EMT Practice Test

1. Question Content...


Question List

Question1: An information systems security officer's PRIMARY responsibility for business process applications is to:

Question2: IS management has recently disabled certain referential integrity controls in the database management system (DBMS) software to provide users increased query performance. Which of the following controls will MOST effectively compensate for the lack of referential integrity?

Question3: Which of the following is the MOST effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines?

Question4: From an IS auditor's perspective, which of the following would be the GREATEST risk associated with an incomplete inventory of deployed software in an organization?

Question5: During an ongoing audit, management requests a briefing on the findings to date. Which of the following is the IS auditor's BEST course of action?

Question6: During the discussion of a draft audit report. IT management provided suitable evidence fiat a process has been implemented for a control that had been concluded by the IS auditor as Ineffective. Which of the following is the auditor's BEST action?

Question7: In an online application which of the following would provide the MOST information about the transaction audit trail?

Question8: An incorrect version of source code was amended by a development team, This MOST likely indicates a weakness in:

Question9: Which of the following is the MOST important prerequisite for the protection of physical information assets in a data center?

Question10: Which of the following is the BEST source of information tor an IS auditor to use when determining whether an organization's information security policy is adequate?

Question11: Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?

Question12: Which of the following is the GREATEST risk associated with storing customer data on a web server?

Question13: Which of the following activities provides an IS auditor with the MOST insight regarding potential single person dependencies that might exist within the organization?

Question14: Which of the following is the BEST recommendation to prevent fraudulent electronic funds transfers by accounts payable employees?

Question15: Which of the following is MOST important to include in forensic data collection and preservation procedures?

Question16: Which of the following security risks can be reduced by a property configured network firewall?

Question17: Which of the following findings from an IT governance review should be of GREATEST concern?

Question18: A proper audit trail of changes to server start-up procedures would include evidence of:

Question19: An IS auditor will be testing accounts payable controls by performing data analytics on the entire population of transactions. Which of the following is MOST important for the auditor to confirm when sourcing the population data?

Question20: Coding standards provide which of the following?

Question21: Which of the following BEST demonstrates that IT strategy is aligned with organizational goals and objectives?

Question22: Which of the following is an audit reviewer's PRIMARY role with regard to evidence?

Question23: The PRIMARY focus of a post-implementation review is to verify that:

Question24: During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor's NEXT step should be to:

Question25: Which of the following BEST minimizes performance degradation of servers used to authenticate users of an e-commerce website?

Question26: Which of the following is the BEST control to prevent the transfer of files to external parties through instant messaging (IM) applications?

Question27: Which of the following provides the MOST reliable audit evidence on the validity of transactions in a financial application?

Question28: An IS auditor concludes that an organization has a quality security policy. Which of the following is MOST important to determine next? The policy must be:

Question29: In a 24/7 processing environment, a database contains several privileged application accounts with passwords set to "never expire.' Which of the following recommendations would BEST address the risk with minimal disruption to the business?

Question30: When auditing the alignment of IT to the business strategy, it is MOST Important for the IS auditor to:

Question31: Which of the following is the PRIMARY reason to follow a configuration management process to maintain application?

Question32: An IS auditor finds that a key Internet-facing system is vulnerable to attack and that patches are not available. What should the auditor recommend be done FIRST?

Question33: Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?

Question34: An IS auditor notes that IT and the business have different opinions on the availability of their application servers Which of the following should the IS auditor review FIRST in order to understand the problem?

Question35: Which of the following MOST effectively minimizes downtime during system conversions?

Question36: To develop meaningful recommendations 'or findings, which of the following is MOST important 'or an IS auditor to determine and understand?

Question37: Which of the following would BEST demonstrate that an effective disaster recovery plan (DRP) is in place?

Question38: The BEST way to determine whether programmers have permission to alter data in the production environment is by reviewing:

Question39: Which of the following is the PRIMARY reason for an IS auditor to conduct post-implementation reviews?

Question40: Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (lDS)?

Question41: Which of the following is the BEST reason for an organization to use clustering?

Question42: Which of the following would be to MOST concern when determine if information assets are adequately safequately safeguarded during transport and disposal?

Question43: When testing the adequacy of tape backup procedures, which step BEST verifies that regularly scheduled Backups are timely and run to completion?

Question44: Which of the following would be an IS auditor's GREATEST concern when reviewing the early stages of a software development project?

Question45: Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?

Question46: Which of the following tests would provide the BEST assurance that a health care organization is handling patient data appropriately?

Question47: During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period Which of the following is the auditor's MOST important course of action?

Question48: Which of the following Is the BEST way to ensure payment transaction data is restricted to the appropriate users?

Question49: To enable the alignment of IT staff development plans with IT strategy, which of the following should be done FIRST?

Question50: An IS auditor is analyzing a sample of accesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found Which sampling method would be appropriate?

Question51: The decision to accept an IT control risk related to data quality should be the responsibility of the:

Question52: When implementing Internet Protocol security (IPsec) architecture, the servers involved in application delivery:

Question53: During a new system implementation, an IS auditor has been assigned to review risk management at each milestone. The auditor finds that several risks to project benefits have not been addressed. Who should be accountable for managing these risks?

Question54: Which of the following is MOST important to verify when determining the completeness of the vulnerability scanning process?

Question55: What is MOST important to verify during an external assessment of network vulnerability?

Question56: An IS auditor suspects an organization's computer may have been used to commit a crime. Which of the following is the auditor s BEST course of action?

Question57: Due to limited storage capacity, an organization has decided to reduce the actual retention period for media containing completed low-value transactions. Which of the following is MOST important for the organization to ensure?

Question58: Which of the following is the BEST data integrity check?

Question59: An IS auditor is evaluating an organization's IT strategy and plans. Which of the following would be of GREATEST concern?

Question60: An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?

Question61: An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?

Question62: Cross-site scripting (XSS) attacks are BEST prevented through:

Question63: Which of the following strategies BEST optimizes data storage without compromising data retention practices?

Question64: Which of the following should be GREATEST concern to an IS auditor reviewing data conversion and migration during the implementation of a new application system?

Question65: Which of the following is the MOST important benefit of involving IS audit when implementing governance of enterprise IT?

Question66: An IS audit reveals that an organization is not proactively addressing known vulnerabilities. Which of the following should the IS auditor recommend the organization do FIRST?

Question67: Which of the following should be an IS auditor's GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?

Question68: Which of the following is the BEST compensating control when segregation of duties is lacking in a small IS department?

Question69: Which of the following components of a risk assessment is MOST helpful to management in determining the level of risk mitigation to apply?

Question70: Prior to a follow-up engagement, an IS auditor learns that management has decided to accept a level of residual risk related to an audit finding without remediation. The IS auditor is concerned about management's decision. Which of the following should be the IS auditor's NEXT course of action?

Question71: Which of the following is an example of a preventative control in an accounts payable system?

Question72: Which of the following should an IS auditor be MOST concerned with during a post-implementation review?

Question73: Which of the following BEST Indicates that an incident management process Is effective?

Question74: Which of the following is MOST important to consider when scheduling follow-up audits?

Question75: Which of the following is the MOST effective way to maintain network integrity when using mobile devices?

Question76: Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:

Question77: Which audit approach is MOST helpful in optimizing the use of IS audit resources?

Question78: Which of the following documents would be MOST useful in detecting a weakness in segregation of duties?

Question79: Which of the following is MOST important for an effective control self-assessment (CSA) program?

Question80: Which of the following would BEST facilitate the successful implementation of an IT-related framework?

Question81: Which of the following BEST guards against the risk of attack by hackers?

Question82: Which of the following findings should be of GREATEST concern to an IS auditor performing a review of IT operations?

Question83: Which of the following controls BEST ensures appropriate segregation of dudes within an accounts payable department?

Question84: Following a security breach in which a hacker exploited a well-known vulnerability in the domain controller, an IS audit has been asked to conduct a control assessment. the auditor's BEST course of action would be to determine if:

Question85: Which of the following is the MOST effective control to mitigate unintentional misuse of authorized access?

Question86: A new system is being developed by a vendor for a consumer service organization. The vendor will provide its proprietary software once system development is completed Which of the following is the MOST important requirement to include In the vendor contract to ensure continuity?

Question87: Management is concerned about sensitive information being intentionally or unintentionally emailed as attachments outside the organization by employees. What is the MOST important task before implementing any associated email controls?