EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is the BEST reason to utilize blockchain technology to record accounting transactions?

Question2: Which of the following is the GREATEST risk associated with the use of instant messaging (IM)?

Question3: Which of the following observations should be of GREATEST concern to an IS auditor reviewing a large organization's virtualization environment?

Question4: Which of the following is MOST important for an IS auditor to consider when reviewing documentation for an organization's forensics policy?

Question5: In a situation where the recovery point objective (RPO) is 0 for an online transaction processing system, which of the following is MOST important for an IS auditor to verify?

Question6: An IS auditor's PRIMARY objective when examining problem reports should be to help ensure:

Question7: Which of the following controls will BEST ensure that the board of directors receives sufficient information about IT?

Question8: A bank is relocating its servers to a vendor that provides data center hosting services to multiple clients. Which of the following controls would restrict other clients from physical access to the bank servers?

Question9: Which of the following is the MOST important step in the development of an effective IT governance action plan?

Question10: An employee has accidentally posted confidential data to the company's social media page. Which of the following is the BEST control to prevent this from recurring?

Question11: Which of the following would be MOST important to update once a decision has been made to outsource a critical application to a cloud service provider?

Question12: Which of the following is the BEST way to detect system security breaches?

Question13: Which of the following is MOST helpful for an IS auditor to review when determining the appropriateness of controls relevant to a specific audit area?

Question14: A review of IT interface controls finds an organization does not have a process to identify and correct records that do not get transferred to the receiving system. Which of the following is.........

Question15: An IS auditor s role in privacy and security is to:

Question16: Which of the following should be of MOST concern to an IS auditor during the review of a quality management system?

Question17: Which of the following will BEST help to ensure that an in-house application in the production environment is current?

Question18: To create a digital signature in a message using asymmetric encryption, it is necessary to:

Question19: Which of the following is the BEST way to mitigate the risk associated with a document storage application that has a syncing feature that could allow malware to spread to other machines in the network?

Question20: Which of the following is the PRIMARY protocol for protecting outbound content from tampering and eavesdropping?

Question21: An IS auditor attempts to sample for variables in a population of items with wide differences in values but determines that an unreasonably large number of sample items must be selected to produce the desired confidence level. In this situation, which of the following is the BEST audit decision?

Question22: An IS audit manager has been asked to perform a quality review on an audit that the same manager also supervised. Which of the following is (he manager's BEST response to this situation?

Question23: Which of the following is an example of a preventative control in an accounts payable system?

Question24: Which of the following is the GREATEST benefit of utilizing data analytics?

Question25: An IS auditor finds that terminated users have access to financial applications. Which of the following is the auditor's MOST important course of action when assessing the impact?

Question26: An IS audit manager finds that data manipulation logic developed by the audit analytics team leads to incorrect conclusions This inaccurate logic is MOST likely an indication of lich of the following?

Question27: Which of the following is the MAIN advantage of using one-time passwords?

Question28: To help ensure the accuracy and completeness of end-user computing output it is MOST important to include strong:

Question29: An organization's IT security policy requires annual security awareness training for all employees. Which of the following would provide the BEST evidence of the training's effectiveness?

Question30: During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?

Question31: An organization has outsourced its data leakage monitoring to an Internet service provider (ISP). Which of the following is the BEST way for an IS auditor to determine the effectiveness of this service?

Question32: Which of the following is the GREATEST advantage of application penetration testing over vulnerability scanning?

Question33: Which of the following techniques would provide the BEST assurance to an IS auditor that all necessary data has been successfully migrated from a legacy system to a modern platform?

Question34: As part of a follow-up of a previous year's audit, an IS auditor has increased the expected error rate for a sample. The impact will be:

Question35: The BEST method an organization can employ to align its business continuity plan (BCP) and disaster recovery plan (DRP) with core business needs is to:

Question36: An IS auditor is planning to audit an organization's infrastructure for access, patching, and change management. Which of the following is the BEST way to prioritize the systems?

Question37: Which of the following is the BEST IS audit strategy?

Question38: An IS auditor previously worked in an organization s IT department and was involved with the design of the business continuity plan (BCP). The IS auditor has now been asked to review this same BCP. The auditor should FIRST.

Question39: Which of the following is an IS auditor s GREATEST concern when an organization does not regularly update software on individual workstations in the internal environment?

Question40: Which of the following should be the PRIMARY consideration for IT management when selecting a new information security tool that monitors suspicious file access patterns?

Question41: A financial institution is launching a mobile banking service utilizing multi-factor authentication. This access control is an example of which of the following?

Question42: While conducting a system architecture review, an IS auditor learns of multiple complaints from field agents about the latency of a mobile thin client designed to provide information during site inspections Which of the following is the BEST way to address this situation?

Question43: An organization wants to replace its suite of legacy applications with a new, in-house developed solution. Which of the following is the BEST way to address concerns associated with migration of all mission-critical business functionality?

Question44: An IS auditor finds the timeliness and depth of information regarding the organization's IT projects varies based on which project manager is assigned. Which of the following recommendations would be A MOST helpful in achieving predictable and repeatable project management processes?

Question45: The information security function in a large organization is MOST effective when:

Question46: A bank has implemented a new accounting system. Which of the following is the BEST lime for an IS auditor to perform a post-implementation review?

Question47: Which of the following is the BEST indication of the completeness of interface control documents used for the development of a new application?

Question48: Which of the following BEST demonstrates the degree of alignment between IT and business strategy?

Question49: Which of the following processes BEST addresses the risk associated with the deployment of a new production system?

Question50: During a review of operations, it is noted that during a batch update, an error was detected and the database initiated a roll-back. An IT operator stopped the roll-back and re-initiated the update. What should the operator have done PRIOR to re-initiating the update?

Question51: The PRIMARY role of a control self-assessment (CSA) facilitator Is to:

Question52: An organization is deciding whether to outsource its customer relationship management systems to a provider located in another country. Which of the following should be the PRIMARY influence in the outsourcing decision?

Question53: Which of the following is the BEST guidance from an IS auditor to an organization planning an initiative to improve the effectiveness of its IT processes?

Question54: Which of the following technologies has the SMALLEST maximum range for data transmission between devices?

Question55: Which type of control is in place when an organization requires new employees to complete training on applicable privacy and data protection regulations?

Question56: Which of the following is a corrective control that reduces the impact of a threat event?

Question57: The PRIMARY reason for an IS auditor to use data analytics techniques is to reduce which type of audit risk?

Question58: What would be an IS auditor's BEST recommendation upon finding that a third-party IT service provider hosts the organization's human resources (HR) system in a foreign country?

Question59: Which of the following MUST be completed before selecting and deploying a biometric system that uses facial recognition software?

Question60: Which of the following is the BEST way for an IS auditor to ensure the completeness of data collected for advanced analytics during an audit?

Question61: An organization issues digital certificates to employees to enable connectivity to a web-based application. Which of the following public key infrastructure (PKI) components MUST be included in the application architecture for determining the on-going validity of connections?

Question62: Which of the following is the PRIMARY concern when negotiating a contract for a hot site?

Question63: A company is using a software developer for a project. At which of the following points should the software quality assurance (QA) plan be developed?

Question64: What is the BEST population to select from when testing that programs are migrated to production with proper approval?

Question65: Which of the following is the PRIMARY reason for using a digital signature?

Question66: Which of the following must be in place before an IS auditor initiates audit follow-up activities?

Question67: An IS auditor finds that the process for removing access for terminated employee is not documented. What is the MOST significant risk from this observation?

Question68: An organization plans to eliminate pilot releases and instead deliver all functionality in a single release. Which of the following is the GREATEST risk with this approach?

Question69: An internal audit department recently established a quality assurance (QA) program. Which of the following activities is MOST important to include as part of the OA program requirements?

Question70: When using a wireless device, which of the following BEST ensures confidential access to email via web mail?

Question71: Which of the following is the MOST reliable network connection medium in an environment where there is strong electromagnetic interface?

Question72: Which of the following should be of GREATEST concern to an IS auditor conducting a security review of a point-of-sale (POS) system?

Question73: An IS auditor has completed an audit of an organization's accounts payable system. Which of the following should be rated as the HIGHEST risk in the audit report and requires immediate remediation?

Question74: Audit management has just completed the annual audit plan for the upcoming year, which consists entirely of high-risk processor. However it is determined that there are insufficient resources to execute the plan. What should be done NEXT?

Question75: Which of the following is the GREATEST threat to Voice-over Internet Protocol (VoIP) related to privacy?

Question76: Which of the following should be of MOST concern lo an IS auditor reviewing the public key infrastructure (PKI) for enterprise email?

Question77: Which of the following is a directive control?

Question78: Which of the following should be of GREATEST concern to an IS auditor reviewing actions taken during a forensic investigation?

Question79: When measuring the effectiveness of a security awareness program, the MOST helpful key performance indicator (KPI) is the number of:

Question80: When deploying an application that was created using the programming language and tools supported by the cloud provider, the MOST appropriate cloud computing model for an organization to adopt is:

Question81: Which of the following BEST measures project progress?

Question82: A post-implementation review of a development project concludes that several business requirements were not reflected in the software requirement specifications. Which of the following should an IS auditor recommend to reduce this problem in the future?

Question83: Which of the following falls within the scope of an information security governance committee?

Question84: What information within change records would provide an IS auditor with the MOST assurance that configuration management is operating effectively?

Question85: Which of the following communication modes should be of GREATEST concern to an IS auditor evaluating end user networking?

Question86: Regression testing should be used during a system development project to ensure that:

Question87: An IT governance framework provides an organization with:

Question88: Disciplinary policies are BEST classified as.

Question89: An emergency power-off switch should:

Question90: Which of the following projects would be MOST important to review in an audit of an organizations financial statements?

Question91: Which of the following would BEST facilitate the detection of internal fraud perpetrated by an individual?

Question92: During the design phase of a software development project, the PRIMARY responsibility of an IS auditor is to evaluate the:

Question93: Which of the following BEST helps to identify errors during data transfer?

Question94: When an organization introduces virtualization into its architecture, which of the following should be an IS auditor's PRIMARY area of focus to verify adequate protection?

Question95: To protect information assets, which of the following should be done FIRST?

Question96: Which type of control is being implemented when a biometric access device is installed at the entrance to a facility?

Question97: The BEST way to prevent fraudulent payments is to implement segregation of duties between payment processing and:

Question98: During an audit, which of the following would be MOST helpful in establishing a baseline for measuring data quality?

Question99: Which of the following analytical methods would be MOST useful when trying to identify groups with similar behavior or characteristics in a large population?

Question100: Which of the following strategies BEST optimizes data storage without compromising data retention practices?

Question101: Which of the following is the PRIMARY purpose of using data analytics when auditing an enterprise resource planning (ERP) system for a large organization?

Question102: Which of the following is the BEST justification for deferring remediation testing until the next audit?

Question103: A financial institution has a system interface that is used by its branches to obtain applicable currency exchange rates when processing transactions Which of the following should be the PRIMARY control objective for maintaining the security of the system interface?

Question104: An IS auditor notes that help desk personnel are required to make critical decisions during major service disruptions. Which of the following is the auditor's BEST recommendation to address this situation?

Question105: Which of the following should be the PRIMARY audience for a third-party technical security assessment report?

Question106: An organization with high availability resource requirements is selecting a provider for cloud computing. Which of the following would cause the GREATEST concern to an IS auditor? The provider:

Question107: Which of the following BEST enables alignment of IT with business objectives?

Question108: An IS auditor is planning an audit of an organization's accounts payable processes. Which of the following controls is I to assess m the audit?

Question109: The application systems quality assurance (QA) function should:

Question110: An IS auditor reviewed the business case for a proposed investment to virtualize an organization's server infrastructure. Which of the following is MOST likely to be included among the benefits in the project proposal?

Question111: A month after a company purchased and implemented system and performance monitoring software reports were too large and therefore were not reviewed or acted upon The MOST effective plan of action would be to

Question112: Which of the following is the BEST preventive control to ensure the integrity of server operating systems?

Question113: Which of the following is MOST important to ensure during computer forensics investigations?

Question114: A sales representative is reviewing the organization's feedback blog and gets redirected to a site that sells illegal prescription drugs. The blog site is MOST likely susceptible to which of the following types of attacks?

Question115: An IS auditor begins an assignment and identifies audit components for which the auditor is not qualified to assess. Which of the following is the BEST course of anion?

Question116: An IS auditor reviewing a purchase accounting system notices several duplicate payments made for the services rendered. Which of the following is the auditor's BEST recommendation for preventing duplicate payments?

Question117: What is the MOST critical finding when reviewing an organization's information security management?

Question118: An organization has established hiring policies and procedures designed specifically to ensure network administrators are well qualified. Which type of control is in place?

Question119: An IS auditor finds that corporate mobile devices used by employees have varying levels of password settings. Which of the following would be the BEST recommendation?

Question120: Which of the following is an IS auditor's BEST course of action upon learning that preventive controls have been replaced with detective and corrective controls'

Question121: Which of the following should be an IS auditor's PRIMARY consideration when evaluating the development and design of a privacy program?

Question122: Due to a global pandemic, a health organization has instructed its employees to work from home as much as possible. The employees communicate using instant messaging Which of the following is the GREATEST risk in this situation?

Question123: Which of the following should be of concern to an IS auditor performing a software audit on virtual machines?

Question124: When aligning IT projects with organizational objectives, it is MOST important to ensure that the:

Question125: Which of the following is a corrective control?

Question126: Which of the following is the PRIMARY advantage of using virtualization technology for corporate applications?

Question127: For an organization that has plans to implement web-based trading, it would be MOST important for an IS auditor to verify the organization's information security plan includes:

Question128: An airlines online booking system uses an automated script that checks whether fares are within the defined threshold of what is reasonable before the fares are displayed on the website. Which type of control is in place?

Question129: Which of the following is necessary for effective risk management in IT governance?

Question130: Which of the following should an IS auditor review FIRST when evaluating a business process for auditing?

Question131: An IS auditor finds that a document related to a client has been leaked. Which of the following should be the auditor's NEXT step?

Question132: A company converted its payroll system from an external service to an internal package Payroll processing in April was run in parallel. To validate the completeness of data after the conversion, which of the following comparisons from the old to the new system would be MOST effective?

Question133: Which of the following is the BEST way to confirm that a digital signature is valid?

Question134: Which of the following would BEST manage the risk of changes in requirements after the analysis phase of a business application development project?

Question135: When a firewall is subjected to a probing attack, the MOST appropriate first response is for the firewall to:

Question136: Which of the following BEST minimizes performance degradation of servers used to authenticate users of an e-commerce website?

Question137: An organization transmits large amount of data from one internal system to another. The IS auditor is reviewing quality of the data at the originating point. Which of the following should the auditor verify first?

Question138: Which of the following would BEST provide executive management with current information on IT related costs and IT performance indicators?

Question139: Which of the following is MOST important for an IS auditor to examine when reviewing an organization's privacy policy?

Question140: The PRIMARY focus of audit follow-up reports should be to:

Question141: Which of the following is the BEST way to ensure payment transaction data is restricted to the appropriate users?

Question142: An IS auditor finds that firewalls are outdated and not supported by vendors. Which of the following should be the auditor s NEXT course of action?

Question143: An IS auditor is reviewing an enterprise database platform. The review involves statistical methods. Benford analysis, and duplicate checks. Which of the following computer-assisted audit technique (CAAT) tools would be MOST useful for this review''

Question144: Which of the following should be done FIRST to effectively define the IT audit universe for an entity with multiple business lines?

Question145: servDuring an internal audit review of a human resources (HR) recruitment system implementation the IS auditor notes that several defects were unresolved at the time the system went live Which of the following is the auditor's MOST important task prior to formulating an audit opinion?

Question146: Which of the following findings should be of GREATEST concern to an IS auditor reviewing system deployment tools for a critical enterprise application system?

Question147: Which of the following is MOST likely to enable a hacker to successfully penetrate a system?

Question148: Which of the following is an objective of data transfer controls?

Question149: Which of the following is the MOST important consideration when incorporating data analytics into an audit?

Question150: An IS auditor notes that application super-user activity was not recorded in system logs. What is the auditor's BEST course of action?

Question151: A company laptop has been stolen and all photos on the laptop have been published on social media. Which of the following is the IS auditor's BEST course of action?

Question152: An IS auditor noted that a change to a critical calculation was placed into the production environment without being tested. Which of the following is the BEST way to obtain assurance that the calculation functions correctly?

Question153: Which of the following BEST indicates that an organization has effective governance in place?

Question154: When evaluating a protect immediately prior to implementation, which of the following would provide the BEST evidence that the system has the required functionality?

Question155: When reviewing an organization's data protection practices, an IS auditor should be MOST concerned with a lack of:

Question156: An IS auditor is assigned to review the development of a specific application. Which of the following would be the MOST significant step following the feasibility study?

Question157: An IS auditor is reviewing an industrial control system (ICS) that uses older unsupported technology in the scope of an upcoming audit. What should the auditor consider the MOST significant concern?

Question158: Which of the following should an IS auditor recommend to reduce the likelihood of potential intruders using social engineering?

Question159: Which of the following audit procedures would be MOST conclusive in evaluating the effectiveness of an e-commerce application system's edit routine?

Question160: When an IS auditor evaluates key performance indicators (KPls) (or IT initiatives, it is MOST important that the KPIs indicate.

Question161: The practice of periodic secure code reviews is which type of control?

Question162: What is the BEST justification for allocating more funds to implement a control for an IT asset than the actual cost of the IT asset?

Question163: Which of the following is the MOST effective way to identify anomalous transactions when performing a payroll fraud audit?

Question164: Which of the following should be of GREATEST concern to an IS auditor reviewing the controls for a continuous software release process?

Question165: Which of the following BEST facilitates the management of assets dunng the implementation of an information system?

Question166: The PRIMARY benefit of using secure shell (SSH) to access a server on a network is that it:

Question167: Which of the following is an IS auditor's BEST guidance regarding the use of IT frameworks?

Question168: A financial institution suspects that a manager has been crediting customer accounts without authorization. Which of the following is the MOST effective method to validate this concern?

Question169: The BEST way to validate whether a malicious act has actually occurred in an application is to review.

Question170: A CIO has asked an IS auditor to implement several security controls for an organization s IT processes and systems. The auditor should:

Question171: A banking organization has outsourced its customer data processing facilities to an external service provider. Which of the following roles is accountable for ensuring the security of customer data?

Question172: In an environment where most IT services have been outsourced, continuity planning is BEST controlled by:

Question173: Which of the following presents the GREATEST concern when implementing data flow across borders?

Question174: The PRIMARY reason an IS department should analyze past incidents and problems is to:

Question175: Which of the following is the MAIN benefit of using data analytics when testing the effectiveness of controls?

Question176: Which of the following is the BEST control to mitigate the malware risk associated with an instant messaging (IM) system1?

Question177: Which of the following would provide an IS auditor with the MOST assurance when auditing the implementation of a new application system?

Question178: When evaluating an IT organizational structure, which of the following is MOST important to ensure has been documented?

Question179: An organization's business function wants to capture customer data and must comply with global data protection regulations. Which of the following should be considered FIRST?

Question180: Post-implementation testing is an example of which of the following control types?

Question181: Which of the following should occur EARLIEST in a business continuity management lifecycle?

Question182: Code changes are compiled and placed in a change folder by the developer. An implementation learn migrates changes to production from the change folder. Which of the following BEST indicates separation of duties is in place during the migration process?

Question183: In the risk assessment process, which of the following should be identified FIRST?

Question184: Which of the following is the BEST approach to identify whether a vulnerability is actively being exploited?

Question185: Which of the following is the role of audit leadership in ensuring the quality of audit and engagement performance?

Question186: Which of the following poses the GREATEST risk to a company that allows employees to use personally owned devices to access customer files on the company's network?

Question187: A large insurance company is about to replace a major financial application. Which of the following is the IS auditor's PRIMARY focus when conducting the pre-implementation review?

Question188: Which of the following is the MAIN risk associated with adding a new system functionality during the development phase without following a project change management process?

Question189: When evaluating the recent implementation of an intrusion detection system (IDS), an IS auditor should be MOST concerned with inappropriate:

Question190: Which of the following is the BEST way to reduce sampling risk?

Question191: Which of the following is MOST critical to include when developing a data loss prevention (DIP) policy?

Question192: Which of the following should be done FIRST when planning a penetration test?

Question193: When reviewing a project to replace multiple manual data entry systems with an artificial intelligence (Al) system, the IS auditor should be MOST concerned with the impact At will have on:

Question194: An audit of the quality management system (QMS) begins with an evaluation of the:

Question195: While conducting a review of project plans related to a new software development, an IS auditor finds the project initiation document (PID) is incomplete. What is the BEST way for the auditor to proceed?

Question196: Which of the following is the PRIMARY reason for an organization's procurement processes to include an independent party who is not directly involved with business operations and related decision-making'?

Question197: The PRIMARY benefit of information asset classification is that it:

Question198: Which of the following is MOST important for an IS auditor to verify when reviewing a critical business application that requires high availability?

Question199: Which of the following is the BEST compensating control for a lack of proper segregation of duties in an IT department?