Question1: Which of the following should be an IS auditor's GREATEST concern when reviewing an organization's security controls for policy compliance?
Question2: Which of the following should be of MOST concern to an IS auditor reviewing the public key infrastructure (PKI) for enterprise e-mail?
Question3: Which of the following should be included in a feasibility study for a project to implement an EDI process?
Question4: Which of the following is the MOST effective control against injection attacks on a web application?
Question5: What is the purpose of a hypervisor?
Question6: With a properly implemented public key infrastructure (PKI) In use, person A wishes to ensure that an outgoing message can be read only by person B. To achieve this, the message should be encrypted using which of the following?
Question7: Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection
systems?
Question8: Which of the following is the MOST critical step in planning an audit?
Question9: Which of the following would an IS auditor consider to be the MOST significant risk associated with a project to reengineer a business process?
Question10: The use of risk assessment tools for classifying risk factors should be formalized in your IT audit effort
through:
Question11: Which of the following weaknesses would have the GREATEST impact on the effective operation of a perimeter firewall?
Question12: If an IS auditor observes that an IS department fails to use formal documented methodologies, policies, and standards, what should the auditor do?
Question13: The PRIMARY reason for using digital signatures is to ensure data:
Question14: To assist an organization in planning for IT investments, an IS auditor should recommend the use of:
Question15: The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a(n):
Question16: An IS auditor conducting audit follow-up activities learns that some previously agreed-upon corrective actions have not been taken and that the associated risk has been accepted by senior management. If the auditor disagrees with management's decision, what is the BEST way to address the situation?
Question17: Which of the following provides the MOST useful information to an IS auditor reviewing the relationships between critical business processes and IT systems?
Question18: An IS auditor auditing the effectiveness of utilizing a hot site will MOST likely:
Question19: A manufacturing firm wants to automate its invoice payment system. Objectives state that the system should require considerably less time for review and authorization and the system should be capable of identifying errors that require follow up. Which of the following would BEST meet these objectives?
Question20: The MAIN reason for requiring that all computer clocks across an organization be synchronized is to:
Question21: John has been hired to fill a new position in one of the well-known financial institute. The position is for IS auditor. He has been assigned to complete IS audit of one of critical financial system. Which of the following should be the first step for John to be perform during IS audit planning?
Question22: Which of the following is the BEST indication that an organization's vulnerability identification capability has achieved a high level of maturity?
Question23: A technical lead who was working on a major project has left the organization. The project manager reports suspicious system activities on one of the servers that is accessible to the whole team. What would be of GREATEST concern if discoveredduring a forensic investigation?
Question24: Which of the following statements appearing in an organization's acceptable use policy BEST demonstrates alignment with data classification standards related to the protection of information assets?
Question25: An IS audit team is evaluating the documentation related to the most recent application user-access review performed by IT and business management. It is determined that the user list was not system-generated. Which of the following: should be the GREATEST concern?
Question26: The BEST filter rule for protecting a network from being used as an amplifier in a denial of service (DoS) attack is to deny all:
Question27: A grants management system is used to calculate grant payments. Once per day, a batch interface extracts grant amounts and payee details from this system for import into the finance system so payments can be made overnight. Which of the following controls provides the GREATEST assurance and completeness of the imported payments?
Question28: What topology provides the greatest redundancy of routes and the greatest network fault tolerance?
Question29: A large insurance company is about to replace a major financial application. Which of the following is the IS auditor's PRIMARY focus when conducting the pre-implementation review?
Question30: Which of the following issues should be the GREATEST concern to the IS auditor when reviewing an IT disaster recovery test?
Question31: An IS auditor previously worked in an organization s IT department and was involved with the design of the business continuity plan (BCP). The IS auditor has now been asked to review this same BCP. The auditor should FIRST.
Question32: An IS steering committee should:
Question33: A data administrator is responsible for:
Question34: Which of the following would BEST provide assurance of the integrity of new staff?
Question35: Relatively speaking, firewalls operated at the physical level of the seven-layer OSI model are:
Question36: An IS auditor should review the configuration of which of the following protocols to detect unauthorized mappings between the IP address and the media access control (MAC) address?
Question37: The Secure Sockets Layer (SSL) protocol addresses the confidentiality of a message through:
Question38: Which of the following is the MOST likely reason an organization would use Platform as a Service (PaaS)?
Question39: Which of the following is MOST important when an incident may lead to prosecution?
Question40: Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the username and password are the same. The BEST control to mitigate this risk is to:
Question41: Which of the following is a distinctive feature of the Secure Electronic Transactions (SET) protocol when used for electronic credit card payments?
Question42: After discovering a security vulnerability in a third-party application that interfaces with several external
systems, a patch is applied to a significant number of modules. Which of the following tests should an IS
auditor recommend?
