EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is an executive management concern that could be addressed by the implementation of a security metrics dashboard?

Question2: During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be MOST concerned with the:

Question3: Capacity management enables organizations to:

Question4: Which of the following would provide an IS auditor with the GREATEST assurance that data disposal controls support business strategic objectives?

Question5: Which of the following is the PRIMARY reason to follow a configuration management process to maintain application?

Question6: An IS auditor performs a follow-up audit and learns the approach taken by the auditee to fix the findings differs from the agreed-upon approach confirmed during the last audit. Which of the following should be the auditor's NEXT course of action?

Question7: An organization plans to receive an automated data feed into its enterprise data warehouse from a third-party service provider. Which of the following would be the BEST way to prevent accepting bad data?

Question8: A data breach has occurred due lo malware. Which of the following should be the FIRST course of action?

Question9: Which of the following would be of MOST concern for an IS auditor evaluating the design of an organization's incident management processes?

Question10: Prior to a follow-up engagement, an IS auditor learns that management has decided to accept a level of residual risk related to an audit finding without remediation. The IS auditor is concerned about management's decision. Which of the following should be the IS auditor's NEXT course of action?

Question11: Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?

Question12: Due to a recent business divestiture, an organization has limited IT resources to deliver critical projects Reviewing the IT staffing plan against which of the following would BEST guide IT management when estimating resource requirements for future projects?

Question13: Which of the following demonstrates the use of data analytics for a loan origination process?

Question14: In a RAO model, which of the following roles must be assigned to only one individual?

Question15: Which of the following is MOST important for an IS auditor to review when evaluating the accuracy of a spreadsheet that contains several macros?

Question16: An accounting department uses a spreadsheet to calculate sensitive financial transactions. Which of the following is the MOST important control for maintaining the security of data in the spreadsheet?

Question17: Which of the following represents the HIGHEST level of maturity of an information security program?

Question18: An IS auditor finds that firewalls are outdated and not supported by vendors. Which of the following should be the auditor's NEXT course of action?

Question19: One benefit of return on investment (ROI) analysts in IT decision making is that it provides the:

Question20: Which of the following is the MOST important determining factor when establishing appropriate timeframes for follow-up activities related to audit findings?

Question21: A manager identifies active privileged accounts belonging to staff who have left the organization. Which of the following is the threat actor In this scenario?

Question22: A new regulation in one country of a global organization has recently prohibited cross-border transfer of personal data. An IS auditor has been asked to determine the organization's level of exposure in the affected country. Which of the following would be MOST helpful in making this assessment?

Question23: Which of the following findings from an IT governance review should be of GREATEST concern?

Question24: An IS auditor Is reviewing a recent security incident and is seeking information about me approval of a recent modification to a database system's security settings Where would the auditor MOST likely find this information?

Question25: Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (lDS)?

Question26: An IS auditor is examining a front-end sub ledger and a main ledger Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?

Question27: An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization s objectives?

Question28: Which of the following BEST indicates the effectiveness of an organization's risk management program?

Question29: An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives. Which of the following findings should be the IS auditor's GREATEST concern?

Question30: Which of the following is MOST important for an IS auditor to consider when performing the risk assessment poor to an audit engagement?

Question31: Which of the following is the BEST audit procedure to determine whether a firewall is configured in compliance with the organization's security policy?

Question32: Which of the following would lead an IS auditor to conclude that the evidence collected during a digital forensic investigation would not be admissible in court?

Question33: Stress testing should ideally be earned out under a:

Question34: Which of the following should an IS auditor be MOST concerned with during a post-implementation review?

Question35: Which of the following data would be used when performing a business impact analysis (BIA)?

Question36: An organization has recently acquired and implemented intelligent-agent software for granting loans to customers. During the post-implementation review, which of the following is the MOST important procedure for the IS auditor to perform?

Question37: When determining whether a project in the design phase will meet organizational objectives what is BEST to compare against the business case?

Question38: A proper audit trail of changes to server start-up procedures would include evidence of:

Question39: An organization has developed mature risk management practices that are followed across all departments What is the MOST effective way for the audit team to leverage this risk management maturity?

Question40: During an audit of a multinational bank's disposal process, an IS auditor notes several findings. Which of the following should be the auditor's GREATEST concern?

Question41: The PRIMARY focus of a post-implementation review is to verify that:

Question42: Management is concerned about sensitive information being intentionally or unintentionally emailed as attachments outside the organization by employees. What is the MOST important task before implementing any associated email controls?

Question43: Which of the following security risks can be reduced by a property configured network firewall?

Question44: An IS auditor is reviewing security controls related to collaboration tools for a business unit responsible for intellectual property and patents. Which of the following observations should be of MOST concern to the auditor?

Question45: Which of the following is the BEST source of information tor an IS auditor to use when determining whether an organization's information security policy is adequate?

Question46: The PRIMARY advantage of object-oriented technology is enhanced:

Question47: Which of the following will MOST likely compromise the control provided by a digital signature created using RSA encryption?

Question48: An organization is considering allowing users to connect personal devices to the corporate network. Which of the following should be done FIRST?

Question49: Which of the following activities would allow an IS auditor to maintain independence while facilitating a control sell-assessment (CSA)?

Question50: The BEST way to determine whether programmers have permission to alter data in the production environment is by reviewing:

Question51: Which of the following is MOST important to ensure when developing an effective security awareness program?

Question52: Which of the following BEST protects an organization's proprietary code during a joint-development activity involving a third party?

