EMT Practice Test

1. Question Content...


Question List

Question1: The GREATEST benefit of using a polo typing approach in software development is that it helps to:

Question2: An organizations audit charier PRIMARILY:

Question3: Which of the following should be an IS auditor's GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?

Question4: Spreadsheets are used to calculate project cost estimates. Totals for each cost category are then keyed into the job-costing system. What is the BEST control to ensure that data is accurately entered into the system?

Question5: Which of the following types of firewalls provide the GREATEST degree of control against hacker intrusion?

Question6: An IS auditor discovers that validation controls m a web application have been moved from the server side Into the browser to boost performance This would MOST likely increase the risk of a successful attack by.

Question7: Which of the following activities provides an IS auditor with the MOST insight regarding potential single person dependencies that might exist within the organization?

Question8: An IT balanced scorecard is the MOST effective means of monitoring:

Question9: Which of the following concerns is BEST addressed by securing production source libraries?

Question10: Which of the following documents would be MOST useful in detecting a weakness in segregation of duties?

Question11: An IS auditor suspects an organization's computer may have been used to commit a crime. Which of the following is the auditor s BEST course of action?

Question12: Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organizations information security policy?

Question13: Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?

Question14: Which of the following is the PRIMARY role of the IS auditor m an organization's information classification process?

Question15: When reviewing an organization's information security policies, an IS auditor should verify that the policies have been defined PRIMARILY on the basis of

Question16: The implementation of an IT governance framework requires that the board of directors of an organization:

Question17: Which of the following BEST ensures the quality and integrity of test procedures used in audit analytics?

Question18: When auditing the alignment of IT to the business strategy, it is MOST Important for the IS auditor to:

Question19: During the discussion of a draft audit report. IT management provided suitable evidence fiat a process has been implemented for a control that had been concluded by the IS auditor as Ineffective. Which of the following is the auditor's BEST action?

Question20: A new regulation in one country of a global organization has recently prohibited cross-border transfer of personal data. An IS auditor has been asked to determine the organization's level of exposure in the affected country. Which of the following would be MOST helpful in making this assessment?

Question21: When auditing the security architecture of an online application, an IS auditor should FIRST review the:

Question22: Cross-site scripting (XSS) attacks are BEST prevented through:

Question23: An IS auditor is examining a front-end sub ledger and a main ledger Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?

Question24: Which of the following findings from an IT governance review should be of GREATEST concern?

Question25: During the design phase of a software development project, the PRIMARY responsibility of an IS auditor is to evaluate the:

Question26: An IS auditor is conducting a post-implementation review of an enterprise resource planning (ERP) system. End users indicated concerns with the accuracy of critical automatic calculations made by the system. The auditor's FIRST course of action should be to:

Question27: Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organizations information security policy?

Question28: What is the BEST control to address SQL injection vulnerabilities?

Question29: Which of the following is MOST important for an IS auditor to examine when reviewing an organization's privacy policy?

Question30: Which of the following is the BEST control to mitigate the malware risk associated with an instant messaging (IM) system?

Question31: An IS auditor notes that IT and the business have different opinions on the availability of their application servers Which of the following should the IS auditor review FIRST in order to understand the problem?

Question32: Which of the following is an example of a preventative control in an accounts payable system?

Question33: An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization s objectives?

Question34: An IS auditor is analyzing a sample of accesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found Which sampling method would be appropriate?

Question35: The PRIMARY focus of a post-implementation review is to verify that:

Question36: Which of the following is MOST important to ensure when planning a black box penetration test?

Question37: An organization has developed mature risk management practices that are followed across all departments What is the MOST effective way for the audit team to leverage this risk management maturity?

Question38: An IS auditor is reviewing security controls related to collaboration tools for a business unit responsible for intellectual property and patents. Which of the following observations should be of MOST concern to the auditor?

Question39: During a new system implementation, an IS auditor has been assigned to review risk management at each milestone. The auditor finds that several risks to project benefits have not been addressed. Who should be accountable for managing these risks?

