EMT Practice Test

1. Question Content...


Question List

Question1: In a database management system (DBMS) normalization is used to:

Question2: An IS auditor is conducting a pre-implementation review to determine a new system's production readiness.
The auditor's PRIMARY concern should be whether:

Question3: An IS auditor suspects an organization's computer may have been used to commit a crime. Which of the following is the auditor s BEST course of action?

Question4: A small organization does not have enough employees to implement adequate segregation of duties in accounts payable. Which of the following is the BEST compensating control to mitigate the risk associated with this situation?

Question5: Which of the following is a KEY consideration to ensure the availability of nodes in an active-active application cluster configuration?

Question6: Which of the following could be used to evaluate the effectiveness of IT operations?

Question7: The MOST appropriate control to ensure that all orders transmitted from remote locations to the production department are received accurately would be to:

Question8: Which of the following is the PRIMARY objective of the IS audit function?

Question9: An external IS auditor is reviewing the continuous monitoring system for a large bank and notes several potential issues. Which of the following would present the GREATEST concern regarding the reliability of the monitoring system?

Question10: Which of the following controls is MOST effective in detecting spam?

Question11: When designing metrics for information security, the MOST important consideration is that the metrics:

Question12: Which of the following is the MOST important audit activity following a database migration?

Question13: Invoking a business continuity plan (BCP) is demonstrating which type of control?

Question14: The BEST access strategy while configuring a firewall would be to:

Question15: An incorrect version of source code was amended by a development team, This MOST likely indicates a weakness in:

Question16: The practice of performing backups reflects which type of internal control?

Question17: After discussing findings with an auditee, an IS auditor is required to obtain approval of the report from the CEO before issuing it to the audit committee. This requirement PRIMARILY affects the IS auditor's:

Question18: Which of the following roles is ULTIMATELY accountable for the protection of an organization s information?

Question19: Which of the following is MOST important for an IS auditor to verify during a disaster recovery audit?

Question20: The MAIN reason an organization's incident management procedures should include a post-incident review is to:

Question21: A digital signature addresses which of the following concerns?

Question22: An internal audit has revealed a large number of incidents for which root cause analysis has not been performed. Which of the following is MOST important for the IS auditor to verify to determine whether there is an audit issue?

Question23: Which of the following would provide the BEST evidence of successfully completed batch uploads?

Question24: Which of the following is the PRIMARY advantage of using an automated security log monitoring tool over a manual review to monitor the use

Question25: Which of the following is the BEST indication of control maturity in an organization's systems development and implementation processes?

Question26: An organization is evaluating a disaster recovery testing scenario in which a ransomware attack occurs and the business impact analysis (BIA) indicates the recovery point objective (RPO) is 6 hours. Which of the following BEST ensures the most recent good data set will be available after the attack occurs?

Question27: Which of the following stakeholders is accountable for control evaluations during a control self-assessment (CSA)?

Question28: Which of the following is the FIRST consideration when developing a data retention policy?

Question29: An organization's sensitive data is stored in a cloud computing environment and is encrypted. Which of the following findings should be of GREATEST concern to an IS auditor?

Question30: What is the MOST important consideration of any disaster response plan?

Question31: Which of the following system deployments requires the cloud provider to assume the widest range of responsibilities for data protection?

Question32: An audit report notes that terminated employees have been retaining their access rights after their departure.
Which of the following strategies would BEST ensure that obsolete access rights are identified in a timely manner?

Question33: A recent audit concluded that an organization's information security system was weak and that monitoring would likely fail to detect penetration. Which of the following would be the MOST appropriate recommendation?

Question34: Which of the following controls BEST mitigates the impact of a distributed denial of service (DDoS) attack against the controller in a softwaredefined network (SDN)?

Question35: Which of the following is the BEST control to mitigate the malware risk associated with an instant messaging (IM) system1?

Question36: An IS auditor previously worked in an organization s IT department and was involved with the design of the business continuity plan (BCP). The IS auditor has now been asked to review this same BCP. The auditor should FIRST.

Question37: Which of the following should an IS auditor recommend to reduce the likelihood of potential intruders using social engineering?

