EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is MOST important to ensure that electronic evidence collected during a forensic investigation will be admissible in future legal proceedings?

Question2: A new system is being developed by a vendor for a consumer service organization. The vendor will provide its proprietary software once system development is completed Which of the following is the MOST important requirement to include In the vendor contract to ensure continuity?

Question3: Which of the following concerns is BEST addressed by securing production source libraries?

Question4: What is the PRIMARY purpose of documenting audit objectives when preparing for an engagement?

Question5: In a RAO model, which of the following roles must be assigned to only one individual?

Question6: Which of the following would be an appropriate rote of internal audit in helping to establish an organization's privacy program?

Question7: Which of the following is MOST important for an IS auditor to examine when reviewing an organization's privacy policy?

Question8: The due date of an audit project is approaching, and the audit manager has determined that only 60% of the audit has been completed Which of the following should the audit manager do FIRST?

Question9: An IS auditor is following up on prior period items and finds management did not address an audit finding. Which of the following should be the IS auditor's NEXT course of action?

Question10: Which of the following is the BEST way to ensure that business continuity plans (BCPs) will work effectively in the event of a major disaster?

Question11: Which of the following components of a risk assessment is MOST helpful to management in determining the level of risk mitigation to apply?

Question12: In order to be useful, a key performance indicator (KPI) MUST

Question13: Which of the following is MOST important for an effective control self-assessment (CSA) program?

Question14: Which of the following is the BEST control to prevent the transfer of files to external parties through instant messaging (IM) applications?

Question15: An IS auditor finds that the process for removing access for terminated employees is not documented What is the MOST significant risk from this observation?

Question16: An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization s objectives?

Question17: During an audit of a financial application, it was determined that many terminated users' accounts were not disabled. Which of the following should be the IS auditor's NEXT step?

Question18: Which of the following is MOST important to ensure when planning a black box penetration test?

Question19: Which of the following is the PRIMARY reason to follow a configuration management process to maintain application?

Question20: The IS quality assurance (OA) group is responsible for

Question21: An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives. Which of the following findings should be the IS auditor's GREATEST concern?

Question22: Which of the following BEST enables the timely identification of risk exposure?

Question23: An IS auditor notes the transaction processing times in an order processing system have significantly increased after a major release. Which of the following should the IS auditor review FIRST?

Question24: When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:

Question25: An IS auditor is planning an audit of an organization's accounts payable processes. Which of the following controls is MOST important to assess in the audit?

Question26: An organization allows its employees lo use personal mobile devices for work. Which of the following would BEST maintain information security without compromising employee privacy?

Question27: Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?

Question28: Which of the following is MOST important to determine during the planning phase of a cloud-based messaging and collaboration platform acquisition?

Question29: Cross-site scripting (XSS) attacks are BEST prevented through:

Question30: Which of the following should an IS auditor be MOST concerned with during a post-implementation review?

Question31: Which of the following documents would be MOST useful in detecting a weakness in segregation of duties?

Question32: During an exit interview, senior management disagrees with some of me facts presented m the draft audit report and wants them removed from the report. Which of the following would be the auditor's BEST course of action?

Question33: An IS auditor notes that several employees are spending an excessive amount of time using social media sites for personal reasons. Which of the following should the auditor recommend be performed FIRST?

Question34: Which of the following is the PRIMARY concern when negotiating a contract for a hot site?

Question35: In response to an audit finding regarding a payroll application, management implemented a new automated control. Which of the following would be MOST helpful to the IS auditor when evaluating the effectiveness of the new control?

Question36: An IS auditor concludes that an organization has a quality security policy. Which of the following is MOST important to determine next? The policy must be:

Question37: Due to system limitations, segregation of duties (SoD) cannot be enforced in an accounts payable system. Which of the following is the IS auditor s BEST recommendation for a compensating control?

Question38: In a small IT web development company where developers must have write access to production, the BEST recommendation of an IS auditor would be to:

Question39: Which of the following weaknesses would have the GREATEST impact on the effective operation of a perimeter firewall?

Question40: A manager identifies active privileged accounts belonging to staff who have left the organization. Which of the following is the threat actor In this scenario?

