EMT Practice Test

1. Question Content...


Question List

Question1: As part of a follow-up of a previous year's audit, an IS auditor has increased the expected error rate for a sample. The impact will be:

Question2: The PRIMARY reason an IS department should analyze past incidents and problems is to:

Question3: An internal audit has revealed a large number of incidents for which root cause analysis has not been performed. Which of the following is MOST important for the IS auditor to verify to determine whether there is an audit issue?

Question4: An IS auditor reviewing a new application for compliance with information privacy principles should be MOST concerned with:

Question5: An IT steering committee assists the board of directors to fulfill IT governance duties by:

Question6: An IS auditor observes an organization is performing data backup and restoration testing on an ad hoc basis without a defined process. What is the MOST likely result of a data disruption event?

Question7: Which of the following should be of GREATEST concern to an IS auditor reviewing the controls for a continuous software release process?

Question8: As part of a post-implementation review, the BEST way to assess the realization of outcomes is by:

Question9: Which of the following BEST supports an organization's planning efforts for investments in IT initiatives?

Question10: To restore service at a large processing facility after a disaster, which of the following tasks should be performed FIRST?

Question11: Which of the following is MOST likely to enable a hacker to successfully penetrate a system?

Question12: A PRIMARY benefit derived by an organization employing control self-assessment (CSA) techniques s that CSA.

Question13: Which of the following would present the GREATEST risk to the effectiveness of a security operations center for a global financial institution processing transactions 24×7?

Question14: Which the following is MOST critical for the effective implementation of IT governance?

Question15: An IT department installed critical patches provided by the vendor to HR production servers. Immediately after the installation was completed, the HR department called to report that none of its users could access the system, what should be the IT department's FIRST step in addressing this issue?

Question16: An organization has performance metrics to track how well IT resources are being used, but there has been little progress on meeting the organization's goals. Which of the following would be MOST helpful to determine the underlying reason?

Question17: An IT governance framework provides an organization with:

Question18: Which of the following would BEST enable an IS auditor to perform an audit that requires testing the full population of data?

Question19: An organization is running servers with critical business application that are in an area subject to frequent but brief power outages. Knowledge of which of the following would allow the organization's management to monitor the ongoing adequacy of the uninterruptable power supply (UPS)?

Question20: Which of the following would be the PRIMARY benefit of replacing physical keys with an electronic badge system for access to a data center?

Question21: Which of the following findings would have the GREATEST impact on the objective of a business intelligence system?

Question22: Which of the following should be the PRIMARY consideration when developing an IT strategy?

Question23: Which of the following is MOST important for an IS auditor to consider when auditing a vulnerability scanning software solution?

Question24: An IS auditor notes that application super-user activity was not recorded in system logs. What is the auditor's BEST course of action?

Question25: An IS auditor has assessed a payroll service provider's security policy and finds significant topics are missing.
Which of the following is the auditor's BEST course of action?

Question26: An organization is replacing a mission-critical system. Which of the following is the BEST implementation strategy to mitigate and reduce the risk of system failure?

Question27: Which of the following areas are the MOST likely cause of an application producing several erroneous reports?

Question28: An existing system is being replaced with a new application package. User acceptance testing (UAT) should ensure that:

Question29: During a routine check, a system administrator identifies unusual activity indicating an intruder within a firewall. Which of the following controls has MOST likely been compromised?

Question30: An IS auditor discovered abnormalities in a monthly report generated from a system upgraded six months ago.
Which of the following should be the auditor's FIRST course of action?

Question31: An IS auditor learns a server administration team regularly applies work arounds to address repeated failures of critical data processing services. Which of the following would BEST enable the organization to resolve the issue?

Question32: Which of the following BEST helps to ensure data integrity across system interfaces?

Question33: Which function in the purchasing module of an enterprise resource planning (ERP) system ensures payments are not issued for incorrect invoices'

Question34: Which of the following occurs during the issues management process for a system development project?

Question35: Which of the following tools is MOST helpful in estimating budgets for tasks within a large IT business application project?

Question36: A review of an organization's IT portfolio revealed several applications that are not in use. The BEST way to prevent this situation from recurring would be to implement.

Question37: An IS auditor is assessing a recent migration of mission critical applications to a virtual platform. Which of the following observations poses the GREATEST risk to the organization?

Question38: An IS auditor notes that due to the small size of the organization, human resources staff can create new employees in the payroll system as well as process payroll. Which of the following is the BEST recommendation to address this situation?

Question39: An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization s objectives?

Question40: The MAJOR reason for replacing checks with electronic funds transfer (EFT) systems in the accounts payable area is to:

Question41: An IS auditor is reviewing an organization's sales and purchasing system due to ongoing data quality issues.
An analysis of which of the following would provide the MOST useful formation to determine the revenue loss?

Question42: When reviewing a disaster recovery plan (DRP) an IS auditor should examine the:

Question43: Which of the following access control situations represents the MOST serious control weakness?

Question44: Which of the following is the BEST indication of control maturity in an organization's systems development and implementation processes?

Question45: A 5 year audit plan provides for general audits every year and application audits on alternating years. To achieve higher efficiency, the IS audit manager would MOST likely:

Question46: Which of the following BEST enables an IS auditor to identify gaps between the current state and future state of an organization's IT infrastructure?

