ISACA CISA v2020-10-23 q332

ISACA.CISA.v2020-10-23.
q332
Exam Code: CISA
Exam Name: Certified Information Systems Auditor
Certification Provider: ISACA
Free Question Number: 332
Version: v2020-10-23
# of views: 265
# of Questions views: 7703
https://www.freecram.com/torrent/ISACA.CISA.v2020-10-23.q332.html
NEW QUESTION: 1
Which of the following is the MOST significant concerns when backup tapes are
encrypted?
A. Loss of encryption keys
B. Lack of physical security over the tapes
C. Inaccurate data due to encryption processing
D. Incompatibility with future software versions
Answer: A (LEAVE A REPLY)
NEW QUESTION: 2
An IS auditor suspects an organization's computer may have been used to commit a
crime. Which of the following is the auditor s BEST course of action?
A. Advise management of the crime after the investigation.
B. Contact the incident response team to conduct an investigation.
C. Examine the computer to search for evidence supporting the suspicions.
D. Notify local law enforcement of the potential crime before further investigation.
Answer: (SHOW ANSWER)
NEW QUESTION: 3
An IS auditor finds the timeliness and depth of information regarding the organization's IT
projects varies based on which project manager is assigned. Which of the following
recommendations would be A MOST helpful in achieving predictable and repeatable
project management processes?
A. Alignment of project performance to pay incentives
B. Adoption of business case and earned value templates
C. Measurement against defined and documented procedures
D. Use of Gantt charts and work breakdown structures
Answer: B (LEAVE A REPLY)
NEW QUESTION: 4
An enterprise receiving email should have procedures to control:
A. insufficient connectivity,
B. unsolicited executable code.
C. outdated protocols,
D. insufficient end-points.
NEW QUESTION: 5
Which of the following is the MOST effective mechanism for ensuring that critical IT
operational problems are reported to executive management in a timely manner?
A. Escalation procedures
B. Periodic status reports
C. Service level monitoring
D. Regular meetings
NEW QUESTION: 6
Which of the following documents would be MOST useful in detecting a weakness in
segregation of duties?
A. Entity-relationship diagram
B. Process flowchart
C. Data flowdiagram
D. Systems flowchart
NEW QUESTION: 7
During a vulnerability assessment, an IS auditor finds a high-risk vulnerability in a public-
facing web server used to process online customer orders via credit card. The IS auditor
could FIRST:
A. redesign the customer order process.
B. document the finding in the report
C. notify management.
D. suspend credit card processing.
Answer: C (LEAVE A REPLY)
NEW QUESTION: 8
Which of the following is the BEST physical security solution for granting and restricting
access to individuals based on their unique access needs?
A. Closed-circuit television (CCTV)
B. Bolting door locks
C. Electronic badge system
D. Cipher locks
NEW QUESTION: 9
An IS auditor identifies key controls that have been overridden by management. The next
step the IS auditor should take is to
A. Perform procedures to quantify the irregularities
B. Recommend compensating controls
C. Report the absence of key controls to regulators
D. Withdraw from the engagement
NEW QUESTION: 10
Which of the following occurs during the issues management process for a system
development project?
A. Configuration management
B. Help desk management
C. Impact assessment
D. Contingency planning
NEW QUESTION: 11
Which of the following would BEST detect that a distributed-denial-of-service attack
(DDoS) is occurring?
A. Automated monitoring of logs
B. Customer service complaints
C. Penetration testing
D. Server crashes
NEW QUESTION: 12
Which of the following should be an IS auditor's FIRST activity when planning an audit?
A. Document specific questions in the audit program
B. Gain an understanding of the area to be audited.
C. Identify proper resources for audit activities.
D. Create a list of key controls to be reviewed.
NEW QUESTION: 13
Which of the following would be MOST helpful in ensuring security procedures are followed
by employees in a multinational organization?
A. Regular policy updates by management
B. Security architecture review
C. Regular clean desk reviews
D. Comprehensive end-user training
Answer: D (LEAVE A REPLY)
NEW QUESTION: 14
A development team has designed a new application and incorporated best practices for
secure coding. Prior to launch, which of the following is the IS auditor's BEST
recommendation to mitigate the associated security risk?
A. Integration testing
B. User acceptance testing
C. Unit testing
D. Penetration testing
NEW QUESTION: 15
Which of the following is the BEST reason to perform root cause analysis after a critical
server failure?
A. To enable timely follow-up audits
B. To enable the gathering of system availability data
C. To enable appropriate corrective measures
D. To enable the optimization of IT investments
NEW QUESTION: 16
An IS auditor discovers that management has created a system interface to receive
financial data and store it in a data warehouse. Which of the following provides the BEST
assurance that data in the data warehouse is accurate?
A. Management reconciliations
B. A documented change management process
C. Established risk management processes
D. Management, access reviews
Valid CISA Dumps shared by PrepAwayExam.com for Helping Passing CISA Exam!
PrepAwayExam.com now offer the newest CISA exam dumps, the
PrepAwayExam.com CISA exam questions have been updated and answers have
been corrected get the newest PrepAwayExam.com CISA dumps with Test Engine
here: https://www.prepawayexam.com/ISACA/braindumps.CISA.ete.file.html (745 Q&As
Dumps, 40%OFF Special Discount: freecram)
NEW QUESTION: 17
A security administrator should have read-only access for which of the following?
A. Password policy
B. Services/daemons configuration
C. Security logs
D. Router configuration
NEW QUESTION: 18
Which of the following controls would BEST decrease the exposure if a password is
compromised?
A. Passwords are masked.
B. Passwords are encrypted.
C. Password changes are forced periodically.
D. Passwords have format restrictions.
NEW QUESTION: 19
An organization has outsourced its data processing function to a service provider. Which of
the following would BEST determine whether the service provider continues to meet the
organization s objectives?
A. Periodic audits of controls by an independent auditor
B. Review of performance against service level agreements (SLAs)
C. Adequacy of the service provider's insurance
D. Assessment of the personnel training processes of the provider
NEW QUESTION: 20
Which of the following is MOST important for an IS auditor to consider when determining
an appropriate sample size in situations where selecting the entire population is not
feasible?
A. Responsiveness of the auditee
B. Accessibility of the data
C. Tolerable error
D. Data integrity
NEW QUESTION: 21
When introducing a maturity model to the IT management process, it is BEST to align the
maturity level to a point that reflects which of the following?
A. Maximum risk tolerance level
B. Ideal business production level
C. Industry standard practice level
D. Minimum cost expenditure level
NEW QUESTION: 22
When determining the specifications for a server supporting an online application using
more than a hundred endpoints, which of the following is the MOST important factor to be
Considered?
A. High availability of different systems
B. Cost-benefit comparison between the available systems
C. Reputation of the vendors and their customer base
D. Transaction volume estimate during peak periods
NEW QUESTION: 23
Which of the following roles combined with the role of a database administrator (DBA) will
create a segregation of duties conflict?
A. Security administrator
B. Systems analyst
C. Quality assurance
D. Application end user
NEW QUESTION: 24
Which of the following is MOST important when an incident may lead to prosecution?
A. Impact analysis
B. Timely incident detection
C. Preservation of evidence
D. Independent assessment
NEW QUESTION: 25
When physical destruction is not practical, which of the following is the MOST effective
measure of disposing of sensitive data on a hard disk?
A. Overwriting multiple times
B. Recycling the disk
C. Deleting files sequentially
D. Reformatting
NEW QUESTION: 26
When auditing a quality assurance plan, an IS auditor should be MOST concerned if the:
A. SDLC is coupled with the quality assurance plan
B. scope of quality assurance activities is undefined
C. quality assurance function is periodically reviewed by internal audit
D. quality assurance function is separate from the programming function
NEW QUESTION: 27
An IS auditor reviewing security incident processes realizes incidents are resolved and
dosed, but root causes are not investigated Which of the following should be the MAJOR
concern with this situation?
A. Abuses by employees have not been reported
B. Vulnerabilities have not been properly addressed
C. Lessons earned have not been property documented.
D. Security incident policies are out of date
NEW QUESTION: 28
Which function in the purchasing module of an enterprise resource planning (ERP) system
ensures payments are not issued for incorrect invoices'
A. Management workflow approval
B. Three-way match
C. Sequential payment numbers
D. Purchasing authority levels
NEW QUESTION: 29
Which of the following procedures should an IS auditor complete FIRST when evaluating
the adequacy of IT key performance indicators (KPIs)?
A. Validate the KPI thresholds.
B. Determine whether the KPIs support IT objectives.
C. Review KPIs that indicate poor IT performance.
D. Independently calculate the accuracy of the KPIs.
NEW QUESTION: 30
Which of the following should be a PRIMARY control objective when designing controls for
system interfaces?
A. Ensure all data transferred through system interfaces is encrypted.
B. Ensure managed file transfer (MFT) systems have restart capability for interruptions.
C. Ensure data on the sending system is identical to the data on the receiving system.
D. Ensure peer-to-peer data transfers are minimized.
NEW QUESTION: 31
An audit team has a completed schedule approved by the audit committee. After starting
some of the scheduled audits, executive management asked the team to immediately audit
an additional process. There are not enough resources available to add the additional audit
to the schedule. Which of the following is the BEST course of action?
A. Revise the scope of scheduled audits.
B. Consider scheduling the audit for the next period.
C. Propose a revised audit schedule.
D. Approve overtime work to ensure the audit is completed.
NEW QUESTION: 32
A database is denormalized in order to:
A. ensure data integrity.
B. prevent loss of data.
C. save storage space.
D. increase processing efficiency.
NEW QUESTION: 33
Audit management has just completed the annual audit plan for the upcoming year, which
consists entirely of high-risk processor. However it is determined that there are insufficient
resources to execute the plan. What should be done NEXT?
A. Present the annual plan to the audit committee and ask for more resources
B. Remove audit from the annual plan to better match the number of resources available.
C. Reduce the scope of the audit to better match the number of resources available
D. Review the audit plan and defer some audits to the subsequent year
NEW QUESTION: 34
Which of the following is MOST important for the IS auditor to verify when reviewing the
development process of a security policy?
A. Output from the enterprise's risk management system
B. Evidence of management approval
C. Evidence of active involvement of key stakeholders
D. Identification of the control framework
NEW QUESTION: 35
Which of the following is MOST important in the audit quality assurance process?
A. Qualifications of the assessor
B. Testing performed during the assessment
C. Results of corrective action plans
D. Oversight by the audit committee
NEW QUESTION: 36
Which of the following is MOST important when planning a network audit?
A. Isolation of rogue access points
B. Identification of existing nodes
C. Analysts of traffic content
D. Determination of IP range in use
NEW QUESTION: 37
The quality assurance (QA) function should be prevented from
A. Changing programs for business functions
B. Establishing analysis techniques
C. Developing naming conventions
D. Amending review procedures
NEW QUESTION: 38
Which of the following is the PRIMARY role of an IS auditor with regard to data privacy?
A. Ensuring compliance with data privacy laws
B. Verifying that privacy practices match privacy statements
C. Drafting the organization's data privacy policy
D. Communicating data privacy requirements to the organization
NEW QUESTION: 39
Communicating which of the following would BEST encourage management to initiate
appropriate actions following the receipt of report findings?
A. Risk implications of the observations
B. Statistical sampling used to derive observations
C. Recommendations that align with the business strategy
D. Strict deadlines to close all observations
NEW QUESTION: 40
An organization is using a single account shared by personnel for its social networking
marketing page. Which of the following is the BEST method to maintain accountability over
the account?
A. Regular monitoring of proxy server logs
B. Reviewing access rights on a periodic basis
C. Implementing an account password check-out process
D. Integrating the account with single sign-on
NEW QUESTION: 41
When reviewing a disaster recovery plan (DRP) an IS auditor should examine the:
A. Offsite data file storage
B. Fire-fighting equipment
C. Access to the computer site by the backup staff
D. Uninterruptible power supply (UPS)
NEW QUESTION: 42
Which of the following data would be used when performing a business impact analysis
(BIA)?
A. Cost benefit analysis of running the current business
B. Projected impact of current business on future business
C. Expected costs for recovering the business
D. Cost of regulatory compliance
NEW QUESTION: 43
Which of the following methods should be used to effectively erase sensitive data from
portable storage devices that are to be reused?
A. Using media sanitization software
B. Formatting the portable device
C. Overwriting the sensitive data
D. Exposing the portable device to a magnetic field
NEW QUESTION: 44
A legacy application is running on an operating system that is no longer supported by
vendor, if the organization continues to use the current application, which of the application
should be the IS auditor's GREATEST concern?
A. Increased cost of maintaining the system
B. Potential exploitation of zero-day vulnerabilities in the system
C. Inability to use the operating system due to potential licence issues
D. Inability to update the legacy application database
NEW QUESTION: 45
Which of the following would provide the BEST evidence for an IS auditor to determine
whether segregation of duties is in place?
A. A review of personnel files
B. A review of the organizational chart
C. A walk-through of job functions
D. An analysis of user access requests
NEW QUESTION: 46
Which of the following should the IS auditor do FIRST to ensure data transfer integrity for
Internet of Things (loT) devices?
A. Verify access control lists to the database where collected data is stored.
B. Confirm that acceptable limits of data bandwidth are defined for each device.
C. Ensure that message queue telemetry transport (MQTT) is used.
D. Determine how devices are connected to the local network.
NEW QUESTION: 47
The recovery time objective (RTO) is normally determined on the basis of the:
A. criticality of the systems affected.
B. acceptable downtime of the alternate site,
C. cost of recovery of all systems.
D. risk of occurrence.
NEW QUESTION: 48
Which of the following would provide the BEST assurance that an organization s backup
media is adequate in the case of a disaster?
A. Scheduled maintenance of the backup device
B. Scheduled read/write tests of the backup media
C. Regular review of backup logs to ensure that all data from the production environment is
included
D. Regular recovery of production systems in a test environment
NEW QUESTION: 49
When engaging services from external auditors, which of the following should be
established FIRST7
A. Operational level agreements
B. Termination conditions agreements
C. Service level agreements
D. Nondisclosure agreements
NEW QUESTION: 50
The MAIN reason an organization's incident management procedures should include a
post-incident review is to:
A. take appropriate action when procedures are not followed
B. ensure evidence is collected tor possible post-event litigation.
C. enable better reporting for executives and the audit committee
D. improve processes by learning from identified weaknesses
NEW QUESTION: 51
To help ensure the accuracy and completeness of end-user computing output it is MOST
important to include strong:
A. reconciliation controls
B. change management controls.
C. access management controls
D. documentation controls.
NEW QUESTION: 52
An audit committee is reviewing an annual IT risk assessment Which of the following is the
