Question1: Which of the following provides an IS auditor assurance that the interface between a point-of-sale (POS) system and the general ledger is transferring sales data completely and accurately?
Question2: An organization relies on an external vendor that uses a cloud-based Software as a Service (SaaS) model to back up its data. Which of the following is the GREATEST risk to the organization related to data backup and retrieval?
Question3: Which of the following is the MOST important reason to implement version control for an end-user computing (EUC) application?
Question4: Which of the following is MOST useful to an IS auditor performing a review of access controls for a document management system?
Question5: A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization. Which of the following is MOST effective in detecting such an intrusion?
Question6: Which of the following provides the BEST assurance of data integrity after file transfers?
Question7: An organization that has suffered a cyber-attack is performing a forensic analysis of the affected users' computers. Which of the following should be of GREATEST concern for the IS auditor reviewing this process?
Question8: Which of the following findings would be of GREATEST concern to an IS auditor assessing an organization's patch management process?
Question9: Which of the following would present the GREATEST concern during a review of internal audit quality assurance (QA) and continuous improvement processes?
Question10: An organization outsourced its IS functions to meet its responsibility for disaster recovery, the organization should:
Question11: Management has requested a post-implementation review of a newly implemented purchasing package to determine to what extent business requirements are being met. Which of the following is MOST likely to be assessed?
Question12: An organization has recently acquired and implemented intelligent-agent software for granting loans to customers. During the post-implementation review, which of the following is the MOST important procedure for the IS auditor to perform?
Question13: Which of the following would BEST demonstrate that an effective disaster recovery plan (DRP) is in place?
Question14: An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives. Which of the following findings should be the IS auditor's GREATEST concern?
Question15: Which of the following activities would allow an IS auditor to maintain independence while facilitating a control sell-assessment (CSA)?
Question16: Which of the following would BEST determine whether a post-implementation review (PIR) performed by the project management office (PMO) was effective?
Question17: Which of the following is MOST important to consider when developing a service level agreement (SLAP)?
Question18: After delivering an audit report, the audit manager discovers that evidence was overlooked during the audit This evidence indicates that a procedural control may have failed and could contradict a conclusion of the audit Which of the following risks is MOST affected by this oversight?
Question19: An IS auditor discovers that an IT organization serving several business units assigns equal priority to all initiatives, creating a risk of delays in securing project funding Which of the following would be MOST helpful in matching demand for projects and services with available resources in a way that supports business objectives?
Question20: During an audit of a financial application, it was determined that many terminated users' accounts were not disabled. Which of the following should be the IS auditor's NEXT step?
Question21: Which of the following documents should specify roles and responsibilities within an IT audit organization?
Question22: During planning for a cloud service audit, audit management becomes aware that the assigned IS auditor is unfamiliar with the technologies in use and their associated risks to the business. To ensure audit quality, which of the following actions should audit management consider FIRST?
Question23: IT governance should be driven by:
Question24: An IS auditor finds that while an organization's IT strategy is heavily focused on research and development, the majority of protects n the IT portfolio focus on operations and maintenance. Which of the Mowing is the BEST recommendation?
Question25: During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period. Which of the following is the auditor's MOST important course of action?
Question26: A new regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification. Which of the following is the IS auditor's BEST recommendation to facilitate compliance with the regulation?
Question27: During a pre-deployment assessment, what is the BEST indication that a business case will lead to the achievement of business objectives?
Question28: An IS auditor would MOST likely recommend that IT management use a balanced scorecard to:
Question29: Which of the following should be an IS auditor's PRIMARY consideration when determining which issues to include in an audit report?
Question30: Which of the following is the BEST indication of effective governance over IT infrastructure?
Question31: The charging method that effectively encourages the MOST efficient use of IS resources is:
Question32: A company requires that all program change requests (PCRs) be approved and all modifications be automatically logged. Which of the following IS audit procedures will BEST determine whether unauthorized changes have been made to production programs?
Question33: Which of the following is the BEST reason to implement a data retention policy?
Question34: Which of the following is the BEST approach for determining the overall IT risk appetite of an organization when business units use different methods for managing IT risks?
Question35: What should an IS auditor do FIRST upon discovering that a service provider did not notify its customers of a security breach?
Question36: Which of the following is the BEST way to ensure that business continuity plans (BCPs) will work effectively in the event of a major disaster?
Question37: Which of the following would BEST detect that a distributed denial of service (DDoS) attack is occurring?
Question38: Which of the following backup schemes is the BEST option when storage media is limited?
Question39: Which of the following should an IS auditor ensure is classified at the HIGHEST level of sensitivity?
Question40: Which of the following will provide the GREATEST assurance to IT management that a quality management system (QMS) is effective?
Question41: How does a continuous integration/continuous development (CI/CD) process help to reduce software failure risk?
Question42: Which type of review is MOST important to conduct when an IS auditor is informed that a recent internal exploitation of a bug has been discovered in a business application?
Question43: Stress testing should ideally be carried out under a:
Question44: Which of the following should an IS auditor be MOST concerned with when a system uses RFID?
Question45: An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, which of the following should present the GREATEST concern to the auditor?
Question46: A review of Internet security disclosed that users have individual user accounts with Internet service providers (ISPs) and use these accounts for downloading business data. The organization wants to ensure that only the corporate network is used. The organization should FIRST:
Question47: Which of the following poses the GREATEST risk to an organization when employees use public social networking sites?
Question48: A post-implementation review was conducted by issuing a survey to users. Which of the following should be of GREATEST concern to an IS auditor?
Question49: An IS auditor is conducting a post-implementation review of an enterprise resource planning (ERP) system.
End users indicated concerns with the accuracy of critical automatic calculations made by the system. The auditor's FIRST course of action should be to:
Question50: The operations team of an organization has reported an IS security attack Which of the following should be the FIRST step for the security incident response team?
Question51: A company has implemented an IT segregation of duties policy. In a role-based environment, which of the following roles may be assigned to an application developer?
