EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is the BEST method to prevent wire transfer fraud by bank employees?

Question2: An IS auditor has found that an organization is unable to add new servers on demand in a cost-efficient manner Which of the following is the auditor s BEST recommendation?

Question3: Which of the following is MOST important for an IS auditor to do during an exit meeting with an auditee?

Question4: An IS auditor is planning an audit of an organization's accounts payable processes. Which of the following controls is MOST important to assess in the audit?

Question5: Management is concerned about sensitive information being intentionally or unintentionally emailed as attachments outside the organization by employees. What is the MOST important task before implementing any associated email controls?

Question6: During the implementation of a new system, an IS auditor must assess whether certain automated calculations comply with the regulatory requirements Which of the following is the BEST way to obtain this assurance?

Question7: From an IS auditor's perspective, which of the following would be the GREATEST risk associated with an incomplete inventory of deployed software in an organization?

Question8: Which of the following is a social engineering attack method?

Question9: Which of the following business continuity activities prioritizes the recovery of critical functions?

Question10: An IS auditor is reviewing the release management process for an in-house software development solution. In which environment Is the software version MOST likely to be the same as production?

Question11: An IS auditor is reviewing an organization's information asset management process. Which of the following would be of GREATEST concern to the auditor'?

Question12: Which of the following should be an IS auditor's GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?

Question13: Which audit approach is MOST helpful in optimizing the use of IS audit resources?

Question14: Which of the following is the BEST source of information tor an IS auditor to use when determining whether an organization's information security policy is adequate?

Question15: An internal audit department recently established a quality assurance (QA) program. Which of the following activities is MOST important to include as part of the QA program requirements?

Question16: During an audit of a financial application, it was determined that many terminated users' accounts were not disabled. Which of the following should be the IS auditor's NEXT step?

Question17: Which of the following should be an IS auditor's PRIMARY focus when developing a risk-based IS audit program?

Question18: Which of the following observations would an IS auditor consider the GREATEST risk when conducting an audit of a virtual server farm tor potential software vulnerabilities?

Question19: An IS auditor discovers an option in a database that allows the administrator to directly modify any table. This option is necessary to overcome bugs in the software, but is rarely used. Changes to tables are automatically logged. The IS auditor's FIRST action should be to:

Question20: Which of the following should an IS auditor recommend as a PRIMARY area of focus when an organization decides to outsource technical support for its external customers?

Question21: During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor's NEXT step should be to:

Question22: Due to limited storage capacity, an organization has decided to reduce the actual retention period for media containing completed low-value transactions. Which of the following is MOST important for the organization to ensure?

Question23: Spreadsheets are used to calculate project cost estimates. Totals for each cost category are then keyed into the job-costing system. What is the BEST control to ensure that data is accurately entered into the system?

Question24: Which of the following is the BEST way to mitigate the impact of ransomware attacks?

Question25: Which of the following data would be used when performing a business impact analysis (BIA)?

Question26: Which of the following should be done FIRST when planning a penetration test?

Question27: During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST

Question28: Which of the following is MOST important for an IS auditor to verify when evaluating an organization's firewall?

Question29: Which of the following will be the MOST effective method to verify that a service vendor keeps control levels as required by the client?

Question30: An IS auditor is conducting a review of a data center. Which of the following observations could indicate an access control Issue?

Question31: Which of the following is MOST important to include in forensic data collection and preservation procedures?

Question32: Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?

Question33: Which of the following is the BEST justification for deferring remediation testing until the next audit?

Question34: Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?

Question35: During the design phase of a software development project, the PRIMARY responsibility of an IS auditor is to evaluate the:

Question36: An organization's security policy mandates that all new employees must receive appropriate security awareness training. Which of the following metrics would BEST assure compliance with this policy?

Question37: Which of the following is the PRIMARY role of the IS auditor m an organization's information classification process?

Question38: An online retailer is receiving customer complaints about receiving different items from what they ordered on the organization's website. The root cause has been traced to poor data quality. Despite efforts to clean erroneous data from the system, multiple data quality issues continue to occur. Which of the following recommendations would be the BEST way to reduce the likelihood of future occurrences?