Question38: A small organization is experiencing rapid growth and plans to create a new information security policy.
Which of the following is MOST relevant to creating the policy?

Question39: An IT steering committee assists the board of directors to fulfill IT governance duties by:

Question40: Which type of control is an IS auditor assessing when reviewing the adequacy of existing policies and procedures related to end-user computing activities?

Question41: Which of the following would BEST indicate the independence of the internal audit function?

Question42: An IS auditor has been asked to review an organization's security incident response plan for effectiveness Which of the following should the auditor recommend be done FIRST after a network intrusion event has occurred?

Question43: Which of the following activities is MOST important to consider when conducting IS audit planning?

Question44: Which of the following is a reason for implementing a decentralized IT governance model?

Question45: Which of the following threats is MOST effectively controlled by a firewall?

Question46: Two servers are deployed in a cluster to run a mission-critical application. To determine whether the system has been designed for optimal efficiency, the IS auditor should verify that:

Question47: During a "clean desk" audit, a USB flash drive labeled "confidential" was found on the desk of a terminated employee. Which of the following would be the BEST way to safety review its contents?

Question48: Which of the following is the MOST important control to help minimize the risk of data leakage from calls made to a business-to-business application programming interface (API)?

Question49: Which of the following is the BEST example of a data analytics use case during the planning phase of an IS audite

Question50: Code changes are compiled and placed in a change folder by the developer. An implementation learn migrates changes to production from the change folder. Which of the following BEST indicates separation of duties is in place during the migration process?

Question51: Which of the following mechanisms for process improvement involves examination of industry best practice?

Question52: An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization s objectives?

Question53: The process of applying a hash function to a message, and obtaining and ciphering a digest refers to:

Question54: Which of the following would BEST help management maintain a current and effective business continuity plan (BCP)?

Question55: Which of the following is the safest means of transmitting confidential information over the Internet?

Question56: An IS auditor who was instrumental in designing an application is called upon to review the application. The auditor should:

Question57: Which of the following is the MOST effective way for an IS auditor to evaluate the creation and deletion of administrative accounts in a virtual environment?

Question58: Which of the following has the GREATEST influence on the success of IT governance?

Question59: Which of the following should be the FIRST step when developing a business continuity plan (BCP)?

Question60: Which of the following tools is MOST helpful in estimating budgets for tasks within a large IT business application project?

Question61: Which of the following is the MOST important factor when an organization is developing information security policies and procedures?

Question62: During an audit of the organization's data privacy policy, the IS auditor identified that only some IT application databases have encryption in place. What should be the auditors FIRST action?

Question63: What is the BEST indicator of successful implementation of an organization s information security policy?

Question64: An organization has outsourced its data leakage monitoring to an Internet service provider (ISP). Which of the following is the BEST way for an IS auditor to determine the effectiveness of this service?

Question65: When preparing to evaluate the effectiveness of an organizations IT strategy, an IS auditor should FIRST review;

Question66: During a network security review the system log indicates an unusually high number of unsuccessful login attempts Which of the following sampling techniques is MOST appropriate for selecting a sample of user IDs for further investigation?

Question67: Which of the following Is the MOST effective way for an IS auditor to evaluate whether an organization is well positioned to defend against an advanced persistent threat (APT)?

Question68: When determining the specifications for a server supporting an online application using more than a hundred endpoints, which of the following is the MOST important factor to be Considered?

Question69: Which of the following is an example of a corrective control?

Question70: Information security awareness programs in a large organization should be:

Question71: In which of the following cloud service models does the user organization have the GREATEST control over the accuracy of configuration items in its configuration management database (CMDB)?

Question72: When assessing a business case as part of a post-implementation review, the IS auditor MUST ensure that the:

Question73: Which of the following cloud computing models should an organization adopt if faced with challenges in capacity planning and software maintenance?

Question74: What would be an IS auditors GREATEST concern when using a test environment for an application audit?

Question75: An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?

Question76: An IS auditor is reviewing the upgrading of an operating system. Which of the following would be the GREATEST audit concern?