Question47: In a RAO model, which of the following roles must be assigned to only one individual?

Question48: A company has located its computer center on a moderate earthquake fault. Which of the following is the MOST important consideration in establishing a contingency plan and an alternate processing site?

Question49: Overall responsibility for approving logical access rights to information assets should reside with the:

Question50: Which of the following would be the GREATEST concern to an IS auditor reviewing an IT outsourcing arrangement?

Question51: An IS auditor is assessing an organization's data loss prevention (DLP) solution for protecting intellectual property from insider theft. Which of the following would the auditor consider MOST important for effective data protection?

Question52: Which of the following sampling methods is the BEST approach for drawing conclusions based on frequency of occurrence?

Question53: Two servers are deployed in a cluster to run a mission-critical application. To determine whether the system has been designed for optimal efficiency, the IS auditor should verify that:

Question54: Following an IS audit recommendation, all Telnet and File Transfer Protocol (FTP) connections have been replaced by Secure Socket Shell (SSH) and Secure File Transfer Protocol (SFTP). Which risk treatment approach has the organization adopted?

Question55: When reviewing an organization s IT governance processes, which of the following provides the BEST indication that information security expectations are being met at all levels?

Question56: Which of the following BEST helps to identify errors during data transfer?

Question57: An IS auditor is performing a routine procedure to test for the possible existence of fraudulent transactions.
Given there is no reason to suspect the existence of fraudulent transactions, which of the following data analytics techniques should be employed?

Question58: Which of the following is MOST important for the improvement of an organization's incident response processes

Question59: What is the BEST population to select from when testing that programs are migrated to production with proper approval?

Question60: An IS auditor conducting audit follow-up activities learns that some previously agreed-upon corrective actions have not been taken and that the associated risk has been accepted by senior management. If the auditor disagrees with management s decision what is the BEST way to address the situation?

Question61: During a vulnerability assessment, an IS auditor finds a high-risk vulnerability in a public-facing web server used to process online customer orders via credit card. The IS auditor could FIRST:

Question62: A post-implementation review of a system implementation has identified that the defined objectives were changed several times without the approval of the project board. What would the IS auditor do NEXT?

Question63: Which of the following roles is ULTIMATELY accountable for the protection of an organization s information?

Question64: Which of the following BEST provides continuous availability of network bandwidth for critical application services?

Question65: During the implementation of an upgraded enterprise resource planning (ERP) system, which of the following is the MOST important consideration foe a go-live decision?

Question66: An IS auditor finds that firewalls are outdated and not supported by vendors. Which of the following should be the auditor s NEXT course of action?

Question67: During a post-implementation review, a step in determining whether a project met user requirements is to review the:

Question68: An organization has begun using social media to communicate with current and potential clients. Which of the following should be of PRIMARY

Question69: To create a digital signature in a message using asymmetric encryption, it is necessary to:

Question70: Which of the following procedures should an IS auditor complete FIRST when evaluating the adequacy of IT key performance indicators (KPIs)?

Question71: An IS auditor is a member of an application development team that is selecting software. Which of the following would impair the auditor's independence?

Question72: Which of the following would BEST enable effective IT resource management?

Question73: Which of the following is MOST important for an IS auditor to understand when planning an IS audit?

Question74: Which of the following is the MOST important consideration when developing an incident response program?

Question75: Which of the following would be MOST critical for an IS auditor to look for when evaluating fire precautions in a manned data center located in the upper floor of a multi-story building?

Question76: An organization wants to classify database tables according to its data classification scheme. From an IS Auditor's perspective, the tables should be classified based on the:

Question77: Which of the following management decisions presents the GREATEST risk associated with data leakage?

Question78: An IS audit had identified that default passwords for a newly implemented application were not changed.
During the follow-up audit which of the
following would provide the BEST evidence that the finding was effectively addressed?

Question79: Which procedure provides the GREATEST assurance that corrective action to an audit report has been taken?

Question80: The drives of a tile server are backed up at a hot site. Which of the following is the BEST way to duplicate the files stored on the server for forensic analysis?

Question81: The BEST way to evaluate a shared control environment is to obtain an assurance report and review which of the following?

Question82: Which of the following should an IS auditor expect to find in an organization s information security policies?

Question83: During audit planning, an IS auditor walked through the design of controls related to a new data loss prevention tool. It was noted that the tool will be configured to alert. IT management when large files are sent outside of the organization via email. What type of control will be tested?

Question84: When auditing a quality assurance plan, an IS auditor should be MOST concerned if the:

Question85: An organization has purchased a replacement mainframe computer to cope with the demands of increased business. Which of the following should be the PRIMARY concern of an IS auditor?

Question86: A sales representative is reviewing the organization's feedback blog and gets redirected to a site that sells illegal prescription drugs. The blog site is MOST likely susceptible to which of the following types of attacks?

Question87: A new regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification. Which of the following is the IS auditor s BEST recommendation to facilitate compliance with the regulation?

Question88: Which of the following is the PRIMARY benefit of implementing configuration management for IT?

