performs a reconciliation between upstream and downstream data. Which of the following is MOST important for the auditor to investigate?

Question289: Which of the following metrics would be MOST helpful to an IS auditor in evaluating an organizations security incident response management capability?

Question290: Which of the following controls would BEST decrease the exposure if a password is compromised?

Question291: During a review of system access, an IS auditor notes that an employee who has recently changed roles within the organization still has previous access rights. The auditor s NEXT step should be to:

Question292: Which of the following is the PRIMARY function of technology-driven enterprise architecture?

Question293: Which of the following presents the GREATEST concern when implementing data flow across borders?

Question294: An IS auditor reviewing an incident management process identifies client information was lost due to ransomware attacks. Which of the following would MOST effectively minimize the impact of future occurrences?

Question295: Which of the following occurs during the issues management process for a system development project?

Question296: A database administrator (DBA) extracts a user listing for an auditor as testing evidence. Which of the following will provide the GREATEST assurance that the user listing is reliable'

Question297: Which of the following is MOST likely to result from compliance testing?

Question298: An IS auditor was involved in the design phase for a new system's security architecture. For the planned post-implementation audit which of the following would be the MOST appropriate course of action for the auditor?

Question299: Which of the following should an IS auditor verify when auditing the effectiveness of virus protection?

Question300: An IS auditor reviewing security incident processes realizes incidents are resolved and dosed, but root causes are not investigated Which of the following should be the MAJOR concern with this situation?

Question301: When reviewing a contract for a disaster recovery hot site, which of the following would be the MOST significant omission?

Question302: An organization is using a single account shared by personnel for its social networking marketing page. Which of the following is the BEST method to maintain accountability over the account?

Question303: An information systems security officer's PRIMARY responsibility for business process applications is to:

Question304: An IS auditor is observing transaction processing and notes that a high-priority update job ran out of sequence.
What is the MOST significant risk from this observation'

Question305: An IS auditor plans to review all access attempts to a video-monitored and proximity card-controlled communications room. Which of the following would be MOST useful to the auditor?

Question306: An organization using instant messaging to communicate with customers can prevent legitimate customers from being impersonated by:

Question307: MOST critical security weakness of a packet level firewall is that it can be circumvented by:

Question308: Which of the following is the BEST development methodology to help manage project requirements in a rapidly changing environment?

Question309: A government organization uses standard Wi-Fi Protected Access 2 (WPA2) to protect confidential information transmitted to a file server. Which of the following is the IS auditor's BEST recommendation to further strengthen security?

Question310: In a small organization, an IS auditor finds that security administration and system analysis functions are performed by the same employee. Which of the following is the MOST significant finding?

Question311: Which of the following would provide the BEST assurance that an organization s backup media is adequate in the case of a disaster?

Question312: Of the following procedures for testing a disaster recovery plan (DRP), which should be used MOST frequently?

Question313: Which of the following should be of GREATEST concern to an IS auditor reviewing an organization's initiative to adopt an enterprise governance framework?

Question314: Which of the following will BEST help to ensure that an in-house application in the production environment is current?

Question315: When auditing the security architecture of an e-commerce environment, an IS auditor should FIRST review the:

Question316: Which of the following is the GREATEST risk resulting from conducting periodic reviews of IT over several years based on the same audit program?

Question317: Following an IS audit recommendation, all Telnet and File Transfer Protocol (FTP) connections have been replaced by Secure Socket Shell (SSH) and Secure File Transfer Protocol (SFTP). Which risk treatment approach has the organization adopted?

Question318: Which of the following is the PRIMARY role of an IS auditor with regard to data privacy?

Question319: The MAIN reason an organization's incident management procedures should include a post-incident review is to:

Question320: As part of an IS audit, the auditor notes the practices listed below.
Which of the following would be a segregation of duties concern?

Question321: An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization s objectives?

Question322: The MOST efficient way to confirm that an ERP system being implemented satisfies business expectations is to utilize which of the following types of testing?

Question323: Which of the following is MOST likely to improve the portability of an application connected to a database?

Question324: Which of the following BEST enables an audit department to improve the quality of work performed by its auditors?

Question325: An IS auditor is examining a front-end sub ledger and a main ledger Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?

Question326: Which of the following group is MOST likely responsible for the implementation of IT projects?

Question327: An IS auditor identifies key controls that have been overridden by management. The next step the IS auditor should take is to

Question328: In which of the following cloud service models does the user organization have the GREATEST control over the accuracy of configuration items in its configuration management database (CMDB)?

Question329: Which of the following is the MOST effective means of helping management and the IT strategy committee to monitor IT performance?

Question330: A post-implementation review of a system implementation has identified that the defined objectives were changed several times without the approval of the project board. What would the IS auditor do NEXT?

Question331: Which of the following controls MOST effectively reduces the risk associated with use of instant messaging (IM) in the workplace?

Question332: An IS auditor is evaluating the risks and controls associated with a virtualized environment. Which of the following observations should be of GREATEST concern?