Question43: An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application The audit manager Is the only one in the audit department with IT project management experience. What is the BEST course of action?
Question44: Upon completion of audit work, an IS auditor should:
Question45: A database administrator is responsible for:
Question46: The MOST effective control for reducing the risk related to phishing is:
Question47: An organization has outsourced its wide area network (WAN) to a third-party service provider. Under these circumstances, which of the following is the PRIMARY task the IS auditor should perform during an audit of business continuity (BCP) and disaster recovery planning (DRP)?
Question48: Which of the following attack is MOSTLY performed by an attacker to steal the identity information of a user such as credit card number, passwords, etc?
Question49: Which of the following should be considered FIRST when implementing a risk management program?
Question50: What is an effective countermeasure for the vulnerability of data entry operators potentially leaving their computers without logging off?
Question51: When reviewing the procedures for the disposal of computers, which of the following
should be the GREATEST concern for the IS auditor?
Question52: The PRIMARY advantage of a continuous audit approach is that it:
Question53: To confirm integrity for a hashed message, the receiver should use:
Question54: Identify the network topology from below diagram presented below:

Network Topology
Question55: Which audit technique provides the BEST evidence of the segregation of duties in an IS department?
Question56: An organization has implemented an automated match between purchase orders, goods receipts, and invoices. Which of the following risks will this control BEST mitigate?
Question57: Which of the following is the FIRST step in initiating a data classification program?
Question58: An organization has recently acquired another organization. When reviewing both IS departments, the IS auditor discovers two redundant IT applications. Which of the following would be the auditor's BEST recommendation for management?
Question59: Which of the following presents the GREATEST concern when implementing data flow across borders?
Question60: Which of the following is a mechanism for mitigating risks?
Question61: What should be the PRIMARY basis for scheduling a follow-up audit?
Question62: Which of the following would provide management with the MOST reasonable assurance that a new data warehouse will meet the needs of the organization?
Question63: Which of the following would an IS auditor consider to be the MOST helpful when evaluating the effectiveness and adequacy of a computer preventive maintenance program?
Question64: Which of the following internet security threats could compromise integrity?
Question65: During an IS audit of a data center, it was found that programmers are allowed to make emergency fixes to
operational programs. Which of the following should be the IS auditor's PRIMARY recommendation?
Question66: Which of the following should be done FIRST to effectively define the IT audit universe for an entity with multiple business lines?
Question67: What increases encryption overhead and cost the most?
Question68: Which of the following programs would a sound information security policy MOST likely include to handle suspected intrusions?
Question69: A business application system accesses a corporate database using a single ID and password embedded in a program. Which of the following would provide efficient access control over the organization's data?
Question70: At a hospital, medical personal carry handheld computers which contain patient health data. These handheld computers are synchronized with PCs which transfer data from a hospital database. Which of the following would be of the most importance?
Question71: During the extraction and transfer process of data from an application database to an enterprise data warehouse, some of the fields were not picked up in the extraction process and therefore did not end up in the data warehouse. Which of the following is the GREATEST concern with this situation?
Question72: Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the username and password are the same. The BEST control to mitigate this risk is to:
Question73: In planning an audit, the MOST critical step is the identification of the:
Question74: Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data?
Question75: Overall responsibility for approving logical access rights to information assets should reside with the:
Question76: Which of the following access rights in the production environment should be granted to a developer to maintain segregation of duties?
Question77: An IS auditor finds that needed security patches cannot be applied to some of an organization's network devices due to compatibility issues. The organization has not budgeted sufficiently for security upgrades. Which of the following should the auditor recommend be done FIRST?
Question78: During the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful:
Question79: An external security audit risk has reported multiple instances of control noncompliance. Which of the following would be MOST important for the information security manager to communicate to senior management?
Question80: Which of the following is an effective method for controlling downloading of files via FTP?
Question81: The FIRST step in a successful attack to a system would be:
Question82: During an audit of a disaster recovery plan (DRP) for a critical business area, an IS auditor finds that not all critical systems are covered. What should the auditor do NEXT?
Question83: An IT steering committee should review information systems PRIMARILY to assess:
Question84: Change control for business application systems being developed using prototyping could be complicated by the:
Question85: Which of the following is a benefit of the DevOps development methodology?
Question86: The BEST way to assure an organization's board of directors that IT strategies support business objectives
is to:
Question87: Which of the following should be of GREATEST concern to an IS auditor reviewing an organization's IT process performance reports over the last quarter?
Question88: The logical exposure associated with the use of a checkpoint restart procedure is:
Question89: An IS auditor examining the configuration of an operating system to verify the controls should review the:
Question90: Which of the following is MOST important for an IS auditor to understand when planning an IS audit?