Question77: Which of the following is the BEST way for an IS auditor to assess the effectiveness of backup procedures?

Question78: Which of the following key performance indicator (KPI) changes would represent a decline in system availability?

Question79: Which of the following should be of MOST concern to an IS auditor evaluating a forensics program?

Question80: Which of the following is MOST important for the successful completion of a new application system?

Question81: Which of the following should an IS auditor review FIRST when planning a customer data privacy audit?

Question82: Which of the following factors will BEST promote effective information security management?

Question83: After delivering an audit report, the audit manager discovers that evidence was overlooked during the audit This evidence indicates that a procedural control may have failed and could contradict a conclusion of the audit. Which of the following risks is MOST affected by the oversight?

Question84: A software development project has had a significant scope reduction. Which of the following is the MOST important action for the IS auditor to perform in this situation?

Question85: An IS auditor discovers that several desktop computers contain unauthorized software. Which of the following would be the auditor's BEST course of action?

Question86: During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be MOST concerned with the:

Question87: A region where an organization conducts business has announced changes in privacy legislation. Which of the following should an IS auditor do FIRST to prepare for the changes?

Question88: An IS auditor identified hard-coded credentials within the source code of recently developed software when evaluating its readiness for implementation. Which of following would be the auditor's BEST recommendation?

Question89: When determining whether a project in the design phase will meet organizational objectives what is BEST to compare against the business case?

Question90: Which of the following user actions constitutes the GREATEST risk for introducing viruses into a local network?

Question91: Which of the following access rights in the production environment should be granted to a developer to maintain segregation of duties?

Question92: Which of the following is the GREATEST risk resulting from conducting periodic reviews of IT over several years based on the same audit program?

Question93: When responding to an ongoing denial of service (DoS) attack, an organization's FIRST course of action should be to

Question94: Which of the following is the MAIN purpose of implementing an incident response process?

Question95: An organization is including a client side software component of a Software as a Service (SaaS) solution as part of its standard PC age To protect the organization against copyright infringement, what is MOST important for the IS auditor to ensure?

Question96: Which of the following is the BEST key performance indicator (KPI) for determining how well the IT policy is aligned to the business requirements?

Question97: Which of the following is MOST important for an IS auditor to determine when reviewing how the organization's incident response team handles devices that may be involved in criminal activity?

Question98: Which of the following is the MOST reliable network connection medium in an environment where there is strong electromagnetic interface?

Question99: During the review of an organization's software development process, which of the following would be the IS auditor's GREATEST concern related to software security coding testing?

Question100: When reviewing a disaster recovery plan (DRP) an IS auditor should examine the:

Question101: An IS auditor is reviewing standards and compliance requirements related to an upcoming systems audit. The auditor notes that the industry standards are less stringent than local regulatory standards. How should the auditor proceed?

Question102: An IS auditor reviewing a financial organization's identity management solution found thai some critical business applications do not have identified owners. Which of the following should the auditor do NEXT?

Question103: Which of the following observations should be of MOST concern to an IS auditor evaluating an IT security team's incident handling practices?

Question104: Which of the following key performance indicators (KPIs) provides the BEST indication of a security awareness campaign's effectiveness?

Question105: An IS auditor notes that several of a client's servers are vulnerable to attack due to open unused ports and protocols. The auditor recommends management implement minimum security requirements. Which type of control has been recommended?

Question106: As part of a quality assurance initiative, an organization has engaged an external auditor to evaluate the internal IS audit function. Which of the following observations should be of MOST concern?

Question107: Which of the following would be the MOST significant consideration when developing a data classification program for a multinational organization?

Question108: Which of the following is the BEST control to reduce the likelihood that a spear phishing attack will be successful?

Question109: An IS auditor is conducting a post-implementation review of an enterprise resource planning (ERP) system End users indicated concerns with the accuracy of critical automatic calculations made by the system. The auditor's FIRST course of action should be to:

Question110: Which of the following would be MOST effective to protect information assets in a data center from theft by a vendor?