Question89: Which of the following will enable a customer to authenticate an online Internet vendor?

Question90: Which of the following methods should be used to effectively erase sensitive data from portable storage devices that are to be reused?

Question91: An organization plans to launch a social media presence as part of a new customer service campaign. Which of the following is the MOST significant risk from the perspective of potential litigation?

Question92: An organization outsourced its IS functions. To meet its responsibility for disaster recovery, the organization should:

Question93: An IS auditor finds that the process for removing access for terminated employee is not documented. What is the MOST significant risk from this observation?

Question94: Which of the following is the GREATEST cause for concern when an organization is planning to migrate business-critical applications to the cloud using a Platform as a Service (PaaS) model?

Question95: Which of the following should occur EARLIEST in a business continuity management lifecycle?

Question96: Which of the following is the PRIMARY responsibility of an information owner?

Question97: When reviewing a database supported by a third-party service provider, an IS auditor found minor control deficiencies. The auditor should FIRST

Question98: Which of the following is MOST likely to be included in a post-implementation review?

Question99: Which of the following is a prerequisite to help ensure that IS hardware and software support the delivery of mission-critical functions?

Question100: Which of the following would BEST help in classifying an organization s data?

Question101: Which of the following access fights presents the GREATEST risk when granted to a new member of the system development staff?

Question102: An organization has suffered a number of incidents in which USB flash drives with sensitive data have been lost. Which of the following would be MOST effective in preventing loss of sensitive data?

Question103: Which of the following roles combined with the role of a database administrator (DBA) will create a segregation of duties conflict?

Question104: Which of the following is the BEST way for an IT forensics investigator to detect evidence of steganography?

Question105: During a network security review the system log indicates an unusually high number of unsuccessful login attempts Which of the following sampling techniques is MOST appropriate for selecting a sample of user IDs for further investigation?

Question106: Which of the following is the BEST way to evaluate the effectiveness of access controls to an internal network?

Question107: On a daily basis, an in-house development team moves duplicate copies of production data containing personally identifiable information (Pll) to the test environment Which of the following is the BEST way to mitigate the privacy risk involved?

Question108: Which of the following is the GREATEST risk resulting from conducting periodic reviews of IT over several years based on the same audit program?

Question109: The lack of which of the following represents the GREATEST risk to the quality of developed software?

Question110: A legacy application is running on an operating system that is no longer supported by vendor, if the organization continues to use the current application, which of the application should be the IS auditor's GREATEST concern?

Question111: During a review of information security procedures for disabling user accounts, an IS auditor discovers that IT is only disabling network access for terminated employees IT management maintains if terminated users cannot access the network, they will not be able to access any applications Which of the following is the GREATEST risk associated with application access?

Question112: Which of the following methodologies is MOST appropriate to use for developing software with incomplete requirements?

Question113: Which of the following firewall technologies involves examining the header of every packet of data traveling between the Internet and the corporate network without examining the previous packets?

Question114: Which of the following is the BCST way to determine the effectiveness of a recently installed intrusion detection system (IDS)?

Question115: Which of the following activities is MOST important to consider when conducting IS audit planning?

Question116: During an audit of an organization s incident management process, an IS auditor teams that the security operations team includes detailed reports of recent attacks in its communications to employees. Which of the following is the GREATEST concern with this situation?

Question117: Which of the following would be of concern when determining if information assets are adequately safeguard during transport and disposal?

Question118: What is the FIRST step an auditor should take when beginning a follow-up audit?

Question119: Which of the following access rights in the production environment should be granted to a developer to maintain segregation of duties?

Question120: Stress testing should ideally be carried out under a:

Question121: Which of the following is the MOST efficient solution for a multi-location healthcare organization that wants to be able to access patient data wherever patients present themselves for care?

Question122: Which of the following reports can MOST effectively be used to analyze a systems performance problem?

Question123: Following an IT audit, management has decided to accept the risk highlighted in the audit report. Which of the following would provide the MOST assurance to the IS auditor that management is adequately balancing the needs of the business with the need to manage risk?

Question124: An organization's IT security policy requires annual security awareness training for all employees. Which of the following would provide the BEST evidence of the training's effectiveness?

Question125: Which of the following would be considered the BEST compensating control to use when an emergency process, rather than the established control procedures, is used for database changes?

Question126: Which of the following is the MOST important consideration for building resilient systems?

Question127: When conducting a post implementation review which of the following is the BEST way to determine whether the value from an IT project has been achieved?

Question128: An IT management group has developed a standardized security control checklist and distributed it to the control self-assessors in each organizational unit. Which of the following would be the GREATEST risk m this approach?

Question129: Requiring that passwords contain a combination of numeric and alphabetic characters is MOST effective against which type of attack?

Question130: An organization has implemented an automated match between purchase orders, goods receipts, and invoices.
Which of the following risks will this control BEST mitigate?

Question131: Which of the following would provide the MOST assurance that an application will work in a live environment?

Question132: During a security audit, which of the following is MOST important to review to ensure data confidentiality is managed?

Question133: Which of the following is the BEST method for converting a file into a format suitable for data analysis in a forensic investigation?