Question52: A small business unit is implementing a control self-assessment (CSA) program and leveraging the internal audit function to test its internal controls annually. Which of the following is the MOST significant benefit of this approach?
Question53: Which of the following should be done FIRST when planning a penetration test?
Question54: What is MOST important to verify during an external assessment of network vulnerability?
Question55: Which of the following business continuity activities prioritizes the recovery of critical functions?
Question56: An organization has made a strategic decision to split into separate operating entities to improve profitability.
However, the IT infrastructure remains shared between the entities. Which of the following would BEST help to ensure that IS audit still covers key risk areas within the IT environment as part of its annual plan?
Question57: Which of the following is MOST important for an IS auditor to look
for in a project feasibility study?
Question58: Which of the following is the MOST important reason for an IS auditor to examine the results of a post-incident review performed after a security incident?
Question59: To mitigate the risk of exposing data through application programming interface (API) queries. which of the following design considerations is MOST important?
Question60: Which of the following is MOST important for an IS auditor to validate when auditing network device management?
Question61: Which of the following is the BEST way to mitigate risk to an organization's network associated with devices permitted under a bring your own device (BYOD) policy?
Question62: Which of the following is the GREATEST benefit of adopting an international IT governance framework rather than establishing a new framework based on the actual situation of a specific organization1?
Question63: Which of the following should an IS auditor review when evaluating information systems governance for a large organization?
Question64: An audit identified that a computer system is not assigning sequential purchase order numbers to order requests. The IS auditor is conducting an audit follow-up to determine if management has reserved this finding. Which of two following is the MOST reliable follow-up procedure?
Question65: Which of the following is MOST important during software license audits?
Question66: Which of the following findings should be of GREATEST concern to an IS auditor performing a review of IT operations?
Question67: Which of the following is the PRIMARY reason an IS auditor should discuss observations with management before delivering a final report?
Question68: To enable the alignment of IT staff development plans with IT strategy, which of the following should be done FIRST?
Question69: Which of the following methods would BEST help detect unauthorized disclosure of confidential documents sent over corporate email?
Question70: Which of the following is the MOST efficient way to identify segregation of duties violations in a new system?
Question71: Which of the following helps to ensure the integrity of data for a system interface?
Question72: An IS auditor is conducting a review of a data center. Which of the following observations could indicate an access control Issue?
Question73: Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following is the IS auditor's BEST recommendation?
Question74: Which of the following is the BEST control to prevent the transfer of files to external parties through instant messaging (IM) applications?
Question75: An IS auditor learns the organization has experienced several server failures in its distributed environment.
Which of the following is the BEST recommendation to limit the potential impact of server failures in the future?
Question76: During the discussion of a draft audit report. IT management provided suitable evidence fiat a process has been implemented for a control that had been concluded by the IS auditor as Ineffective. Which of the following is the auditor's BEST action?
Question77: A month after a company purchased and implemented system and performance monitoring software, reports were too large and therefore were not reviewed or acted upon The MOST effective plan of action would be to:
Question78: An IS auditor finds a high-risk vulnerability in a public-facing web server used to process online customer payments. The IS auditor should FIRST
Question79: Which of the following is the PRIMARY reason for an IS auditor to conduct post-implementation reviews?
Question80: An organization that operates an e-commerce website wants to provide continuous service to its customers and is planning to invest in a hot site due to service criticality. Which of the following is the MOST important consideration when making this decision?
Question81: During an audit of a multinational bank's disposal process, an IS auditor notes several findings. Which of the following should be the auditor's GREATEST concern?
Question82: Which of the following is MOST helpful to an IS auditor reviewing the alignment of planned IT budget with the organization's goals and strategic objectives?
Question83: Which of the following is MOST helpful for an IS auditor to review when evaluating an organizations business process that are supported by applications and IT systems?
Question84: From a risk management perspective, which of the following is the BEST approach when implementing a large and complex data center IT infrastructure?
Question85: Which of the following would BEST facilitate the successful implementation of an IT-related framework?
Question86: Which of the following should be the FIRST step to successfully implement a corporate data classification program?
Question87: An internal audit department recently established a quality assurance (QA) program. Which of the following activities Is MOST important to include as part of the QA program requirements?
Question88: An IS auditor finds that one employee has unauthorized access to confidential data. The IS auditor's BEST recommendation should be to:
Question89: Which of the following is MOST critical to the success of an information security program?
Question90: Which of the following is the BEST reason for an organization to use clustering?
Question91: During an audit which of the following would be MOST helpful in establishing a baseline for measuring data quality?
Question92: An IS auditor found that operations personnel failed to run a script contributing to year-end financial statements. Which of the following is the BEST recommendation?
Question93: Which of the following is the BEST way to detect unauthorized copies of licensed software on systems?
Question94: During a routine internal software licensing review, an IS auditor discovers instances where employees shared license keys to critical pieces of business software. Which of the following would be the auditor's BEST course of action?
Question95: Which of the following is the MOST important advantage of participating in beta testing of software products?
Question96: An IS auditor reviewing the threat assessment tor a data center would be MOST concerned if:
Question97: Which of the following provides the MOST assurance over the completeness and accuracy ol loan application processing with respect to the implementation of a new system?
Question98: Which of the following is the GREATEST concern associated with a high number of IT policy exceptions approved by management?
Question99: Which of the following environments is BEST used for copying data and transformation into a compatible data warehouse format?
Question100: What is the FIRST step when creating a data classification program?
Question101: Which of the following is the MOST important activity in the data classification process?
Question102: An organization's enterprise architecture (EA) department decides to change a legacy system's components while maintaining its original functionality. Which of the following is MOST important for an IS auditor to understand when reviewing this decision?
Question103: Which of the following would BEST help lo support an auditor's conclusion about the effectiveness of an implemented data classification program?
Question104: Which of the following would be of MOST concern for an IS auditor evaluating the design of an organization's incident management processes?