Question111: To test the integrity of the data in the accounts receivable master file, an IS auditor particularly interested in reviewing customers with balances over $400.000. the selection technique the IS auditor would use to obtain such a sample is called:

Question112: Which of the following is the MOST effective way to minimize the risk of a SQL injection attack?

Question113: Which of the following would provide the BEST assurance that an organization s backup media is adequate in the case of a disaster?

Question114: A legacy application is running on an operating system that is no longer supported by the vendor. If the organization continues to use the current application, which of the following should be the IS auditor's GREATEST concern?

Question115: Which of the following is the PRIMARY objective of using a capability maturity model as a tool to communicate audit results to senior management?

Question116: Which of the following should an IS auditor recommend to facilitate the management of baseline requirements for hardening of firewalls?

Question117: An organization's audit charter should:

Question118: Which of the following is the BEST audit procedure to determine whether a firewall is configured in compliance with the organization's security policy?

Question119: When an organization is having new software implemented under contract, which of the following is key to controlling escalating costs due to scope creep?

Question120: Which of the following should be the PRIMARY reason to establish a social media policy for all employees?

Question121: Which type of risk has materialized when an internal IS auditor discovers an issue that external auditors missed due to improperly applied audit procedures?

Question122: Which of the following should be the MOST important consideration when prioritizing IS audit activities

Question123: Which of the following is MOST useful for determining whether the goals of IT are aligned with the organization's goals?

Question124: When participating as a member of a system development team, the IS auditor should be aware that:

Question125: Which of the following would be of GREATEST concern to an IS auditor reviewing a critical spreadsheet during a financial audit?

Question126: Which of the following provides the BEST indication that IT key performance indicators (KPls) are Integrated into management practices?

Question127: During a project meeting for the Implementation of an Enterprise resource planning (ERP). a new requirement Is requested by the finance department. Which of the following would BEST Indicate to an IS auditor that the resulting risk to the project has been assessed?

Question128: Which of the following should be included in a business impact analysis (BIA)

Question129: A risk analysis is MOST useful when applied during which phase of the system development process?

Question130: An IS auditor finds that confidential company data has been inadvertently leaked through social engineering.
The MOST effective way to help prevent a recurrence of this issue is to implement:

Question131: An organization s audit charter PRIMARILY:

Question132: Which of the following BEST indicates to an IS auditor that an IT-related project will deliver value to the organization?

Question133: Which of the following is the BEST way to transmit documents classified as confidential over the Internet?

Question134: Which of the following is the MOST important metric in selecting a biometric device?

Question135: Which of the following is the GREATEST risk of cloud computing?

Question136: Which of the following is an IS auditor's recommendation for mitigating risk associated with rapid expansion of hosts within a virtual environment?

Question137: With a properly implemented public key infrastructure (PKI) In use, person A wishes to ensure that an outgoing message can be read only by person B. To achieve this, the message should be encrypted using which of the following?

Question138: An organization has purchased a replacement mainframe computer to cope with the demands of increased business. Which of the following should be the PRIMARY concern of an IS auditor?

Question139: Which of the following would be MOST important for an IS auditor to review when identifying Key IT risk areas to include in an IS audit scope?

Question140: planning an end-user computing (EUC) audit, it is MO ST important for the IS auditor to

Question141: An organization is using tunneling over an extranet. Which or the following control objectives is BEST addressed by this process?

Question142: Which of the following is a distinguishing feature at the highest level of a maturity model?
D18912E1457D5D1DDCBD40AB3BF70D5D

Question143: An organization's current end-user computing practices include the use of a spreadsheet for financial statements. Which of the following is the GREATEST concern?

Question144: During a post-incident review of a security breach, what type of analysis should an IS auditor expect to be performed by the organization's information security team?

Question145: Which of the following is the BEST method to assess the adequacy of security awareness in an organization?

Question146: An IS Auditor is performing a business continuity plan (BCP) audit and identifies that the plan has not been tested for five years, however, the plan was successfully activated during a recent extended power outage.
Which of the following is the 15 auditor's BEST count of action?

Question147: Which of the following is the BEST approach to verify that internal help desk procedures are executed in compliance with policies?

Question148: What is the PRIMARY purpose of performing a parallel run of a new system?