Question134: Nonrepudiation of the client for e-commerce transactions is accomplished through which of the following control mechanisms?

Question135: An IS auditor is reviewing the process followed in identifying and prioritizing the critical business processes.
This process is part of the:

Question136: An IS auditor is observing transaction processing and notes that a high-priority update job ran out of sequence.
What is the MOST significant risk from this observation'

Question137: A disk management system's PRIMARY function is to:

Question138: Which of the following would provide the MOST important input during the planning phase for an audit on the implementation of a bring your own device (BYOD) program?

Question139: These members of an emergency incident response team should be:

Question140: An IS auditor is assessing an organization's implementation of a virtual network. Which of the following observations should be considered the MOST significant risk?

Question141: Which of the following is the MOST important determining factor when establishing appropriate timeframes for follow-up activities related to audit findings?

Question142: A large insurance company is about to replace a major financial application. Which of the following is the IS auditor's PRIMARY focus when conducting the pre-implementation review?

Question143: An IS auditor determines that an online retailer processing credit card information does not have a data classification process. The auditor's NEXT step should be

Question144: Which of the following sampling techniques is commonly used in fraud detection when the expected occurrence rate is small and the specific controls are critical?

Question145: An information systems security officer's PRIMARY responsibility for business process applications is to:

Question146: Which of the following would provide the MOST reliable evidence to indicate whether employee access has been deactivated in a timely manner following termination?

Question147: As part of a quality assurance initiative, an organization has engaged an external auditor to evaluate the internal IS audit function. Which of the following observations should be of MOST concern?

Question148: The grants management system is used to calculate grant payments. Once per day, a batch interface extracts grant amounts and payee details from this system for import into the once system so payments can be made overnight Which of the following controls provides the GREATEST assurance of the accuracy and completeness of the imported payment

Question149: A user of a telephone banking system has forgotten his personal identification number (PIN), after the user has been authenticated, the BEST method of issuing a new pin is to have:

Question150: Management decided to accept the residual risk of an audit finding and not take the recommended actions. The internal. Audit team believes the acceptance is inappropriate and has discussed the situation with executive management. After this discussion, there is still disagreement regarding the decision. Which of the following is the BEST course of action by internal audit.

Question151: An organization performs nightly backups but does not have a formal policy. An IS auditor should FIRST

Question152: Which of the following is the GREATEST benefit of implementing an incident management process?

Question153: During a follow-up audit, an IS auditor finds that some critical recommendations have not been addressed as management has decided to accept the risk. Which of the following is the IS auditor's BEST course of action?

Question154: A recent audit concluded that an organization's information security system was weak and that monitoring would likely fail to detect penetration. Which of the following would be the MOST appropriate recommendation?

Question155: During an IS audit, it is discovered that security configurations differ across the organization's virtual server farm. Which of the following is the IS auditor's BEST recommendation to proving the control environment?

Question156: Which of the following components of a scheduling tool BEST prevents job failures due to insufficient system resources?

Question157: Which of the following should be of GREATEST concern to an IS auditor when auditing an organization's information security awareness

Question158: Performance monitoring tools report that servers are significantly below their planned utilization. Which of the following would be the BEST recommendation?

Question159: Which of the following is MOST important for an IS auditor to verify when reviewing an organization's information security practices following the adoption of a bring your own device (8YOD) program?

Question160: An organization considers implementing a system that uses a technology that is not in line with the organization's IT strategy. Which of the following is the BEST justification for deviating from the IT strategy?

Question161: Which of the following BEST describes an audit risk?

Question162: Which of the following should be of GREATEST concern when conducting an audit of software inventory management?

Question163: Which of the following is the MAIN purpose of implementing an incident response process?

Question164: An IS auditor determines that a business impact analysis (BIA) was not conducted during the development of a business continuity plan (BCP). What is the MOST significant risk that could result from this situation?

Question165: To effectively classify data, which of the following MUST be determined?

Question166: An IS auditor is planning on utilizing attribute sampling to determine the error rate for health care claims processed. Which of the following factors will cause the sample size to decrease?

Question167: Which of the following test approaches would utilize data analytics to test a dual approval payment control?

Question168: During a review of an insurance company s claims system, the IS auditor learns that claims for specific medical procedures are acceptable only from females This is an example of a:

Question169: What is the BEST way for an IS auditor to address the risk associated with over-retention of personal data after identifying a large number of customer records retained beyond the retention period defined by law?

Question170: Which of the following presents the GREATEST concern when implementing data flow across borders?

Question171: For an organization which uses a VoIP telephony system exclusively, the GREATEST concern associated with leaving a connected telephone in an unmonitored public area is the possibility of:

Question172: Which of the following would MOST effectively detect a condition where an employee assigned to an operations role could perform system administrator functions?

Question173: Which of the following is the MOST effective way to identify anomalous transactions when performing a payroll fraud audit?

Question174: Which of the following should be of GREATEST concern to an organization's board when reviewing the internal audit department's quality assurance and improvement program?

Question175: Which of the following should be the PRIMARY consideration for IT management when selecting a new information security tool that monitors suspicious file access patterns?

Question176: Which of the following is a detective control?

Question177: Which of the following is MOST important for an IS auditor to do during an exit meeting with an auditee?

