EMT Practice Test

1. Question Content...


Question List

Question1: An IS auditor is evaluating an organization's IT strategy and plans. Which of the following would be of GREATEST concern?

Question2: Which of the following would be of GREATEST concern to an IS auditor reviewing backup and recovery controls?

Question3: Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?

Question4: Which of the following are BEST suited for continuous auditing?

Question5: During an ongoing audit, management requests a briefing on the findings to date. Which of the following is the IS auditor's BEST course of action?

Question6: After the merger of two organizations, which of the following is the MOST important task for an IS auditor to perform?

Question7: Which of the following areas of responsibility would cause the GREATEST segregation of duties conflict if the individual who performs the related tasks also has approval authority?

Question8: Which of the following is the BEST control to help prevent sensitive data leaving an organization via email?

Question9: Which of the following is the MOST effective way to maintain network integrity when using mobile devices?

Question10: Internal audit is conducting an audit of customer transaction risk. Which of the following would be the BEST reason to use data analytics?

Question11: A data analytics team has developed a process automation bot for internal audit that scans user access to all servers in the environment and then randomly selects a sample of new users for testing. Which of the following presents the GREATEST concern with this approach?

Question12: Which of the following should be the PRIMARY objective of conducting an audit follow-up of management action plans?

Question13: Which of the following is the BEST data integrity check?

Question14: The PRIMARY objective of IT service level management is to.

Question15: Which of the following would be the MOST useful metric for management to consider when reviewing a project portfolio?

Question16: An IS auditor plans to review all access attempts to a video-monitored and proximity card-controlled communications room. Which of the following would be MOST useful to the auditor?

Question17: Which of the following is the BEST way to ensure that business continuity plans (BCPs) will work effectively in the event of a major disaster?

Question18: When reviewing tin organization's information security policies. an IS auditor should verily that the polices have been defined PRIMARILY on the basis of

Question19: Which of the following is the BEST compensating control when segregation of duties is lacking in a small IS department?

Question20: During a post-implementation review, an IS auditor learns that while benefits were realized according to the business case, complications during implementation added to the cost of the solution. Which of the following is the auditor's BEST course of action?

Question21: Which of the following is MOST important for an IS auditor to verify when evaluating an organization's firewall?

Question22: Which of the following is the GREATEST risk associated with lack of IT involvement in the organization's strategic planning initiatives?

Question23: An organization considers implementing a system that uses a technology that is not in line with the organization's IT strategy. Which of the following is the BEST justification for deviating from the IT strategy?

Question24: An IS auditor is conducting a post-implementation review of an enterprise resource planning (ERP) system End users indicated concerns with the accuracy of critical automatic calculations made by the system. The auditor's FIRST course of action should be to:

Question25: A USB device containing sensitive production data was lost by an employee and its contents were subsequently found published online Which of the following controls is the BEST recommendation to prevent a similar recurrence?

Question26: Which of the following is the BEST control to prevent the transfer of files to external parties through instant messaging (IM) applications?

Question27: Which of the following observations noted during a review of the organization s social media practices should be of MOST concern to the IS auditor?

Question28: Which of the following fire suppression systems needs to be combined with an automate switch to shut down the electricity supply in the event of activation?

Question29: What is the PRIMARY reason for conducting a risk assessment when developing an annual IS audit plan?

Question30: Which of the following would be of GREATEST concern if noted during an audit of compliance with licensing agreements?

Question31: A company converted its payroll system from an external service to an internal package Payroll processing in April was run in parallel. To validate the completeness of data after the conversion, which of the following comparisons from the old to the new system would be MOST effective?

Question32: Which of the following is the PRIMARY reason for using a digital signature?

Question33: An external IS auditor has been engaged to determine the organization's cybersecurity posture. Which of the following is MOST useful for this purpose?

Question34: Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (IDSs)?

Question35: An IS auditor is planning an audit of an organization's accounts payable processes. Which of the following controls is I to assess m the audit?

Question36: What would be of GREATEST concern to an IS auditor reviewing end-user computing (EUC) spreadsheets used for financial reporting in which version control is not enforced?