Question105: Which of the following information security requirements BE ST enables the tracking of organizational data in a bring your own device (BYOD) environment?
Question106: What is the PRIMARY reason for an organization to classify the data stored on its internal networks?
Question107: When physical destruction IS not practical, which of the following is the MOST effective means of disposing of sensitive data on a hard disk?
Question108: An organization has developed mature risk management practices that are followed across all departments What is the MOST effective way for the audit team to leverage this risk management maturity?
Question109: An IS auditor reviewing security incident processes realizes incidents are resolved and closed, but root causes are not investigated. Which of the following should be the MAJOR concern with this situation?
Question110: Which of the following BEST enables the effectiveness of an agile project for the rapid development of a new software application?
Question111: When evaluating the design of controls related to network monitoring, which of the following is MOST important for an IS auditor to review?
Question112: Which of the following is the MOST effective control to mitigate against the risk of inappropriate activity by employees?
Question113: Which of the following is MOST important for an IS auditor to review when evaluating the accuracy of a spreadsheet that contains several macros?
Question114: A financial group recently implemented new technologies and processes, Which type of IS audit would provide the GREATEST level of assurance that the department's objectives have been met?
Question115: An IS auditor finds the log management system is overwhelmed with false positive alerts. The auditor's BEST recommendation would be to:
Question116: An IS auditor has identified deficiencies within the organization's software development life cycle policies.
Which of the following should be done NEXT?
Question117: When reviewing the functionality of an intrusion detection system (IDS), the IS auditor should be MOST concerned if:
Question118: An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?
Question119: An IS auditor is assigned to perform a post-implementation review of an application system. Which of the following would impair the auditor's independence?
Question120: A finance department has a multi-year project to upgrade the enterprise resource planning (ERP) system hosting the general ledger. and in year one, the system version upgrade will be applied. Which of the following should be the PRIMARY focus of the IS auditor reviewing the first year of the project?
Question121: Which of the following is the BEST way to prevent social engineering incidents?
Question122: Using swipe cards to limit employee access to restricted areas requires implementing which additional control?
Question123: When reviewing a business case for a proposed implementation of a third-party system, which of the following should be an IS auditor's GREATEST concern?
Question124: Which of the following would provide the BEST evidence of an IT strategy corrections effectiveness?
Question125: A sample for testing must include the 80 largest client balances and a random sample of the rest. What should the IS auditor recommend?
Question126: An incident response team has been notified of a virus outbreak in a network subnet. Which of the following should be the NEXT step?
Question127: When designing a data analytics process, which of the following should be the stakeholder's role in automating data extraction and validation?
Question128: In which phase of the internal audit process is contact established with the individuals responsible for the business processes in scope for review?
Question129: Which of the following biometric access controls has the HIGHEST rate of false negatives?
Question130: During a database management evaluation an IS auditor discovers that some accounts with database administrator (DBA) privileges have been assigned a default password with an unlimited number of failed login attempts Which of the following is the auditor's BEST course of action?
Question131: An organization is concerned with meeting new regulations for protecting data confidentiality and asks an IS auditor to evaluate their procedures for transporting data. Which of the following would BEST support the organization's objectives?
Question132: An IS auditor has been asked to advise on measures to improve IT governance within the organization. Which of the following IS the BEST recommendation?
Question133: Which of the following issues associated with a data center's closed-circuit television (CCTV) surveillance cameras should be of MOST concern to an IS auditor?
Question134: One advantage of monetary unit sampling is the fact that
Question135: Which of the following would lead an IS auditor to conclude that the evidence collected during a digital forensic investigation would not be admissible in court?
Question136: Following a breach, what is the BEST source to determine the maximum amount of time before customers must be notified that their personal information may have been compromised?
Question137: An IS auditor is evaluating an organization's IT strategy and plans. Which of the following would be of GREATEST concern?
Question138: Which of the following is the PRIMARY reason to perform a risk assessment?
Question139: Secure code reviews as part of a continuous deployment program are which type of control?
Question140: A database administrator (DBA) should be prevented from having end user responsibilities:
Question141: An IS auditor is assigned to review the IS department s quality procedures. Upon contacting the IS manager, the auditor finds that there is an informal unwritten set of standards Which of the following should be the auditor's NEXT action1?
Question142: To reduce operational costs, IT management plans to reduce the number of servers currently used to run business applications. Which of the following is MOST helpful to review when identifying which servers are no longer required?
Question143: Which of the following would minimize the risk of losing transactions as a result of a disaster?
Question144: An organization has virtualized its server environment without making any other changes to the network or security infrastructure. Which of the following is the MOST significant risk?
Question145: Which of the following is the MOST significant risk that IS auditors are required to consider for each engagement?
Question146: Which of the following is the MOST effective way for an organization to help ensure agreed-upon action plans from an IS audit will be implemented?
Question147: An organization is planning an acquisition and has engaged an IS auditor lo evaluate the IT governance framework of the target company. Which of the following would be MOST helpful In determining the effectiveness of the framework?
Question148: During the planning phase of a data loss prevention (DLP) audit, management expresses a concern about mobile computing. Which of the following should the IS auditor identity as the associated risk?
Question149: An IS auditor is reviewing an organization's business intelligence infrastructure. The BEST recommendation to help the organization achieve a reasonable level of data quality would be to:
Question150: Which of the following provides the MOST useful information regarding an organization's risk appetite and tolerance?
Question151: The FIRST step in an incident response plan is to:
Question152: Which of the following would be a result of utilizing a top-down maturity model process?
Question153: A data center's physical access log system captures each visitor's identification document numbers along with the visitor's photo. Which of the following sampling methods would be MOST useful to an IS auditor conducting compliance testing for the effectiveness of the system?
Question154: The PRIMARY benefit of information asset classification is that it:
Question155: Which of the following is the BEST testing approach to facilitate rapid identification of application interface errors?
Question156: Which of the following presents the GREATEST challenge to the alignment of business and IT?
