EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following will BEST help to ensure that an in-house application in the production environment is current?

Question2: An organization is in the process of deciding whether to allow a bring your own device (BYOD) program. If approved, which of the following should be the FIRST control required before implementation?

Question3: The BEST way to preserve data integrity through all phases of application containerization is to ensure which of the following?

Question4: Which of the following is the MAIN advantage of using one-time passwords?

Question5: Of the following, who should approve a release to a critical application that would make the application inaccessible for 24 hours?

Question6: Following the discovery of inaccuracies in a data warehouse, an organization has implemented data profiling, cleansing, and handling filters to enhance the quality of data obtained from c

Question7: Due to a global pandemic, a health organization has instructed its employees to work from home as much as possible. The employees communicate using instant messaging Which of the following is the GREATEST risk in this situation?

Question8: Which of the following is the PRIMARY objective of implementing privacy-related controls within an organization"?

Question9: Which of the following would provide an IS auditor with the MOST assurance when auditing the implementation of a new application system?

Question10: To protect information assets, which of the following should be done FIRST?

Question11: Which of the following would provide the BEST evidence of the effectiveness of mandated annual security awareness training?

Question12: Which of the following would an IS auditor PRIMARILY review to understand key drivers of a project?

Question13: Which of the following is the GREATEST benefit of utilizing data analytics?

Question14: Capacity management enables organizations to:

Question15: A month after a company purchased and implemented system and performance monitoring software reports were too large and therefore were not reviewed or acted upon The MOST effective plan of action would be to

Question16: A financial institution is launching a mobile banking service utilizing multi-factor authentication. This access control is an example of which of the following?

Question17: Which of the following is an example of a preventative control in an accounts payable system?

Question18: An IS auditor is reviewing an enterprise database platform. The review involves statistical methods. Benford analysis, and duplicate checks. Which of the following computer-assisted audit technique (CAAT) tools would be MOST useful for this review''

Question19: An IS auditor conducting a follow-up audit learns that previously funded recommendations have not been implemented due to recent budget restrictions. Which of the following should the

Question20: Which of the following should an IS auditor expect to see in a network vulnerability assessment?

Question21: When developing metrics to measure the contribution of IT to the achievement of business goals, the MOST important consideration is that the metrics:

Question22: An organization has recently converted its infrastructure to a virtualized environment. The GREATEST benefit related to disaster recovery is that virtualized servers:

Question23: On a public-key cryptosystem when there is no previous knowledge between parties, which of the following will BEST help to prevent one person from using a fictitious key to impersonate someone else?

Question24: Which of the following observations should be of GREATEST concern to an IS auditor reviewing a large organization's virtualization environment?

Question25: Which of the following should be the FIRST step to help ensure the necessary regulatory requirements are addressed in an organization's cross-border data protection policy?

Question26: What is the BEST justification for allocating more funds to implement a control for an IT asset than the actual cost of the IT asset?

Question27: During an exit interview senior management disagrees with some of the facts presented in the draft audit report and wants them removed from the report Which of the following would be the auditor's BEST course of action?

Question28: Which of the following provides the MOST assurance over the completeness and accuracy of loan application processing with respect to the implementation of a new system?

Question29: Which of the following is the MOST important step in the development of an effective IT governance action plan?

Question30: Post-implementation testing is an example of which of the following control types?

Question31: Which of the following is MOST important for an IS auditor to examine when reviewing an organization's privacy policy?

Question32: An audit has identified that business units have purchased cloud-based applications without ITs support. What is [he GREATEST risk associated with this situation?

Question33: An IS auditor previously worked in an organization s IT department and was involved with the design of the business continuity plan (BCP). The IS auditor has now been asked to review this same BCP. The auditor should FIRST.

Question34: Which of the following presents the GREATEST concern when implementing data flow across borders?

Question35: An IS auditor is conducting a pre-implementation review to determine a new system's production readiness. The auditor's PRIMARY concern should be whether:

Question36: Which of the following is the PRIMARY reason for an organization's procurement processes to include an independent party who is not directly involved with business operations and related decision-making'?

Question37: Which of the following BEST describes the relationship between vulnerability scanning and penetration testing?

Question38: Which of the following is MOST likely to result from compliance testing?

Question39: Which of the following technologies has the SMALLEST maximum range for data transmission between devices?

Question40: servDuring an internal audit review of a human resources (HR) recruitment system implementation the IS auditor notes that several defects were unresolved at the time the system went live Which of the following is the auditor's MOST important task prior to formulating an audit opinion?

Question41: Which type of control is in place when an organization requires new employees to complete training on applicable privacy and data protection regulations?

Question42: The activation of a pandemic response plan has resulted in a remote workforce situation. Which of the following technologies poses the GREATEST risk to data confidentiality?

Question43: During an audit of a data classification policy, an IS auditor finds that many documents are inappropriately classified as confidential. Which of the following is the GREATEST concern?

Question44: Which of the following is the role of audit leadership in ensuring the quality of audit and engagement performance?

Question45: An organization seeks to control costs related to storage media throughout the information life cycle while still meeting business and regulatory requirements. Which of the following is the BEST way to achieve this objective?

Question46: An IS auditor reviewing a purchase accounting system notices several duplicate payments made for the services rendered. Which of the following is the auditor's BEST recommendation for preventing duplicate payments?

Question47: Which of the following is the MOST significant risk associated with peer-to-peer networking technology?

Question48: In a database management system (DBMS) normalization is used to:

Question49: Which of the following is the BEST way to minimize the impact of a ransomware attack?

Question50: Due to budget restraints, an organization is postponing the replacement of an in-house developed mission critical application. Which of the following represents the GREATEST risk?

Question51: A warehouse employee of a retail company has been able to conceal the theft of inventory items by entering adjustments of either damaged or lost stock items to the inventory system Which control would have BEST prevented this type of fraud in a retail environment?

Question52: internal IS auditor recommends that incoming accounts payable payment files be encrypted. Which type of control is the auditor recommending?

Question53: A database audit reveals an issue with the way data ownership for client data is defined. Which of the following roles should be accountable for this finding?

Question54: Which of the following is the BEST recommendation to prevent fraudulent electronic funds transfers by accounts payable employees?

Question55: Which of the following sampling techniques is BEST to use when verifying the operating effectiveness of internal controls during an audit of transactions?

Question56: Upon completion of audit work, an IS auditor should:

Question57: Which of the following will MOST likely compromise the control provided by a digital signature created using RSA encryption?

Question58: An IT organization's incident response plan is which type of control?

Question59: An IS auditor finds that firewalls are outdated and not supported by vendors. Which of the following should be the auditor s NEXT course of action?

Question60: Which of the following is the client organization's responsibility in a Software as a Service (SaaS) environment?

Question61: A software development organization with offshore personnel has implemented a third-party virtual workspace to allow the teams to collaborate. Which of the following should be of GREATEST concern?

Question62: Audit management has just completed the annual audit plan for the upcoming year, which consists entirely of high-risk processor. However it is determined that there are insufficient resources to execute the plan. What should be done NEXT?

Question63: In assessing the priority given to systems covered in an organization's business continuity plan (BCP), an IS auditor should FIRST:

Question64: An IT governance framework provides an organization with:

Question65: Both statistical and nonstatistical sampling techniques:

Question66: The GREATEST benefit of using a prototyping approach in software development is that it helps to:

Question67: Which of the following should be of concern to an IS auditor performing a software audit on virtual machines?

Question68: Which of the following would be a result of utilizing a top-down maturity model process?

Question69: Spreadsheets are used to calculate project cost estimates Totals for each cost category are then keyed into the job-costing system. What is the BIST control to ensure that data are accurately entered into the system?

Question70: Which of the following should be included in emergency change control procedures?

Question71: Which of the following should be an IS auditor's PRIMARY focus when developing a risk-banned IS audit program?

Question72: An organization's business function wants to capture customer data and must comply with global data protection regulations. Which of the following should be considered FIRST?

Question73: Which of the following audit procedures would be MOST conclusive in evaluating the effectiveness of an e-commerce application system's edit routine?

Question74: In an environment where most IT services have been outsourced, continuity planning is BEST controlled by:

Question75: Which of the following is MOST important for an IS auditor to consider when reviewing documentation for an organization's forensics policy?

