EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is MOST important for an IS auditor to consider during a review of the IT governance of an organization?

Question2: An IS audit manager finds that data manipulation logic developed by the audit analytics team leads to incorrect conclusions This inaccurate logic is MOST likely an indication of lich of the following?

Question3: Which of the following is the MAIN purpose of an information security management system?

Question4: What information within change records would provide an IS auditor with the MOST assurance that configuration management is operating effectively?

Question5: Which of the following is the PRIMARY reason for an IS auditor to use computer-assisted audit techniques (CAATs)?

Question6: Which of the following is the PRIMARY reason for an organization's procurement processes to include an independent party who is not directly involved with business operations and related decision-making'?

Question7: Which of the following is MOST critical to include when developing a data loss prevention (DIP) policy?

Question8: Which of the following would an IS auditor PRIMARILY review to understand key drivers of a project?

Question9: Which of the following is the GREATEST concern when an organization allows personal devices to connect to its network?

Question10: Which of the following features can be provided only by asymmetric encryption?

Question11: Which of the following is MOST important for an IS auditor to review when evaluating the effectiveness of an organization's incident response process?

Question12: When evaluating an IT organizational structure, which of the following is MOST important to ensure has been documented?

Question13: Due to a high volume of customer orders, an organization plans to implement a new application for customers to use for online ordering Which type of testing is MOST important to ensure the security of the application prior to go-live?

Question14: Which of the following should be of MOST concern to an IS auditor during the review of a quality management system?

Question15: An IS auditor is reviewing a network diagram. Which of the following would be the BEST location for placement of a firewall?

Question16: Which of the following is the PRIMARY protocol for protecting outbound content from tampering and eavesdropping?

Question17: Which of the following is the BEST way to detect system security breaches?

Question18: Due to budget restraints, an organization is postponing the replacement of an in-house developed mission critical application. Which of the following represents the GREATEST risk?

Question19: An IS auditor will be testing accounts payable controls by performing data analytics on the entire population of transactions. Which of the following is MOST important for the auditor to confirm when sourcing the population data?

Question20: A new application will require multiple interfaces. Which of the following testing methods can be used to detect interface errors early in the development life cycle1?

Question21: Which of the following is the PRIMARY concern when negotiating a contract for a hot site?

Question22: Which of the following physical controls will MOST effectively prevent breaches of computer room security?

Question23: When reviewing an organization's information security policies, an IS auditor should venfy that the policies have been defined PRIMARILY on the basis of

Question24: Which of the following would be of GREATEST concern to an IS auditor evaluating governance over open source development components?

Question25: Which of the following is the MOST likely cause of a successful firewall penetration?

Question26: A project team evaluated vendor responses to a request for proposal (RFP). An IS auditor reviewing the evaluation process would expect the team to have considered each vendor's:

Question27: The practice of periodic secure code reviews is which type of control?

Question28: A vulnerability in which of the following virtual systems would be of GREATEST concern to the IS auditor?

Question29: Which of the following is the MOST important consideration when incorporating data analytics into an audit?

Question30: The BEST way to prevent fraudulent payments is to implement segregation of duties between payment processing and:

Question31: When evaluating the recent implementation of an intrusion detection system (IDS), an IS auditor should be MOST concerned with inappropriate:

Question32: On a public-key cryptosystem when there is no previous knowledge between parties, which of the following will BEST help to prevent one person from using a fictitious key to impersonate someone else?

Question33: An IS auditor is testing employee access to a large financial system and must select a sample from the current employee list provided by the auditee. Which of the following is the MOST reliable sample source to support this testing1?

Question34: During the implementation of an upgraded enterprise resource planning (ERP) system, which of the following is the MOST important consideration for a go-live decision?

Question35: Which of the following is the BEST control to mitigate the malware risk associated with an instant messaging (IM) system1?

Question36: An IS auditor is examining a front-end sub ledger and a main ledger Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?

Question37: What is BEST for an IS auditor to review when assessing the effectiveness of changes recently made to processes and tools related to an organization's business continuity plan (BCP)?

Question38: Which of the following findings should be of GREATEST concern to an IS auditor reviewing system deployment tools for a critical enterprise application system?

Question39: When reviewing an organization's data protection practices, an IS auditor should be MOST concerned with a lack of:

Question40: A warehouse employee of a retail company has been able to conceal the theft of inventory items by entering adjustments of either damaged or lost stock items to the inventory system Which control would have BEST prevented this type of fraud in a retail environment?

Question41: What would be of GREATEST concern to an IS auditor observing shared key cards being utilized to access an organization's data center?

Question42: A user of a telephone banking system has forgotten his personal identification number (PIN), after the user has been authenticated, the BEST method of issuing a new pin is to have:

Question43: Both statistical and nonstatistical sampling techniques:

Question44: Which of the following should be of concern to an IS auditor performing a software audit on virtual machines?

Question45: Which of the following demonstrates the use of data analytics for a loan origination process?

Question46: Which of the following will MOST likely compromise the control provided by a digital signature created using RSA encryption?

Question47: Which of the following is MOST likely to result from compliance testing?

Question48: Which of the following is the MOST important difference between end-user computing (EUC) applications and traditional applications?

Question49: Which of the following is the GREATEST security risk associated with data migration from a legacy human resources (HR) system to a cloud-based system''

Question50: internal IS auditor recommends that incoming accounts payable payment files be encrypted. Which type of control is the auditor recommending?