Question157: An IS auditor conducts a review of a third-party vendor's reporting of key performance indicators (KPIs) Which of the following findings should be of MOST concern to the auditor?
Question158: In a RAO model, which of the following roles must be assigned to only one individual?
Question159: In data warehouse (DW) management, what is the BEST way to prevent data quality issues caused by changes from a source system?
Question160: Which of the following is MOST critical to the success of an information security program?
Question161: A core system fails a week after a scheduled update, causing an outage that impacts service. Which of the following is MOST important for incident management to focus on when addressing the issue?
Question162: An organization has an acceptable use policy in place, but users do not formally acknowledge the policy.
Which of the following is the MOST significant risk from this finding?
Question163: Which of the following is the BEST way to minimize sampling risk?
Question164: When reviewing an IT strategic plan, the GREATEST concern would be that
Question165: During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor's NEXT step should be to:
Question166: During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST
Question167: Which of the following physical controls provides the GREATEST assurance that only authorized individuals can access a data center?
Question168: What should an IS auditor do FIRST when management responses
to an in-person internal control questionnaire indicate a key internal
control is no longer effective?
Question169: Which of the following applications has the MOST inherent risk and should be prioritized during audit planning?
Question170: Which of the following provides the GREATEST assurance that a middleware application compiling data from multiple sales transaction databases for forecasting is operating effectively?
Question171: Which of the following is the MOST important consideration for patching mission critical business application servers against known vulnerabilities?
Question172: An IS auditor discovers from patch logs that some in-scope systems are not compliant with the regular patching schedule. What should the auditor do NEXT?
Question173: When verifying the accuracy and completeness of migrated data for a new application system replacing a legacy system. It is MOST effective for an IS auditor to review;
Question174: In the case of a disaster where the data center is no longer available, which of the following tasks should be done FIRST?
Question175: Which of the following is MOST important to include in security awareness training?
Question176: Which of the following should be given GREATEST consideration when implementing the use of an open-source product?
Question177: Which of the following is an executive management concern that could be addressed by the implementation of a security metrics dashboard?
Question178: A firewall between internal network segments improves security and reduces risk by:
Question179: An IS auditor is performing a follow-up audit for findings identified in an organization's user provisioning process Which of the following is the MOST appropriate population to sample from when testing for remediation?
Question180: A new regulation in one country of a global organization has recently prohibited cross-border transfer of personal data. An IS auditor has been asked to determine the organization's level of exposure In the affected country. Which of the following would be MOST helpful in making this assessment?
Question181: An employee loses a mobile device resulting in loss of sensitive corporate data. Which o( the following would have BEST prevented data leakage?
Question182: An IS auditor has found that a vendor has gone out of business and the escrow has an older version of the source code. What is the auditor's BEST recommendation for the organization?
Question183: The PRIMARY benefit lo using a dry-pipe fire-suppression system rather than a wet-pipe system is that a dry-pipe system:
Question184: Which of the following is the BEST method to delete sensitive information from storage media that will be reused?
Question185: Which of the following BEST describes an audit risk?
Question186: Which of the following is the MOST effective way to identify exfiltration of sensitive data by a malicious insider?
Question187: Stress testing should ideally be earned out under a:
Question188: Which of the following BEST demonstrates to senior management and the board that an audit function is compliant with standards and the code of ethics?
Question189: Which of the following is MOST important for an IS auditor to examine when reviewing an organization's privacy policy?
Question190: The BEST way to determine whether programmers have permission to alter data in the production environment is by reviewing:
Question191: Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Question192: Which of the following provides the BEST evidence that a third-party service provider's information security controls are effective?
Question193: What would be an IS auditor's BEST course of action when an auditee is unable to close all audit recommendations by the time of the follow-up audit?
Question194: Which of the following is the BEST performance indicator for the effectiveness of an incident management program?
Question195: To develop meaningful recommendations 'or findings, which of the following is MOST important 'or an IS auditor to determine and understand?
Question196: A new system is being developed by a vendor for a consumer service organization. The vendor will provide its proprietary software once system development is completed Which of the following is the MOST important requirement to include In the vendor contract to ensure continuity?
Question197: Which of the following is the BEST detective control for a job scheduling process involving data transmission?
Question198: During the discussion of a draft audit report IT management provided suitable evidence that a process has been implemented for a control that had been concluded by the IS auditor as ineffective Which of the following is the auditor's BEST action?
Question199: Which type of control is being implemented when a biometric access device is installed at the entrance to a facility?
Question200: Which type of attack targets security vulnerabilities in web applications to gain access to data sets?
Question201: Which of the following is MOST critical for the effective implementation of IT governance?
Question202: During an external review, an IS auditor observes an inconsistent approach in classifying system criticality within the organization. Which of the following should be recommended as the PRIMARY factor to determine system criticality?
Question203: Which of the following is me GREATE ST impact as a result of the ongoing deterioration of a detective control?
Question204: Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?
Question205: Which of the following audit procedures would be MOST conclusive in evaluating the effectiveness of an e-commerce application system's edit routine?
Question206: Which of the following should be performed FIRST before key performance indicators (KPIs) can be implemented?
Question207: Which of the following provides the MOST useful information to an IS auditor when selecting projects for inclusion in an IT audit plan?
Question208: Which of the following should be of GREATEST concern to an IS auditor assessing the effectiveness of an organization's vulnerability scanning program''
Question209: During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be MOST concerned with the:
Question210: Which of the following would MOST effectively help to reduce the number of repealed incidents in an organization?
Question211: An IS auditor is reviewing an organization's business continuity plan (BCP) following a change in organizational structure with significant impact to business processes. Which of the following findings should be the auditor's GREATEST concern?
Question212: Which of the following is the BEST way to mitigate the risk associated with unintentional modifications of complex calculations in end-user computing (EUC)?
Question213: Which of the following is the BEST way to verify the effectiveness of a data restoration process?
Question214: Which of the following observations would an IS auditor consider the GREATEST risk when conducting an audit of a virtual server farm tor potential software vulnerabilities?