Question91: A data breach has occurred at a third-party vendor used by an organization to outsource the processing of
its customer data. What should be management's FIRST course of action?
Question92: Which of the following is the BEST recommendation to prevent fraudulent electronic funds transfers by accounts payable employees?
Question93: Which of the following reports should an IS auditor use to check compliance with a service level agreement's (SLA) requirement for uptime?
Question94: Which of the following refers to the act of creating and using an invented scenario to persuade a target to perform an action?
Question95: Which of the following would provide the BEST evidence of successfully completed batch uploads?
Question96: Which of the following sampling methods is MOST useful when testing for compliance?
Question97: What is the PRIMARY benefit of an audit approach which requires reported findings to be issued together with related action plans, owners, and target dates?
Question98: Following best practices, formal plans for implementation of new information systems are developed during the:
Question99: Proper segregation of duties prevents a computer operator (user) from performing security administration duties. True or false?
Question100: During an audit of a business continuity plan (BCP), an IS auditor found that, although all departments were
housed in the same building, each department had a separate BCP. The IS auditor recommended that the
BCPs be reconciled. Which of the following areas should be reconciled FIRST?
Question101: A multinational organization is integrating its existing payroll system with a human resource information system. Which of the following should be of GREATEST concern to the IS auditor?
Question102: Utilizing external resources for highly technical information security tasks allows an information security manager to:
Question103: Which of the following would contribute MOST to an effective business continuity plan (BCP)?
Question104: An internet-based attack using password sniffing can:
Question105: An organization has implemented a control to help ensure databases containing personal information will not be updated with online transactions that are incomplete due to connectivity issues. Which of the following information attributes is PRIMARILY addressed by this control?
Question106: How does the SSL network protocol provide confidentiality?
Question107: Which of the following should be included in emergency change control procedures?
Question108: Which of the following would be the MOST effective control to mitigate unintentional misuse of authorized access?
Question109: An IS auditor is reviewing an organization's implementation of a bring your own device (BYOD) program.
Which of following would be the BEST recommendation to help ensure sensitive data is protected if a device is in the possession of an unauthorized individual?
Question110: Which of the following would MOST effectively minimize the risk of unauthorized online banking customer transactions due to phishing?
Question111: Which of the following layer of the OSI model provides a standard interface for applications to communicate with devices on a network?
Question112: An information security manager has observed multiple exceptions for a number of different security
controls. Which of the following should be the information security manager's FIRST course of action?
Question113: Which of the following provides the MOST reliable audit evidence on the validity of transactions in a financial application?
Question114: What is an initial step in creating a proper firewall policy?
Question115: Which of the following techniques would provide the BEST assurance to an IS auditor that all necessary data has been successfully migrated from a legacy system to a modern platform?
Question116: Which of the following intrusion detection systems (IDSs) will MOST likely generate false alarms resulting from normal network activity?
Question117: Although BCP and DRP are often implemented and tested by middle management and end users, the ultimate responsibility and accountability for the plans remain with executive management, such as the
_______________________. (fill-in-the-blank)
Question118: To determine if unauthorized changes have been made to production code the BEST audit procedure is to:
Question119: To aid management in achieving IT and business alignment, an IS auditor should recommend the use of:
Question120: Diskless workstation is an example of:
Question121: Digital signatures are an effective control method for information exchange over an insecure network because they:
Question122: Which of the following is NOT a disadvantage of Single Sign On (SSO)?
Question123: Which of the following is an advantage of an integrated test facility (ITF)?
Question124: When conducting a post-implementation review of a new software application, an IS auditor should be MOST concerned with an increasing number of
Question125: The MAIN purpose for periodically testing offsite facilities is to:
Question126: When classifying information, it is MOST important to align the classification to:
Question127: the use of a cloud service provider to obtain additional computing power needed tor software development and testing Which of the following service models is MOST appropriate in tins situation?
Question128: An organization offers an online information security awareness program to employees on an annual basis. Which of the following from an audit of the program should be the auditor's GREATEST concern?
Question129: Which of the following would be the MOST secure firewall system?
Question130: The information security policy that states 'each individual must have their badge read at every controlled
door' addresses which of the following attack methods?
Question131: Which of the following controls can BEST detect accidental corruption during transmission of data across a network?
Question132: You should know the difference between an exploit and a vulnerability. Which of the following refers to a
weakness in the system?
Question133: The GREATEST advantage of using web services for the exchange of information between two systems is:
Question134: The output of the risk management process is an input for making:
Question135: Which of the following is the MOST effective way to identify anomalous transactions when performing a payroll fraud audit?
Question136: What supports data transmission through split cable facilities or duplicate cable facilities?
Question137: Which of the following system deployments requires the cloud provider to assume the widest range of responsibilities for data protection?