Question37: As part of a recent business-critical initiative, an organization is re- purposing its customer dat a. However, its customers are unaware that their data is being used for another purpose. What is the BEST recommendation to address the associated data privacy risk to the organization?

Question38: Which of the following is the GREATEST security risk associated with data migration from a legacy human resources (HR) system to a cloud-based system''

Question39: Which of the following is an IS auditor's BEST recommendation to help an organization increase the efficiency of computing resources?

Question40: Which of the following is MOST important for an IS auditor to consider when planning an assessment of the organization's end-user computing (EUC) program?

Question41: Which of the following is the BEST method to maintain an audit trail of changes made to the source code of a program?

Question42: An IS department is evaluated monthly on its cost-revenue ratio user satisfaction rate, and computer downtime This is BEST zed as an application of.

Question43: An IS auditor finds that one employee has unauthorized access to confidential dat a. The IS auditor's BEST recommendation should be to:

Question44: Which of the following applications has the MOST inherent risk and should be prioritized during audit planning?

Question45: An organization's information security department has recently created a centralized governance model to ensure that network-related findings are remediated within the service level agreement (SLA). What should the IS auditor use to assess the maturity and capability of this governance model?

Question46: A checksum following is MOST important for an IS auditor to review when evaluating the accuracy of a spreadsheet that contains several macros?

Question47: An organization implemented a cybersecurity policy last year. Which of the following is the GREATEST indicator that the policy may need to be revised?

Question48: When evaluating the ability of a disaster recovery plan (DRP) to enable the recovery of IT processing capabilities, it is MOST important for the IS auditor to verify the plan is:

Question49: Which of the following would be the GREATEST risk associated with a new chat feature on a retailer's website?

Question50: During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed The auditor should FIRST.

Question51: Which of the following Is the MOST important consideration when Investigating a security breach of an e-commerce application?

Question52: Which of the following is the MOST important prerequisite for implementing a data loss prevention (DLP) tool?

Question53: Which of the following is the MOST important determining factor when establishing appropriate timeframes for follow-up activities related to audit findings?

Question54: Which of the following approaches provides the BEST assurance and user confidence when an organization migrates data to a more complex enterprise resource planning (ERP) system?

Question55: In which phase of penetration testing would host detection and domain name system (DNS) interrogation be performed?

Question56: An IS auditor discovers that due to resource constraints, a database administrator (DBA) is responsible for developing and executing changes Into the production environment. Which of the following should the auditor do FIRST?

Question57: Which of the following would be MOST time and cost efficient when performing a control self-assessment (CSA) for an organization with a large number of widely dispersed employees?

Question58: An organization has adopted a backup and recovery strategy that involves copying on-premise virtual machine (VM) images to a cloud service provider Which of the following provides the BEST assurance that VMs can be recovered in the event of a disaster?

Question59: Which of the following should be an IS auditor's GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?

Question60: An organization is disposing of a system containing sensitive data and has deleted all files from the hard disk. An IS auditor should be concerned because:

Question61: Which of the following is the PRIMARY purpose for external assessments of internal audit's quality assurance (OA) systems and frameworks?

Question62: Several unattended laptops containing sensitive customer data were stolen from personnel offices Which of the following would be an IS auditor's BEST recommendation to protect data in case of recurrence?

Question63: Which of the following controls would BEST ensure that payroll system rate changes are valid?

Question64: What is the PRIMARY reason to adopt a risk-based IS audit strategy?

Question65: Which of the following is MOST helpful in preventing a systems failure from occurring when an application is replaced using the abrupt changeover technique?

Question66: Which of the following is the MOST important issue for an IS auditor to consider with regard to Voice-over IP (VoIP) communications?

Question67: Which of the following BEST enables an organization to quantify acceptable data loss in the event of a disaster?

Question68: External experts were used on a recent IT audit engagement. While assessing the external experts' work, the internal audit team found some gaps in the evidence mat may have impacted their conclusions. What is the internal audit team's BEST course of action?

Question69: An IS auditor reviewing the database controls for a new e-commerce system discovers a security weakness in the database configuration. Which of the following should be the IS auditor's NEXT course of action?