Question41: Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organizations information security policy?

Question42: During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST

Question43: During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor's NEXT step should be to:

Question44: What is the MAIN reason to use incremental backups?

Question45: When planning an audit to assess application controls of a cloud-based system, it is MOST important tor the IS auditor to understand the.

Question46: Which of the following is the BEST method to prevent wire transfer fraud by bank employees?

Question47: Which of the following is an executive management concern that could be addressed by the implementation of a security metrics dashboard?

Question48: Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?

Question49: Which of the following is the BEST reason for an organization to use clustering?

Question50: An information systems security officer's PRIMARY responsibility for business process applications is to:

Question51: An IS auditor is analyzing a sample of accesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found Which sampling method would be appropriate?

Question52: Which of the following is the MOST effective control to mitigate unintentional misuse of authorized access?

Question53: An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?

Question54: An employee loses a mobile device resulting in loss of sensitive corporate dat a. Which o( the following would have BEST prevented data leakage?

Question55: A warehouse employee of a retail company has been able to conceal the theft of inventory items by entering adjustments of either damaged or lost stock items lo the inventory system. Which control would have BEST prevented this type of fraud in a retail environment?

Question56: An organization has recently acquired and implemented intelligent-agent software for granting loans to customers. During the post-implementation review, which of the following is the MOST important procedure for the IS auditor to perform?

Question57: An IS auditor should ensure that an application's audit trail:

Question58: Which of the following would BEST enable an organization to address the security risks associated with a recently implemented bring your own device (BYOD) strategy?

Question59: Which of the following IT service management activities is MOST likely to help with identifying the root cause of repeated instances of network latency?

Question60: In data warehouse (DW) management, what is the BEST way to prevent data quality issues caused by changes from a source system?

Question61: Which of the following issues associated with a data center's closed circuit television (CCTV) surveillance cameras should be of MOST concern to an IS auditor?

Question62: Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (lDS)?

Question63: Following a security breach in which a hacker exploited a well-known vulnerability in the domain controller, an IS audit has been asked to conduct a control assessment. the auditor's BEST course of action would be to determine if:

Question64: Which of the following is MOST helpful for measuring benefits realization for a new system?

Question65: When implementing Internet Protocol security (IPsec) architecture, the servers involved in application delivery:

Question66: A new regulation in one country of a global organization has recently prohibited cross-border transfer of personal data. An IS auditor has been asked to determine the organization's level of exposure in the affected country. Which of the following would be MOST helpful in making this assessment?

Question67: Which of the following is MOST important to consider when scheduling follow-up audits?

Question68: Which of the following are BEST suited for continuous auditing?

Question69: An IS auditor finds the log management system is overwhelmed with false positive alerts. The auditor's BEST recommendation would be to:

Question70: An organization plans to receive an automated data feed into its enterprise data warehouse from a third-party service provider. Which of the following would be the BEST way to prevent accepting bad data?

Question71: Which of the following is MOST important for an IS auditor to do during an exit meeting with an auditee?

Question72: An IS auditor is reviewing an organization's primary router access control list. Which of the following should result in a finding?

Question73: An IS auditor wants to determine who has oversight of staff performing a specific task and is referencing the organization's RACI chart. Which of the following roles within the chart would provide this information?

Question74: Which of the following security risks can be reduced by a property configured network firewall?

Question75: For an organization that has plans to implement web-based trading, it would be MOST important for an IS auditor to verify the organization's information security plan includes:

Question76: The PRIMARY benefit of information asset classification is that it:

Question77: What is the BEST control to address SQL injection vulnerabilities?

Question78: Which of the following features of a library control software package would protect against unauthorized updating of source code?

Question79: During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?

Question80: Which of the following is the MAIN purpose of an information security management system?

Question81: Which of the following observations would an IS auditor consider the GREATEST risk when conducting an audit of a virtual server farm tor potential software vulnerabilities?

Question82: An organization is planning an acquisition and has engaged an IS auditor lo evaluate the IT governance framework of the target company. Which of the following would be MOST helpful In determining the effectiveness of the framework?