Question149: Which of the following would be MOST time and cost efficient when performing a control self-assessment (CSA) for an organization with a large number of widely dispersed employees?

Question150: IS management has decided to replace the current single-server-based local area network (LAN) with three interconnected servers running different operating systems. Existing applications and data on the old server have been exclusively distributed on the new servers. This will MOST likely result in:

Question151: Which of the following is a benefit of using symmetric cryptography instead of asymmetric cryptography?

Question152: Following an internal audit of a database, management has committed to enhance password management controls. Which of the following provides the BEST evidence that management has remediated the audit finding?

Question153: During a help desk review, an IS auditor determines the call abandonment rate exceeds agreed-upon service levels. What conclusion can be drawn from this finding?

Question154: When reviewing a database supported by a third-party service provider, an IS auditor found minor control deficiencies. The auditor should FIRST

Question155: What should be an IS auditor s NEXT course of action when a review of an IT organizational structure reveals IT staff members have duties in other departments?

Question156: When evaluating a protect immediately prior to implementation, which of the following would provide the BEST evidence that the system has the required functionality?

Question157: During the implementation of an upgraded enterprise resource planning (ERP) system, which of the following is the MOST important consideration for a go-live decision?

Question158: When reviewing capacity monitoring, an IS auditor notices several incidents where storage capacity limits were reached, while the average utilization was below 30% Which of the following is MOST likely the root cause?

Question159: Which of the following actions should an organization's security policy require an employee to take upon finding a security breach?

Question160: An IS auditor attempts to sample for variables in a population of items with wide differences in values but determines that an unreasonably large number of sample items must be selected to produce the desired confidence level. In this situation, which of the following is the audit decision?
D18912E1457D5D1DDCBD40AB3BF70D5D

Question161: The lack of which of the following represents the GREATEST risk to the quality of developed software?

Question162: Which of the following would BEST indicate a mature information security program within an organization?

Question163: An IS auditor has found that despite an increase in phishing attacks over the past two years, there has been a significant decrease in the success rate. Which of the following is the MOST likely reason for this decline?

Question164: Which of the following are the PRIMARY considerations when determining the timing of remediation testing?

Question165: Which of the following controls will BEST ensure that the board of directors receives sufficient information about IT?

Question166: What would be an IS auditor's BEST course of action when a critical issue outside the audit scope is discovered on an employee workstation?

Question167: Which of the following tools are MOST helpful for benchmarking an existing IT capability?

Question168: A retirement system verifies that the field for employee status has either a value of A (for active) or R (for retired). This is an example of which type of check?

Question169: When engaging services from external auditors, which of the following should be established FIRST?

Question170: An IS auditor is reviewing the process followed in identifying and prioritizing the critical business processes.
This process is part of the:

Question171: Which of the following Is essential to an effective continuous improvement program within the IS department?

Question172: A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization. Which of the following is MOST effective in detecting such an intrusion?

Question173: Which of the following is the MOST important consideration when developing an online business architecture and recovery strategy?

Question174: A lower recovery point objective (RPO) results In

Question175: An organization using instant messaging to communicate with customers prevent legitimate customers from being impersonated by:

Question176: Which of the following audit procedures would provide the BEST assurance that an application program is functioning as designed?

Question177: The CIO of an organization is concerned that the information security policies may not be comprehensive.
Which of the following should an IS auditor recommend be performed FIRST?

Question178: During an external assessment of network vulnerability which of the following activities should be performed FIRST

Question179: Which combination of access controls provides the BEST physical protection for a server room?

Question180: Which of the following BEST ensures IT incident and problem management practices will meet expected service level agreements (SLAs)?

Question181: The results of an IS audit indicating the need to strengthen controls has oeen communicated to the appropriate stakeholders Which of the following is the BEST way for management to enforce Implementation of the recommendations?

Question182: Which of the following would BEST detect that a distributed-denial-of-service attack (DDoS) is occurring?

Question183: A sales representative is reviewing the organization's feedback blog and gets redirected to a site that sells illegal prescription drugs. The blog site is MOST likely susceptible to which of the following types of attacks?