Question178: An IS auditor reviews change control tickets and finds an emergency change request where an IT manager approved the change, modified the code on the production platform, an solved the ticket Which of the following should be the auditor's GREATEST concern?

Question179: Which of the following is the BEST guidance from an IS auditor to an organization planning an initiative to improve the effectiveness of its IT processes?

Question180: Which of the following would be the MOST effective control to mitigate unintentional misuse of authorized access?

Question181: Which of the following would be an IS auditor's GREATEST concern when reviewing an organization s security controls for policy compliance?

Question182: Which of the following functions is MOST likely to be performed by an operating system utility residing on a web server?

Question183: An IS auditor has observed gaps in the data available to the organization for detecting incidents. Which of the following would be the BEST recommendation to improve the organization's security incident response capability?

Question184: Which of the following is the KST source of information for assessing the effectiveness of IT process monitoring?

Question185: Which of the following presents the GREATEST security risk to an organization using peer-to-peer (P2P) file-sharing networks?

Question186: An audit of a database management system found the audit log was not restarted following maintenance.
Which of the following is the GREATEST concern to the IS auditor?

Question187: When removing a financial application system from production, which of the following is MOST important?
D18912E1457D5D1DDCBD40AB3BF70D5D

Question188: An organization allows its employees to use personal mobile devices for work. Which of the following would BEST maintain information security without compromising employee privacy?

Question189: Which of the following is the MOST important difference between end-user computing (EUC) applications and traditional applications?

Question190: Assessments of critical information systems are based on a cyclical audit plan that has not been updated for several years. Which of the following should the IS auditor recommend to BEST address this situation?

Question191: Which of the following would BEST assist senior management in evaluating IT performance as well as the alignment between corporate and IT strategic objectives?

Question192: An IS auditor is analysing a sample of assesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found. Which sampling method would be appropriate?

Question193: An organization migrated most of its physical servers to virtual ones in its own data center. Which of the following should be of GREATEST concern to an IS auditor reviewing the virtual environment?

Question194: A small organization is experiencing rapid growth and plans to create a new information security policy.
Which of the following is MOST relevant to creating the policy?

Question195: Which of the following provides the BEST evidence that network filters are functioning?
D18912E1457D5D1DDCBD40AB3BF70D5D

Question196: Which of the following is MOST important for an organization to review before sharing data with an external business partner via an application programming interface (API)?

Question197: An IS auditor suspects an organization's computer may have been used to commit a crime. Which of the following is the auditor s BEST course of action?

Question198: When reviewing the effectiveness of data center operations, the IS auditor would FIRST -stablish that system performance:

Question199: Which of the following is the BEST approach to help ensure evidence from a computer forensics investigation is legally admissible?

Question200: Which of the following would be MOST important to include in a data security policy to adequately manage the privacy of customer information?

Question201: When physical destruction is not practical, which of the following is the MOST effective measure of disposing of sensitive data on a hard disk?

Question202: Which of the following is BEST for providing uninterrupted services?

Question203: Which of the following is the MOST effective control to mitigate unintentional misuse of authorised access?

Question204: Which of the following factors constitutes a strength in regard to the use of a disaster recovery planning reciprocal agreement?

Question205: Which of the following tools are MOST helpful for benchmarking an existing IT capability?

Question206: During a review of system access, an IS auditor notes that an employee who has recently changed roles within the organization still has previous access rights. The auditor s NEXT step should be to:

Question207: An IS auditor is conducting a pre-implementation review to determine a new system's production readiness.
The auditor's PRIMARY concern should be whether:

Question208: Which of the following is MOST important in the audit quality assurance process?

Question209: Which of the following is BEST addressed when using a timestamp within a digital signature to deliver sensitive financial information?

Question210: An organization is designing an application programming interface (API) for business-to-business data sharing with a vendor. Which of the following is the BEST way to reduce the potential risk of data leakage?

Question211: An IS auditor finds the timeliness and depth of information regarding the organization's IT projects varies based on which project manager is assigned. Which of the following recommendations would be A MOST helpful in achieving predictable and repeatable project management processes?

Question212: Which of the following is the GREATEST risk posed by denial-of-service attacks?

Question213: Which of the following controls MOST effectively reduces the risk associated with use of instant messaging (IM) in the workplace?

Question214: In an organization that has a staff-rotation policy, the MOST appropriate access control model is:

Question215: Which of the following findings should be of MOST concern to an IS auditor when evaluating information security governance within an organization?

Question216: An IS auditor is conducting a review of a healthcare organization's IT policies for handling medical records.
Which of the following is MOST important to verify?

Question217: Which of the following is the MOST effective way to minimize the risk of a SQL injection attack?

Question218: An IS auditor is evaluating the access controls at a multinational company with a shared network infrastructure. Which of the following is MOST important?

Question219: A retirement system verifies that the field for employee status has either a value of A (for active) or R (for retired). This is an example of which type of check?

Question220: An organization has implemented a distributed security administration system to replace the previous centralized one. The IS auditor's GREATEST concern should be that:

Question221: After the release of an application system, an IS auditor wants to verify that the system is providing value to the organization. The auditor's BEST course of action would be to:

Question222: An IS auditor has been asked to perform a post-implementation assessment of a new corporate human resources (HR) system. Which of the following control areas would be OST important to review for the protection of employee information?