Question138: After an employee termination, a network account was removed, but the application account remained active. To keep this issue from recurring, which of the following is the BEST recommendation?
Question139: In an environment where most IT services have been outsourced, continuity planning is BEST controlled by:
Question140: An IS auditor is assigned to perform a postimplementation review of an application system. Which of the following situations may have impaired the independence of the IS auditor? The IS auditor:
Question141: Responsibility and reporting lines cannot always be established when auditing automated systems since:
Question142: An IS auditor is reviewing the business requirements 'or the deployment of a new website Which of the following cryptographic systems would provide the BEST evidence of secure communications on the internet?
Question143: A top-down approach to the development of operational policies will help ensure:
Question144: Which of the following refers to a symmetric key cipher which operates on fixedlength groups of bits with an unvarying transformation?
Question145: An information security manager is developing evidence preservation procedures for an incident response
plan. Which of the following would be the BEST source of guidance for requirements associated with the
procedures?
Question146: Proper segregation of duties prohibits a system analyst from performing quality-assurance functions. True
or false?
Question147: To determine who has been given permission to use a particular system resource, an IS auditor should review:
Question148: The performance of an order-processing system can be measured MOST reliably by monitoring:
Question149: An IS auditor noted that an organization had adequate business continuity plans (BCPs) for each individual
process, but no comprehensive BCP. Which would be the BEST course of action for the IS auditor?
Question150: Who is responsible for the overall direction, costs, and timetables for systems-development projects?
Question151: An IS auditor reviews an organizational chart PRIMARILY for:
Question152: What is a risk associated with attempting to control physical access to sensitive areas such as computer rooms using card keys or locks?
Question153: An organization performs nightly backups but does not have a formal policy. An IS auditor should FIRST:
Question154: When implementing an IT governance framework in an organization the MOST important objective is:
Question155: Establishing data ownership is an important first step for which of the following processes?
Question156: An IS auditor is reviewing security policies and finds no mention of the return of corporate-owned smartphones upon termination of employment. The GREATEST risk arising from this situation is that unreturned devices:
Question157: Which of the following control make sure that input data comply with predefined criteria maintained in computerized table of possible values?
Question158: An IS auditor discovers that several desktop computers contain unauthorized software. Which of the following would be the auditor's BEST course of action?
Question159: An IS auditor is reviewing the performance outcomes of controls in an agile development project. Which of the following would provide the MOST relevant evidence for the auditor to consider?
Question160: The frequent updating of which of the following is key to the continued effectiveness of a disaster recovery plan (DRP)?
Question161: Which of the following can help detect transmission errors by appending specially calculated bits onto the end of each segment of data?
Question162: During an IS audit, auditor has observed that authentication and authorization steps are split into two functions and there is a possibility to force the authorization step to be completed before the authentication step. Which of the following technique an attacker could user to force authorization step before authentication?
Question163: .Which of the following provides the strongest authentication for physical access control?
Question164: E-mail traffic from the Internet is routed via firewall-1 to the mail gateway. Mail is routed from the mail gateway, via firewall-2, to the mail recipients in the internal network. Other traffic is not allowed. For example, the firewalls do not allow direct traffic from the Internet to the internal network.

The intrusion detection system (IDS) detects traffic for the internal network that did not originate from the mail gateway. The FIRST action triggered by the IDS should be to:
Question165: Data anonymizabon helps to prevent which types of attacks in a big data environment?
Question166: An IS auditor found that a company executive is encouraging employee use of social networking sites for
business purposes. Which of the following recommendations would BEST help to reduce the risk of data
leakage?
Question167: Which of the following should the IS auditor use to BEST determine whether a project has met its business objectives?
Question168: Which of the following is an appropriate test method to apply to a business continuity plan (BCP)?
Question169: The PRIMARY purpose of an IT forensic audit is:
Question170: Which of the following is the GREATEST concern associated with control self-assessments (CSAs)?
Question171: Which of the following is MOST critical for the effective implementation of IT governance?
Question172: An organization is acquiring a new customer relationship management (CRM) system In which of the following would the IS auditor find the MOST relevant information on projected cost savings?
Question173: When auditing a proxy-based firewall, an IS auditor should:
Question174: An IS auditor has imported data from the client's database. The next step-confirming whether the imported data are complete-is performed by:
Question175: Which of the following is a distinguishing feature at the highest level of a maturity model?
D18912E1457D5D1DDCBD40AB3BF70D5D
Question176: An IS auditor conducting audit follow-up activities learns that some previously agreed-upon corrective
actions have not been taken and that the associated risk has been accepted by senior management. If the
auditor disagrees with management's decision, what is the BEST way to address the situation?