Question215: Which of the following should an IS auditor expect to see in a network vulnerability assessment?
Question216: During an exit meeting, an IS auditor highlights that backup cycles
are being missed due to operator error and that these exceptions
are not being managed. Which of the following is the BEST way to
help management understand the associated risk?
Question217: What would be the PRIMARY reason an IS auditor would recommend replacing universal PIN codes with an RFID access card system at a data center?
Question218: A bank performed minor changes to the interest calculation computer program. Which of the following techniques would provide the STRONGEST evidence to determine whether the interest calculations are correct?
Question219: An organization implemented a cybersecurity policy last year Which of the following is the GREATE ST indicator that the policy may need to be revised?
Question220: Which of the following is the PRIMARY reason for an IS audit manager to review the work performed by a senior IS auditor prior to presentation of a report?
Question221: When planning an internal penetration test, which of the following is the MOST important step prior to finalizing the scope of testing?
Question222: Which task should an IS auditor complete FIRST during the preliminary planning phase of a database security review?
Question223: A computer forensic audit is MOST relevant in which of the following situations?
Question224: Which of the following should be the GREATEST concern to an IS auditor reviewing an organization's method to transport sensitive data between offices?
Question225: Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?
Question226: Which of the following would provide the BEST evidence that a cloud provider's change management process is effective?
Question227: Which audit approach is MOST helpful in optimizing the use of IS audit resources?
Question228: Which of the following is the GREATEST risk of using a reciprocal site for disaster recovery?
Question229: Which of the following is the PRIMARY reason for an IS auditor to perform a risk assessment?
Question230: An organization is planning to implement a work-from-home policy that allows users to work remotely as needed. Which of the following is the BEST solution for ensuring secure remote access to corporate resources?
Question231: Which of the following should be of MOST concern to an IS auditor reviewing the public key infrastructure (PKI) for enterprise email?
Question232: During the evaluation of controls over a major application development project, the MOST effective use of an IS auditor's time would be to review and evaluate:
Question233: When a data center is attempting to restore computing facilities at an alternative site following a disaster, which of the following should be restored FIRST?
Question234: What is the BEST way to reduce the risk of inaccurate or misleading data proliferating through business intelligence systems?
Question235: During audit planning, the IS audit manager is considering whether to budget for audits of entities regarded by the business as having low risk. Which of the following is the BEST course of action in this situation?
Question236: Which of the following should be the PRIMARY role of an internal audit function in the management of identified business risks?
Question237: An IS auditor notes that the previous year's disaster recovery test was not completed within the scheduled time frame due to insufficient hardware allocated by a third-party vendor. Which of the following provides the BEST evidence that adequate resources are now allocated to successfully recover the systems?
Question238: Which of the following should be the PRIMARY basis for prioritizing follow-up audits?
Question239: From an IS auditor's perspective, which of the following would be the GREATEST risk associated with an incomplete inventory of deployed software in an organization?
Question240: When planning a follow-up, the IS auditor is informed by operational management that recent organizational changes have addressed the previously identified risk and implementing the action plan is no longer necessary.
What should the auditor do NEXT?
Question241: What is the MAIN reason to use incremental backups?
Question242: An organization's IT department and internal IS audit function all report to the chief information officer (CIO).
Which of the following is the GREATEST concern associated with this reporting structure?
Question243: During an operational audit on the procurement department, the audit team encounters a key system that uses an artificial intelligence (Al) algorithm. The audit team does not have the necessary knowledge to proceed with the audit. Which of the following is the BEST way to handle this situation?
Question244: When assessing a proposed project for the two-way replication of a customer database with a remote call center, the IS auditor should ensure that:
Question245: A secure server room has a badge reader system that records name, date, and time information whenever a staff member uses a badge to enter or exit. When reviewing the system logs, an IS auditor notices records for some employees entering, but not exiting, the room. Which of the following would be the MOST effective compensating control to recommend?
Question246: Controls related to authorized modifications to production programs are BEST tested by:
Question247: In an IT organization where many responsibilities are shared which of the following is the BEST control for detecting unauthorized data changes?
Question248: An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities. Which of the following is the BEST recommendation by the IS auditor?
Question249: An IS auditor who was instrumental in designing an application is called upon to review the application. The auditor should:
Question250: Which of the following documents would be MOST useful in detecting a weakness in segregation of duties?
Question251: Which of the following findings should be of GREATEST concern to an IS auditor reviewing an organization s newly implemented online security awareness program'?
Question252: An IT strategic plan that BEST leverages IT in achieving organizational goals will include:
Question253: An organization has partnered with a third party to transport backup drives to an offsite storage facility. Which of the following is MOST important before sending the drives?
Question254: Which of the following is the GREATEST risk when relying on reports generated by end-user computing (EUC)?
Question255: An IS auditor is preparing a plan for audits to be carried out over a specified period. Which of the following activities should the IS auditor perform FIRST?
Question256: Which of the following is the MOST important control for virtualized environments?
Question257: An auditee disagrees with a recommendation for corrective action that appears in the draft engagement report.
Which of the following is the IS auditor's BEST course of action when preparing the final report?
Question258: As part of the architecture of virtualized environments, in a bare metal or native visualization the hypervisor runs without:
Question259: The PRIMARY purpose of a configuration management system is to:
Question260: Which of the following is the BEST justification for deferring remediation testing until the next audit?
Question261: When planning an audit, it is acceptable for an IS auditor to rely on a third-party provider's external audit report on service level management when the
Question262: In an environment that automatically reports all program changes, which of the following is the MOST efficient way to detect unauthorized changes to production programs?
Question263: Which of the following is a concern associated with virtualization?
Question264: Which of the following BEST ensures the quality and integrity of test procedures used in audit analytics?
Question265: Which of the following should be the FIRST step when developing a data loss prevention (DLP) solution for a large organization?
Question266: Providing security certification for a new system should include which of the following prior to the system's implementation?