Question39: Which of the following provides the MOST assurance over the completeness and accuracy ol loan application processing with respect to the implementation ol a new system?

Question40: Which of the following is MOST important to ensure when developing an effective security awareness program?

Question41: Which of the following would be to MOST concern when determine if information assets are adequately safequately safeguarded during transport and disposal?

Question42: Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:

Question43: Which of the following is the MOST important prerequisite for the protection of physical information assets in a data center?

Question44: An IT balanced scorecard is the MOST effective means of monitoring:

Question45: The decision to accept an IT control risk related to data quality should be the responsibility of the:

Question46: An IS auditor notes that several employees are spending an excessive amount of time using social media sites for personal reasons. Which of the following should the auditor recommend be performed FIRST?

Question47: Which of the following is the PRIMARY advantage of parallel processing for a new system implementation?

Question48: An IS auditor suspects an organization's computer may have been used to commit a crime. Which of the following is the auditor s BEST course of action?

Question49: An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?

Question50: When planning an audit to assess application controls of a cloud-based system, it is MOST important tor the IS auditor to understand the.

Question51: Which of the following is the BEST audit procedure to determine whether a firewall is configured in compliance with the organization's security policy?

Question52: Which of the following would be an IS auditor's GREATEST concern when reviewing the early stages of a software development project?

Question53: A new regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification. Which of the following is the IS auditor s BEST recommendation to facilitate compliance with the regulation?

Question54: A system development project is experiencing delays due to ongoing staff shortages Which of the following strategies would provide the GREATEST assurance of system quality at implementation?

Question55: Which of the following would be an appropriate rote of internal audit in helping to establish an organization's privacy program?

Question56: An information systems security officer's PRIMARY responsibility for business process applications is to:

Question57: Which of the following is the PRIMARY reason to follow a configuration management process to maintain application?

Question58: During a follow-up audit, it was found that a complex security vulnerability of low risk was not resolved within the agreed-upon timeframe. IT has stated that the system with the identified vulnerability is being replaced and is expected to be fully functional in two months Which of the following is the BEST course of action?

Question59: Which of the following is a detective control?

Question60: The waterfall life cycle model of software development is BEST suited for which of the following situations?

Question61: Which of the following occurs during the issues management process for a system development project?

Question62: An incorrect version of source code was amended by a development team, This MOST likely indicates a weakness in:

Question63: Which of the following is the GREATEST risk associated with storing customer data on a web server?

Question64: An organization's enterprise architecture (EA) department decides to change a legacy system's components while maintaining its original functionality Which of the following is MOST important for an IS auditor to understand when reviewing this decision?

Question65: Which of the following would be a result of utilizing a top-down maturity model process?

Question66: During a new system implementation, an IS auditor has been assigned to review risk management at each milestone. The auditor finds that several risks to project benefits have not been addressed. Who should be accountable for managing these risks?

Question67: An organization with many desktop PCs is considering moving to a thin client architecture. Which of the following is the MAJOR advantage?

Question68: Which of the following concerns is BEST addressed by securing production source libraries?

Question69: In data warehouse (DW) management, what is the BEST way to prevent data quality issues caused by changes from a source system?

Question70: The GREATEST benefit of using a polo typing approach in software development is that it helps to:

Question71: An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization s objectives?

Question72: Which of the following should be the PRIMARY basis for prioritizing follow-up audits?

Question73: A new regulation in one country of a global organization has recently prohibited cross-border transfer of personal data. An IS auditor has been asked to determine the organization's level of exposure in the affected country. Which of the following would be MOST helpful in making this assessment?

Question74: What is MOST important to verify during an external assessment of network vulnerability?

Question75: An IS auditor is analyzing a sample of accesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found Which sampling method would be appropriate?

Question76: Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following is the IS auditor's BEST recommendation?

Question77: What is BEST for an IS auditor to review when assessing the effectiveness of changes recently made to processes and tools related to an organization's business continuity plan (BCP)?

Question78: An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?