Question53: Which of the following strategies BEST optimizes data storage without compromising data retention practices?

Question54: Which of the following occurs during the issues management process for a system development project?

Question55: Which of the following is the MOST effective way for an organization to project against data loss?

Question56: Which of the following BEST Indicates that an incident management process Is effective?

Question57: What is the MAIN reason to use incremental backups?

Question58: A third-party consultant is managing the replacement of an accounting system. Which of the following should be the IS auditor's GREATEST concern?

Question59: Which of the following is MOST important for an effective control self-assessment (CSA) program?

Question60: Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organizations information security policy?

Question61: Which of the following is MOST important for an IS auditor to verify when evaluating an organization's firewall?

Question62: Which of the following would be an appropriate rote of internal audit in helping to establish an organization's privacy program?

Question63: The performance, risks, and capabilities of an IT infrastructure are BEST measured using a:

Question64: IT disaster recovery time objectives (RTOs) should be based on the:

Question65: Which of the following business continuity activities prioritizes the recovery of critical functions?

Question66: An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?

Question67: When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:

Question68: During an audit of a financial application, it was determined that many terminated users' accounts were not disabled. Which of the following should be the IS auditor's NEXT step?

Question69: Which of the following is the MOST important activity in the data classification process?

Question70: The due date of an audit project is approaching, and the audit manager has determined that only 60% of the audit has been completed Which of the following should the audit manager do FIRST?

Question71: An IS auditor will be testing accounts payable controls by performing data analytics on the entire population of transactions. Which of the following is MOST important for the auditor to confirm when sourcing the population data?

Question72: Which of the following would BEST help lo support an auditors conclusion about the effectiveness of an implemented data classification program?

Question73: An IS auditor notes that several employees are spending an excessive amount of time using social media sites for personal reasons. Which of the following should the auditor recommend be performed FIRST?

Question74: Which of the following controls BEST ensures appropriate segregation of dudes within an accounts payable department?

Question75: An IS auditor finds that a key Internet-facing system is vulnerable to attack and that patches are not available. What should the auditor recommend be done FIRST?

Question76: Which of the following application input controls would MOST likoly detect data input errors in the customer account number field during the processing of an accounts receivable transaction?

Question77: Which of the following BEST ensures the quality and integrity of test procedures used in audit analytics?

Question78: An organization's enterprise architecture (EA) department decides to change a legacy system's components while maintaining its original functionality Which of the following is MOST important for an IS auditor to understand when reviewing this decision?

Question79: The implementation of an IT governance framework requires that the board of directors of an organization:

Question80: A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization. Which of the following is MOST effective in detecting such an intrusion?

Question81: When evaluating the design of controls related to network monitoring, which of the following is MOST important for an IS auditor to review?

Question82: Secure code reviews as part of a continuous deployment program are which type of control?

Question83: During the implementation of an upgraded enterprise resource planning (ERP) system, which of the following is the MOST important consideration for a go-live decision?

Question84: An IS auditor discovers that validation controls m a web application have been moved from the server side Into the browser to boost performance This would MOST likely increase the risk of a successful attack by.

Question85: An IS auditor is conducting a review of a data center. Which of the following observations could indicate an access control Issue?

Question86: During the implementation of a new system, an IS auditor must assess whether certain automated calculations comply with the regulatory requirements Which of the following is the BEST way to obtain this assurance?

Question87: A warehouse employee of a retail company has been able to conceal the theft of inventory items by entering adjustments of either damaged or lost stock items lo the inventory system. Which control would have BEST prevented this type of fraud in a retail environment?

Question88: A month after a company purchased and implemented system and performance monitoring software reports were too large and therefore were not reviewed or acted upon The MOST effective plan of action would be to

Question89: When an intrusion into an organization network is deleted, which of the following should be done FIRST?

Question90: Which of the following would BEST demonstrate that an effective disaster recovery plan (DRP) is in place?

Question91: Which of the following is the PRIMARY concern when negotiating a contract for a hot site?

Question92: An IS auditor concludes that an organization has a quality security policy. Which of the following is MOST important to determine next? The policy must be:

Question93: Which of the following is the MOST important reason to implement version control for an end-user computing (EUC) application?

Question94: Which of the following must be in place before an IS auditor initiates audit follow-up activities?

Question95: Which of the following should an IS auditor consider FIRST when evaluating firewall rules?

Question96: While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed with the audit function. In order to resolve the situation, the IS auditor's BEST course of action would be to:

Question97: Which of the following will be the MOST effective method to verify that a service vendor keeps control levels as required by the client?

Question98: Which of the following is the BEST method to prevent wire transfer fraud by bank employees?

Question99: Which of the following is the BEST source of information for an IS auditor to use as a baseline to assess the adequacy of an organization's privacy policy?

Question100: Which of the following is the BEST way to determine whether a test of a disaster recovery plan (DRP) was successful?

Question101: Which of the following weaknesses would have the GREATEST impact on the effective operation of a perimeter firewall?

Question102: In an online application which of the following would provide the MOST information about the transaction audit trail?

Question103: Which of the following is MOST important for an IS auditor to do during an exit meeting with an auditee?

Question104: The PRIMARY benefit lo using a dry-pipe fire-suppression system rather than a wet-pipe system is that a dry-pipe system:

Question105: During the planning stage of a compliance audit an IS auditor discovers that a bank's Inventory of compliance requirements does not include recent regulatory changes related to managing data risk. What should the auditor do FIRST?