Question184: An IS auditor observes that a bank's web page address is prefixed "https:/f. The auditor would be correct to conclude that:

Question185: Which of the following will enable a customer to authenticate an online Internet vendor?

Question186: Which of the following observations should be of concern to an IS auditor in the fieldwork stage of a procurement audit?

Question187: Which of the following is the GREATEST risk of using a reciprocal site for disaster recovery?

Question188: A typical network architecture used for e-commerce, a load balancer is normally found between the:

Question189: Which of the following controls would BEST decrease the exposure if a password is compromised?

Question190: What is an IS auditor's BEST recommendation to strengthen security guidelines in order to prevent data leakage from the use of smart devices?

Question191: The results of a feasibility study for acquiring a new system should provide management with a clear understanding of:

Question192: Which of the following Is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?

Question193: What is the MOST critical finding when reviewing an organization's information security management?

Question194: Which of the following is MOST important with regard to an application development acceptance test?

Question195: An IS auditor discovers that due to resource constraints a database administrator (DBA) is responsible for developing and executing changes into the production environment Which of the following should the auditor do FIRST?

Question196: When developing a business continuity plan (BCP), which of the following should be performed FIRST?

Question197: When developing a disaster recovery plan (DRP). which of the following should be the MOST important factor driving the availability requirements of individual applications?

Question198: The GREATEST benefit of using a prototyping approach in software development is that it helps to:

Question199: During an IS audit, it is discovered that security configurations differ across the organization's virtual server farm. Which of the following is the IS auditor's BEST recommendation to proving the control environment?

Question200: Which of the following findings should be of GREATEST concern to an IS auditor performing an information security audit of critical server log management activities?

Question201: To create a digital signature in a message using asymmetric encryption, it is necessary to:

Question202: An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives Which of the following findings should be the IS auditor's GREATEST concern?

Question203: Which audit approach is MOST helpful in optimizing the use of IS audit resources?

Question204: Which of the following would BEST provide executive management with current information on IT related costs and IT performance indicators?

Question205: In a 24/7 processing environment, a database contains several privileged application accounts with passwords set to "never expire.' Which of the following recommendations would BEST address the risk with minimal disruption to the business?

Question206: An IS auditor is evaluating the access controls at a multinational company with a shared network infrastructure. Which of the following is MOST important?

Question207: Which of the following is the PRIMARY criterion for identifying an incident severity level?

Question208: The BEST method an organization can employ to align its business continuity plan (BCP) and disaster recovery plan (DRP) with core business needs is to:

Question209: During the course of an audit, an IS auditor's organizational independence is impaired. The IS auditor should FIRST

Question210: What is the PRIMARY objective of implementing data classification?

Question211: In a high-volume, real-time system, the MOST effective technique by which to continuously monitor and analyze transaction processing is:

Question212: While evaluating an organization's program for tracking system interfaces and data transfers, the IS auditor notices the program does not record some of the ad hoc transfers that occur. Which of the following is the GREATEST potential risk?

Question213: An IS auditor is assigned to review the development of a specific application. Which of the following would be the MOST significant step following the feasibility study?

Question214: For a company that outsources payroll processing, which of the following is the BEST way to ensure that only authorized employees are paid?

Question215: Which of the following is MOST influential when defining disaster recovery strategies?

Question216: To restore service at a large processing facility after a disaster, which of the following tasks should be performed FIRST?

Question217: When creating a new risk management program, it is CRITICAL to consider

Question218: Which of the following areas are the MOST likely cause of an application producing several erroneous reports?

Question219: An IS auditor Is assessing risk associated with peer-to-peer file sharing within an organization. Which of the following should be of GREATEST concern?

Question220: Which of the following would BEST deter the theft of corporate information from a laptop?

Question221: An organization has implemented a control to help ensure databases containing personal information will not be updated with online transactions that are incomplete due to connectivity issues. Which of the following information attributes is PRIMARILY addressed by this control?

Question222: An IS auditor is planning on utilizing attribute sampling to determine the error rate for health care claims processed. Which of the following factors will cause the sample size to decrease?