Question223: Which of the following is MOST important to include in a business continuity plan (BCP)?

Question224: Due to the small size of the payroll department, an organization is unable to segregate the employee setup and payroll processing functions. Which of the following would be the BEST compensating control for the lack of segregation of duties?

Question225: Which of the following are BEST suited for continuous auditing?

Question226: An organization has implemented application whitelisting in response to the discovery of a large amount of unapproved software. Which type of control has been deployed?

Question227: Which of the following controls BEST ensures appropriate segregation of duties within an accounts payable department?

Question228: Which of the following is the BEST source of information when assessing the amount of time a project will take?

Question229: Which of the following should be performed immediately after a computet security incident has been detected and analyzed by an incident response team?

Question230: A database is denormalized in order to:

Question231: Which of the following should be reviewed as part of a data integrity test?

Question232: Which of the following helps to ensure the integrity of data for an interface between a new billing system and an accounts receivable system?

Question233: During an audit of a payroll system, an IS auditor identifies that two employees share the same bank account.
The auditor is concerned they may be ghost employees. Which of the following should the auditor do NEXT?

Question234: Which of the following is the most effective control for emergency changes to application programs?

Question235: Which of the following is the GREATEST advantage of implementing an IT enterprise architecture framework within an organization?

Question236: Which of the following procedures would BEST contribute to the reliability of information in a data warehouse?

Question237: An organization offers an online information security awareness program to employees on an annual basis.
Which of the following findings from an audit of the program should be the IS auditor's GREATEST concern?

Question238: Which of the following key performance indicators (KPIs) provides the BEST indication of a security awareness campaign's effectiveness?

Question239: An organization is considering outsourcing the processing of customer insurance claims. An IS auditor notes that customer data will be sent offshore for processing. Which of the following would be the BEST way to address the risk of exposing customer data?

Question240: An IS auditor identifies key controls that have been overridden by management. The next step the IS auditor should take is to

Question241: An audit report that specifies responsibility for the closure of noncompliance issues is BEST enhanced by including:

Question242: Which of the following is the PRIMARY objective of using a capability maturity model as a tool to communicate audit results to senior management?

Question243: Which of the following activities should occur after a business impact analysis (BIA)?

Question244: A CIO has asked an IS auditor to implement several security controls for an organization s IT processes and systems. The auditor should:

Question245: An audit committee is reviewing an annual IT risk assessment Which of the following is the BEST justification for the audits selected?

Question246: During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be MOST concerned with the:

Question247: The IS auditor has identified a potential fraud perpetrated by the network administrator. The IS auditor should:

Question248: What should be an IS auditor s NEXT course of action when a review of an IT organizational structure reveals IT staff members have duties in other departments?

Question249: Which of the following should be a PRIMARY control objective when designing controls for system interfaces?

Question250: While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed the audit function. In order to resolve the situation, the IS auditor/, BEST course of action would be to:

Question251: During an audit, the client learns that the IS auditor has recently completed a similar security review at a competitor. The client inquires about the competitor's audit results. What is the BEST way for the auditor to address this inquiry?

Question252: Which of the following BEST describes a common risk in implementing a new application software package?

Question253: When reviewing user access to an application containing sensitive company data, which of the following should be the GREATEST concern with regard to segregation of duties?

Question254: Which of the following reflects inadequate segregation of duties?

Question255: Which of the following is MOST important for the IS auditor to verify when reviewing the development process of a security policy?

Question256: Which of the following is the MOST significant risk associated with the use of visualization?

Question257: An IS auditor observes that an organization s critical IT systems nave experienced several failures throughout the year. Which of the following is the BEST recommendation?

Question258: An organization is replacing its financial processing system. To help ensure that transactions in the new system are processed accurately, which of the following is MOST appropriate?

Question259: A development team has designed a new application and incorporated best practices for secure coding. Prior to launch, which of the following is the IS auditor's BEST recommendation to mitigate the associated security risk?

Question260: Reviewing which of the following would be MOST helpful in assessing whether an organization s IT performance measures are comparable to other organizations in the same industry?

Question261: An employee transfers from an organization's risk management department to become the lead IS auditor.
While in the risk management department, the employee helped developed the key performance indicators (KPIs) now used by the organization. Which of the following would pose the GREATEST threat to the independence of this auditor?

Question262: Which of the following would help to ensure the completeness of batch file transfers?

Question263: During an audit, it is discovered that several suppliers with standing orders have been deleted from the supplier master file Which of the following controls would have BEST evented such an occurrence?

Question264: During the evaluation of a firm's newly established whistleblower system, an auditor notes several findings.
Which of the following should be the
auditor's GREATEST concern?

Question265: Which of the following is the GREATEST concern when an organization allows personal devices to connect to its network?

Question266: Which of the following is MOST important for an IS auditor to consider during a review of the IT governance of an organization?

Question267: Which of the following activities should an IS auditor perform FIRST during an external network security assessment?