Question177: The MOST likely effect of the lack of senior management commitment to IT strategic planning is:
Question178: Which of the following layer of an enterprise data flow architecture is responsible for data copying, transformation in Data Warehouse (DW) format and quality control?
Question179: An IS auditor is reviewing a project to implement a payment system between a parent bank and a subsidiary. The IS auditor should FIRST verify that the:
Question180: Which of the following is the PRIMARY objective of baselining the IT control environment?
Question181: Which of the following is the MOST important difference between end-user computing (EUC) applications and traditional applications?
Question182: As a driver of IT governance, transparency of IT's cost, value and risks is primarily achieved through:
Question183: Since data storage of a critical business application is on a redundant array of inexpensive disks (RAID).
Backup are not considered essential. The IS auditor should recommend proper backup because RAID:
Question184: After initial investigation, an IS auditor has reasons to believe that fraud may be present. The IS auditor should:
Question185: What control detects transmission errors by appending calculated bits onto the end of each segment of data?
Question186: Which of the following BEST enables timely detection of changes in the IT environment to support informed decision making by management?
Question187: A risk analysis for a new system is being performed. For which of the following is business knowledge MORE important than IT knowledge?
Question188: To support an organization's goals, an IS department should have:
Question189: An IS auditor is reviewing the performance outcomes of controls in an agile development project. Which of
the following would provide the MOST relevant evidence for the auditor to consider?
Question190: Which of the following backup schemes is the BEST option when storage media is limited?
Question191: There are several types of penetration tests depending upon the scope, objective and nature of a test.
Which of the following describes a penetration test where you attack and attempt to circumvent the controls of the targeted network from the outside, usually the Internet?
Question192: Which of the following BEST reduces the ability of one device to capture the packets that are meant for
another device?
Question193: The PRIMARY purpose of audit trails is to:
Question194: Transmitting redundant information with each character or frame to facilitate detection and correction of errors is called a:
Question195: Which of the following is the GREATEST security threat when an organization allows remote access to a
virtual private network (VPN)?
Question196: During a review of an insurance company s claims system, the IS auditor learns that claims for specific medical procedures are acceptable only from females This is an example of a:
Question197: Which of the following would represent an acceptable test of an organization s business continuity plan?
Question198: During an IS audit, auditor has observed that authentication and authorization steps are split into two
functions and there is a possibility to force the authorization step to be completed before the authentication
step. Which of the following technique an attacker could user to force authorization step before
authentication?
Question199: In the process of evaluating program change controls, an IS auditor would use source code comparison
software to:
Question200: Talking about the different approaches to security in computing, the principle of regarding the computer
system itself as largely an untrusted system emphasizes:
Question201: The difference between a vulnerability assessment and a penetration test is that a vulnerability
assessment:
Question202: An IS auditor should be concerned when a telecommunication analyst:
Question203: When reviewing the procedures for the disposal of computers, which of the following should be the GREATEST concern for the IS auditor?
Question204: A legacy application is running on an operating system that is no longer supported by the vendor. If the organization continues to use the current application, which of the following should be the IS auditor's GREATEST concern?
Question205: An IS auditor determines that a business impact analysis (BIA) was not conducted during the development of a business continuity plan (BCP). What is the MOST significant risk that could result from this situation?
Question206: Which of the following type of an IDS resides on important systems like database, critical servers and monitors various internal resources of an operating system?
Question207: Which of the following fire suppression systems needs to be combined with an automate switch to shut down the electricity supply in the event of activation?
Question208: The success of control self-assessment (CSA) highly depends on:
Question209: .What is the recommended initial step for an IS auditor to implement continuous-monitoring systems?
Question210: Which of the following append themselves to files as a protection against viruses?
Question211: During an ongoing audit management requests a briefing on the findings to date Which of the following is the IS auditor's BEST course of action? *
Question212: What is used as a control to detect loss, corruption, or duplication of data?
Question213: In RFID technology which of the following risk could represent a threat to non-RFID networked or collocated systems, assets, and people?
Question214: Which of the following poses the GREATEST risk to the enforceability of networking policies in a virtualized environment?
Question215: An organization has recently implemented a Voice-over IP (VoIP) communication system. Which of the following should be the IS auditor's PRIMARY concern?
Question216: A review of wide area network (WAN) usage discovers that traffic on one communication line between sites, synchronously linking the master and standby database, peaks at 96 percent of the line capacity. An IS auditor should conclude that:
Question217: Which of the following attacks would MOST likely result in the interception and modification of traffic for mobile phones connecting to potentially insecure public Wi-Fi networks?
Question218: Which of the following is the BEST approach to identify whether a vulnerability is actively being exploited?
Question219: Which of the following would provide the STRONGEST indication that senior management commitment to information security is lacking within an organization?
Question220: What is the primary objective of a control self-assessment (CSA) program?