BEST justification for the audits selected?
A. Key IT general process controls
B. Applications impacted
C. Likelihood of an IT process failure
D. Underlying business risks
NEW QUESTION: 53
A database administrator (DBA) extracts a user listing for an auditor as testing evidence.
Which of the following will provide the GREATEST assurance that the user listing is
reliable'
A. Obtaining sign-off from the DBA to attest that the list is complete
B. Witnessing the DBA running the query in-person
C. Requesting a query that returns the count of the users
D. Requesting a copy of the query that generated the user listing
NEW QUESTION: 54
A large insurance company is about to replace a major financial application. Which of the
following is the IS auditor's PRIMARY focus when conducting the pre-implementation
review?
A. Migration of data
B. Unit testing
C. System manuals
D. Procedure updates
NEW QUESTION: 55
Which of the following findings would have the GREATEST impact on the objective of a
business intelligence system?
A. Key controls have not been tested in a year.
B. Decision support queries use database functions proprietary to the vendor.
C. The hot site for disaster recovery does not include the decision support system.
D. Management reports have not been evaluated since implementation.
NEW QUESTION: 56
Which of the following would be MOST important to update once a decision has been
made to outsource a critical application to a cloud service provider?
A. Project portfolio
B. IT budget
C. Business impact analysis (BIA)
D. IT resource plan
NEW QUESTION: 57
Which of the following provides an IS auditor the MOST assurance that an organization is
compliant with legal and regulatory requirements?
A. The IT manager is responsible for the organization s compliance with legal and
regulatory requirements.
B. There is no history of complaints or fines from regulators regarding noncompliance
C. Senior management has provided attestation of legal and regulatory compliance
D. Controls associated with legal and regulatory requirements have been identified and
tested
NEW QUESTION: 58
Reviewing which of the following would be MOST helpful in assessing whether an
organization s IT performance measures are comparable to other organizations in the
same industry?
A. Reputable IT governance frameworks
B. Employee satisfaction surveys
C. Maturity models for IT processes
D. Key performance indicators (KPIs) for IT processes
NEW QUESTION: 59
Which of the following is the BEST key performance indicator (KPI) for determining how
well the IT policy is aligned to the business requirements?
A. Number of approved exceptions to the policy
B. Total cost to support the policy
C. Number of inquiries regarding the policy
D. Total cost of policy breaches
NEW QUESTION: 60
During an audit, which of the following would be MOST helpful in establishing a baseline
for measuring data quality?
A. Industry standard business definitions
B. Input from customers
C. Built-in data error prevention application controls
D. Validation of rules by the business
NEW QUESTION: 61
During a network security review the system log indicates an unusually high number of
unsuccessful login attempts Which of the following sampling techniques is MOST
appropriate for selecting a sample of user IDs for further investigation?
A. Monetary unit
B. Variable
C. Stratified
D. Attribute
NEW QUESTION: 62
Which of the following is MOST important to include in a contract to outsource data
processing that involves customer personally identifiable information (Pit)?
A. The vendor must sign a nondisclosure agreement with the organization.
B. The vendor must comply with the organization is legal and regulatory requirement.
C. The vendor must compensate the organization if nonperformance occurs.
D. The vendor must provide an independent report of its data processing facilities.
NEW QUESTION: 63
Which of the following is a key success factor for implementing IT governance?
A. Establishing an IT governance committee
B. Delivering IT projects within budget
C. Aligning IT and business strategies
D. Embedding quality assurance processes
NEW QUESTION: 64
Buffer overflow in an Internet environment is of particular concern to the IS auditor
because it can:
A. cause the loss of critical data during processing.
B. cause printers to lose some of the document text when printing
C. be used to obtain improper access to a system.
D. corrupt databases during the build.
NEW QUESTION: 65
A post-implementation review of a system implementation has identified that the defined
objectives were changed several times without the approval of the project board. What
would the IS auditor do NEXT?
A. Notify the project management office and raise a finding
B. Notify the project sponsor and request that the project be reopened.
C. Determine whether the revised objectives are appropriate
D. Ask management to obtain retrospective approvals
NEW QUESTION: 66
During a help desk review, an IS auditor determines the call abandonment rate exceeds
agreed-upon service levels. What conclusion can be drawn from this finding?
A. Users are finding solutions from alternative sources.
B. There are insufficient telephone lines available to the help desk.
C. Help desk staff are unable to resolve a sufficient number of problems on the first call.
D. There is insufficient staff to handle the help desk call volume.
NEW QUESTION: 67
Which of the following is MOST important to include in forensic data collection and
preservation procedure?
A. Determining tools to be used
B. Maintaining chain of custody
C. Preserving data integrity
D. Assuring the physical security of devices
NEW QUESTION: 68
What is an IS auditor's BEST recommendation to management if a review of the incident
management process finds multiple instances of incident tickets remaining open for an
unusually long time?
A. Implement reporting of key performance indicators (KPIs) for ticket closure.
B. Configure the system to automatically close tickets after a defined period.
C. Increase the number of help desk staff to enable faster ticket closure.
D. Manually review the identified tickets and mark as closed in the system.
NEW QUESTION: 69
Which of the following would provide the BEST evidence of successfully completed batch
uploads?
A. Enforcing batch cut-off times
B. Sign-off on the batch journal
C. Using sequence controls
D. Reviewing process logs
NEW QUESTION: 70
Which of the following would BEST detect logic bombs in new programs?
A. Regression testing
B. Parallel/pilot testing
C. Final acceptance testing by users
D. Independent program review
NEW QUESTION: 71
MOST effective way to determine if IT is meeting business requirements is to establish:
A. organizational goals.
B. industry benchmarks
C. a capability model.
D. key performance indicators (KPls).
NEW QUESTION: 72
An IS auditor is planning a risk-based audit of the human resources department. The
department uses separate systems for its payroll, training and employee performance
review functions. What should the IS auditor do FIRST before identifying the key controls
to be tested?
A. Assess the control risk associated with each system.
B. Determine the number of samples to be tested for each system.
C. Identify the technical skills and resources needed to audit each system.
D. Determine the inherent risk related to each system.
NEW QUESTION: 73
An IS auditor learns that after each scheduled batch process runs, management performs
a reconciliation between upstream and downstream data. Which of the following is MOST
important for the auditor to investigate?
A. Change management over job scheduling
B. Access to the job scheduler
C. Results of user acceptance testing
D. Job failure resolution controls
NEW QUESTION: 74
The operations team of an organization has reported an IS security attack. Which of the
following should be the NEXT step for the security incident response team?
A. Document lessons learned
B. Report results to management.
C. Perform a damage assessment
D. Prioritize resources for corrective action
NEW QUESTION: 75
An IS auditor is examining a front-end sub ledger and a main ledger Which of the following
would be the GREATEST concern if there are flaws in the mapping of accounts between
the two systems?
A. Double-posting of a single journal entry
B. inability to support new business Transactions
C. Inaccuracy of financial reporting
D. Unauthorized alteration of account attributes
NEW QUESTION: 76
Which of the following findings should hr of GREATEST concern for an IS auditor when
auditing the effectiveness of a phishing simulation test administered for staff members?
A. Staff members were not notified about the test beforehand
B. C
C. Test results were not communicated to staff members
D. Security awareness training was not provided poor to the test
E. Staff members who failed the test did not receive follow-up education
NEW QUESTION: 77
An IS auditor notes that several users have not logged into an application for more than
one year. Which of the following would be the BEST audit recommendation?
A. Delete the affected users' IDs.
B. Update the termination procedures
C. Periodically review user access.
D. Periodically review the information security policy.
NEW QUESTION: 78
In which of the following cloud service models does the user organization have the
GREATEST control over the accuracy of configuration items in its configuration
management database (CMDB)?
A. Software as a Service (SaaS)
B. Platform as a Service (PaaS)
C. Database as a Service (DbaaS)
D. Infrastructure as a Service (laaS)
NEW QUESTION: 79
In the IT department where segregation of duties is not feasible due to a limited number of
resources, a team member is performing the functions of computer operator and reviewer
of application logs. Which of the following would be the IS auditor's BEST
recommendation?
A. Prevent the operator from performing application development activities.
B. Restrict the computer operator's access to the production environment
C. Assign an independent second reviewer to verify the application logs.
D. Develop procedures to verify that the application logs are not modified.
NEW QUESTION: 80
An IS auditor is assessing a recent migration of mission critical applications to a virtual
platform. Which of the following observations poses the GREATEST risk to the
organization?
A. Role descriptions do not accurately reflect new virtualization responsibilities.
B. A post-implementation review of the hypervisor has not yet been conducted.
C. The migration was not approved by the board of directors.
D. Training for staff with new virtualization responsibilities has not been conducted.
NEW QUESTION: 81
An IS auditor is planning an audit of an organization s payroll processes. Which of the
following is the BEST procedure to provide assurance against internal fraud?
A. Review management's approval of payroll system changes.
B. Review management's validation of payroll payment recipients.
C. Compare employee work contracts against hours entered in the payroll system.
D. Interview the payroll manager to obtain a detailed process workflow.
NEW QUESTION: 82
As part of an IS audit, the auditor notes the practices listed below.
Which of the following would be a segregation of duties concern?
A. System programmers have logged access to operating system parameters.
B. Operators are acting as tape librarians on alternate shifts.
C. Operators are degaussing magnetic tapes during night shifts
D. System programmers are performing the duties of operators.
NEW QUESTION: 83
Due to the increasing size of a database, user access times and daily backups continue to
increase. Which of the following would be the BEST way to address this situation?
A. Data mining
B. Data purging
C. Data modeling
D. Data visualization
NEW QUESTION: 84
To confirm integrity for a hashed message, the receiver should use
A. a different hashing algorithm from the sender s to create a numerical representation of
the file
B. the same hashing algorithm as the tender s to create a numerical representation of the
file.
C. the same hashing algorithm as the sender's to create a binary image of the file.
D. a different hashing algorithm from me sender s to create a binary image of the file
NEW QUESTION: 85
A retirement system verifies that the field for employee status has either a value of A (for
active) or R (for retired). This is an example of which type of check?
A. Completeness
B. Limit
C. Existence
D. Validity
NEW QUESTION: 86
An IS auditor is conducting a review of an organization s information systems and
discovers data that is no longer needed by business applications. Which of the following
would b IS auditor's BEST recommendation?
A. Ask the data custodian to remove it after confirmation from the business user
B. Assess the data according to the retention policy.
C. Keep the data and protect it using a data classification policy
D. Back up the data to removable media and store in a secure area.
NEW QUESTION: 87
Which of the following is the MOST critical characteristic of a biometric system?
A. Throughput rate
B. Registration time
C. Ease of use
D. Accuracy
NEW QUESTION: 88
Previous audits have found that a large organization has had a number of segregation of
duties conflicts between various roles, and the IT governance committee has asked the
audit function for guidance on how to address this issue. Which of the following is the
BEST recommendation?
A. Conduct a risk assessment and develop mitigating controls.
B. Review system access logs to identify escalation of user privileges.
C. Institute additional supervisory approvals when granting system access.
D. Revise the user organizational structure and policies
NEW QUESTION: 89
Which of the following poses the GREATEST risk to data security and integrity in a cloud
environment?
A. Data regulations are not clearly defined for the cloud provider.
B. Data backups are maintained with the cloud provider.
C. Data is transmitted using hypertext transfer protocol (HTTP).
D. Data is not classified prior to transmission to the cloud provider.
NEW QUESTION: 90
Which of the following should be done FIRST when planning a penetration test?
A. Determine reporting requirements for vulnerabilities
B. Obtain management consent for the testing
C. Execute nondisclosure agreements (NDAs).
D. Define the testing scope.
NEW QUESTION: 91
An advantage of object-oriented system development is that it:
A. is suited to data with complex relationships.
B. partitions systems into a client/server architecture.
C. is easier to code than procedural languages.
D. decreases the need for system documentation.
NEW QUESTION: 92
Which of the following IS audit findings should be of GREATEST concern when preparing
to migrate to a new core system using a direct cut-over?
A. Lack of a rollback strategy for the system go-live
B. Plans to use some workarounds for an extended period after go-live
C. incomplete test cases for some critical reports
D. informal management approval to 90 live
NEW QUESTION: 93
Which of the following would be the MOST effective control to mitigate unintentional
misuse of authorized access?
A. Security awareness training
B. Formalized disciplinary action
C. Annual sign-off of acceptable use policy
D. Regular monitoring of user access logs
NEW QUESTION: 94
In a decentralized organization, the selection and purchase of IS products is acceptable as
long as which of the following conditions exists?
A. Managers undertake a full cost-benefit analysis before deciding what to purchase.
B. Acquired items are consistent with the organization's short- and long-term IS strategy
plans.
C. The same operating system is used throughout the organization.
D. Various offices are independent and exchange data on an occasional basis.
NEW QUESTION: 95
When conducting a requirements analysis for a project, the BEST approach would be to:
A. conduct a control self-assessment
B. prototype the requirements,
C. test operational deliverable
D. consult key stakeholders
NEW QUESTION: 96
Which of the following is the KST source of information for assessing the effectiveness of
IT process monitoring?
A. Performance data
B. Quality assurance (QA) reviews
C. Participative management techniques
D. Real-time audit software
NEW QUESTION: 97
Which of the following would BEST prevent data from being orphaned?
A. Table indexes
B. Table partitioning
C. Input validation checks
D. Referential integrity
NEW QUESTION: 98
Which combination of access controls provides the BEST physical protection for a server
room?
A. Card with a magnetic strip and a smart card
B. PIN and smart card
C. Card with a magnetic stop and a shared PIN
D. User ID and PIN
NEW QUESTION: 99
Which of the following is MOST important to helping incident response managers quickly
and accurately estimate the overall business impact of security incidents?
A. Develop a communication plan and identity key business stakeholders to be notified.
B. Engage senior business management in determining seventy levels for escalation.
C. Map IT infrastructure to the business processes and client services they support.
D. Ensure the security Incident management team Is staffed with qualified Individuals.
NEW QUESTION: 100