Question267: Which of the following provides the BEST audit evidence that a firewall is configured in compliance with the organization's security policy?
Question268: Which of the following is the MOST effective accuracy control for entry of a valid numeric part number?
Question269: Which of the following strategies BEST optimizes data storage without compromising data retention practices?
Question270: A business has requested an audit to determine whether information stored in an application is adequately protected. Which of the following is the MOST important action before the audit work begins?
Question271: Prior to a follow-up engagement, an IS auditor learns that management has decided to accept a level of residual risk related to an audit finding without remediation. The IS auditor is concerned about management's decision. Which of the following should be the IS auditor's NEXT course of action?
Question272: Which of the following methods will BEST reduce the risk associated with the transition to a new system using technologies that are not compatible with the old system?
Question273: An IS auditor is reviewing processes for importing market price data from external data providers. Which of the following findings should the auditor consider MOST critical?
Question274: Which of the following demonstrates the use of data analytics for a loan origination process?
Question275: Which of the following is an audit reviewer's PRIMARY role with regard to evidence?
Question276: When an intrusion into an organization network is deleted, which of the following should be done FIRST?
Question277: An organization with many desktop PCs is considering moving to a thin client architecture. Which of the following is the MAJOR advantage?
Question278: Which of the following MOST effectively minimizes downtime during system conversions?
Question279: Which of the following is MOST important to consider when reviewing an organization's defined data backup and restoration procedures?
Question280: Which of the following approaches would utilize data analytics to facilitate the testing of a new account creation process?
Question281: Which of the following controls is MOST important for ensuring the integrity of system interfaces?
Question282: An IS auditor notes the transaction processing times in an order processing system have significantly increased after a major release. Which of the following should the IS auditor review FIRST?
Question283: An IS audit manager is reviewing workpapers for a recently completed audit of the corporate disaster recovery test. Which of the following should the IS audit manager specifically review to substantiate the conclusions?
Question284: Which of the following is the BEST way to address segregation of duties issues in an organization with budget constraints?
Question285: An IT balanced scorecard is the MOST effective means of monitoring:
Question286: An IS auditor has learned that access privileges are not periodically reviewed or updated. Which of the following would provide the BEST evidence to determine whether transactions have been executed by authorized employees?
Question287: An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?
Question288: A project team has decided to switch to an agile approach to develop a replacement for an existing business application. Which of the following should an IS auditor do FIRST to ensure the effectiveness of the protect audit?
Question289: For an organization that has plans to implement web-based trading, it would be MOST important for an IS auditor to verify the organization's information security plan includes:
Question290: Which of the following would an IS auditor recommend as the MOST effective preventive control to reduce the risk of data leakage?
Question291: Which of the following should be the FIRST step when conducting an IT risk assessment?
Question292: A small IT department has embraced DevOps, which allows members of this group to deploy code to production and maintain some development access to automate releases. Which of the following is the MOST effective control?
Question293: During the implementation of an upgraded enterprise resource planning (ERP) system, which of the following is the MOST important consideration for a go-live decision?
Question294: Which of the following is MOST important for an IS auditor to confirm when reviewing an organization's incident response management program?
Question295: An IS auditor is reviewing logical access controls for an organization's financial business application Which of the following findings should be of GREATEST concern to the auditor?
Question296: An organization plans to receive an automated data feed into its enterprise data warehouse from a third-party service provider. Which of the following would be the BEST way to prevent accepting bad data?
Question297: Which of the following is the BEST evidence that an organization's IT strategy is aligned lo its business objectives?
Question298: Which of the following analytical methods would be MOST useful when trying to identify groups with similar behavior or characteristics in a large population?
Question299: IT disaster recovery time objectives (RTOs) should be based on the:
Question300: An IS auditor Is renewing the deployment of a new automated system Which of the following findings presents the MOST significant risk?
Question301: Which of the following would BEST guide an IS auditor when determining an appropriate time to schedule the follow-up of agreed corrective actions for reported audit issues?
Question302: Which of the following approaches will ensure recovery time objectives (RTOs) are met for an organization's disaster recovery plan (DRP)?
Question303: An IS auditor follows up on a recent security incident and finds the incident response was not adequate. Which of the following findings should be considered MOST critical?
Question304: Which of the following BEST facilitates the legal process in the event of an incident?
Question305: An IS auditor is reviewing the backup procedures in an organization that has high volumes of data with frequent changes to transactions. Which of the following is the BEST backup scheme to recommend given the need for a shorter restoration time in the event of a disruption?
Question306: Which of the following is the PRIMARY reason to follow a configuration management process to maintain application?
Question307: Which of the following BEST enables the timely identification of risk exposure?
Question308: The decision to accept an IT control risk related to data quality should be the responsibility of the:
Question309: A programmer has made unauthorized changes lo key fields in a payroll system report. Which of the following control weaknesses would have contributed MOST to this problem?
Question310: Which of the following features of a library control software package would protect against unauthorized updating of source code?
Question311: Which of the following is a social engineering attack method?
Question312: While evaluating the data classification process of an organization, an IS auditor's PRIMARY focus should be on whether:
Question313: Which of the following BEST protects an organization's proprietary code during a joint-development activity involving a third party?
Question314: What should an IS auditor do FIRST when a follow-up audit reveals some management action plans have not been initiated?
Question315: Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organization's information security policy?
Question316: What should be the PRIMARY basis for selecting which IS audits to perform in the coming year?
Question317: During the planning stage of a compliance audit, an IS auditor discovers that a bank's inventory of compliance requirements does not include recent regulatory changes related to managing data risk. What should the auditor do FIRST?
Question318: Which of the following is the BEST way for an organization to mitigate the risk associated with third-party application performance?
Question319: What is the PRIMARY purpose of performing a parallel run of a now system?
Question320: Which of the following Is the BEST way to ensure payment transaction data is restricted to the appropriate users?
Question321: Which of the following is a PRIMARY benefit of using risk assessments to determine areas to be included in an audit plan?
