EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is MOST likely to be detected by an IS auditor applying data analytic techniques?

Question2: Which of the following is the BEST way for an IS auditor to reduce sampling risk when performing audit sampling to verify the adequacy of an organization's internal controls?

Question3: Which of the following is the BEST recommendation to prevent fraudulent electronic funds transfers by accounts payable employees?

Question4: Which of the following is the BEST way to mitigate the risk associated with a document storage application that has a syncing feature that could allow malware to spread to other machines in the network?

Question5: An internal audit department recently established a quality assurance (QA) program as part of its overall audit program. Which of the following activities is MOST important to rlude as part of the QA program requirements?

Question6: Which of the following is the BEST IS audit strategy?

Question7: An IS auditor notes that help desk personnel are required to make critical decisions during major service disruptions. Which of the following is the auditor's BEST recommendation to address this situation?

Question8: An organization wants to replace its suite of legacy applications with a new, in-house developed solution. Which of the following is the BEST way to address concerns associated with migration of all mission-critical business functionality?

Question9: Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (IDSs)?

Question10: Which of the following is the GREATEST benefit of utilizing data analytics?

Question11: During an audit of a financial application, it was determined thai many terminated users' accounts were not disabled. Which of the following should be the IS auditors NEXT step?

Question12: Which of the following techniques would provide the BEST assurance to an IS auditor that all necessary data has been successfully migrated from a legacy system to a modern platform?

Question13: Which of the following is the BEST compensating control for a lack of proper segregation of duties in an IT department?

Question14: When determining which IS audits to conduct during the upcoming year, internal audit has received a request from management for multiple audits of the contract division due to fraud findings during the prior year Which of the following is the BEST basis for selecting the audits to be performed?

Question15: When using a wireless device, which of the following BEST ensures confidential access to email via web mail?

Question16: Which of the following presents the GREATEST concern when implementing data flow across borders?

Question17: During a review of operations, it is noted that during a batch update, an error was detected and the database initiated a roll-back. An IT operator stopped the roll-back and re-initiated the update. What should the operator have done PRIOR to re-initiating the update?

Question18: Which of the following should an IS auditor recommend to reduce the likelihood of potential intruders using social engineering?

Question19: What is the MOST important business concern when an organization is about to migrate a mission-critical application to a virtual environment?

Question20: An IS auditor begins an assignment and identifies audit components for which the auditor is not qualified to assess. Which of the following is the BEST course of anion?

Question21: Post-implementation testing is an example of which of the following control types?

Question22: An IS auditor is planning on utilizing attribute sampling to determine the error rate for health care claims processed. Which of the following factors will cause the sample size to decrease?

Question23: A legacy application is running on an operating system that is no longer supported by vendor, if the organization continues to use the current application, which of the application should be the IS auditor's GREATEST concern?

Question24: A CIO has asked an IS auditor to implement several security controls for an organization s IT processes and systems. The auditor should:

Question25: Which of the following sampling techniques is BEST to use when verifying the operating effectiveness of internal controls during an audit of transactions?

Question26: An IS auditor finds that terminated users have access to financial applications. Which of the following is the auditor's MOST important course of action when assessing the impact?

Question27: When evaluating the recent implementation of an intrusion detection system (IDS), an IS auditor should be MOST concerned with inappropriate:

Question28: When reviewing an organization's information security policies, an IS auditor should venfy that the policies have been defined PRIMARILY on the basis of

Question29: An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives Which of the following findings should be the IS auditor's GREATEST concern?

Question30: Which of the following control checks would utilize data analytics?

Question31: Which of the following should be included in a business impact analysis (BIA)

Question32: An employee has accidentally posted confidential data to the company's social media page. Which of the following is the BEST control to prevent this from recurring?

Question33: An organization that has suffered a cyber attack is performing a forensic analysis of the affected users' computers Which of the following should be of GREATEST concern for the IS editor reviewing this process?

Question34: An internal audit department recently established a quality assurance (QA) program. Which of the following activities is MOST important to include as part of the OA program requirements?

Question35: When aligning IT projects with organizational objectives, it is MOST important to ensure that the:

Question36: Which of the following are examples of detective controls?

Question37: An organization's business function wants to capture customer data and must comply with global data protection regulations. Which of the following should be considered FIRST?