Question268: An organization wants to test business continuity using a scenario in which there are many remote workers trying to access production data at the same time. Which of the following is the BEST testing method in this situation?

Question269: Which of the following is MOST important to the effective management of an end user developed application?

Question270: Following an acquisition, it was decided that legacy applications subject to compliance requirements will continue to be used until they can be phased out. The IS auditor needs to determine where there are control redundancies and where gaps may exist. Which of the following activities would be MOST helpful in making this determination?

Question271: A maturity model is useful in the assessment of IT service management because it:

Question272: When initiating an IT project, which of the following should be completed FIRST:'

Question273: An IS auditor is examining a front-end sub ledger and a main ledger Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?

Question274: At which stage of the software development life cycle should an organization identity privacy considerations?

Question275: An IS auditor is involved in the user testing phase of a development project. The developers wish to use a copy of a peak volume transaction file from the production process to should that the development can cope with the required volume What is the auditor s PRIMARY concern?

Question276: Which of the following would BEST detect that a distributed-denial-of-service attack (DDoS) is occurring?

Question277: Which of the following is a distinguishing feature at the highest level of a maturity model?
D18912E1457D5D1DDCBD40AB3BF70D5D

Question278: The IS auditor of a power company finds that the radio link to a remote mountain site is experience systematic outages under specific weather conditions. The communications managers explains that increasing the radio power would require a new license and would help. What is the MOST appropriate action by the IS auditor?

Question279: When replacing a critical software application, which of the following provides for the LOWEST risk of interruption to business processes?

Question280: Which of the following is the PRIMARY responsibility of an organization's IT steering committee?

Question281: An organization recently implemented an industry-recognized IT framework to improve the overall effectiveness of IT governance. Which of the following would BEST enable an IS auditor to assess the implementation against the framework?

Question282: An organization's audit charter should:

Question283: An IS auditor is planning a risk-based audit of the human resources department. The department uses separate systems for its payroll, training and employee performance review functions. What should the IS auditor do FIRST before identifying the key controls to be tested?

Question284: An effective implementation of security roles and responsibilities is BEST evidenced across an enterprise when:

Question285: A risk analysis is MOST useful when applied during which phase of the system development process?

Question286: Which of the following should an IS auditor review FIRST when planning a customer data privacy audit?

Question287: An IS auditor reviewing the acquisition of new equipment would consider which of the following to be a significant weakness?

Question288: Which of the following is an effective way to ensure the integrity of file transfers in a peer-to-peer (P2P) computing environment?

Question289: An organization uses two data centers. Which of the following would BEST address the organization's need for high resiliency?

Question290: A maturity model can be used to aid the implementation of IT governance by identifying:

Question291: Which of the following is the BEST reason to perform root cause analysis after a critical server failure?

Question292: A vendor service level agreement (SLA) requires backup to be physically secured. An IS audit of the backup system revealed a number of the backup media were missing. Which of the following should be the auditor's NEXT step?

Question293: Which of the following is the BEST compensating control for a lack of proper segregation of duties in an IT department?

Question294: Which of the following should be an IS auditor's FIRST activity when planning an audit?

Question295: Which of the following would BEST prevent data from being orphaned?

Question296: An IS audit reveals that an organization is not proactively addressing known vulnerabilities. Which of the following should the IS auditor recommend the organization do FIRST?

Question297: A CIO has asked an IS to implement several security controls for an organization's IT process and system. The auditor should:

Question298: When conducting a follow-up audit on an organization s firewall configuration, the IS auditor discovered that the firewall had been integrated into a new system that provides both firewall and intrusion detection capabilities. The IS auditor should:

Question299: Which of the following will MOST effectively help to manage the challenges associated with end user developed application systems?

Question300: Which of the following should an IS auditor expect to find when reviewing IT security policy?

Question301: An organization's plans to implement a virtualization strategy enabling multiple operating systems on a single host. Which of the following should be the GREATEST concern with this strategy?

Question302: Which of the following is the MOST important consideration when deploying closed-circuit television (CCTV) systems that use wireless communication links to transmit images between cameras and a receiver?

Question303: During a software acquision review, an IS auditor should recommend that there be a software escrow agreement when:

Question304: The FIRST step in establishing a firewall security policy is to determine the:

Question305: A security review reveals an organization b struggling with a large number of findings from vulnerability scans. What should the IS auditor recommend be done FIRST.

Question306: What should be the PRIMARY basis for scheduling a follow-up audit?

Question307: Which of the following would BEST deter the theft of corporate information from a laptop?

Question308: The BEST access strategy while configuring a firewall would be to:

Question309: An IS auditor is reviewing an organization's implementation of a bring your own device (BYOD) program.
Which of the following would be the BEST recommendation to help ensure sensitive data is protected if a device is in the possession of an unauthorized individual?

Question310: Which of the following should be restricted from a network administrator's privileges in an adequately segregated H" environment?

Question311: The use of the Transport Layer Security (TLS) protocol enables the client in a network to be:

Question312: An IS auditor concludes that a local area network's (LAN's) access security is satisfactory. In reviewing the work, the audit manager should:

Question313: As part of a mergers and acquisitions activity, an acquiring organization wants to consolidate data and systems from the organization being acquired into existing systems. To ensure the data is relevant the acquiring organization should:

Question314: Which type of control is being implemented when a biometric access device is installed at the entrance to a facility?