Question322: Which of the following should be done FIRST to minimize the risk of unstructured data?
Question323: The PRIMARY benefit of automating application testing is to:
Question324: An IS auditor is planning an audit of an organization's risk management practices. Which of the following would provide the MOST useful information about risk appetite?
Question325: Which of the following is the BEST source of information to determine the required level of data protection on a file server?
Question326: Which of the following is the MAIN responsibility of the IT steering committee?
Question327: Which of the following would be an auditor's GREATEST concern when reviewing data inputs from spreadsheets into the core finance system?
Question328: Which of the following is MOST important to consider when assessing the scope of privacy concerns for an IT project?
Question329: Which of the following controls BEST ensures appropriate segregation of duties within an accounts payable department?
Question330: A CFO has requested an audit of IT capacity management due to a series of finance system slowdowns during month-end reporting. What would be MOST important to consider before including this audit in the program?
Question331: During a review of system access, an IS auditor notes that an employee who has recently changed roles within the organization still has previous access rights. The auditor's NEXT step should be to:
Question332: An IS auditor has completed the fieldwork phase of a network security review and is preparing the initial following findings should be ranked as the HIGHEST risk?
Question333: Which of the following is the BEST way to foster continuous improvement of IS audit processes and practices?
Question334: Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?
Question335: Which of the following should be of GREATEST concern to an IS auditor conducting an audit of an organization that recently experienced a ransomware attack?
Question336: Which of the following is MOST important for an IS auditor to verify when evaluating an organization's firewall?
Question337: The use of which of the following is an inherent risk in the application container infrastructure?
Question338: A vendor requires privileged access to a key business application. Which of the following is the BEST recommendation to reduce the risk of data leakage?
Question339: Which of the following application input controls would MOST likely detect data input errors in the customer account number field during the processing of an accounts receivable transaction?
Question340: Which of the following responses to risk associated with segregation of duties would incur the LOWEST initial cost?
Question341: The BEST way to evaluate the effectiveness of a newly developed application is to:
Question342: Which of the following would be of GREATEST concern to an IS auditor reviewing an IT strategy document?
Question343: Which of the following provides the MOST reliable method of preventing unauthonzed logon?
Question344: While auditing a small organization's data classification processes and procedures, an IS auditor noticed that data is often classified at the incorrect level. What is the MOST effective way for the organization to improve this situation?
Question345: Which of the following is the MAIN risk associated with adding a new system functionality during the development phase without following a project change management process?
Question346: An organization plans to receive an automated data feed into its enterprise data warehouse from a third-party service provider. Which of the following would be the BEST way to prevent accepting bad data?
Question347: Which of the following is the MOST important responsibility of data owners when implementing a data classification process?
Question348: Which of the following should be done FIRST when planning to conduct internal and external penetration testing for a client?
Question349: Which of the following would BEST indicate the effectiveness of a security awareness training program?
Question350: The PRIMARY objective of value delivery in reference to IT governance is to:
Question351: Which of the following should be the FIRST step in the incident response process for a suspected breach?
Question352: Which of the following would the IS auditor MOST likely review to determine whether modifications to the operating system parameters were authorized?
Question353: The PRIMARY role of a control self-assessment (CSA) facilitator is to:
Question354: Which of the following components of a risk assessment is MOST helpful to management in determining the level of risk mitigation to apply?
Question355: During an exit interview, senior management disagrees with some of me facts presented m the draft audit report and wants them removed from the report. Which of the following would be the auditor's BEST course of action?
Question356: When auditing the security architecture of an online application, an IS auditor should FIRST review the:
Question357: Which of the following types of firewalls provide the GREATEST degree of control against hacker intrusion?
Question358: Backup procedures for an organization's critical data are considered to be which type of control?
Question359: Which type of risk would MOST influence the selection of a sampling methodology?
Question360: An IT balanced scorecard is PRIMARILY used for:
Question361: Which of the following is a social engineering attack method?
Question362: Which of the following is MOST likely to be a project deliverable of an agile software development methodology?
Question363: Which of the following is MOST critical to the success of an information security program?
Question364: Which of the following should be the FRST step when developing a data toes prevention (DIP) solution for a large organization?
Question365: An IS auditor discovers that validation controls m a web application have been moved from the server side into the browser to boost performance This would MOST likely increase the risk of a successful attack by.
Question366: During an IT general controls audit of a high-risk area where both internal and external audit teams are reviewing the same approach to optimize resources?
Question367: In an environment where data virtualization is used, which of the following provides the BEST disaster recovery solution?
Question368: In a high-volume, real-time system, the MOST effective technique by which to continuously monitor and analyze transaction processing is:
Question369: Which of the following would be the BEST criteria for monitoring an IT vendor's service levels?
Question370: Which of the following BEST ensures that effective change management is in place in an IS environment?
Question371: What would be an IS auditor's BEST recommendation upon finding that a third-party IT service provider hosts the organization's human resources (HR) system in a foreign country?
Question372: Which of the following is MOST helpful for measuring benefits realization for a new system?
Question373: Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (lDS)?
Question374: Which of the following would protect the confidentiality of information sent in email messages?
Question375: Which of the following is the BEST way for management to ensure the effectiveness of the cybersecurity incident response process?
Question376: An IS auditor requests direct access to data required to perform audit procedures instead of asking management to provide the data Which of the following is the PRIMARY advantage of this approach?
Question377: Which of the following will be the MOST effective method to verify that a service vendor keeps control levels as required by the client?
Question378: During a follow-up audit, an IS auditor finds that some critical recommendations have the IS auditor's BEST course of action?
Question379: Which of the following is MOST important to determine during the planning phase of a cloud-based messaging and collaboration platform acquisition?
Question380: Which of the following is a PRIMARY responsibility of an IT steering committee?
Question381: Which of the following is MOST important for an IS auditor to do during an exit meeting with an auditee?