Question76: An IS auditor has obtained a large complex data set for analysis. Which of the following activities will MOST improve the output from the use of data analytics tools?

Question77: Which of the following would be MOST important to update once a decision has been made to outsource a critical application to a cloud service provider?

Question78: When preparing to evaluate the effectiveness of an organizations IT strategy, an IS auditor should FIRST review;

Question79: An IS auditor wants to understand the collective effect of the preventive, detective, and corrective controls for a specific business process. Which of the following should the auditor focus on FIRST?

Question80: What information within change records would provide an IS auditor with the MOST assurance that configuration management is operating effectively?

Question81: Which of the following BEST measures project progress?

Question82: Which of the following is the MOST important consideration when incorporating data analytics into an audit?

Question83: Which of the following is the PRIMARY protocol for protecting outbound content from tampering and eavesdropping?

Question84: An IS auditor notes that application super-user activity was not recorded in system logs. What is the auditor's BEST course of action?

Question85: An auditor is creating an audit program in which the objective is to establish the adequacy of personal data privacy controls in a payroll process. Which of the following would be MOST important to include?

Question86: The CIO of an organization is concerned that the information security policies may not be comprehensive. Which of the following should an IS auditor recommend be performed FIRST?

Question87: Which of the following BEST demonstrates that IT strategy is aligned with organizational goals and objectives?

Question88: An internal audit department recently established a quality assurance (QA) program as part of its overall audit program. Which of the following activities is MOST important to include as part of the QA program requirements?

Question89: An organization developed a comprehensive three-year IT strategic plan Halfway into the plan a major legislative change impacting the organization is enacted Which oi the following should be management's NEXT course of action?

Question90: Segregation of duties would be compromised if:

Question91: Which of the following implementation strategies for new applications presents the GREATEST risk during data conversion and migration from an old system to a new system?

Question92: Which of the following is the MOST effective way to minimize the risk of a SQL injection attack?

Question93: Which of the following focus areas is a responsibility of IT management rather than IT governance?

Question94: Which of the following network management toots should an IS auditor use to review the type of packets flowing along a monitored link'?

Question95: An internal audit department recently established a quality assurance (QA) program. Which of the following activities is MOST important to include as part of the OA program requirements?

Question96: Which of the following is the BEST way for an IS auditor to reduce sampling risk when performing audit sampling to verify the adequacy of an organization's internal controls?

Question97: Which of the following should occur EARLIEST in a business continuity management lifecycle?

Question98: What is the MOST critical finding when reviewing an organization's information security management?

Question99: Which of the following is the BEST way to ensure payment transaction data is restricted to the appropriate users?

Question100: Which of the following would BEST facilitate the detection of internal fraud perpetrated by an individual?

Question101: Reconciliations have identified data discrepancies between an enterprise data warehouse and a revenue system for key financial reports. What is the GREATEST risk to the organization in this situation?

Question102: An organization's security policy mandates that all new employees must receive appropriate security awareness training. Which of the following metrics would BEST assure compliance with this policy?

Question103: Which of the following is the BEST way to mitigate the risk associated with a document storage application that has a syncing feature that could allow malware to spread to other machines in the network?

Question104: Which of the following IS functions can be performed by the same group or individual while still providing the proper segregation of duties?

Question105: An IS auditor is reviewing environmental controls and finds extremely high levels of humidity in the data center. Which of the following is the PRIMARY risk to computer equipment from this condition?

Question106: An IS auditor is reviewing the change management process in a large IT service organization. Which of the following observations would be the GREATEST concern?

Question107: Code changes are compiled and placed in a change folder by the developer. An implementation learn migrates changes to production from the change folder. Which of the following BEST indicates separation of duties is in place during the migration process?

Question108: Compared to developing a system in-house, acquiring a software package means that the need for testing by end users is:

Question109: Which of the following is the MAIN purpose of data classification?

Question110: An IS auditor reviewing a high-risk business application has identified the need to strengthen controls for reporting malfunctions to management Which of the following would BEST facilitate timely reporting?

Question111: When an organization introduces virtualization into its architecture, which of the following should be an IS auditor's PRIMARY area of focus to verify adequate protection?

Question112: Which of the following is the PRIMARY concern when negotiating a contract for a hot site?