Question315: Which of the following is the BEST method for uncovering shadow IT within an organization?

Question316: During the procurement process which of the following would be the BEST indication that prospective vendors will meet the organization's needs?

Question317: Which of the following is MOST important to consider when creating audit follow-up procedures?

Question318: Which of the following is MOST important to include in an organization's incident response plan to help prevent similar incidents from happening in the future?

Question319: Which of the following is the MOST critical characteristic of a biometric system?

Question320: During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor's NEXT step should be to:

Question321: An IS auditor finds that confidential company data has been inadvertently leaked through social engineering.
The MOST effective way to help prevent a recurrence of this issue is to implement:

Question322: An organization is moving its on-site application servers to a service provider that operates a virtualized environment shared by multiple customers. Which of the following is the MOST significant risk to the organization?

Question323: Which of the following is the MOST critical step prior to performing a network penetration test?

Question324: To achieve desired objectives, which of the following is MOST important to review when identifying potential areas of improvement in IT processes?

Question325: Which of the following activities would allow an IS auditor to maintain independence while facilitating a control self-assessment (CSA)?

Question326: A stockbroker accepts orders over the Internet. Which of the following is the MOST appropriate control to ensure confidentiality of the orders?

Question327: Which of the following is MOST important when an incident may lead to prosecution?

Question328: Which of the following projects would be MOST important to review in an audit of an organizations financial statements?

Question329: During a business process re-engineering (BPR) program, IT can assist with:

Question330: Which of the following would MOST effectively and executive management in achieving IT and business alignment?

Question331: When evaluating whether the expected benefits of a project have been achieved, it is MOST important for an IS auditor to review:

Question332: Which of the following validation techniques would BEST prevent duplicate electronic vouchers?

Question333: Which of the following would be of MOST concern during an audit of an end-user computing system containing sensitive information?

Question334: A typical network architecture used for e-commerce, a load balancer is normally found between the:

Question335: What is the MOST important business concern when an organization is about to migrate a mission-critical application to a virtual environment?

Question336: Which of the following would be MOST helpful in ensuring security procedures are followed by employees in a multinational organization?

Question337: Which of ihe following BEST indicates a need to review an organization's information security policy?

Question338: Due to the increasing size of a database, user access times and daily backups continue to increase. Which of the following would be the BEST way to address this situation?

Question339: An intruder accesses an application server and makes changes to the system log. Which of the following would enable the identification of the changes?

Question340: Which of the following should be the PRIMARY reason to establish a social media policy for all employees?

Question341: An IS auditor has completed a service level management audit related to order management services provided by a third party Which of the following is the MOST significant finding?

Question342: A small startup organization does not have the resources to implement segregation of duties. Which of the following would be the MOST effective compensating control?

Question343: To ensure the integrity of a recovered database, which of the following would be MOST useful?

Question344: An organization has established three IS processing environments: development, test, and production. The MAJOR reason for separating the development and test environments is

Question345: In a follow-up audit, an IS auditor notes that management has addressed the original findings in a different way than originally agreed upon. The auditor should FIRST:

Question346: Which of the following BEST enables an audit department to improve the quality of work performed by its auditors?

Question347: Which of the following is the PRIMARY reason for an IS auditor to issue an interim audit report?

Question348: Which of the following is the BEST approach for performing a business impact analysis (BIA) of a supply-chain management application?

Question349: A company uses a standard form to document and approve all changes in production programs. To ensure that the forms are properly authorized, which of the following is the MOST effective sampling method?

Question350: Which of the following is the BEST physical security solution for granting and restricting access to individuals based on their unique access needs?

Question351: An organization using instant messaging to communicate with customers can prevent legitimate customers from being impersonated by:

Question352: An IS auditor auditing the effectiveness of utilizing a hot site will MOST likely:

Question353: Which of the following is the PRIMARY reason for an IS auditor to map out the narrative of a business process?

Question354: A manufacturing company is implementing application software for its sales and distribution system. Which of the following is the MOST important reason for the company to choose a centralized online database?

Question355: While auditing an IT department s cloud service provider, the IS auditor found that privileged access monitoring is not being performed as required by the contract. The provider disagrees with this issue and notes that compensating controls are in place. The IS auditor's NEXT course of action should be to:

Question356: internal IS auditor recommends that incoming accounts payable payment files be encrypted. Which type of control is the auditor recommending?

Question357: Which of the following is the BEST type of backup to minimize the associated time and media?

Question358: An organization is developing data classification standards and has asked internal audit for advice on aligning the standards with best practices. Internal audit would MOST likely recommend the standards should be:

Question359: The operations team of an organization has reported an IS security attack. Which of the following should be the NEXT step for the security incident response team?

Question360: To preserve chain-of-custody following an internal server compromise, which of the following should be the FIRST step?

Question361: Due to cost restraints, a company defers the replacement of hardware supporting core applications. Which of the following represents the GREATEST risk?

Question362: When reviewing an organization's data protection practices, an IS auditor should be MOST concerned with a lack of: