EMT Practice Test

1. Question Content...


Question List

Question1: An IS auditor is planning an audit of an organization's accounts payable processes. Which of the following controls is I to assess m the audit?

Question2: Which of the following sampling techniques is BEST to use when verifying the operating effectiveness of internal controls during an audit of transactions?

Question3: When an IS auditor evaluates key performance indicators (KPls) (or IT initiatives, it is MOST important that the KPIs indicate.

Question4: Which of the following should be a concern to an IS auditor reviewing a digital forensic process for a security incident?

Question5: Which of the following presents the GREATEST concern when implementing data flow across borders?

Question6: An IS auditor has completed an audit on the organization's IT strategic planning process Which of the following findings should be given the HIGHEST priority?

Question7: The PRIMARY benefit of information asset classification is that it:

Question8: What is the MOST critical finding when reviewing an organization's information security management?

Question9: Which of the following is the PRIMARY benefit of using a capability maturity model?

Question10: Which of the following is MOST important for an effective control self-assessment (CSA) program?

Question11: When performing a post-implementation review, the adequacy of the data conversion effort would BEST be evaluated by performing a thorough review of the:

Question12: A third-party service provider is hosting a private cloud for an organization. Which of the following findings during an audit of the provider poses the GREATEST risk to the organization?

Question13: Which of the following is MOST critical to include when developing a data loss prevention (DIP) policy?

Question14: During a review of the IT strategic plan, an IS auditor finds several IT initiatives focused on delivering new systems and technology are not aligned with the organization's strategy. Which of the following would be the IS auditor's BEST recommendation?

Question15: An IS auditor is reviewing environmental controls and finds extremely high levels of humidity in the data center. Which of the following is the PRIMARY risk to computer equipment from this condition?

Question16: An e-commerce enterprise's disaster recovery (DR) site has 30% less processing capability than the primary site. Based on this information, which of the following presents the GREATEST risk?

Question17: Which of the following is MOST appropriate for measuring a batch processing application's system performance over time?

Question18: An IS auditor has assessed a payroll service provider's security policy and finds significant topics are missing.
Which of the following is the auditor's BEST course of action?

Question19: Which of the following should be an IS auditor's GREATEST concern when reviewing an outsourcing arrangement with a third-party cloud service provider to host personally identifiable data?

Question20: Which of the following application input controls would MOST likely detect data input errors in the customer account number field during the processing of an accounts receivable transaction?

Question21: Which of the following is the MOST important operational aspect for an IS auditor to consider when assessing an assembly line with quality control sensors accessible via wireless techno

Question22: In a situation where the recovery point objective (RPO) is 0 for an online transaction processing system, which of the following is MOST important for an IS auditor to verify?

Question23: Which of the following technologies has the SMALLEST maximum range for data transmission between devices?

Question24: An IS auditor identifies key controls that have been overridden by management. The next step the IS auditor should take is to

Question25: Which of the following is an example of a control that is both detective and preventive at the same lime?

Question26: Which of the following is the BEST way to achieve high availability and fault tolerance for an e-business system?

Question27: An IS audit manager finds that data manipulation logic developed by the audit analytics team leads to incorrect conclusions This inaccurate logic is MOST likely an indication of lich of the following?

Question28: Which of the following audit procedures would be MOST conclusive in evaluating the effectiveness of an e-commerce application system's edit routine?

Question29: Which of the following is the role of audit leadership in ensuring the quality of audit and engagement performance?

Question30: An organization allows its employees to use personal mobile devices for work. Which of the following would BEST maintain information security without compromising employee privacy?

Question31: Which of the following is the MAIN advantage of using one-time passwords?

Question32: During the post-implementation review of an application that was implemented six months ago which of the following would be MOST helpful in determining whether the application meets business requirements?

Question33: What is the purpose of a hypervisor?

Question34: Management has decided to include a compliance manager in the approval process for a new business that may require changes to tie IT infrastructure. Which of the following is the GREATEST benefit of this approach?

Question35: An organization s audit charter PRIMARILY:

Question36: Which of the following provides an IS auditor with the BEST evidence that a system has been assessed for known exploits?

Question37: Segregation of duties would be compromised if:

Question38: An IS auditor is evaluating a virtual server environment and teams that the production server, development server and management console are housed in the same physical host. What

Question39: Which of the following is the MOST important consideration for building resilient systems?

Question40: Which of the following is a corrective control that reduces the impact of a threat event?

Question41: An IS auditor finds that a document related to a client has been leaked. Which of the following should be the auditor's NEXT step?

Question42: Which of the following is the MOST important issue for an IS auditor to consider with regard to Voice-over IP (VoIP) communications?

Question43: When reviewing an organization's data protection practices, an IS auditor should be MOST concerned with a lack of:

Question44: An organization is deciding whether to outsource its customer relationship management systems to a provider located in another country. Which of the following should be the PRIMARY influence in the outsourcing decision?

Question45: For a company that outsources payroll processing, which of the following is the BEST way to ensure that only authorized employees are paid?

Question46: An IS auditor is conducting a pre-implementation review to determine a new system's production readiness.
The auditor's PRIMARY concern should be whether:

Question47: Which of the following is the BEST way to mitigate the risk associated with technology obsolescence?

Question48: Which of the following is the MAIN purpose of data classification?

Question49: The application systems quality assurance (QA) function should:

Question50: To protect information assets, which of the following should be done FIRST?

Question51: An organization has recently converted its infrastructure to a virtualized environment. The GREATEST benefit related to disaster recovery is that virtualized servers:

Question52: Which of the following should be an IS auditor's PRIMARY consideration when evaluating the development and design of a privacy program?

Question53: An IS auditor reviewing the system development life cycle (SDLC) finds there is no requirement for business cases. Which of the following should be of GREATEST concern to the organization?

Question54: A multinational organization is integrating its existing payroll system with a human resource information system. Which of the following should be of GREATEST concern to the IS auditor?

Question55: Which of the following will MOST likely compromise the control provided by a digital signature created using RSA encryption?

Question56: Which of the following BEST ensures the quality and integrity of test procedures used in audit analytics?

Question57: Which of the following would BEST enable an IS auditor to perform an audit that requires testing the full population of data?

Question58: Which of the following would BEST provide executive management with current information on IT related costs and IT performance indicators?

Question59: In the risk assessment process, which of the following should be identified FIRST?

Question60: Spreadsheets are used to calculate project cost estimates Totals for each cost category are then keyed into the job-costing system. What is the BIST control to ensure that data are accurately entered into the system?

Question61: Which of the following is the MOST important difference between end-user computing (EUC) applications and traditional applications?

Question62: An IS auditor notes that help desk personnel are required to make critical decisions during major service disruptions. Which of the following is the auditor's BEST recommendation to address this situation?

Question63: Following a significant merger and acquisition, which of the following should the chief audit executive (CAE) do FIRST to evaluate the performance of the combined internal audit function?

Question64: To help ensure the accuracy and completeness of end-user computing output it is MOST important to include strong:

Question65: Which of the following observations should be of GREATEST concern to an IS auditor reviewing a large organization's IT steering committee?

Question66: An IS auditor is evaluating the risk associated with moving from one database management system (DBMS) to another. Which of the following would be MOST helpful to ensure the integrity of the system throughout the change?

Question67: A company converted its payroll system from an external service to an internal package Payroll processing in April was run in parallel. To validate the completeness of data after the conversion, which of the following comparisons from the old to the new system would be MOST effective?

Question68: Which of the following evidence-gathering techniques will provide the GREATEST assurance that procedures are understood and practiced?

Question69: Which of the following clauses is MOST important to include in a contract to help maintain data privacy in the event a Platform as a Service (PaaS) provider becomes financially insolvent?

Question70: To address issues related to privileged users identified in an IS audit, management implemented a security information and event management (SIEM) system. Which type of control .........

Question71: During a review of an application system, an IS auditor identifies automated controls designed to prevent the entry of duplicate transactions. What is the BEST way to verify that the controls work as designed?

Question72: Which of the following is the PRIMARY purpose of conducting follow-up audits for material observations?

Question73: Which of the following would provide an IS auditor with the MOST assurance when auditing the implementation of a new application system?

Question74: Which of the following is an IS auditor s GREATEST concern when an organization does not regularly update software on individual workstations in the internal environment?

Question75: Which of the following is the BEST way to confirm that a digital signature is valid?

Question76: Which of the following is the GREATEST threat to Voice-over Internet Protocol (VoIP) related to privacy?

Question77: Which of the following observations would an IS auditor consider the GREATEST risk when conducting an audit of a virtual server farm for potential software vulnerabilities?

Question78: Following the discovery of inaccuracies in a data warehouse, an organization has implemented data profiling, cleansing, and handling filters to enhance the quality of data obtained from c

Question79: A software development organization with offshore personnel has implemented a third-party virtual workspace to allow the teams to collaborate. Which of the following should be of GREATEST concern?

Question80: In planning a major system development project, function point analysis would assist in:

Question81: Which of the following is MOST important for an IS auditor to verify when reviewing a critical business application that requires high availability?

Question82: Which of the following network management toots should an IS auditor use to review the type of packets flowing along a monitored link'?

Question83: Due to budget restraints, an organization is postponing the replacement of an in-house developed mission critical application. Which of the following represents the GREATEST risk?

Question84: An organization is within a jurisdiction where new regulations have recently been announced to restrict cross-border data transfer of personally identifiable information (PIl). Which of the following IT decisions will MOST likely need to be assessed in the context of this?

Question85: An IS auditor is evaluating a virtual server environment and learns that the production server, development server, and management console are housed in the same physical host. What should be the auditor's PRIMARY concern?

Question86: An IS auditor s role in privacy and security is to:

Question87: A financial institution suspects that a manager has been crediting customer accounts without authorization.
Which of the following is the MOST effective method to validate this concern?

Question88: A financial institution has a system interface that is used by its branches to obtain applicable currency exchange rates when processing transactions Which of the following should be the PRIMARY control objective for maintaining the security of the system interface?

Question89: Which of the following should be done FIRST when planning a penetration test?

Question90: Which of the following is MOST likely to be included in computer operating procedures in a large data center?

Question91: Code changes are compiled and placed in a change folder by the developer. An implementation learn migrates changes to production from the change folder. Which of the following BEST indicates separation of duties is in place during the migration process?

Question92: Which of the following MOST efficiently protects computer equipment against short-term reductions in electrical power?

Question93: An organization transmits large amount of data from one internal system to another. The IS auditor is reviewing quality of the data at the originating point. Which of the following should the auditor verify first?

Question94: Which of the following validation techniques would BEST prevent duplicate electronic vouchers?

Question95: The FIRST course of action an investigator should take when a computer is being attacked is to:

Question96: Which of the following should MOST concern an IS auditor reviewing an intrusion detection system (IDS)?

Question97: An application used at a financial services organization transmits confidential customer data to downstream applications using a batch process. Which of the following controls would protect this information?

Question98: What would be of GREATEST concern to an IS auditor observing shared key cards being utilized to access an organization's data center?

Question99: An organization's business function wants to capture customer data and must comply with global data protection regulations. Which of the following should be considered FIRST?

Question100: For an organization that has plans to implement web-based trading, it would be MOST important for an IS auditor to verify the organization's information security plan includes:

Question101: A client/server configuration will:

Question102: Which of the following would be the MOST appropriate reason for an organization to purchase fault-tolerant hardware?

Question103: During a review of operations, it is noted that during a batch update, an error was detected and the database initiated a roll-back. An IT operator stopped the roll-back and re-initiated the update. What should the operator have done PRIOR to re-initiating the update?

Question104: Which of the following BEST facilitates the management of assets dunng the implementation of an information system?

Question105: Which of the following should be of concern to an IS auditor performing a software audit on virtual machines?

Question106: Which of the following should be of MOST concern to an IS auditor during the review of a quality management system?

Question107: Capacity management enables organizations to:

Question108: Which of the following is the PRIMARY purpose of using data analytics when auditing an enterprise resource planning (ERP) system for a large organization?

Question109: An IS auditor finds that periodic reviews of read-only users for a reporting system are not being performed.
Which of the following should be the IS auditor's NEXT course of action?

Question110: Which of the following is the MOST likely reason an organization would use Platform as a Service (PaaS)?

Question111: Which of the following backup schemes is the BEST option when storage media is limited?

Question112: When reviewing an organization's information security policies, an IS auditor should venfy that the policies have been defined PRIMARILY on the basis of

Question113: Disciplinary policies are BEST classified as.

Question114: An IS department is evaluated monthly on its cost-revenue ratio user satisfaction rate, and computer downtime This is BEST zed as an application of.

Question115: Which of the following is the BEST source for describing the objectives of an organization s information systems?

Question116: Which of the following demonstrates the use of data analytics for a loan origination process?

Question117: An IS auditor is planning to audit an organization's infrastructure for access, patching, and change management. Which of the following is the BEST way to prioritize the systems?

Question118: An airlines online booking system uses an automated script that checks whether fares are within the defined threshold of what is reasonable before the fares are displayed on the website. Which type of control is in place?

Question119: Which of the following is the MOST important reason to use statistical sampling?

Question120: Which sampling method should an IS auditor employ when the likelihood of exceptions existing in the population is low''

Question121: An IS auditor has completed an audit of an organization's accounts payable system. Which of the following should be rated as the HIGHEST risk in the audit report and requires immediate remediation?

Question122: Within the context of an IT-related governance framework, which type of organization would be considered MOST mature?

Question123: A review of IT interface controls finds an organization does not have a process to identify and correct records that do not get transferred to the receiving system. Which of the following is.........

Question124: Which of the following is the PRIMARY concern when negotiating a contract for a hot site?

Question125: When a firewall is subjected to a probing attack, the MOST appropriate first response is for the firewall to:

Question126: The PRIMARY benefit of using secure shell (SSH) to access a server on a network is that it:

Question127: Which of the following would an IS auditor PRIMARILY review to understand key drivers of a project?

Question128: During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?

Question129: An IS auditor reviewing a purchase accounting system notices several duplicate payments made for the services rendered. Which of the following is the auditor's BEST recommendation for preventing duplicate payments?

Question130: The PRIMARY advantage of object-oriented technology is enhanced:

Question131: Which of the following BEST determines if a batch update job was successfully executed?

Question132: Which of the following is MOST important to ensure when planning a black box penetration test?

Question133: An IS auditor has found that an organization is unable to add new servers on demand in a cost-efficient manner Which of the following is the auditor s BEST recommendation?

Question134: An organization has outsourced its data leakage monitoring to an Internet service provider (ISP). Which of the following is the BEST way for an IS auditor to determine the effectiveness of this service?

Question135: The PRIMARY role of a control self-assessment (CSA) facilitator Is to:

Question136: The risk of communication failure in an e-commerce environment is BEST minimized through the use of

Question137: Which of the following is the BEST preventive control to ensure the integrity of server operating systems?

Question138: Which of the following provides the MOST assurance over the completeness and accuracy of loan application processing with respect to the implementation of a new system?

Question139: Which of the following techniques would provide the BEST assurance to an IS auditor that all necessary data has been successfully migrated from a legacy system to a modern platform?

Question140: Which of the following findings should be of GREATEST concern to an IS auditor conducting a forensic analysis following incidents of suspicious activities on a server?

Question141: Which of the following is a benefit of the DevOps development methodology?

Question142: An IS auditor is reviewing a banking mobile application that allows end users to perform financial transactions. Which of the following poses a security risk to the organization?

Question143: In a high-volume, real-time system, the MOST effective technique by which to continuously monitor and analyze transaction processing is:

Question144: Which of the following should be the FIRST step in an organization's forensics process to preserve evidence?

Question145: Which of the following processes BEST addresses the risk associated with the deployment of a new production system?

Question146: An IS auditor finds that terminated users have access to financial applications. Which of the following is the auditor's MOST important course of action when assessing the impact?

Question147: Which of the following is MOST important for an IS auditor to review when evaluating the effectiveness of an organization's incident response process?

Question148: An accounts receivable data entry routine prevents the entry of the same customer with different account numbers. Which of the following is the BEST way to test if this programmed control is effective?

Question149: To BEST evaluate the effectiveness of a disaster recovery plan, the IS auditor should review the:

Question150: Which of the following should be the PRIMARY concern of an IS auditor during a review of an external IT service level agreement (SLA) for computer operations?

Question151: An IS auditor notes that application super-user activity was not recorded in system logs. What is the auditor's BEST course of action?

Question152: Which of the following would BEST help prioritize various projects in an organization's IT portfolio?

Question153: Which of the following would BEST facilitate the detection of internal fraud perpetrated by an individual?

Question154: Post-implementation testing is an example of which of the following control types?

Question155: What information within change records would provide an IS auditor with the MOST assurance that configuration management is operating effectively?

Question156: The GREATEST benefit of using a prototyping approach in software development is that it helps to:

Question157: During a post-implementation review, a step in determining whether a project met user requirements is to review the:

Question158: Which of the following is the BEST guidance from an IS auditor to an organization planning an initiative to improve the effectiveness of its IT processes?

Question159: At what point in software development should the user acceptance test plan be prepared?

Question160: Which of the following is the PRIMARY risk when business units procure IT assets without IT involvement?

Question161: Which of the following is the MOST effective means of helping management and the IT strategy committee to monitor IT performance?

Question162: Which of the following should be the PRIMARY audience for a third-party technical security assessment report?

Question163: During an audit, which of the following would be MOST helpful in establishing a baseline for measuring data quality?

Question164: Which of the following should be of GREATEST concern to an IS auditor conducting a security review of a point-of-sale (POS) system?

Question165: When developing a business continuity plan (BCP), which of the following should be performed FIRST?

Question166: The BEST method an organization can employ to align its business continuity plan (BCP) and disaster recovery plan (DRP) with core business needs is to:

Question167: Which of the following is the MOST effective way to reduce risk to an organization from widespread use of unauthorized web-based communication technologies?

Question168: An IS auditors independence with respect to the audit of an application system is MOST likely to be impaired if the auditor

Question169: What is the BEST justification for allocating more funds to implement a control for an IT asset than the actual cost of the IT asset?

Question170: planning an end-user computing (EUC) audit, it is MO ST important for the IS auditor to

Question171: Which of the following BEST demonstrates the degree of alignment between IT and business strategy?

Question172: The BEST way to validate whether a malicious act has actually occurred in an application is to review.

Question173: Which of the following would be an appropriate role of internal audit in helping to establish an organization's privacy program?

Question174: An internal audit department recently established a quality assurance (QA) program. Which of the following activities is MOST important to include as part of the OA program requirements?

Question175: Which of the following provides for the GREATEST cost reduction in a large data center?

Question176: In an organization that has a staff-rotation policy, the MOST appropriate access control model is:

Question177: Which of the following is the MOST important step in the development of an effective IT governance action plan?

Question178: When evaluating the management practices at a third-party organization providing outsourced services, the IS auditor considers relying on an independent auditors report. The IS auditor.....

Question179: Which of the following MOST effectively mitigates the risk of disclosure of sensitive data stored on company-owned smartphones?

Question180: Which of the following observations noted during a review of the organization s social media practices should be of MOST concern to the IS auditor?

Question181: Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (IDSs)?

Question182: Which of the following is the BEST sampling method to ensure only active users have access to critical systems?

Question183: The BEST way to preserve data integrity through all phases of application containerization is to ensure which of the following?

Question184: When an organization introduces virtualization into its architecture, which of the following should be an IS auditor's PRIMARY area of focus to verify adequate protection?

Question185: Which of the following is the GREATEST security risk associated with data migration from a legacy human resources (HR) system to a cloud-based system''

Question186: When reviewing a project to replace multiple manual data entry systems with an artificial intelligence (Al) system, the IS auditor should be MOST concerned with the impact At will have on:

Question187: Compared to developing a system in-house, acquiring a software package means that the need for testing by end users is:

Question188: Which of the following is the BEST IS audit strategy?

Question189: What is the MOST important business concern when an organization is about to migrate a mission-critical application to a virtual environment?

Question190: Which of the following is the PRIMARY reason an IS auditor should use an IT-related framework as a basis for scoping and structuring an audit?

Question191: An IS auditor begins an assignment and identifies audit components for which the auditor is not qualified to assess. Which of the following is the BEST course of anion?

Question192: Which of the following is a PRIMARY role of an IS auditor in a control self-assessment (CSA) workshop?

Question193: An emergency power-off switch should:

Question194: Which of the following is the BEST recommendation to prevent fraudulent electronic funds transfers by accounts payable employees?

Question195: A banking organization has outsourced its customer data processing facilities to an external service provider.
Which of the following roles is accountable for ensuring the security of customer data?

Question196: Which of the following is MOST important for an IS auditor to examine when reviewing an organization's privacy policy?

Question197: Which of the following is the BEST way to ensure that business continuity plans (BCPs) will work effectively in the event of a major disaster?

Question198: Which of the following BEST guards against the risk of attack by hackers?