An IS Auditor is performing a business continuity plan (BCP) audit and identifies that the
plan has not been tested for five years, however, the plan was successfully activated
during a recent extended power outage.
Which of the following is the 15 auditor's BEST count of action?
A. Determine if the annual BCP training program is in need of review
B. Determine if lessons learned from the activation were incorporated into the plan
C. Determine if a follow-up BCP audit is required to identify future gaps
D. Determine if the business impact analysis (BIA) is still accurate.
NEW QUESTION: 101

Which of the following would BEST indicate the effectiveness of a security awareness
training program?
A. Reduced unintentional violations
B. Increased number of employees completing training
C. Results of third-parry social engineering tests
D. Employee satisfaction with trailing
NEW QUESTION: 102

For an organization which uses a VoIP telephony system exclusively, the GREATEST
concern associated with leaving a connected telephone in an unmonitored public area is
the possibility of:
A. network compromise due to the introduction of malware.
B. theft of destruction of an expensive piece of electronic equipment.
C. connectivity issues when used with an analog local exchange earner.
D. unauthorized use leading to theft of services and financial loss,
NEW QUESTION: 103

An IS auditor is assessing an organization's implementation of a virtual network. Which of
the following observations should be considered the MOST significant risk?
A. Communication performance over the virtual network is not monitored.
B. Traffic over the virtual network is not visible to security protection devices.
C. Physical and virtual network configurations are not managed by the same team.
D. Virtual network devices are replicated and stored in offline mode.
NEW QUESTION: 104

Which of the following is the GREATEST risk resulting from conducting periodic reviews of
IT over several years based on the same audit program?
A. Detection risk is increased because auditees already know the audit program.
B. The amount of errors with increase because the routine work promotes r\attentiveness.
C. Staff turnover in the audit department will increase because fieldwork becomes less
interesting.
D. Audit risk is increased because the programs might not be adapted to the organization s
current situation.
NEW QUESTION: 105

Which of the following is the MAIN purpose of implementing an incident response process?
A. Assign roles and responsibilities
B. Manage impact due to breaches.
C. Provide substantial audit-trail evidence.
D. Comply with policies and procedures.
NEW QUESTION: 106

Which of the following attacks is BEST detected by an intrusion detection system (IDS)?
A. Spamming.
B. Logic bomb
C. Spoofing
D. System scanning
NEW QUESTION: 107

An IS audit had identified that default passwords for a newly implemented application were
not changed.
During the follow-up audit which of the
following would provide the BEST evidence that the finding was effectively addressed?
A. Screenshots of system parameters requiring password changes on next login
B. Written confirmation from management that the passwords were changed
C. Application log files that record the password changes
D. System-generated emails requiring application users to change passwords
NEW QUESTION: 108

An IS auditor should ensure that an application's audit trail:
A. is accessible online.
B. has adequate security.
C. does not impact operational efficiency
D. logs all database records.
NEW QUESTION: 109

Within a payroll department, which of the following responsibilities should be assigned to
two or more individuals to avoid a segregation of duties conflict?
A. Viewing lists of terminated employees and editing payroll information
B. Adding and removing new users of the payroll system
C. Reviewing time sheets and accessing bank statements for account reconciliation
D. Approving payroll payments and inputting salary rates into the system
NEW QUESTION: 110

When auditing the security architecture of an e-commerce environment, an IS auditor
should FIRST review the:
A. alternate firewall arrangements.
B. criteria used for selecting the firewall.
C. location of the firewall within the network.
D. configuration of the firewall.
NEW QUESTION: 111

Which of the following BEST enables timely detection of changes in the IT environment to
support informed decision making by management?
A. Continuous monitoring
B. Established key risk indicators (KRI)
C. Sampling checks on high risk areas
D. Change management reports
NEW QUESTION: 112

An IS auditor is evaluating a virtual server environment and learns that the production
server, development server, and management console are housed in the same physical
host. What should be the auditor's PRIMARY concern?
A. The development server and management console share the same host
B. The management console is a single point of failure.
C. The physical host is a single point of failure
D. The development and production servers share the same host
NEW QUESTION: 113
Which of the following procedures would BEST contribute to the reliability of information in
a data warehouse?
A. Maintaining current metadata
B. Retaining only current data.
C. Storing only a single type of data
D. Maintain archive data
NEW QUESTION: 114

An IS auditor finds ad hoc vulnerability scanning is in place with no clear alignment to the
organization's wider security threat and vulnerability management program. Which of the
following would BEST enable the organization to work toward improvement in this area?
A. Using a capability maturity model to identify a path to an optimized program
B. Maintaining a catalog of vulnerability that may impact mission-critical systems
C. Outsourcing the threat and vulnerability management function to a third party
D. Implementing security logging to enhance threat and vulnerability management
NEW QUESTION: 115

A sales representative is reviewing the organization's feedback blog and gets redirected to
a site that sells illegal prescription drugs. The blog site is MOST likely susceptible to which
of the following types of attacks?
A. Phishing attack
B. Directory harvesting
C. SQL injection
D. Cross-site scripting
NEW QUESTION: 116

An IS auditor is observing transaction processing and notes that a high-priority update job
ran out of sequence.
What is the MOST significant risk from this observation'
A. Previous jobs may have failed.
B. The job completes with invalid data.
C. Daily schedules may not be accurate
D. The job may not have run to completion.
NEW QUESTION: 117

Which of the following will BEST help to ensure that an in-house application in the
production environment is current?
A. Version control procedures
B. Change management
C. Quality assurance
D. Production access control
NEW QUESTION: 118

A potential risk of executing a program on an Internet site is that it may:
A. overwrite system files with older versions
B. lack version control, which may result in the use of an older program.
C. be browser-dependent, and therefore abort.
D. install executable code on the computer.
NEW QUESTION: 119

An IS auditor was involved in the design phase for a new system's security architecture.
For the planned post-implementation audit which of the following would be the MOST
appropriate course of action for the auditor?
A. Change the audit scope to exclude security architecture.
B. Postpone the post-implementation audit to a later date.
C. Have another auditor review the security architecture.
D. Disclose the independence Issues in the audit report.
NEW QUESTION: 120

Which of the following should the IS auditor use to BEST determine whether a project has
met its business objectives?
A. Issues log with resolutions
B. Benefits realization document
C. Earned-value analysis
D. Completed project plan
NEW QUESTION: 121

Which of the following is a reason for implementing a decentralized IT governance model?
A. Greater consistency among business units
B. Standardized controls and economies of scale
C. IT synergy among business units
D. Greater responsiveness to business needs
NEW QUESTION: 122

Which of the following provides the GREATEST assurance that any confidential
information on a disk is no longer accessible but the device is still usable by the other
internal users?
A. Reformatting the disk
B. Erasing the disk
C. Password protecting the disk
D. Degaussing the disk
NEW QUESTION: 123

An organization implements a data loss prevention tool as a control to mitigate the risk of
sensitive data leaving the organization via electronic mail. Which of the following would
provide the BEST indication of adequate control design?
A. Management presents evidence that data loss incidents have decreased.
B. Rules enforced by the tool were based on the classification of the data.
C. Security administrators can demonstrate the functions of the tool
D. Management has formally approved the control design.
NEW QUESTION: 124

Which of the following would be an IS auditor's GREATEST concern when reviewing an
organization s security controls for policy compliance?
A. Security policy documents are available on a public domain website.
B. Security policies are not uniformly applicable across the organization
C. End users are not required to acknowledge security policy training.
D. Buy-in from system owners to support the policies is inadequate
NEW QUESTION: 125

Which of the following is the BEST development methodology to help manage project
requirements in a rapidly changing environment?
A. Waterfall development process
B. Iterative development process
C. Object-oriented system development
D. Prototyping
NEW QUESTION: 126

During an audit of an organization's financial statements, an IS auditor finds that the IT
general controls are deficient. What should the IS auditor recommend?
A. Place greater reliance on the framework of control.
B. Increase the substantive testing of the financial balances.
C. Place greater reliance on the application controls.
D. Increase the compliance testing of the application controls.
NEW QUESTION: 127

Which of the following is MOST important to consider when reviewing a third-party service
agreement for disaster recovery services'
A. Recovery point objectives (RPOs) and recovery time objectives (RTOs) are included in
the agreement.
B. Provisions exist to retain ownership of intellectual property in the event of termination,
C. Security and regulatory requirements are addressed in the agreement.
D. The lowest price possible is obtained for the service rendered.
NEW QUESTION: 128

An IS auditor found that a company executive is encouraging employee use of social
networking sites for business purposes. Which of the following recommendations would
BEST help to reduce the risk of data leakage?
A. Establishing strong access controls on confidential data
B. Providing education and guidelines to employees on use of social networking sites
C. Requiring policy acknowledgment and nondisclosure agreements signed by employees
D. Monitoring employees social networking usage
NEW QUESTION: 129

An internal audit has revealed a large number of incidents for which root cause analysis
has not been performed. Which of the following is MOST important for the IS auditor to
verify to determine whether there is an audit issue?
A. Time required to resolve the incidents
B. Frequency of the incidents
C. Seventy level of the incidents
D. Cost of resolving the incidents
NEW QUESTION: 130

Which of the following areas are the MOST likely cause of an application producing several
erroneous reports?
A. A deficiency in user acceptance testing
B. A deficiency in patch management
C. A deficiency in database administration
D. A deficiency in IT resource allocation
NEW QUESTION: 131

An IS auditor has identified that some IT staff have administrative access to the enterprise
resource planning (ERP) application, database, and server. IT management has
responded that due to limited resources, the same IT staff members have to support all
three layers of the ERP application. Which of the following would be the auditor's BEST
recommendation to management?
A. Leverage business unit personnel to serve as administrators of the application.
B. Monitor activities of the associated IT staff members by reviewing system-generated
logs weekly.
C. Remove some of the administrative access of the associated IT staff members.
D. Request funding to hire additional IT staff to enable segregation of duties.
NEW QUESTION: 132

Which of the following is the GREATEST advantage of implementing an IT enterprise
architecture framework within an organization?
A. It improves the organization's ability to meet service level agreements (SLAs).
B. It reduces the overlap of infrastructure technologies within the organization.
C. It helps to identify security issues in systems across the organization.
D. It better equips an organization to adopt innovative and emerging technologies.
NEW QUESTION: 133

Which of the following should be of MOST concern to an IS auditor during the review of a
quality management system?
A. Important quality checklists are maintained outside the quality management system.
B. There are no records to document actions for minor business processes.
C. The quality management system includes training records for IT personnel.
D. Indicators are not fully represented in the quality management system.
NEW QUESTION: 134

An IS auditor has performed an agreed-upon procedures engagement for the
organization's IT steering committee. Which of the following would be the MOST important
element to include in the report?
A. An opinion on the effectiveness of controls
B. Managements representation on the effectiveness of controls
C. Complementary user entity controls
D. Statement that the engagement followed standards
NEW QUESTION: 135

An IS auditor reviewing an incident management process identifies client information was
lost due to ransomware attacks. Which of the following would MOST effectively minimize
the impact of future occurrences?
A. Change access to client data to read-only.
B. Back up client data more frequently.
C. Monitor all client data changes.
D. Improve the ransomware awareness program.
NEW QUESTION: 136

Spreadsheets are used to calculate project cost estimates Totals for each cost category
are then keyed into the job-costing system. What is the BIST control to ensure that data
are accurately entered into the system?
A. Display back of project detail after entry
B. Reasonableness checks for each cost type
C. Reconciliation total amounts by project
D. Validity checks preventing entry of character data
NEW QUESTION: 137

Which of the following should be reviewed as part of a data integrity test?
A. Confidentiality
B. Completeness
C. Redundancy
D. Data backup
NEW QUESTION: 138

Which of the following BEST enables an audit department to improve the quality of work
performed by its auditors?
A. Using audit-related data analytics tools
B. funding additional resources for audit work
C. Implementing global quality standards
D. Implementing peer review of audit work
NEW QUESTION: 139

Prior to the migration of acquired software into production, it is MOST important that the IS
auditor review the:
A. user acceptance lest report.
B. system documentation.
C. source code escrow agreement.
D. vendor testing report.
NEW QUESTION: 140

An IS auditor auditing the effectiveness of utilizing a hot site will MOST likely:
A. analyze system restoration procedures
B. evaluate physical access control
C. review reciprocal agreements
D. review logical access controls
NEW QUESTION: 141

An IS auditor observes that an organization s critical IT systems nave experienced several
failures throughout the year. Which of the following is the BEST recommendation?
A. Implement redundant systems.
B. Perform a root cause analysis.
C. Perform a disaster recovery test
D. Contract for a hot site
NEW QUESTION: 142

Which of the following is the MOST effective way for an IS auditor to identify unauthorized
changes to the production state of a critical business application?
A. Run an automated scan of the production environment to detect missing software
patches.
B. Review recently approved changes to application programming interfaces (API) in the
production environment.
C. Review recent updates in the configuration management database (CMDB) for
compliance with IT patches.
D. Compare a list of production system changes with the configuration management
database
NEW QUESTION: 143

An IS auditor is reviewing an organization's implementation of a bring your own device
(BYOD) program.
Which of the following would be the BEST recommendation to help ensure sensitive data
is protected if a device is in the possession of an unauthorized individual?
A. Encrypt data on devices including storage media.
B. Authenticate device users when accessing the corporate network.
C. Enable the location service feature on devices.
D. Enable remote wiping of critical data.
NEW QUESTION: 144

Which of the following should MOST concern an IS auditor reviewing an intrusion detection
system (IDS)?
A. Reliability of IDS logs
B. Number of false positives
C. Number of false negatives
D. Legitimate traffic blocked by the system
NEW QUESTION: 145

A financial institution suspects that a manager has been crediting customer accounts
without authorization.
Which of the following is the MOST effective method to validate this concern?
A. Attribute sampling
B. Discovery sampling
C. Stop or go sampling
D. Variable sampling
NEW QUESTION: 146

Which of the following should be of GREATEST concern to an IS auditor reviewing the
controls for a continuous software release process?
A. Developers are able to approve their own releases
B. Release documentation is not updated to reflect successful deployment
C. Testing documentation is not attached to production releases.
D. Test libraries have not been reviewed in over six months
NEW QUESTION: 147

An organization is moving its on-site application servers to a service provider that operates
a virtualized environment shared by multiple customers. Which of the following is the
MOST significant risk to the organization?
A. Competing workloads from other clients
B. Service provider limiting the right to audit
C. Account hacking from other clients
D. Service provider access to organizational data
NEW QUESTION: 148

Which of the following is the BEST way to reduce the risk of vulnerabilities during the rapid
deployment of container-based applications to a hybrid cloud?
A. Conduct a post-deployment security audit to identify vulnerabilities.
B. Review development and operations (DevOps) policies and procedures.
C. Conduct security auditing during the development life cycle.
D. Review a sample of historical production changes to identify abnormalities.
NEW QUESTION: 149

After the release of an application system, an IS auditor wants to verify that the system is
providing value to the organization. The auditor's BEST course of action would be to:
A. Perform a gap analysis against the benefits defined in the business case
B. Confirm that risk has declined since the application system release
C. Review the results of compliance testing
D. Quantify improvements in client satisfaction
NEW QUESTION: 150

During a review of an insurance company s claims system, the IS auditor learns that
claims for specific medical procedures are acceptable only from females This is an
example of a:
A. completeness check.
B. key verification.
C. reasonableness check
D. logical relationship check
NEW QUESTION: 151

The MOST efficient way to confirm that an ERP system being implemented satisfies
business expectations is to utilize which of the following types of testing?
A. Alpha
B. Sociability
C. Parallel
D. Pilot
NEW QUESTION: 152

Of the following procedures for testing a disaster recovery plan (DRP), which should be
used MOST frequently?
A. Review of documented backup and recovery procedures
B. Testing at a secondary site using offsite data backups
C. Unannounced shutdown of the primary computing facility
D. Preplanned shutdown of the computing facility during an off-peak period
NEW QUESTION: 153

Which of the following is the MOST significant driver of efficient handling of information
security incidents?
A. Prioritization
B. Expertise
C. Strategy
D. Budget
NEW QUESTION: 154

Which of the following key performance indicators (KPIs) provides the BEST indication of a
security awareness campaign's effectiveness?
A. Decrease m the number of help desk calls
B. Increase in the number of reponed security incidents
C. Percentage of attendees passing the awareness quiz
D. Reduced average rime for incident resolution
NEW QUESTION: 155

Reorganization of databases is undertaken PRIMARILY to:
A. eliminate duplicates and perform data backup.
B. reduce simultaneous update time and index validation
C. reduce backout and recovery times.
D. improve data access and retrieval times.
NEW QUESTION: 156

An organization is developing a web portal using some external components. Which of the
following should be of MOST concern to an IS auditor?
A. Some of the developers are located in another country.
B. The organization has not reviewed the components for known exploits.
C. Staff require additional training in order to perform cede review.
D. Open-source components were integrated during development.
NEW QUESTION: 157

An employee transfers from an organization's risk management department to become the
lead IS auditor.
While in the risk management department, the employee helped developed the key
performance indicators (KPIs) now used by the organization. Which of the following would
pose the GREATEST threat to the independence of this auditor?
A. Training the IT audit team on IT risk management process
B. Recommending controls to address the IT risks identified by KPIs
C. Evaluating the effectiveness of IT risk management process
D. Developing KPIs to measure the internal audit team
NEW QUESTION: 158

Which of the following requirements in a document control standard would provide
nonrepudiation to digitally signed legal documents?
A. Only secure file transfer protocol (SFTP) may be used for digitally signed
documentation.
B. All documents requiring digital signatures must be signed by both the customer and a
witness.
C. All digital signatures must include a hashing algorithm.
D. All digitally signed documents must be stored in an encrypted database.
NEW QUESTION: 159

Privileged account access is require to start an ad hoc batch job. Which of the following
would MOST effectively detect unauthorized job execution?
A. Requiring manual approval by an authorized users
B. Executing the job through two-factor authentication
C. Reconciling user activity logs against authorization
D. Introducing job execution request procedures
NEW QUESTION: 160

Which of the following is the GREATEST risk associated with instant messaging?
A. Data logging is more difficult.
B. Data governance may become ineffective.
C. Data classification procedures may not be followed.
D. Data exfiltration is more likely to occur.
NEW QUESTION: 161

Which of the following is the GREATEST concern with conducting penetration testing on
an internally developed application in the production environment?
A. The testing may identify only known operating system vulnerabilities.
B. The issues identified during the testing may require significant remediation efforts.
C. The testing could create application availability issues.
D. Internal security staff may not be qualified to conduct application penetration testing.
NEW QUESTION: 162
Which of the following would provide the MOST reliable evidence to indicate whether
employee access has been deactivated in a timely manner following termination?
A. Reviewing hardware return-of-asset forms
B. Interviewing supervisors to verify employee data is being updated immediately
C. Comparing termination forms with dates in the HR system
D. Comparing termination forms with system transaction log entries
NEW QUESTION: 163

A review of Internet security disclosed that users have individual user accounts with
Internet service providers (ISPs) and use these accounts for downloading business data.
The organization wants to ensure that only the corporate network is used. The organization
should FIRST:
A. include a statement in its security policy about Internet use.
B. use a proxy server to filter out Internet sites that should not be accessed.
C. keep a manual log of Internet access.
D. monitor remote access activities.
NEW QUESTION: 164

Which of the following activities would allow an IS auditor to maintain independence while
facilitating a control self-assessment (CSA)?
A. Partially completing the CSA
B. Implementing the remediation plan
C. Developing the remediation plan
D. Developing the CSA questionnaire
NEW QUESTION: 165

An organization is choosing key performance indicators (KPIs) for its information security
management.
Which of the following KPIs would provide stakeholders with the MOST useful information
about whether information security risk is being managed?
A. Time from identifying a security threat to implementing a solution
B. The number of security controls implemented
C. The number of security incidents during the past quarter
D. Time from initial reporting of an incident to appropriate escalation
NEW QUESTION: 166
An organization has performance metrics to track how well IT resources are being used,
but there has been little progress on meeting the organization's goals. Which of the
following would be MOST helpful to determine the underlying reason?
A. Conducting a root cause analysis
B. Re-evaluating key performance indicators (KPls)
C. Re-evaluating organizational goals
D. Conducting a business impact analysis (BIA)
NEW QUESTION: 167

A recent audit identified duplicate software licenses and technologies Which of the
following would be MOST helpful to prevent this type of duplication in the future?
A. Updating IT procurement policies and procedures
B. Establishing a project management office
C. Centralizing IT procurement and approval practices
D. Conducting periodic inventory reviews
NEW QUESTION: 168

Which of the following would BEST facilitate the detection of internal fraud perpetrated by
an individual?
A. Flexible time
B. Segregation of duties
C. Mandatory leave
D. Corporate fraud hotline
NEW QUESTION: 169

What is the purpose of using a write blocker during the acquisition phase of a digital
forensics investigation?
A. To prevent the actuation of installed malware
B. To prevent evidence alteration
C. To protect against self-destruct utilities
D. To preserve chain of custody
NEW QUESTION: 170

Which of the following would BEST assist senior management in evaluating IT
performance as well as the alignment between corporate and IT strategic objectives?
A. IT project value analysis
B. Control self-assessment
C. Enterprise architecture
D. Balanced scorecard
NEW QUESTION: 171

An IS auditor is assigned to review the development of a specific application. Which of the
following would be the MOST significant step following the feasibility study?
A. Review functional design to determine that appropriate controls are planned.
B. Assist users in the design of proper acceptance-testing procedures.
C. Attend project progress meetings to monitor timely implementation of the application.
D. Follow up with project sponsor for project's budgets and actual costs.
NEW QUESTION: 172

Which of the following is MOST important for an IS auditor to verify when reviewing an
organization's information security practices following the adoption of a bring your own
device (8YOD) program?
A. Remote wipe is enabled for devices allowed by BYOD.
B. The expected benefits of adopting the BYOD program have been realized.
C. Security policies have been updated to include BYOD.
D. Only applications approved by information security may be installed on devices.
NEW QUESTION: 173

Which of the following is the MOST effective way to identify anomalous transactions when
performing a payroll fraud audit?
A. Substantive testing of payroll files
B. Sample-based review of pay stubs
C. Observation of payment processing
D. Data analytics on payroll data
NEW QUESTION: 174
An organization has decided to migrate payroll processing to a new platform hosted by a
third party in a different country. Which of the following is MOST important for the IS
auditor to consider?
A. The service provider's compliance with privacy regulations
B. Whether the contract contains a right-to-terminate clause
C. Storage costs charged by the service provider
D. The service provider's compliance with financial regulations
NEW QUESTION: 175

An organization is deciding whether to outsource its customer relationship management
systems to a provider located in another country. Which of the following should be the
PRIMARY influence in the outsourcing decision?
A. Current geopolitical conditions
B. The service provider's disaster recovery plan
C. Time zone differences
D. Cross-border privacy laws
NEW QUESTION: 176

A security company and service provider have merged and the CEO has requested one
comprehensive set of security policies be developed for the newly formed company. The
IS auditor s BEST recommendation would be to:
A. implement the security company s policies,
B. conduct a policy gap assessment
C. implement the service provider's policies
D. adopt an industry standard security policy
NEW QUESTION: 177

Following an IS audit recommendation, all Telnet and File Transfer Protocol (FTP)
connections have been replaced by Secure Socket Shell (SSH) and Secure File Transfer
Protocol (SFTP). Which risk treatment approach has the organization adopted?
A. Transfer
B. Acceptance
C. Avoidance
D. Mitigation
NEW QUESTION: 178
Which of the following is the PRIMARY benefit of implementing configuration management
for IT?
A. It establishes the dependency of application systems with various IT assets.
B. It helps automate change and release management processes in IT.
C. It helps audit in verifying IT conformance to business requirements.
D. It provides visibility to the overall function and technical attributes of IT assets.
NEW QUESTION: 179

Which of the following metrics would BEST measure the agility of an organization's IT
function?
A. Average number of learning and training hours per IT staff members
B. Percentage of staff with sufficient IT related skills for the competency required of their
roles
C. Frequency of security assessments against the most recent standards and guidelines
D. Average time to turn strategic. IT objectives into an agreed upon and approved initiative
NEW QUESTION: 180

Which of the following is the PRIMARY benefit of using an integrated audit approach?
A. Enhanced allocation of resources and reduced audit costs
B. A holistic perspective of overall risk and a better understanding of controls
C. The avoidance of duplicated work and redundant recommendations
D. Higher acceptance of the findings from the audited business areas
NEW QUESTION: 181

Which of the following would be an appropriate role of internal audit in helping to establish
an organization's privacy program?
A. Analyzing risks posed by new regulations
B. Designing controls to protect personal data
C. Developing procedures to monitor the use of personal data
D. Defining roles within the organization related to privacy
NEW QUESTION: 182

When planning for the implementation of a new system, an organization will opt for a
parallel run PRIMARILY to:
A. validate system processing.
B. facilitate the training of new personnel
C. verify that system interfaces were implemented.
D. ensure that the system meets required user response time.
NEW QUESTION: 183

Which of the following sampling techniques is commonly used in fraud detection when the
expected occurrence rate is small and the specific controls are critical?
A. Stop-or-go sampling
B. Random sampling
C. Discovery sampling
D. Monetary unit sampling
NEW QUESTION: 184

During an audit, it is discovered that several suppliers with standing orders have been
deleted from the supplier master file Which of the following controls would have BEST
evented such an occurrence?
A. Logical relationship check
B. Referential integrity developed
C. Existence check
D. Table look-ups
NEW QUESTION: 185

During an ERP post-implementation review, it was noted that operating costs have been
significantly higher than anticipated. Which of the following should the organization have
done to detect this issue?
A. Updated the project charter as major changes occurred
B. Monitored financial key performance indicators (KPIs)
C. Conducted periodic user satisfaction surveys
D. Performed an analysis of system usage
NEW QUESTION: 186
An IS auditor finds that the process for removing access for terminated employee is not
documented. What is the MOST significant risk from this observation?
A. Unauthorized access cannot be identified
B. HR records may not match system access
C. Procedures may not align with the practices
D. Access rights may not be removed in a timely manner
NEW QUESTION: 187

A manufacturing company is implementing application software for its sales and
distribution system. Which of the following is the MOST important reason for the company
to choose a centralized online database?
A. Elimination of multiple points of failure
B. Enhanced integrity controls
C. Enhanced data redundancy
D. Elimination of the need for data normalization
NEW QUESTION: 188

The BEST method an organization can employ to align its business continuity plan (BCP)
and disaster recovery plan (DRP) with core business needs is to:
A. outsource the maintenance of the BCP and disaster recovery plan to a third party.
B. include BCP and disaster recovery plan responsibilities as a part of new employee
training,
C. update the business impact analysis (BIA) for significant business changes.
D. execute periodic walk-throughs of the plans.
NEW QUESTION: 189

An IS auditor is using data analytics in an audit and has obtained the data to be used for
testing. Which of the following is the MOST important task before testing begins?
A. Verify the completeness and accuracy of the data
B. Verify data analytics test scripts
C. Document the source and method used to obtain the data
D. Select the analytical sampling model
NEW QUESTION: 190

While reviewing similar issues in an organization s help desk system, an IS auditor finds
that they were analyzed independently and resolved differently This situation MOST likely
indicates a deficiency in:
A. IT service level management
B. configuration management
C. problem management
D. change management
NEW QUESTION: 191

Which of the following is the BEST way to control the concurrent use of licensed software?
A. Surprise audit conducted by vendors
B. Metering software
C. Monitor by system administrator
D. User self-discipline
NEW QUESTION: 192

Which of the following is the MOST important consideration when developing an incident
response program?
A. Number of dedicated response staff
B. Incident response procedures
C. Technical skills of response staff
D. Senior management support
NEW QUESTION: 193

Using swipe cards to limit employee access to restricted areas requires implementing
which additional control?
A. Physical sign-in of all employees for access to restricted areas
B. Employee-access criteria determined on the basis of IS experience
C. Periodic review of access profiles by management
D. Initial escort of all new hires by a current employee
NEW QUESTION: 194

Which of the following provides the BEST audit evidence that a firewall is configured in
compliance with the organization's security policy?
A. Analyzing how the configuration changes are performed
B. Performing penetration testing
C. Reviewing the rule base
D. Analyzing log files
NEW QUESTION: 195

MOST critical security weakness of a packet level firewall is that it can be circumvented by:
A. using a dictionary attack of encrypted passwords.
B. deciphering the signature information of the packets
C. changing the source address on incoming packets
D. intercepting packets and viewing passwords sent in clear text
NEW QUESTION: 196

The grants management system is used to calculate grant payments. Once per day, a
batch interface extracts grant amounts and payee details from this system for import into
the once system so payments can be made overnight Which of the following controls
provides the GREATEST assurance of the accuracy and completeness of the imported
payment
A. Reviewing transaction logs for anomalies
B. Restricting access to the grants and finance systems
C. Reconciling data from both systems
D. Performing monthly bank reconciliations in a timely manner
NEW QUESTION: 197

The BEST way to prevent fraudulent payments is to implement segregation of duties
between payment processing and:
A. check creation.
B. vendor setup.
C. requisition creation.
D. payment approval.
NEW QUESTION: 198
Which of the following controls can BEST detect accidental corruption during transmission
of data across a network?
A. Parity checking
B. Check digit verification
C. Symmetric encryption
D. Sequence checking
NEW QUESTION: 199

Which of the following should be the PRIMARY consideration when developing an IT
strategy?
A. Alignment with the IT investment portfolio
B. Alignment with overall business objectives
C. Short and long-term plans for the enterprise IT architecture
D. IT key performance indicators based on business objectives
NEW QUESTION: 200

While reviewing an organization s business continuity plan (BCP) an IS auditor observes
that a recently developed application is not included. The IS auditor should:
A. include m the audit findings that the BCP is incomplete
B. recommend that the application b# incorporated in the BCP.
C. ensure that the criticality of the application is determined
D. ignore the observation as the application is not mission critical.
NEW QUESTION: 201

Which of the following should an IS auditor be MOST concerned with when a system uses
ratio frequency identification (RFID)?
A. Maintainability
B. Scalability
C. Privacy
D. nonrepudiations
NEW QUESTION: 202

Which of the following is the MOST effective means of helping management and the IT
strategy committee to monitor IT performance?
A. Gap analysis
B. End-user satisfaction surveys
C. Measurement of service levers against metrics
D. Infrastructure monitoring reports
NEW QUESTION: 203

internal IS auditor recommends that incoming accounts payable payment files be
encrypted. Which type of control is the auditor recommending?
A. Corrective
B. Detective
C. Preventive
D. Directive
NEW QUESTION: 204

An airlines online booking system uses an automated script that checks whether fares are
within the defined threshold of what is reasonable before the fares are displayed on the
website. Which type of control is in place?
A. Preventer control
B. Compensating control
C. Corrective control
D. Detective control
NEW QUESTION: 205

Which of the following system deployments requires the cloud provider to assume the
widest range of responsibilities for data protection?
A. Software as a Service (SaaS)
B. Database as a Service (DBaaS)
C. Platform as a Service (PaaS)
D. Infrastructure as a Service (IasSI
NEW QUESTION: 206

An organization is replacing a mission-critical system. Which of the following is the BEST
implementation strategy to mitigate and reduce the risk of system failure?
A. Phase
B. Parallel
C. Big-bang
D. Stage
NEW QUESTION: 207
An organization using instant messaging to communicate with customers can prevent
legitimate customers from being impersonated by:
A. logging conversations.
B. using call monitoring
C. using firewalls to limit network traffic to authorized ports.
D. authenticating users before conversations are initiated
NEW QUESTION: 208

Which of the following would represent an acceptable test of an organization s business
continuity plan?
A. Paper test involving functional areas
B. Walk-through of the plan with technology suppliers
C. Full test of computer operations at an emergency site
D. Benchmarking the plan against similar organizations
NEW QUESTION: 209

Which of the following is the BEST IS audit strategy?
A. Conduct general control audits annually and application audits in alternating years
B. Cycle general control and application audits over a two-year period
C. Perform audits based on Impact and probability of error and failure.
D. Limit audits to new application system developments
NEW QUESTION: 210

Which of the following is the FIRST consideration when developing a data retention policy?
A. Determining the backup cycle based on retention period
B. Determining the security access privileges to the data
C. Identifying the legal and contractual retention period for data
D. Designing an infrastructure storage strategy
NEW QUESTION: 211

An IS auditor notes that the anticipated benefits from an ongoing infrastructure projects
have changed due to recent organizational restructuring. Which of the following is the IS
auditor's BEST recommendation?
A. Review business goals and objectives
B. Conduct a new feasibility study
C. Review and update the business impact analysis (BIA)
D. Review and reapprove the business case
NEW QUESTION: 212

An IS auditor is reviewing an organization's method to transport sensitive data between
offices. Which of the following would cause the auditor MOST concern?
A. The method relies exclusively on the use of public key infrastructure.
B. The method relies exclusively on the use of asymmetric encryption algorithms.
C. The method relies exclusively on the use of symmetric encryption algorithms.
D. The method relies exclusively on the use of digital signatures.
NEW QUESTION: 213

Which of the following is the MOST important reason for updating and retesting a business
continuity plan (BCP)7
A. Significant business change
B. Matching industry best practices
C. Emerging technology
D. Staff turnover
NEW QUESTION: 214

Which of the following should an IS auditor do FIRST when determining whether to employ
data analytics in an audit?
A. Determine if the data is accessible.
B. Identify the business stakeholders.
C. Review the results of prior audits in the same area.
D. Review the data available in existing business reports
NEW QUESTION: 215

Which of the following should be an IS auditor's PRIMARY focus when developing a risk-
banned IS audit program?
A. Business plans
B. Portfolio management
C. Business processes
D. IT strategic plans
NEW QUESTION: 216

The demilitarized zone (DMZ) is the part of a network where servers that are placed are:
A. Running-mission critical, non-web application
B. External to the organization
C. Interacting with the public internet
D. Running internal department applications
NEW QUESTION: 217

A system administrator recently informed the IS auditor about the occurrence of several
unsuccessful intrusion attempts from outside the organization. Which of the following is
MOST effective in detecting such an intrusion?
A. Configuring the router as a firewall
B. Installing Biometrics-based authentication
C. Periodically reviewing log files
D. Using smart cards with one-time password
NEW QUESTION: 218

In a small organization, an IS auditor finds that security administration and system analysis
functions are performed by the same employee. Which of the following is the MOST
significant finding?
A. The employee's formal job description has not been updated.
B. The security policy has not been updated to reflect the situation.
C. The employee has not signed the security policy.
D. The employee's activities are not independently reviewed.
NEW QUESTION: 219

Which of the following is the MOST important process to ensure planned IT system
changes are completed in an efficient manner?
A. Incident management
B. Configuration management
C. Demand management
D. Release management
NEW QUESTION: 220

What is the MOST important role of a certificate authority (CA) when a private key
becomes compromised?
A. Publish the certificate revocation lists (CRL) into the repository
B. Refresh the metadata of the certificates
C. Issue a new private key to the user
D. Refresh the key information database is the certificate publishing server
NEW QUESTION: 221

Which of the following is MOST likely to result from compliance testing?
A. Confirmation of data with outside sources
B. Discovery of controls that have not been applied
C. Identification of errors due to processing mistakes
D. Comparison of data with physical counts
NEW QUESTION: 222

Which of the following is corrective control?
A. Verifying duplicate calculations in data processing
B. Separating equipment development testing and production
C. Reviewing user access rights for segregation of duties
D. Executing emergency response plans
NEW QUESTION: 223