Question70: Which of the following establishes the role of the internal audit function?

Question71: The use of which of the following would BEST enhance a process improvement program?

Question72: Which of the following would BEST demonstrate that an effective disaster recovery plan (DRP) is in place?

Question73: Which of the following is the BEST way for an IS auditor to validate that employees have been made aware of the organization's information security policy?

Question74: Which of the following metrics would BEST measure the agility of an organization's IT function?

Question75: Which of the following is the PRIMARY concern when negotiating a contract for a hot site?

Question76: Which of the following is MOST important for an IS auditor to review when evaluating the accuracy of a spreadsheet that contains several macros?

Question77: Which of the following procedures for testing a disaster recovery plan (DRP) is MOST effective?

Question78: An emergency power-off switch should:

Question79: The application systems quality assurance (QA) function should:

Question80: When reviewing past results of a recurring annual audit, an IS auditor notes that findings may not have been reported and independence may not have been maintained Which of the following is the auditor's BEST course of action?

Question81: An organization recently decided to send the backup of its customer relationship management (CRM) system to its cloud provider for recovery. Which of the following should be of GREATEST concern to an IS auditor reviewing this process?

Question82: A new privacy regulation requires a customer's privacy information to be deleted within 72 hours, if requested. Which of the following would be an IS auditor's GREATEST concern regarding compliance to this regulation?

Question83: When responding to an ongoing denial of service (DoS) attack, an organization's FIRST course of action should be to:

Question84: An organization developed a comprehensive three-year IT strategic plan Halfway into the plan a major legislative change impacting the organization is enacted Which oi the following should be management's NEXT course of action?

Question85: When Is the BEST time to commence continuity planning for a new application system?

Question86: During which phase of a system development project should key performance indicators (KPIs) be established'?

Question87: An IS auditor is evaluating the security of an organization's data backup process which includes the transmission of daily incremental backups to a public cloud provider Which of the following findings poses the GREATEST risk to the organization?

Question88: An IS auditor performing a review of a newly purchased software program notes that an escrow agreement has been executed for acquiring the source code. What is MOST important for the IS auditor to verify?

Question89: Which of the following should be of GREATEST concern to an IS auditor reviewing project documentation for a client relationship management (CRM) system migration project?

Question90: Which of the following provides the BEST evidence of the effectiveness of an organization s audit quality management procedures?

Question91: Code changes are compiled and placed in a change folder by the developer. An implementation learn migrates changes to production from the change folder. Which of the following BEST indicates separation of duties is in place during the migration process?

Question92: An organization is developing data classification standards and has asked internal audit for advice on aligning the standards with best practices. Internal audit would MOST likely recommend the standards should be:

Question93: During an audit of a financial application, it was determined that many terminated users' accounts were not disabled. Which of the following should be the IS auditors NEXT step?

Question94: An IS auditor is reviewing an organization's information asset management process. Which of the following would be of GREATEST concern to the auditor?

Question95: Which of the following should be of GREATEST concern to an IS auditor reviewing a system software development project based on agile practices?

Question96: Which of the following findings should be of GREATEST concern to an IS auditor performing a review of IT operations?

Question97: The implementation of an IT governance framework requires that the board of directors of an organization:

Question98: Which of the following should be of GREATEST concern to an IS auditor reviewing an organization's IT process performance reports over the last quarter?

Question99: Which of the following metrics would be MOST useful to an IS auditor when assessing the resilience of an application programming interface (API)?

Question100: When developing a business continuity plan (BCP), which of the following should be performed FIRST?

Question101: Data anonymization helps to prevent which types of attacks in a big data environment?

Question102: As part of an audit response, an auditee has concerns with the recommendations and is hesitant to implement them. Which of the following would be the BEST course of action for the IS auditor?

Question103: An IS auditof notes the transaction processing times in an order processing system have significantly increased after a major release Which of the following should the IS auditor review FIRST?

Question104: Many departments of an organization have not implemented await recommendations by their agreed upon target dates. Who should address this situation?