Question221: What would an IS auditor expect to find in the console log?
Question222: Which of the following tasks should be performed FIRST when preparing a disaster recovery plan?
Question223: E-mail traffic from the Internet is routed via firewall-1 to the mail gateway. Mail is routed from the mail gateway, via firewall-2, to the mail recipients in the internal network. Other traffic is not allowed. For example, the firewalls do not allow direct traffic from the Internet to the internal network.

The intrusion detection system (IDS) detects traffic for the internal network that did not originate from the mail gateway. The FIRST action triggered by the IDS should be to:
Question224: An IS auditor Is reviewing a complete population of incidents to assess an organization's incident management process. Which of the following observations should be the IS auditor's GREATEST concern?
Question225: When developing a risk management program, what is the FIRST activity to be performed?
Question226: Many organizations require an employee to take a mandatory vacation (holiday) of a week or more to:
Question227: Which of the following is the MOST important determining factor when establishing appropriate timeframes for follow-up activities related to audit findings?
Question228: If a database is restored using before-image dumps, where should the process begin following an interruption?
Question229: Which of the following cryptographic systems is MOST appropriate for bulk data encryption and small devices such as smart cards?
Question230: Audit management has just completed the annual audit plan for the upcoming year, which consists entirely
of high-risk processes. However, it is determined that there are insufficient resources to execute the plan.
What should be done NEXT?
Question231: Which of the following would be the MOST cost-effective recommendation for reducing the number of defects encountered during software development projects?
Question232: A help desk has been contacted regarding a lost business mobile device The FIRST course of action should be to
Question233: What is the first step in a business process re-engineering project?
Question234: Which of the following types of attack works by taking advantage of the unenforced and unchecked
assumptions the system makes about its inputs?
Question235: Processing controls ensure that data is accurate and complete, and is processed only through which of the following?
Question236: Which of the following is MOST important for an IS auditor to understand when planning an IS audit?
Question237: Which of the following would provide the BEST evidence for an IS auditor to determine whether segregation of duties is in place?
Question238: Which of the following step of PDCA establishes the objectives and processes necessary to deliver results
in accordance with the expected output?
Question239: The GREATEST risk posed by an improperly implemented intrusion prevention system (IPS) is:
Question240: Which of the following is the BEST reason for delaying the application of a critical security patch?
Question241: Which of the following would BEST ensure continuity of a wide area network (WAN) across the organization?
Question242: Parity bits are a control used to validate:
Question243: If a programmer has update access to a live system, IS auditors are more concerned with the
programmer's ability to initiate or modify transactions and the ability to access production than with the
programmer's ability to authorize transactions. True or false?
Question244: A multinational organization is introducing a security governance framework. The information security
manager's concern is that regional security practices differ. Which of the following should be evaluated
FIRST?
Question245: The information security policy that states 'each individual must have their badge read at every controlled door' addresses which of the following attack methods?
Question246: The reason a certification and accreditation process is performed on critical systems is to ensure that:
Question247: An IS auditor should carefully review the functional requirements in a system-development project to
ensure that the project is designed to:
Question248: Which of the following components is responsible for the collection of data in an intrusion detection system (IDS)?
Question249: Network environments often add to the complexity of program-to-program communication, making the implementation and maintenance of application systems more difficult. True or false?
Question250: Which of the following is a characteristic of a single mirrored data center used for disaster recovery?
Question251: An IS audit manager is preparing the starling plan for an audit engagement of a cloud service provider What should be the manager's PRIMARY concern when made aware that a new auditor in the department previous worked for this provider?
Question252: The use of cookies constitutes the MOST significant security threat when they are used lor
Question253: The BEST way to evaluate a shared control environment is to obtain an assurance report and review which of the following?
Question254: Which of the following would provide the BEST evidence of successfully completed batch uploads?
Question255: maturity model is useful in the assessment of IT service management because it:
Question256: Which is a clear indicator that an organization's IS strategic planning is inadequate?
Question257: Which of the following transmission media is LEAST vulnerable to cross talk?
Question258: The responsibility for authorizing access to application data should be with the:
Question259: An organization has installed blade server technology in its data center. To determine whether higher cooling demands are maintained, which of the following should the IS auditor review?
Question260: Which of the following are designed to detect network attacks in progress and assist in post-attack forensics?
Question261: Which of the following controls should be implemented to BEST minimize system downtime for maintenance?
Question262: An organization is using an enterprise resource management (ERP) application. Which of the following would be an effective access control?
Question263: During an audit of a telecommunications system, an IS auditor finds that the risk of intercepting data transmitted to and from remote sites is very high. The MOST effective control for reducing this exposure is:
Question264: Functional acknowledgements are used:
Question265: Which of the following is the BEST detective control for a job scheduling process involving data transmission?
Question266: At the completion of a system development project, a post project review should include which of the following?
Question267: Hamid needs to shift users from using the application from the existing (Old) system to the replacing (new)
system. His manager Lily has suggested he uses an approach in which the newer system is changed over
from the older system on a cutoff date and time and the older system is discontinued once the changeover
to the new system takes place. Which of the following changeover approach is suggested by Lily?
Question268: Which of the following control testing approaches is BEST used to evaluate a control's ongoing effectiveness by comparing processing results to independently calculated data?
Question269: An organization has a mix of access points that cannot be upgraded to stronger security and newer access
points having advanced wireless security. An IS auditor recommends replacing the non-upgradeable
access points. Which of the following would BEST justify the IS auditor's recommendation?
Question270: Which of the following is the MOST important consideration when sampling is required to validate management's remediation of audit findings?
Question271: The MAIN reason an organization's incident management procedures should include a post-incident review is to:
Question272: To install backdoors, hackers generally prefer to use:
Question273: As part of an IS audit, the auditor notes the practices listed below.
Which of the following would be a segregation of duties concern?
Question274: .What is an acceptable recovery mechanism for extremely time-sensitive transaction processing?
Question275: An organization has implemented periodic reviews of logs showing privileged user activity production servers. Which type of control has been established?
Question276: When using a digital signature, the message digest is computed:
Question277: Which of the following would be the MOST cost-effective recommendation for reducing the number of defects encountered during software development projects?
Question278: To help ensure the organization's information assets are adequately protected, which of the following considerations is MOST important when developing an information classification and handling policy?
Question279: What kind of protocols does the OSI Transport Layer of the TCP/IP protocol suite provide to ensure reliable communication?
Question280: Which of the following is the MOST important reason to use statistical sampling?
Question281: A data administrator is responsible for:
Question282: Which of the following is MOST important with regard to an application development acceptance test?
Question283: IS management recently replaced its existing wired local area network (LAN) with a wireless infrastructure to accommodate the increased use of mobile devices within the organization. This will increase the risk of which of the following attacks?
Question284: What benefit does using capacity-monitoring software to monitor usage patterns and trends provide to management?
Question285: When developing metrics to measure the contribution of IT to the achievement of business goals, the MOST important consideration is that the metrics:
Question286: Which of the following is the MOST effective control over visitor access to a data center?
Question287: Which of the following protocol is developed jointly by VISA and Master Card to secure payment transactions among all parties involved in credit card transactions on behalf of cardholders and merchants?
Question288: Proper segregation of duties normally does not prohibit a LAN administrator from also having programming responsibilities. True or false?
Question289: Which of the following access control situations represents the MOST serious control weakness?
Question290: Which of the following goals would you expect to find in an organization's strategic plan?
Question291: As part of business continuity planning, which of the following is MOST important to include in a business
impact analysis?
Question292: Which of the following comparisons are used for identification and authentication in a biometric system?
Question293: Which of the following should be performed FIRST when preparing to deploy a major upgrade to a critical online application?
Question294: Which of the following is the MOST important outcome of effective risk treatment?
Question295: As an IS auditor it is very important to understand software release management process. Which of the
following software release normally contains small enhancements and fixes?
Question296: Which of the following is the MOST robust method for disposing of magnetic media that contains confidential information?
Question297: The goal of an information system is to achieve integrity, authenticity and non-repudiation of information's sent across the network. Which of the following statement correctly describe the steps to address all three?
Question298: To ensure authentication, confidentiality and integrity of a message, the sender should encrypt the hash of the message with the sender's:
Question299: During an audit of a business continuity plan (BCP), an IS auditor found that, although all departments were housed in the same building, each department had a separate BCP. The IS auditor recommended that the BCPs be reconciled. Which of the following areas should be reconciled FIRST?
Question300: Which of the following types of spyware was originally designed for determining the sources of error or for measuring staff productivity?
Question301: What is BEST for an IS auditor lo review when assessing the effectiveness of changes recently made to processes and tools related to an organization's business continuity plan (BCP)?
Question302: Which of the following would BEST help to support an auditor's conclusion about the effectiveness of an
implemented data classification program?
Question303: Which of the following is an IS auditor s GREATEST concern when an organization does not regularly update software on individual workstations in the internal environment?
Question304: A sender of an e-mail message applies a digital signature to the digest of the message. This action provides assurance of the:
Question305: Which of the following types of testing would determine whether a new or modified system can operate in its target environment without adversely impacting other existing systems?
Question306: Which of the following should be performed immediately after a computer security incident has been detected and analyzed by an incident response team?