The CIO of an organization is concerned that the information security policies may not be
comprehensive.
Which of the following should an IS auditor recommend be performed FIRST?
A. Obtain a copy of their competitor's policies
B. Compare the policies against an industry framework.
C. Establish a governance board to track compliance with the policies
D. Determine if there is j process to handle exceptions to the policies
NEW QUESTION: 224

As part of a mergers and acquisitions activity, an acquiring organization wants to
consolidate data and systems from the organization being acquired into existing systems.
To ensure the data is relevant the acquiring organization should:
A. automate the process of data collection and cleaning.
B. obtain data quality software.
C. implement a data warehouse solution.
D. define data quality requirements based on business needs.
NEW QUESTION: 225

An IS auditor is assessing an organization's data loss prevention (DLP) solution for
protecting intellectual property from insider theft. Which of the following would the auditor
consider MOST important for effective data protection?
A. Identification and classification of sensitive data
B. Creation of DLP policies and procedures
C. Employee training on information handling
D. Encryption of data copied to flash drives
NEW QUESTION: 226

During a review of system access, an IS auditor notes that an employee who has recently
changed roles within the organization still has previous access rights. The auditor s NEXT
step should be to:
A. determine the reason why access rights have not been revoked
B. recommend a control to automatically update access rights.
C. direct management to revoke current access rights.
D. determine if access rights are in violation of software licenses-
NEW QUESTION: 227

After an external IS audit, which of the following should be IT management's MAIN
consideration when determining the prioritization of follow-up activities?
A. The materiality of the reported findings
B. The amount of time since the initial audit was completed
C. The scheduling of major changes in the control environment
D. The availability of the external auditors
NEW QUESTION: 228

Which of the following would BEST enable alignment of IT with business objectives?
A. Completing an IT risk assessment
B. Adopting industry best practices
C. Monitoring key performance indicators (KPls)
D. Leveraging an IT framework
NEW QUESTION: 229

An IS auditor discovers that validation controls in a web application have been moved from
the server side into the browser to boost performance. This would MOST likely increase
the risk of a successful attack by:
A. structured query language (SQL) injection.
B. phishing.
C. denial of service (DoS).
D. buffer overflow.
NEW QUESTION: 230

During an audit, the client learns that the IS auditor has recently completed a similar
security review at a competitor. The client inquires about the competitor's audit results.
What is the BEST way for the auditor to address this inquiry?
A. Obtain permission from the competitor to use the audit results as examples for future
clients.
B. Discuss the results of the audit omitting specifics related to names and products.
C. Explain that it would be inappropriate to discuss the results of another audit client
D. Escalate the question to the audit manager for further action.
NEW QUESTION: 231

An organization uses two data centers. Which of the following would BEST address the
organization's need for high resiliency?
A. A hot site is used for the second site.
B. The data centers act as mirrored sites.
C. There is data replication across the data centers.
D. Each data center is recoverable via tape backups.
NEW QUESTION: 232

When testing segregation of duties, which of the following audit techniques provides the
MOST reliable evidence?
A. Evaluating the department structure via the organizational chart
B. Reviewing departmental procedure handbooks
C. Interviewing managers and end users
D. Observing daily operations for the area in scope
NEW QUESTION: 233

To restore service at a large processing facility after a disaster, which of the following tasks
should be performed FIRST?
A. Contact equipment vendors.
B. Activate the reciprocal agreement.
C. Launch the emergency action team.
D. Inform insurance company agents.
NEW QUESTION: 234

Which of the following BEST indicates the effectiveness of an organization's risk
management program?
A. Overall risk is quantified.
B. Control risk is minimized.
C. Inherent risk is eliminated.
D. Residual risk is minimized.
NEW QUESTION: 235

When designing a data analytics process, which of the following should be the
stakeholder's role in automating data extraction and validation?
A. Performing the business case analysis for the data analytics initiative
B. Allocating the resources necessary to purchase the appropriate software packages
C. Designing the workflow necessary for the data analytics tool to evaluate the appropriate
data
D. Indicating which data elements are necessary to make informed decisions
NEW QUESTION: 236

When an organization is having new software implemented under contract, which of the
following is key to controlling escalating costs due to scope creep?
A. Change management
B. Quality management
C. Risk management
D. Problem management
NEW QUESTION: 237

Which of the following would BEST facilitate the successful implementation of an [T-related
framework?
A. Aligning the framework to industry best practices
B. Involving appropriate business representation within the framework
C. Establishing committees to support and oversee framework activities
D. Documenting IT-related policies and procedures
NEW QUESTION: 238

A small organization is experiencing rapid growth and plans to create a new information
security policy.
Which of the following is MOST relevant to creating the policy?
A. The business objectives
B. Previous audit recommendations
C. Industry standards
D. The business impact analysis
NEW QUESTION: 239

An IS auditor reviewing the acquisition of new equipment would consider which of the
following to be a significant weakness?
A. Independent consultants prepared the request for proposal (RFP) documents.
B. The closing date for responses was extended after a request from potential vendors.
C. Evaluation criteria when finalized after the initial assessment of responses
D. Staff involved in the evaluation were aware of the vendors being evaluated.
NEW QUESTION: 240

When preparing to evaluate the effectiveness of an organizations IT strategy, an IS auditor
should FIRST review;
A. the IT processes and procedures.
B. the most recent audit results.
C. Information security procedures.
D. the IT governance fremework.
NEW QUESTION: 241

An operations manager has recently moved to internal audit Which of the following would
be of GREATEST concern when assigning audit projects to this individual?
A. The owner of a process within the audit scope worked for the operations manager six
months ago.
B. A system within the audit scope is supported by an emerging technology for which the
operations manager lacks experience.
C. A control within the audit scope was downgraded to low risk by the operations manager
six months ago.
D. A control within the audit scope was implemented by the operations manager six
months ago.
NEW QUESTION: 242

Which of the following tasks should be performed during an organization's business
continuity plan (BCP) test?
A. Review the alternate processing site contract.
B. Assess the critical information retrieval capability.
C. Evaluate the security at the offsite facility.
D. Review the coverage of insurance.
NEW QUESTION: 243

An organization with high security requirements is evaluating the effectiveness of biometric
systems. Which of the following performance indicators is MOST important?
A. False-rejection rate (FRR)
B. False-identification rate (FIR)
C. Equal-error rate (EER)
D. False-acceptance rate (FAR)
NEW QUESTION: 244

Which of the following stakeholders should be PRIMARILY responsible for developing,
implementing, and monitoring metrics for security activities?
A. Chief information security officer
B. IT steering committee
C. Security incident response team
D. Chief technology officer
NEW QUESTION: 245

A government organization uses standard Wi-Fi Protected Access 2 (WPA2) to protect
confidential information transmitted to a file server. Which of the following is the IS
auditor's BEST recommendation to further strengthen security?
A. Service set identifier (SSID) masking
B. Network address translation (NAT)
C. Media access control (MAC) address filtering
D. Certificate-based authentication
NEW QUESTION: 246

An IS auditor notes that a number of application plug-ins currently in use are no longer
supported. Which of the following is the auditor's BEST recommendation to management?
A. Review content backup and archiving procedures.
B. Review on-boarding and off-boarding processes.
C. Conduct a vulnerability assessment to determine exposure.
D. Implement role-based access controls.
NEW QUESTION: 247

An IS auditor notes that due to the small size of the organization, human resources staff
can create new employees in the payroll system as well as process payroll. Which of the
following is the BEST recommendation to address this situation?
A. Implement a periodic user access review over the payroll system.
B. Implement periodic reviews of employees in the payroll system.
C. Hire additional staff so that access for the two functions can be segregated.
D. Outsource the processing of payroll to a third party.
NEW QUESTION: 248
Which of the following cloud deployment models would BEST meet the needs of a startup
software development organization with limited initial capital?
A. Private
B. Hybrid
C. Public
D. Community
NEW QUESTION: 249

To effectively classify data, which of the following MUST be determined?
A. Data ownership
B. Data volume
C. Data controls
D. Data users
NEW QUESTION: 250

A technology service organization has recently acquired a new subsidiary. What should be
the IS auditor's NEXT course of action when considering the impact on the development of
the IT audit plan?
A. Include the new systems in the audit plan.
B. Review the revised business impact analysis (B1A).
C. Perform a risk assessment.
D. Proceed with the current audit plan.
NEW QUESTION: 251

Which of the following is a prerequisite to help ensure that IS hardware and software
support the delivery of mission-critical functions?
A. A comprehensive IS applications architecture
B. Documented emergency change procedures
C. Control over IS infrastructure expenditure
D. An independent audit of the process
NEW QUESTION: 252

Which of the following should an IS auditor verify when auditing the effectiveness of virus
protection?
A. Schedule for migration to production
B. Frequency of external Internet access
C. Currency of software patch application
D. Frequency of IDS log reviews
NEW QUESTION: 253

An IS auditor has discovered that unauthorized customer management software was
installed on a workstation.
The auditor determines the software has been uploading customer ita to an external party.
Which of the following is the IS auditor's BEST course of action?
A. Determine the number of customer records that were uploaded
B. Present the issue at the next audit progress meeting
C. Notify the incident response team.
D. Review other workstations to determine the extent of the incident
NEW QUESTION: 254

Which of the following is an IS auditor s GREATEST concern when an organization does
not regularly update software on individual workstations in the internal environment?
A. The organization may not be in compliance with licensing agreement.
B. System functionality may not meet business requirements.
C. The organization may be more susceptible to cyber-attacks.
D. The system may have version control issues.
NEW QUESTION: 255

Which of the following poses the GREATEST risk to the enforceability of networking
policies in a virtualized environment?
A. Use of 3 public key infrastructure
B. Lack of visibility into the networks
C. Transmission of data on public networks
D. Lack of encryption for data at rest
NEW QUESTION: 256

An IS auditor is evaluating the risks and controls associated with a virtualized environment.
Which of the following observations should be of GREATEST concern?
A. The change management process has not been updated to include virtualized
environments.
B. The hypervisor's partitioning resources have not been modified from its default settings.
C. Offline and dormant virtual machine Images are not patched on the same cycle as
online ones.
D. The hypervisor's security settings are not reviewed on a regular basis.
NEW QUESTION: 257

An IS auditor notes that help desk personnel are required to make critical decisions during
major service disruptions. Which of the following is the auditor's BEST recommendation to
address this situation?
A. Establish shared responsibility among business peers.
B. Implement an incident response plan
C. Introduce classification of disruptions by risk category.
D. Provide historical incident response information for the help desk
NEW QUESTION: 258

An IS auditor performing an application development review attends development team
meetings. The IS auditor's independence will be compromised if the IS auditor:
A. reviews the result of systems tests that were performed by the development team.
B. re-performs test procedures used by the development team.
C. designs and executes the user's acceptance test plan.
D. assists in developing an integrated test facility on the system.
NEW QUESTION: 259

Requiring that passwords contain a combination of numeric and alphabetic characters is
MOST effective against which type of attack?
A. Dictionary
B. Social engineering
C. Denial of service
D. Programmed
NEW QUESTION: 260