Question40: Which of the following is the BEST source of information tor an IS auditor to use when determining whether an organization's information security policy is adequate?

Question41: To enable the alignment of IT staff development plans with IT strategy, which of the following should be done FIRST?

Question42: An IS auditor will be testing accounts payable controls by performing data analytics on the entire population of transactions. Which of the following is MOST important for the auditor to confirm when sourcing the population data?

Question43: An IS auditor finds that a key Internet-facing system is vulnerable to attack and that patches are not available. What should the auditor recommend be done FIRST?

Question44: Which of the following occurs during the issues management process for a system development project?

Question45: Which of the following is MOST important with regard to an application development acceptance test?

Question46: Which of the following is the BEST data integrity check?

Question47: The PRIMARY benefit lo using a dry-pipe fire-suppression system rather than a wet-pipe system is that a dry-pipe system:

Question48: The PRIMARY advantage of object-oriented technology is enhanced:

Question49: When determining whether a project in the design phase will meet organizational objectives what is BEST to compare against the business case?

Question50: An organization conducted an exercise to test the security awareness level of users by sending an email offering a cash reward 10 those who click on a link embedded in the body of the email. Which of the following metrics BEST indicates the effectiveness of awareness training?

Question51: Which of the following is the BEST method to prevent wire transfer fraud by bank employees?

Question52: Which of the following is the PRIMARY concern when negotiating a contract for a hot site?

Question53: Which of the following is the GREATEST risk associated with storing customer data on a web server?

Question54: When implementing Internet Protocol security (IPsec) architecture, the servers involved in application delivery:

Question55: An internal audit department recently established a quality assurance (QA) program. Which of the following activities is MOST important to include as part of the QA program requirements?

Question56: During the planning stage of a compliance audit an IS auditor discovers that a bank's Inventory of compliance requirements does not include recent regulatory changes related to managing data risk. What should the auditor do FIRST?

Question57: Which of the following is MOST important for an IS auditor to do during an exit meeting with an auditee?

Question58: During an IT governance audit, an IS auditor notes that IT policies and procedures are not regularly reviewed and updated. The GREATEST concern to the IS auditor is that policies and procedures might not:

Question59: Which of the following would BEST determine whether a post-implementation review (PIR) performed by the project management office (PMO) was effective?

Question60: Which of the following is an audit reviewer's PRIMARY role with regard to evidence?

Question61: What should be the PRIMARY basis for selecting which IS audits to perform in the coming year?

Question62: An organization is planning an acquisition and has engaged an IS auditor lo evaluate the IT governance framework of the target company. Which of the following would be MOST helpful In determining the effectiveness of the framework?

Question63: An organization with many desktop PCs is considering moving to a thin client architecture. Which of the following is the MAJOR advantage?

Question64: Which of the following is the BEST justification for deferring remediation testing until the next audit?

Question65: An IS auditor notes that several employees are spending an excessive amount of time using social media sites for personal reasons. Which of the following should the auditor recommend be performed FIRST?

Question66: During the evaluation of controls over a major application development project, the MOST effective use of an IS auditor's time would be to review and evaluate:

Question67: The performance, risks, and capabilities of an IT infrastructure are BEST measured using a:

Question68: A manager identifies active privileged accounts belonging to staff who have left the organization. Which of the following is the threat actor In this scenario?

Question69: Which of the following is the BEST recommendation to prevent fraudulent electronic funds transfers by accounts payable employees?

Question70: An organization has recently implemented a Voice-over IP (VoIP) communication system. Which ot the following should be the IS auditor's PRIMARY concern?

Question71: Which of the following will MOST likely compromise the control provided by a digital signature created using RSA encryption?

Question72: An organization is considering allowing users to connect personal devices to the corporate network. Which of the following should be done FIRST?

Question73: An IS auditor concludes that an organization has a quality security policy. Which of the following is MOST important to determine next? The policy must be:

Question74: In an online application which of the following would provide the MOST information about the transaction audit trail?

Question75: Which of the following should be an IS auditor's PRIMARY focus when developing a risk-based IS audit program?