Question223: Which of the following conditions would be of MOST concern to an IS auditor assessing the risk of a successful brute force attack against encrypted data at rest?

Question224: Which of the following is MOST essential to quality management?

Question225: The recovery time objective (RTO) is normally determined on the basis of the:

Question226: Which of the following IS functions can be performed by the same group or individual while still providing the proper segregation of duties?

Question227: Which of the following controls would BEST enable IT management: to detect shadow IT within the organization?

Question228: Which of the following backup methods is MOST appropriate when storage space is limited?

Question229: Which of the following is the MOST important difference between end-user computing (EUC) applications and traditional applications?

Question230: The drives of a tile server are backed up at a hot site. Which of the following is the BEST way to duplicate the files stored on the server for forensic analysis?

Question231: Which of the following would help to ensure the completeness of batch file transfers?

Question232: Which of the following factors would be GREASTEST threat to the success of the re-engineering of a business process?

Question233: Which of the following would provide the BEST evidence for use in a forensic investigation of an employee's hard drive?

Question234: An IS auditor is assessing a recent migration of mission critical applications to a virtual platform. Which of the following observations poses the GREATEST risk to the organization?

Question235: During an audit of a mission-critical system hosted in an outsourced data center, an IS auditor discovers that contracted routine maintenance for the alternate power generator was not performed. Which of the following should be the auditor's MAIN concern?

Question236: Which of the following should be reviewed FIRST when planning an IS audit?

Question237: When implementing a software product (middleware) to pass data between local area network (LAN) servers and the mainframe, the MOST critical control consideration is:

Question238: Which of the following is the MOST important determining factor when establishing appropriate timeframes for follow-up activities related to audit findings?

Question239: The risk that the IS auditor will not find an error that has occurred is identified by which of the following terms?

Question240: Which of the following is the BEST indication that an information security program is effective?

Question241: Low humidity levels In a staffed data center are a threat because they

Question242: The MOST effective method for an IS auditor to determine which controls are functioning in an operating system is to:

Question243: The BEST data backup strategy for mobile users is to:

Question244: An IS auditor is planning an audit of an organization s payroll processes. Which of the following is the BEST procedure to provide assurance against internal fraud?

Question245: The MOST important reason for documenting all aspects of a digital forensic investigation is that documentation:

Question246: The PRIMARY reason an IS department should analyze past incidents and problems is to:

Question247: An organization has performance metrics to track how well IT resources are being used, but there has been little progress on meeting the organization's goals. Which of the following would be MOST helpful to determine the underlying reason?

Question248: An organization has begun using social media to communicate with current and potential clients. Which of the following should be of PRIMARY concern to the auditor?

Question249: Which of the following is the BEST indication of the completeness of interface control documents used for the development of a new application?

Question250: Which of the following is a prerequisite to help ensure that IS hardware and software support the delivery of mission-critical functions?

Question251: Which of the following findings is the GREATES concern when reviewing a disaster recovery plan (DRP) with high availability requirements?

Question252: An IS auditor is preparing a data set for a data analytics project. The data will be used to benchmark a new computer-assisted audit technique (CAAT) tool being developed. Which of the following will help to ensure the data cannot be identified?

Question253: What is the PRIMARY reason for hardening new devices before introducing into a corporate network?

Question254: The PRIMARY benefit of using secure shell (SSH) to access a server on a network is that it:

Question255: In which of the following sampling methodologies does each member of the population have a known nonzero probability of being selected?

Question256: An IS auditor discovered abnormalities in a monthly report generated from a system upgraded six months ago.
Which of the following should be the auditor's FIRST course of action?

Question257: Which of the following would be MOST useful when analyzing computer performance?

Question258: Which of the following would have the GREATEST impact on defining the classification levels for electronic documents?

Question259: Two organizations will share ownership of a new enterprise resource management (ERM) system To help ensure the successful implementation of the system, it k MOST important to define:

Question260: An organization has recently acquired and implemented intelligent-agent software for granting loans to customers. During the post implementation review, which of the following would be the KEY procedure for the IS auditor to perform?