Question307: An IS auditor attempting to determine whether access to program documentation is restricted to authorized persons would MOST likely:
Question308: Which of the following layer of an enterprise data flow architecture does the scheduling of the tasks necessary to build and maintain the Data Warehouse (DW) and also populates Data Marts?
Question309: Which of the following would provide the BEST evidence for use in a forensic investigation of an employee's hard drive?
Question310: .When auditing third-party service providers, an IS auditor should be concerned with which of the following? Choose the BEST answer.
Question311: What is a data validation edit control that matches input data to an occurrence rate? Choose the BEST
answer.
Question312: What a the BEST control to address SOL injection vulnerabilities?
Question313: A virtual private network (VPN) provides data confidentiality by using:
Question314: Which of the following would BEST indicate the effectiveness of a security awareness training program?
Question315: An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization has discovered the following:
The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization's IT department using transaction flow projections from the operations department.
The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting their attention.
The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for its area in the event of a disruptive incident. The IS auditor's report should recommend that:
Question316: Which of the following database controls would ensure that the integrity of transactions is maintained in an online transaction processing system's database?
Question317: During a review of operations, it is noted that during a batch update, an error was detected and the database initiated a roll-back. An IT operator stopped the roll-back and re-initiated the update. What should the operator have done PRIOR to re-initiating the update?
Question318: Which of the following is MOST important for an organization to complete when planning a new marketing
platform that targets advertising based on customer behavior?
Question319: What is a data validation edit control that matches input data to an occurrence rate? Choose the BEST answer.
Question320: Which of the following is the MOST important prerequisite for implementing a data loss prevention (DLP) tool?
Question321: An organization was severely impacted alter an advanced persistent threat (APT) attack Afterwards it was found that the initial breach happened a month prior to the attack. Management's GREATEST concern should be
Question322: Which of the following should be an IS auditor's GREATEST concern when a security audit reveals the organization's vulnerability assessment approach is limited to running a vulnerability scanner on its network?
Question323: An IS auditor reviewing wireless network security determines that the Dynamic Host Configuration Protocol is disabled at all wireless access points. This practice:
Question324: By evaluating application development projects against the capability maturity model (CMM), an IS auditor should be able to verify that:
Question325: Which of the following protocol is used for electronic mail service?
Question326: Which of the following functionality is NOT performed by the application layer of a TCP/IP model?
Question327: Mitigating the risk and impact of a disaster or business interruption usually takes priority over transference of risk to a third party such as an insurer. True or false?
Question328: Critical processes are not defined in an organization's business continuity plan (BCP). Which of the following would have MOST likely identified this gap?
Question329: The MOST effective control for addressing the risk of piggybacking is:
Question330: The development of an IS security policy is ultimately the responsibility of the:
Question331: The MOST effective biometric control system is the one:
Question332: Which of the following cloud deployment model is provisioned for open use by the general public?
Question333: Which of the following would provide the BEST assurance that an organization's backup media is adequate in the case of a disaster?
Question334: An IS auditor observes that the CEO has full access to the enterprise resource planning (ERP) system. The
IS auditor should FIRST:
Question335: While reviewing the IT infrastructure, an IS auditor notices that storage resources are continuously being added. The IS auditor should:
Question336: Which of the following is the MOST effective data loss control when connecting a personally owned mobile device to the corporate email system?
Question337: Which of the following is a prevalent risk in the development of end-user computing (EUC) applications?
Question338: Which of the following is the MOST effective way to achieve the integration of information security governance into corporate governance?
Question339: Which of the following is the FIRST step in initiating a data classification program?
Question340: Which of the following sampling techniques is BEST to use when verifying the operating effectiveness of internal controls during an audit of transactions?
Question341: Which of the following could an IS auditor recommend to improve the estimated resources required in system development?
Question342: Which of the following tools are MOST helpful for benchmarking an existing IT capability?
Question343: To address the issue that performance pressures on IT may conflict with information security controls, it is
MOST important that:
Question344: To ensure confidentiality through the use of asymmetric encryption, a message is encrypted with which of the following?
Question345: During the due diligence phase of an acquisition, the MOST important course of action for an information security manager would be to:
Question346: A local area network (LAN) administrator normally would be restricted from:
Question347: Which of the following is the BEST way to increase the effectiveness of security incident detection?
Question348: The PRIMARY role of a control self-assessment (CSA) facilitator is to:
Question349: What is an effective control for granting temporary access to vendors and external support personnel?
Question350: The PRIMARY objective of performing a postincident review is that it presents an opportunity to:
Question351: internal IS auditor recommends that incoming accounts payable payment files be encrypted. Which type of control is the auditor recommending?
Question352: Which of the following controls should be implemented to BEST minimize system downtime for maintenance?
Question353: A database is denormalized in order to:
Question354: Following a successful attack on an organization's web server, which of the following actions should be
performed FIRST?