Question83: An IS auditor notes that IT and the business have different opinions on the availability of their application servers Which of the following should the IS auditor review FIRST in order to understand the problem?

Question84: A new regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification. Which of the following is the IS auditor s BEST recommendation to facilitate compliance with the regulation?

Question85: Which of the following is an audit reviewer's PRIMARY role with regard to evidence?

Question86: When auditing the security architecture of an online application, an IS auditor should FIRST review the:

Question87: An IS auditor is reviewing the release management process for an in-house software development solution. In which environment Is the software version MOST likely to be the same as production?

Question88: An organization that has suffered a cyber attack is performing a forensic analysis of the affected users' computers. Which of the following should be of GREATEST concern for the IS auditor reviewing this process?

Question89: Which of the following should be of GREATEST concern to an IS auditor reviewing a network printer disposal process?

Question90: In a 24/7 processing environment, a database contains several privileged application accounts with passwords set to "never expire.' Which of the following recommendations would BEST address the risk with minimal disruption to the business?

Question91: Which of the following is necessary for effective risk management in IT governance?

Question92: During a follow-up audit, an IS auditor finds that some critical recommendations have the IS auditor's BEST course of action?

Question93: An organization has assigned two now IS auditors to audit a now system implementation. One of the auditors has an IT-related degree, and one has a business degree. Which ol the following is MOST important to meet the IS audit standard for proficiency?

Question94: Which of the following would BEST help lo support an auditors conclusion about the effectiveness of an implemented data classification program?

Question95: Which of the following is a challenge in developing a service level agreement (SLA) for network services?

Question96: An organization conducted an exercise to test the security awareness level of users by sending an email offering a cash reward 10 those who click on a link embedded in the body of the email. Which of the following metrics BEST indicates the effectiveness of awareness training?

Question97: An IS auditor has found that an organization is unable to add new servers on demand in a cost-efficient manner Which of the following is the auditor s BEST recommendation?

Question98: An IS auditor is reviewing an industrial control system (ICS) that uses older unsupported technology in the scope of an upcoming audit. What should the auditor consider the MOST significant concern?

Question99: An IS auditor notes that several employees are spending an excessive amount of time using social media sites for personal reasons. Which of the following should the auditor recommend be performed FIRST?

Question100: Management has requested a post-implementation review of a newly implemented purchasing package to determine to what extent business requirements are being met. Which of the following is MOST likely to be assessed?

Question101: An organization with many desktop PCs is considering moving to a thin client architecture. Which of the following is the MAJOR advantage?

Question102: While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed with the audit function. In order to resolve the situation, the IS auditor's BEST course of action would be to:

Question103: What is MOST important to verify during an external assessment of network vulnerability?

Question104: An organization allows employees to retain confidential data on personal mobile devices Which of the following is the BEST recommendation to mitigate the risk of data leakage from lost or stolen devices?

Question105: Which of the following activities would allow an IS auditor to maintain independence while facilitating a control sell-assessment (CSA)?

Question106: Which of the following will BEST ensure that a proper cutoff has been established to reinstate transactions and records to their condition just prior to a computer system failure?

Question107: When an intrusion into an organization network is deleted, which of the following should be done FIRST?

Question108: Which of the following documents should specify roles and responsibilities within an IT audit organization?

Question109: Which of the following findings from an IT governance review should be of GREATEST concern?

Question110: Which of the following is a social engineering attack method?

Question111: An organizations audit charier PRIMARILY:

Question112: Which of the following would be of MOST concern for an IS auditor evaluating the design of an organization's incident management processes?

Question113: During a follow-up audit, an IS auditor learns that some key management personnel have been replaced since the original audit, and current management has decided not to implement some previously accepted recommendations. What is the auditor's BEST course of action?

Question114: Capacity management enables organizations to:

Question115: Which of the following BEST protects an organization's proprietary code during a joint-development activity involving a third party?

Question116: Which of the following would provide an IS auditor with the GREATEST assurance that data disposal controls support business strategic objectives?

Question117: An IS auditor suspects an organization's computer may have been used to commit a crime. Which of the following is the auditor s BEST course of action?