Question105: An organization allows employees to retain confidential data on personal mobile devices Which of the following is the BEST recommendation to mitigate the risk of data leakage from lost or stolen devices?

Question106: When implementing a new IT maturity model which of the following should occur FIRST?

Question107: Which of the following should be an IS auditor's PRIMARY focus when developing a risk-based IS audit program?

Question108: Which of the following is the MOST likely reason an organization would use Platform as a Service (PaaS)?

Question109: Which of the following is a characteristic of a single mirrored data center used for disaster recovery?

Question110: Which of the following is MOST critical for the effective implementation of IT governance?

Question111: Which of the following is MOST important for an organization to complete prior to developing its disaster recovery plan (DRP)?

Question112: During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period Which of the following is the auditor's MOST important course of action?

Question113: In an IT organization where many responsibilities are shared, which of the following is the BEST control for detecting unauthorized data changes?

Question114: What is the BEST method for securing credit card numbers stored temporarily on a file server prior to transmission to the downstream system for payment processing?

Question115: Using swipe cards to limit employee access to restricted areas requires implementing which additional control?

Question116: Which of the following governance functions is responsible for ensuring IT projects have sufficient resources and are prioritized appropriately?

Question117: Which of the following should be the FIRST step when planning an IS audit of a third-party service provider that monitors network activities?

Question118: During an operational audit of a biometric system used to control physical access, which of the following should be of GREATEST concern to an IS auditor?

Question119: The PRIMARY advantage of object-oriented technology is enhanced:

Question120: Which of the following is MOST important when implementing a data classification program?

Question121: An IS auditor is reviewing security controls related to collaboration to unit responsible for intellectual property and patents. Which of the following observations should be of MOST concern to the auditor?

Question122: Which of the following should be done FIRST when planning a penetration test?

Question123: Of the following, who are the MOST appropriate staff for ensuring the alignment of user authorization tables with approved authorization forms?

Question124: An IS auditor is reviewing a sample of production incidents and notes that a root cause analysis is not being performed. Which of the following is the GREATEST risk associated with this finding?

Question125: Which of the following should be the PRIMARY basis for prioritizing follow-up audits?

Question126: Due to a high volume of customer orders, an organization plans to implement a new application for customers to use for online ordering Which type of testing is MOST important to ensure the security of the application prior to go-live?

Question127: In a 24/7 processing environment, a database contains several privileged application accounts with passwords set to "never expire.' Which of the following recommendations would BEST address the risk with minimal disruption to the business?

Question128: A bank's web-hosting provider has just completed an internal IT security audit and provides only a summary of the findings to the bank's auditor. Which of the following should be the bank's GREATEST concern?

Question129: An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?

Question130: Which of the following should be defined in an audit charter?

Question131: An IS auditor is observing transaction processing and notes that a high-priority update job ran out of sequence What is the MOST significant risk from this observation?

Question132: A business unit cannot achieve desired segregation of duties between operations and programming due to size constraints. Which of the foftowing is MOST important for the IS auditor to identify?

Question133: An IS auditor is evaluating the risk associated with moving from one database management system (DBMS) to another. Which of the following would be MOST helpful to ensure the integrity of the system throughout the change?

Question134: Which of the following is the BEST source of information for assessing the effectiveness of IT process monitoring?

Question135: An IS auditor is examining a front-end sub ledger and a main ledger Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?

Question136: Following a recent internal data breach, an IS auditor was asked to evaluate information security practices within the organization. Which of the following findings would be MOST important to report to senior management?

Question137: The members of an emergency modem response team should be:

Question138: Which of the following Is a challenge in developing a service level agreement (SLA) for network services?

Question139: Which of the following is a corrective control?

Question140: As part of business continuity planning, which of the following is MOST important to assess when conducting a business impact analysis (B1A)?

Question141: Which of the following strategies BEST optimizes data storage without compromising data retention practices?

Question142: Which of the following cloud deployment models would BEST meet the needs of a startup software development organization with limited initial capital?

Question143: Which of the following is MOST important to ensure when planning a black box penetration test?

Question144: An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization s objectives?