Question51: In assessing the priority given to systems covered in an organization's business continuity plan (BCP), an IS auditor should FIRST:

Question52: An IS auditor is a member of an application development team that is selecting software. Which of the following would impair the auditor's independence?

Question53: An IS auditor finds the timeliness and depth of information regarding the organization's IT projects varies based on which project manager is assigned. Which of the following recommendations would be A MOST helpful in achieving predictable and repeatable project management processes?

Question54: Which of the following would an IS auditor recommend as the MOST effective preventive control to reduce the risk of data leakage'

Question55: Post-implementation testing is an example of which of the following control types?

Question56: To ensure the integrity of a recovered database, which of the following would be MOST useful?

Question57: Which of the following is an IS auditor s GREATEST concern when an organization does not regularly update software on individual workstations in the internal environment?

Question58: An audit has identified that business units have purchased cloud-based applications without ITs support. What is [he GREATEST risk associated with this situation?

Question59: What should be the PRIMARY basis for scheduling a follow-up audit?

Question60: An IS auditor is reviewing a recent security incident and is seeking information about the approval of a recent modification to a database system's security settings Where would the auditor MOST likely find this information?

Question61: Which of the following is the PRIMARY advantage of using virtualization technology for corporate applications?

Question62: Which of the following BEST ensures the quality and integrity of test procedures used in audit analytics?

Question63: Which of the following BEST measures project progress?

Question64: An IS auditor reviewing the use of encryption finds that the symmetric key is sent by an email message between the parties. Which of the following audit responses is correct in this situation?

Question65: An IS auditor reviewing a purchase accounting system notices several duplicate payments made for the services rendered. Which of the following is the auditor's BEST recommendation for preventing duplicate payments?

Question66: Capacity management enables organizations to:

Question67: What is the BEST control to address SOL injection vulnerabilities?

Question68: Which of the following is the client organization's responsibility in a Software as a Service (SaaS) environment?

Question69: When reviewing a contract for a disaster recovery hot site, which of the following would be the MOST significant omission?

Question70: Which of the following is the MOST significant risk associated with peer-to-peer networking technology?

Question71: The MOST important function of a business continuity plan (BCP) is to.

Question72: Which of the following is the PRIMARY reason an IS auditor should use an IT-related framework as a basis for scoping and structuring an audit?

Question73: Which of the following should be an IS auditor's PRIMARY consideration when evaluating the development and design of a privacy program?

Question74: An organization wants to replace its suite of legacy applications with a new, in-house developed solution.
Which of the following is the BEST way to address concerns associated with migration of all mission-critical business functionality?

Question75: Which of the following is the MOST important issue for an IS auditor to consider with regard to Voice-over IP (VoIP) communications?

Question76: An IS auditor attempts to sample for variables in a population of items with wide differences in values but determines that an unreasonably large number of sample items must be selected to produce the desired confidence level. In this situation, which of the following is the audit decision?

Question77: Audit management has just completed the annual audit plan for the upcoming year, which consists entirely of high-risk processor. However it is determined that there are insufficient resources to execute the plan. What should be done NEXT?

Question78: Which of the following audit procedures would be MOST conclusive in evaluating the effectiveness of an e-commerce application system's edit routine?

Question79: Which of the following is the PRIMARY purpose of quality assurance (QA) within an IS audit department?

Question80: An IS auditor finds that periodic reviews of read-only users for a reporting system are not being performed.
Which of the following should be the IS auditor's NEXT course of action?

Question81: Which of the following should an IS auditor expect to see in a network vulnerability assessment?

Question82: The purpose of data migration testing is to validate data:

Question83: Which control type would provide the MOST useful input to a root cause analysis?

Question84: Which of the following is the GREATEST benefit of implementing an incident management process?

Question85: Which of the following should be the FIRST step in an organization's forensics process to preserve evidence?

Question86: After the release of an application system, an IS auditor wants to verify that the system is providing value to the organization. The auditor's BEST course of action would be to:

Question87: A legacy application is running on an operating system that is no longer supported by vendor, if the organization continues to use the current application, which of the application should be the IS auditor's GREATEST concern?

Question88: An IS department is evaluated monthly on its cost-revenue ratio user satisfaction rate, and computer downtime This is BEST zed as an application of.

Question89: Which of the following should be of MOST concern lo an IS auditor reviewing the public key infrastructure (PKI) for enterprise email?

Question90: planning an end-user computing (EUC) audit, it is MO ST important for the IS auditor to

Question91: The GREATEST risk of database denormalization is:

Question92: An IS auditor has been asked to assess the security of a recently migrated database system that contains personal and financial data for a bank's customers. Which of the following controls is MOST important for the auditor to confirm is in place?

Question93: An IS auditor intends to accept a management position in the data processing department within the same organization. However, the auditor is currently working on an audit of a major application and has not yet finished the report. Which of the following would be the BEST step tor the IS auditor to take?

Question94: Which of the following would provide the BEST evidence of the effectiveness of mandated annual security awareness training?

Question95: Which of the following is an IS auditor's BEST course of action upon learning that preventive controls have been replaced with detective and corrective controls'

Question96: An organization is deciding whether to outsource its customer relationship management systems to a provider located in another country. Which of the following should be the PRIMARY influence in the outsourcing decision?

Question97: Which of the following attacks would MOST likely result in the interception and modification of traffic for mobile phones connecting to potentially insecure public Wi-Fi networks?

Question98: What is the PRIMARY reason for conducting a risk assessment when developing an annual IS audit plan?

Question99: Which of the following is the BEST way to minimize the impact of a ransomware attack?