Question113: When evaluating database management practices, which of the following controls would MOST effectively support data integrity?

Question114: Which of the following is the BEST way to enforce the principle of least privilege on a server containing data with different security classifications?

Question115: An audit of the quality management system (QMS) begins with an evaluation of the:

Question116: A bank is relocating its servers to a vendor that provides data center hosting services to multiple clients. Which of the following controls would restrict other clients from physical access to the bank servers?

Question117: During data migration, which of the following BEST prevents integrity issues when multiple processes within the migration program are attempting to write to the same table in the databases?

Question118: Which of the following is MOST important for an IS auditor to verify when evaluating an organization's firewall?

Question119: What is BEST for an IS auditor to review when assessing the effectiveness of changes recently made to processes and tools related to an organization's business continuity plan (BCP)?

Question120: The PRIMARY reason an IS department should analyze past incidents and problems is to:

Question121: Which of the following is the PRIMARY risk when business units procure IT assets without IT involvement?

Question122: An IS auditor is reviewing the implementation of an international quality management standard Which of the following provides the BEST evidence that quality management objectives have been achieved?

Question123: To BEST evaluate the effectiveness of a disaster recovery plan, the IS auditor should review the:

Question124: An IS auditor is reviewing the installation of a new server. The IS auditor's PRIMARY objective is to ensure that

Question125: Which of the following BEST guards against the risk of attack by hackers?

Question126: Which of the following is the GREATEST benefit of implementing an incident management process?

Question127: A bank has implemented a new accounting system. Which of the following is the BEST lime for an IS auditor to perform a post-implementation review?

Question128: Which of the following is the BEST way to achieve high availability and fault tolerance for an e-business system?

Question129: Which of the following is MOST important to include in a contract to outsource data processing that involves customer personally identifiable information (Pit)?

Question130: While reviewing similar issues in an organization s help desk system, an IS auditor finds that they were analyzed independently and resolved differently This situation MOST likely indicates a deficiency in:

Question131: An organization wants to replace its suite of legacy applications with a new, in-house developed solution. Which of the following is the BEST way to address concerns associated with migration of all mission-critical business functionality?

Question132: When evaluating the recent implementation of an intrusion detection system (IDS), an IS auditor should be MOST concerned with inappropriate:

Question133: Which control type would provide the MOST useful input to a root cause analysis?

Question134: Which of the following should be included in a business impact analysis (BIA)

Question135: During an audit, the client learns that the IS auditor has recently completed a similar security review at a competitor. The client inquires about the competitor's audit results. What is the BEST way for the auditor to address this inquiry?

Question136: Which of the following is the BEST way to ensure that business continuity plans (BCPs) will work effectively in the event of a major disaster?

Question137: An IS auditor is assigned to review the development of a specific application. Which of the following would be the MOST significant step following the feasibility study?

Question138: Which of the following is MOST important for an IS auditor to verify when reviewing a critical business application that requires high availability?

Question139: An organization is deciding whether to outsource its customer relationship management systems to a provider located in another country. Which of the following should be the PRIMARY influence in the outsourcing decision?

Question140: Which of the following should be done FIRST when planning a penetration test?

Question141: Which of the following practices BEST ensures that archived electronic information of permanent importance is accessible over time?

Question142: Which of the following attacks would MOST likely result in the interception and modification of traffic for mobile phones connecting to potentially insecure public Wi-Fi networks?

Question143: When determining which IS audits to conduct during the upcoming year, internal audit has received a request from management for multiple audits of the contract division due to fraud findings during the prior year Which of the following is the BEST basis for selecting the audits to be performed?

Question144: An IS auditor attempts to sample for variables in a population of items with wide differences in values but determines that an unreasonably large number of sample items must be selected to produce the desired confidence level. In this situation, which of the following is the BEST audit decision?

Question145: When deciding whether a third party can be used in resolving a suspected security breach, which of the following should be the MOST important consideration for IT management?

Question146: Which of the following BEST minimizes performance degradation of servers used to authenticate users of an e-commerce website?

Question147: During a review of an application system, an IS auditor identifies automated controls designed to prevent the entry of duplicate transactions. What is the BEST way to verify that the controls work as designed?