Question382: In reviewing the IT strategic plan, the IS auditor should consider whether it identifies the:
Question383: An organizations audit charier PRIMARILY:
Question384: When testing the adequacy of tape backup procedures, which step BEST verifies that regularly scheduled Backups are timely and run to completion?
Question385: An IS auditor is reviewing the perimeter security design of a network. Which of the following provides the GREATEST assurance outgoing Internet traffic is controlled?
Question386: Which of the following is the PRIMARY advantage of using visualization technology for corporate applications?
Question387: An IS auditor finds that a key Internet-facing system is vulnerable to attack and that patches are not available.
What should the auditor recommend be done FIRST?
Question388: Which of the following presents the GREATEST risk to an organization's ability to manage quality control (QC) processes?
Question389: Which of the following would be of GREATEST concern when reviewing an organization's security information and event management (SIEM) solution?
Question390: Which of the following is MOST important for an IS auditor to confirm when reviewing an organization's plans to implement robotic process automation (RPA> to automate routine business tasks?
Question391: When assessing whether an organization's IT performance measures are comparable to other organizations in the same industry, which of the following would be MOST helpful to review?
Question392: Which of the following areas of responsibility would cause the GREATEST segregation of duties conflict if the individual who performs the related tasks also has approval authority?
Question393: During an ongoing audit, management requests a briefing on the findings to date. Which of the following is the IS auditor's BEST course of action?
Question394: An IS auditor has been asked to review an event log aggregation system to ensure risk management practices have been applied. Which of the following should be of MOST concern to the auditor?
Question395: Which of the following is an IS auditor's BEST approach when prepanng to evaluate whether the IT strategy supports the organization's vision and mission?
Question396: Which of the following is the MOST effective way to detect as many abnormalities as possible during an IS audit?
Question397: Which of the following is MOST useful for determining whether the goals of IT are aligned with the organization's goals?
Question398: Which of the following would BEST help to ensure that an incident receives attention from appropriate personnel in a timely manner?
Question399: When reviewing past results of a recurring annual audit, an IS auditor notes that findings may not have been reported and independence may not have been maintained. Which of the following is the auditor's BEST course of action?
Question400: The PRIMARY reason for an IS auditor to use data analytics techniques is to reduce which type of audit risk?
Question401: During the walk-through procedures for an upcoming audit, an IS auditor notes that the key application in scope is part of a Software as a Service (SaaS) agreement. What should the auditor do NEXT?
Question402: An IS auditor discovers a box of hard drives in a secured location that are overdue for physical destruction.
The vendor responsible for this task was never made aware of these hard drives.
Which of the following is the BEST course of action to address this issue?
Question403: In a review of the organization standards and guidelines for IT management, which of the following should be included in an IS development methodology?
Question404: An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?
Question405: An IS auditor has been asked to assess the security of a recently migrated database system that contains personal and financial data for a bank's customers. Which of the following controls is MOST important for the auditor to confirm is in place?
Question406: Which of the following BEST enables an organization to improve the visibility of end-user computing (EUC) applications that support regulatory reporting?
Question407: A third-party consultant is managing the replacement of an accounting system. Which of the following should be the IS auditor's GREATEST concern?
Question408: Which of the following provides the MOST protection against emerging threats?
Question409: Which of the following should an IS auditor consider the MOST significant risk associated with a new health records system that replaces a legacy system?
Question410: The PRIMARY purpose of an incident response plan is to:
Question411: An organization is considering allowing users to connect personal devices to the corporate network. Which of the following should be done FIRST?
Question412: Which of the following statements appearing in an organization's acceptable use policy BEST demonstrates alignment with data classification standards related to the protection of information assets?
Question413: During a follow-up audit, it was found that a complex security vulnerability of low risk was not resolved within the agreed-upon timeframe. IT has stated that the system with the identified vulnerability is being replaced and is expected to be fully functional in two months Which of the following is the BEST course of action?
Question414: Which of the following weaknesses would have the GREATEST impact on the effective operation of a perimeter firewall?
Question415: Which of the following would provide an IS auditor with the GREATEST assurance that data disposal controls support business strategic objectives?
Question416: Which of the following is an IS auditor's BEST recommendation to protect an organization from attacks when its file server needs to be accessible to external users?
Question417: The use of access control lists (ACLs) is the MOST effective method to mitigate security risk for routers because they: (Identify Correct answer and related explanation/references from CISA Certification - Information Systems Auditor official Manual or book)
Question418: Which of the following metrics is the BEST indicator of the performance of a web application
Question419: Which of the following should be of GREATEST concern to an IS auditor performing a review of information security controls?
Question420: Retention periods and conditions for the destruction of personal data should be determined by the.
Question421: Which of the following would be the GREATEST concern to an IS auditor when reviewing the outsourcing contract for an organization's cloud service provider?
Question422: An IS auditor finds that capacity management for a key system is being performed by IT with no input from the business The auditor's PRIMARY concern would be:
Question423: A credit card company has decided to outsource the printing of customer statements It Is MOST important for the company to verify whether:
Question424: Which of the following occurs during the issues management process for a system development project?
Question425: Which of the following is MOST useful when planning to audit an organization's compliance with cybersecurity regulations in foreign countries?
Question426: Which of the following is a challenge in developing a service level agreement (SLA) for network services?
Question427: When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:
Question428: In response to an audit finding regarding a payroll application, management implemented a new automated control. Which of the following would be MOST helpful to the IS auditor when evaluating the effectiveness of the new control?
Question429: When reviewing a project to replace multiple manual data entry systems with an artificial intelligence (Al) system, the IS auditor should be MOST concerned with the impact Al will have on
Question430: Which type of attack poses the GREATEST risk to an organization's most sensitive data?
Question431: Which of the following controls BEST ensures appropriate segregation of dudes within an accounts payable department?
Question432: Which of the following is the BEST security control to validate the integrity of data communicated between production databases and a big data analytics system?
Question433: A characteristic of a digital signature is that it
Question434: Which of the following is MOST important for an effective control self-assessment (CSA) program?