Question38: Data analytics Tools are BEST suited for which of the following purposes?

Question39: Which of the following should be of GREATEST concern to an IS auditor testing interface controls for an associated bank wire transfer process?

Question40: A multinational organization is integrating its existing payroll system with a human resource information system. Which of the following should be of GREATEST concern to the IS auditor?

Question41: When reviewing a contract for a disaster recovery hot site, which of the following would be the MOST significant omission?

Question42: The maturity level of an organization s problem management support function is optimized when the function

Question43: An organization allows its employees to use personal mobile devices for work. Which of the following would BEST maintain information security without compromising employee privacy?

Question44: In planning a major system development project, function point analysis would assist in:

Question45: An IS auditor reviewing a checkpoint/restart procedure should be MOST concerned if it is applied after:

Question46: Which of the following would BEST manage the risk of changes in requirements after the analysis phase of a business application development project?

Question47: Which of the following validation techniques would BEST prevent duplicate electronic vouchers?

Question48: To develop a robust data security program, the FIRST course of action should be to:

Question49: Which of the following is the PRIMARY benefit of using a capability maturity model?

Question50: Which of the following should an IS auditor expect to see in a network vulnerability assessment?

Question51: Which of the following should be the FIRST step in an organization's forensics process to preserve evidence?

Question52: A month after a company purchased and implemented system and performance monitoring software reports were too large and therefore were not reviewed or acted upon The MOST effective plan of action would be to

Question53: An IS auditor is reviewing an enterprise database platform. The review involves statistical methods. Benford analysis, and duplicate checks. Which of the following computer-assisted audit technique (CAAT) tools would be MOST useful for this review''

Question54: An IS auditor reviewed the business case for a proposed investment to virtualize an organization's server infrastructure. Which of the following is MOST likely to be included among the benefits in the project proposal?

Question55: Which of the following strategies BEST optimizes data storage without compromising data retention practices?

Question56: Which of the following factors constitutes a strength in regard to the use of a disaster recovery planning reciprocal agreement?

Question57: Spreadsheets are used to calculate project cost estimates Totals for each cost category are then keyed into the job-costing system. What is the BIST control to ensure that data are accurately entered into the system?

Question58: An IS auditor identifies key controls that have been overridden by management. The next step the IS auditor should take is to

Question59: An IS auditor is reviewing the installation of a new server. The IS auditor's PRIMARY objective is to ensure that

Question60: An organization has recently converted its infrastructure to a virtualized environment. The GREATEST benefit related to disaster recovery is that virtualized servers:

Question61: Upon completion of audit work, an IS auditor should:

Question62: A company laptop has been stolen and all photos on the laptop have been published on social media. Which of the following is the IS auditor's BEST course of action?

Question63: An IS auditor finds a number of system accounts that do not have documented approvals Which of the following should be performed FIRST by the auditor?

Question64: Which of the following BEST demonstrates that IT strategy is aligned with organizational goals and objectives?

Question65: Which of the following is MOST important for an effective control self-assessment (CSA) program?

Question66: An IS auditor is reviewing an industrial control system (ICS) that uses older unsupported technology in the scope of an upcoming audit. What should the auditor consider the MOST significant concern?

Question67: An IS auditor has completed an audit on the organization's IT strategic planning process Which of the following findings should be given the HIGHEST priority?

Question68: Which of the following is the BEST way to achieve high availability and fault tolerance for an e-business system?

Question69: Which of the following would BEST provide executive management with current information on IT related costs and IT performance indicators?

Question70: An emergency power-off switch should:

Question71: An IS auditor finds that periodic reviews of read-only users for a reporting system are not being performed. Which of the following should be the IS auditor's NEXT course of action?

Question72: An organization s audit charter PRIMARILY:

Question73: Which of the following should be of MOST concern to an IS auditor during the review of a quality management system?

Question74: When developing a business continuity plan (BCP), which of the following should be performed FIRST?

Question75: Which of the following is the BEST way to mitigate the risk associated with technology obsolescence?

Question76: planning an end-user computing (EUC) audit, it is MO ST important for the IS auditor to

Question77: Which of the following is MOST important for an IS auditor to consider during a review of the IT governance of an organization?

Question78: During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?

Question79: Which of the following should an IS auditor review FIRST when evaluating a business process for auditing?

Question80: Of the following, who should approve a release to a critical application that would make the application inaccessible for 24 hours?

Question81: The PRIMARY advantage of object-oriented technology is enhanced:

Question82: A client/server configuration will:

Question83: An organization plans to receive an automated data feed into its enterprise data warehouse from a third-party service provider. Which of the following would be the BEST way to prevent accepting bad data?

Question84: Which of the following should the IS auditor do FIRST to ensure data transfer integrity for Internet of Things (loT) devices?

Question85: A senior auditor is reviewing work papers prepared by a junior auditor indicating that a finding was removed after the auditee said they corrected the problem. Which of the following is the senior auditor's MOST appropriate course of action?

Question86: An IT governance framework provides an organization with:

Question87: An IS auditor is using data analytics in an audit and has obtained the data to be used for testing. Which of the following is the MOST important task before testing begins?

Question88: Which of the following BEST indicates that an organization has effective governance in place?

Question89: Which of the following is MOST important to ensure when reviewing a global organization's controls to protect data held on its IT infrastructure across all of its locations?

Question90: An IS auditor notes that IT and the business have different opinions on the availability of their application servers Which of the following should the IS auditor review FIRST in order to understand the problem?

Question91: The activation of a pandemic response plan has resulted in a remote workforce situation. Which of the following technologies poses the GREATEST risk to data confidentiality?

Question92: Which of the following backup schemes is the BEST option when storage media is limited?

Question93: Which of the following would an IS auditor recommend as the MOST effective preventive control to reduce the risk of data leakage'

Question94: What is the MOST critical finding when reviewing an organization's information security management?

Question95: Which of the following is the BEST justification for deferring remediation testing until the next audit?

Question96: Which of the following is the GREATEST advantage of vulnerability scanning over penetration testing'?

Question97: The BEST method an organization can employ to align its business continuity plan (BCP) and disaster recovery plan (DRP) with core business needs is to:

Question98: Which of the following BEST minimizes performance degradation of servers used to authenticate users of an e-commerce website?

Question99: An IS auditor noted that a change to a critical calculation was placed into the production environment without being tested. Which of the following is the BEST way to obtain assurance that the calculation functions correctly?

Question100: The purpose of data migration testing is to validate data:

Question101: During an audit, the client learns that the IS auditor has recently completed a similar security review at a competitor. The client inquires about the competitor's audit results. What is the BEST way for the auditor to address this inquiry?

Question102: Which of the following is MOST critical to include when developing a data loss prevention (DIP) policy?

Question103: Which of the following is the MOST effective way to identify anomalous transactions when performing a payroll fraud audit?

Question104: Which of the following should an IS auditor validate FIRST when reviewing the security of an organization's IT infrastructure as it relates to Internet of Things (loT) devices?

Question105: Which of the following is the GREATEST concern when an organization allows personal devices to connect to its network?

Question106: Which of the following is a benefit of the DevOps development methodology?

Question107: An organization issues digital certificates to employees to enable connectivity to a web-based application. Which of the following public key infrastructure (PKI) components MUST be included in the application architecture for determining the on-going validity of connections?

Question108: An organization is running servers with critical business application that are in an area subject to frequent but brief power outages. Knowledge of which of the following would allow the organization's management to monitor the ongoing adequacy of the uninterruptable power supply (UPS)?

Question109: The MOST important reason why an IT risk assessment should be updated on a regular basis is to:

Question110: Which of the following BEST describes the relationship between vulnerability scanning and penetration testing?

Question111: Which of the following features can be provided only by asymmetric encryption?

Question112: Which of the following should an IS auditor expect to find when reviewing IT security policy?

Question113: An IS auditor notes that application super-user activity was not recorded in system logs. What is the auditor's BEST course of action?

Question114: One advantage of monetary unit sampling is the fact that:

Question115: To address issues related to privileged users identified in an IS audit, management implemented a security information and event management (SIEM) system. Which type of control .........

Question116: Which of the following should be a concern to an IS auditor reviewing a digital forensic process for a security incident?

Question117: The decision to accept an IT control risk related to data quality should be the responsibility of the:

Question118: Which of the following should be an IS auditor's PRIMARY focus when developing a risk-banned IS audit program?

Question119: Within the context of an IT-related governance framework, which type of organization would be considered MOST mature?

Question120: Which of the following should be the PRIMARY objective of a migration audit?

Question121: An organization has outsourced its data leakage monitoring to an Internet service provider (ISP). Which of the following is the BEST way for an IS auditor to determine the effectiveness of this service?

Question122: Which of the following must be in place before an IS auditor initiates audit follow-up activities?

Question123: Which of the following should be the PRIMARY consideration for IT management when selecting a new information security tool that monitors suspicious file access patterns?

Question124: During a business process re-engineering (BPR) program, IT can assist with:

Question125: Which of the following human resources management practices BEST leads to the detection of fraudulent activity?

Question126: Which of the following is an IS auditor's BEST course of action upon learning that preventive controls have been replaced with detective and corrective controls'

Question127: The information security function in a large organization is MOST effective when:

Question128: A manager identifies active privileged accounts belonging to staff who have left the organization. Which of the following is the threat actor In this scenario?

Question129: Which of the following is the PRIMARY advantage of using virtualization technology for corporate applications?

Question130: An IS auditor is evaluating the risk associated with moving from one database management system (DBMS) to another. Which of the following would be MOST helpful to ensure the integrity of the system throughout the change?

Question131: What would be an IS auditors GREATEST concern when using a test environment for an application audit?

Question132: Which control type would provide the MOST useful input to a root cause analysis?

Question133: An organization plans to launch a social media presence as part of a new customer service campaign. Which of the following is the MOST significant risk from the perspective of potential litigation?

Question134: During a systems development project, participation in which of the following activities would compromise the IS auditor's independence?

Question135: Which of the following is the MOST effective means of helping management and the IT strategy committee to monitor IT performance?

Question136: Which of the following is the MOST likely cause of a successful firewall penetration?

Question137: Which of the following is the BEST way for an IS auditor to maintain visibility of a new system implementation project when faced with resource limitations

Question138: Which of the following should be the PRIMARY audience for a third-party technical security assessment report?

Question139: Which of the following is the MOST effective way to minimize the risk of a SQL injection attack?

Question140: During an audit of an access control system an IS auditor finds that RFID card readers are not connected via the network to a central server Which of the following is the GREATEST risk associated with this finding?

Question141: During a routine check, a system administrator identifies unusual activity indicating an intruder within a firewall. Which of the following controls has MOST likely been compromised?

Question142: Which of the following provides an IS auditor the MOST assurance that an organization is compliant with legal and regulatory requirements?

Question143: Which of the following would provide the BEST evidence for use in a forensic investigation of an employee's hard drive?

Question144: An IS auditor reviewing a high-risk business application has identified the need to strengthen controls for reporting malfunctions to management Which of the following would BEST facilitate timely reporting?

Question145: Which of the following is MOST important for the successful establishment of a security vulnerability management program?

Question146: Which of the following should be of GREATEST concern to an IS auditor reviewing the controls for a continuous software release process?

Question147: During an IT governance audit, an IS auditor notes that IT policies and procedures are not regularly reviewed and updated. The GREATEST concern to the IS auditor is that p......

Question148: Which of the following focus areas is a responsibility of IT management rather than IT governance?

Question149: The application systems quality assurance (QA) function should:

Question150: An IS auditor is assigned to review the development of a specific application. Which of the following would be the MOST significant step following the feasibility study?

Question151: Which of the following is the MOST important operational aspect for an IS auditor to consider when assessing an assembly line with quality control sensors accessible via wireless techno

Question152: While reviewing similar issues in an organization s help desk system, an IS auditor finds that they were analyzed independently and resolved differently This situation MOST likely indicates a deficiency in:

Question153: An IS auditor reviewing a purchase accounting system notices several duplicate payments made for the services rendered. Which of the following is the auditor's BEST recommendation for preventing duplicate payments?

Question154: An IS auditor has assessed a payroll service provider's security policy and finds significant topics are missing. Which of the following is the auditor's BEST course of action?

Question155: In a database management system (DBMS) normalization is used to:

Question156: An IT organization's incident response plan is which type of control?

Question157: A security company and service provider have merged and the CEO has requested one comprehensive set of security policies be developed for the newly formed company. The IS auditor s BEST recommendation would be to:

Question158: An organization's IT security policy states that user ID's must uniquely identify individual's and that user should not disclose their passwords. An IS auditor discovers that several generic user ID's are being used. Which of the following is the MOST appropriate course of action for the auditor?

Question159: Which of the following practices BEST ensures that archived electronic information of permanent importance is accessible over time?

Question160: An organization is developing a web portal using some external components. Which of the following should be of MOST concern to an IS auditor?

Question161: An organization seeks to control costs related to storage media throughout the information life cycle while still meeting business and regulatory requirements. Which of the following is the BEST way to achieve this objective?

Question162: An internal audit department recently established a quality assurance (QA) program as part of its overall audit program. Which of the following activities is MOST important to include as part of the QA program requirements?

Question163: Which of the following is the client organization's responsibility in a Software as a Service (SaaS) environment?

Question164: An IS auditor is reviewing environmental controls and finds extremely high levels of humidity in the data center. Which of the following is the PRIMARY risk to computer equipment from this condition?

Question165: Which of the following is the BEST control to mitigate the malware risk associated with an instant messaging (IM) system1?

Question166: The PRIMARY role of a control self-assessment (CSA) facilitator Is to:

Question167: A company converted its payroll system from an external service to an internal package Payroll processing in April was run in parallel. To validate the completeness of data after the conversion, which of the following comparisons from the old to the new system would be MOST effective?

Question168: Which of the following is MOST appropriate for measuring a batch processing application's system performance over time?

Question169: An IS auditor's PRIMARY objective when examining problem reports should be to help ensure:

Question170: Which of the following will BEST help to ensure that an in-house application in the production environment is current?

Question171: Which of the following MOST efficiently protects computer equipment against short-term reductions in electrical power?

Question172: A database audit reveals an issue with the way data ownership for client data is defined. Which of the following roles should be accountable for this finding?

Question173: When evaluating an IT organizational structure, which of the following is MOST important to ensure has been documented?

Question174: Which of the following is the MOST reliable network connection medium in an environment where there is strong electromagnetic interface?

Question175: An organization with high availability resource requirements is selecting a provider for cloud computing. Which of the following would cause the GREATEST concern to an IS auditor? The provider:

Question176: The GREATEST benefit of using a prototyping approach in software development is that it helps to:

Question177: An IS auditor learns the organization has experienced several server failures in its distributed environment. Which of the following is the BEST recommendation to limit the potential Impact of server failures in the future?

Question178: Which of the following Is the MOST effective way for an IS auditor to evaluate whether an organization is well positioned to defend against an advanced persistent threat (APT)?

Question179: Which of the following would be of GREATEST concern to an IS auditor reviewing backup and recovery controls?

Question180: An organization is within a jurisdiction where new regulations have recently been announced to restrict cross-border data transfer of personally identifiable information (PIl). Which of the following IT decisions will MOST likely need to be assessed in the context of this?

Question181: The recovery time objective (RTO) is normally determined on the basis of the:

Question182: Which of the following should be of concern to an IS auditor performing a software audit on virtual machines?

Question183: Which of the following should be reviewed FIRST when assessing the effectiveness of an organization's network security procedures and controls?

Question184: After an employee termination, a network account was removed, but the application account remained active. To keep this issue from recurring, which of the following is the BEST recommendation?

Question185: Which of the following cloud deployment models would BEST meet the needs of a startup software development organization with limited initial capital?

Question186: Which of the following would BEST enable an IS auditor to perform an audit that requires testing the full population of data?

Question187: Which of the following is a corrective control that reduces the impact of a threat event?

Question188: Which of the following would be the MOST appropriate reason for an organization to purchase fault-tolerant hardware?

Question189: What is the BEST population to select from when testing that programs are migrated to production with proper approval?

Question190: To help ensure the accuracy and completeness of end-user computing output it is MOST important to include strong:

Question191: Audit management has just completed the annual audit plan for the upcoming year, which consists entirely of high-risk processor. However it is determined that there are insufficient resources to execute the plan. What should be done NEXT?

Question192: During data migration, which of the following BEST prevents integrity issues when multiple processes within the migration program are attempting to write to the same table in the databases?

Question193: Which of the following should be the FIRST step when drafting an incident response plan for a new cyber-attack scenario?

Question194: When evaluating a protect immediately prior to implementation, which of the following would provide the BEST evidence that the system has the required functionality?