An organization has established three IS processing environments: development, test, and
production. The MAJOR reason for separating the development and test environments is
A. limit the users access rights to the test environment
B. perform testing in a stable environment
C. protect the programs under development from unauthorized testing
D. obtain segregation of duties between IS staff and end users.
NEW QUESTION: 261

When initiating an IT project, which of the following should be completed FIRST:'
A. Project plan
B. Requirements definition
C. Feasibility study
D. Request for proposal
NEW QUESTION: 262

Which of the following access rights in the production environment should be granted to a
developer to maintain segregation of duties?
A. System administration
B. IT operations
C. Emergency support
D. Database administration
NEW QUESTION: 263

Which of the following is a passive attack on a network?
A. Sequence analysis
B. Message service interruption
C. Traffic analysis
D. Message modification
NEW QUESTION: 264

Which of the following is the GREATEST risk associated with in-house program
development and customization?
A. The lack of a quality assurance function
B. The lack of documentation for programs developed
C. The lack of a test environment
D. The lack of secure coding expertise
NEW QUESTION: 265
A small startup organization does not have the resources to implement segregation of
duties. Which of the following would be the MOST effective compensating control?
A. Additional management reviews and reconciliations
B. Third-party assessments
C. Mandatory vacations
D. Rotation of log monitoring and analysis responsibilities
NEW QUESTION: 266

Which of the following controls would BEST ensure that payroll system rate charges are
valid?
A. Rate change require visual verification before acceptance
B. Rate s are report ad to and independently verified by a manager
C. Rate changes must be entered twice to ensure that they are entered correctly
D. Only a payroll department manager can input the new rate.
NEW QUESTION: 267

Which of the following activities is MOST important to consider when conducting IS audit
planning?
A. Resources are allocated to areas of high risk.
B. Audit scheduling is based on skill set of audit team.
C. Results from previous audits are reviewed.
D. The audit committee agrees on risk rankings.
NEW QUESTION: 268

Which of the following findings should be an IS auditor's GREATEST concern when
reviewing an organization's purchase of new IT infrastructure hardware?
A. The new infrastructure arrived with default system settings
B. The new infrastructure has residual risk within the organization's risk tolerance
C. The new infrastructure's hardening requirements are stronger than required by policy
D. The new infrastructure has compatibility issues with existing system
NEW QUESTION: 269

Which of the following is the BCST way to determine the effectiveness of a recently
installed intrusion detection system (IDS)?
A. Review audit logs.
B. Conduct attack simulation.
C. Implement access control.
D. inspect IDS configuration
NEW QUESTION: 270

Which of the following auditing techniques would be used to detect the validity of a credit
card transaction based on time, location, and date of purchase?
A. Stratified sampling
B. Data mining
C. Gap analysis
D. Benford's analysis
NEW QUESTION: 271

An information systems security officer's PRIMARY responsibility for business process
applications is to:
A. ensure access rules agree with policies.
B. authorize secured emergency access.
C. create role-based rules for each business process.
D. approve the organization's security policy.
NEW QUESTION: 272

Which of the following is MOST likely to improve the portability of an application connected
to a database?
A. Verifying database import and export procedures
B. Analyzing stored procedures and triggers
C. Optimizing the database physical schema
D. Using a structured query language (SQL)
NEW QUESTION: 273
Which of the following is the BEST evidence that an organization is aware of applicable
laws and regulations?
A. History of legal actions and regulatory correspondence
B. The existence of an employee awareness training program
C. Industry benchmark results
D. The organization's compliance matrix
NEW QUESTION: 274

Which of the following controls is MOST appropriate against brute force attacks at login?
A. Storing password files using one-way encryption
B. Locking the account after three invalid passwords
C. Storing passwords under a one-way hash function
D. Increasing the minimum password length to 10 characters
NEW QUESTION: 275

Which of the following is the MOST important consideration when establishing vulnerability
scanning on critical IT infrastructure?
A. The scanning will not degrade system performance.
B. The scanning will be followed by penetration testing.
C. The scanning will be cost-effective.
D. The scanning will be performed during non-peak hours.
NEW QUESTION: 276

An organization considers implementing a system that uses a technology that is not in line
with the organization's IT strategy. Which of the following is the BEST justification for
deviating from the IT strategy?
A. The system makes use of state-of-the-art technology
B. The system has a reduced cost of ownership
C. The organization has staff familiar with the technology
D. The business benefits are achieved even with extra costs
NEW QUESTION: 277

Which of the following should be of GREATEST concern to an IS auditor conducting an
audit of an organization's backup processes?
A. Backup failures are not resolved in a timely manner.
B. A written backup policy is not available
C. The service level are not achieved
D. The restoration process is slow due to connectivity issues.
NEW QUESTION: 278

Which of the following is the PRIMARY function of technology-driven enterprise
architecture?
A. To help develop project documentation and related business process roadmaps
B. To re-engineer business processes to make better use of technology
C. To provide guidance on technological decisions in the context of business strategy
D. To determine how new technologies fit into existing networks and data flows
NEW QUESTION: 279

Which of the following is MOST important for an IS auditor to consider when evaluating a
Software as a Service (SaaS) arrangement?
A. Frequency of software updates
B. otal cost of ownership
C. Software availability
D. Physical security
NEW QUESTION: 280

Which of the following would be the MOST appropriate reason for an organization to
purchase fault-tolerant hardware?
A. Improving system performance
B. Minimizing business loss
C. Reducing hardware maintenance costs
D. Compensating for the lack of contingency planning
NEW QUESTION: 281

Which of the following is the GREATEST risk of cloud computing?
A. Reduced performance
B. Inflexibility
C. Disclosure of data
D. Lack of scalability
NEW QUESTION: 282

Which of the following is the BEST way to ensure enterprise architectural objectives are
aligned with business and technology objectives?
A. Adopt industry-approved architecture standards and best practices.
B. Identify business stakeholder responsibilities for IT projects.
C. Identify dependencies between current and future state technologies.
D. Optimize technology investments with business requirements.
NEW QUESTION: 283

An IS auditor previously worked in an organization s IT department and was involved with
the design of the business continuity plan (BCP). The IS auditor has now been asked to
review this same BCP. The auditor should FIRST.
A. decline the audit assignment.
B. document the conflict in the audit report.
C. communicate the conflict of interest to the audit manager prior to starting the
assignment.
D. communicate the conflict ofinterest to the audit committee prior to starting the
assignment
NEW QUESTION: 284

Loss-site scripting (XSS) attacks are BEST prevented through:
A. a three-tier web architecture.
B. application firewall policy settings
C. Secure coding practices
D. use of common industry frameworks.
NEW QUESTION: 285

Which of the following sampling methods is the BEST approach for drawing conclusions
based on frequency of occurrence?
A. Attribute sampling
B. Stratified sampling
C. Difference estimation sampling
D. Monetary estimation sampling
NEW QUESTION: 286

When connecting to an organization's intranet from the Internet, security against
unauthorized access is BEST achieved by using:
A. screening routers,
B. proxy servers.
C. virtual private networks (VPNs).
D. encryption
NEW QUESTION: 287

Two organizations will share ownership of a new enterprise resource management (ERM)
system To help ensure the successful implementation of the system, it k MOST important
to define:
A. appropriate procedures
B. custody of assets
C. the governance model.
D. access to data.
NEW QUESTION: 288

Which of the following group is MOST likely responsible for the implementation of IT
projects?
A. IT steering committee
B. IT governance committee
C. IT compliance committee
D. IT strategy committee
NEW QUESTION: 289

Which of the following controls MOST effectively reduces the risk associated with use of
instant messaging (IM) in the workplace?
A. Session border controllers
B. Blocking peer-to-peer (P2P) clients
C. Traffic encryption
D. Network address translation
NEW QUESTION: 290
What is the MOST difficult aspect of access control in a multiplatfotm, multiple-site
client/server environment?
A. Maintaining consistency throughout all platforms
B. Creating new user IDs valid only on a few hosts
C. Restricting a local user to necessary resources on a local platform
D. Restricting a local user to necessary resources on the host server
NEW QUESTION: 291

Following a breach, what is the BEST source to determine the maximum amount of time
before customers must be notified that their personal information may have been
compromised?
A. Information security policy
B. Incident response plan
C. Industry standards
D. Industry regulations
NEW QUESTION: 292

Which of the following would be considered the BEST compensating control to use when
an emergency process, rather than the established control procedures, is used for
database changes?
A. Using an emergency user account with the access to make changes to the database
B. Logging detailed before-and-after images for later review by the administrator
C. Logging user's ID and change details for later review by the administrator
D. Using the administrator's own account to make out-of-hours changes
NEW QUESTION: 293

Which of the following metrics would be MOST helpful to an IS auditor in evaluating an
organizations security incident response management capability?
A. Number of malware infections in business applications detected per day
B. Number of alerts generated by intrusion detection systems (IDS) per minute
C. Number of IT security incidents reported per month
D. Number of business interruptions due to IT security incidents per year
NEW QUESTION: 294

As part of business continuity planning. Which of the following is MOST important to
include in a business impact analyst (BIA)?
A. Assess recovery scenarios
B. Define a risk appetite.
C. Assess risk of moving significant applications to the cloud
D. Assess threats to the organization
NEW QUESTION: 295

An organization was recently notified by its regulatory body of significant discrepancies in
its reporting data.
A preliminary investigation revealed that the discrepancies were caused problems with the
organization's data quality. Management has directed the data quality team to enhance
their program. The audit committee has asked internal audit to be visors to the process.
After the data quality team identifies the system data at fault which of the following should
internal audit recommend as the NEXT step m the process?
A. Identity the source data owners
B. Develop an improvement plan.
C. Identify the root cause of data quality problems
D. Create business rules that validate data quality
NEW QUESTION: 296

Which of the following is the BEST way to detect potentially fraudulent purchases where an
employee can approve a receipt of an item or service that the employee also procured?
A. Require purchase orders to originate from the same individual with designated authority.
B. Require receipts to be entered against purchase orders by someone other than the
buyer.
C. Require staff training on entering purchase orders into the enterprise resource planning
(ERP) system.
D. Require trial invoices can only be paid when matched with purchase orders.
NEW QUESTION: 297

Which of the following BEST describes the relationship between vulnerability scanning and
penetration testing?
A. Both are labor-intensive in preparation, planning and execution.
B. For entities with regulatory drivers, the two tests must be the same
C. Both utilize a risk-based analysis that considers threat scenarios.
D. The scope of both is determined primarily by the likelihood of exploitation
NEW QUESTION: 298
When reviewing a contract for a disaster recovery hot site, which of the following would be
the MOST significant omission?
A. Audit rights
B. Equipment provided
C. Exposure coverage
D. Testing procedures
NEW QUESTION: 299

The PRIMARY purpose of an internal audit department's quality assurance improvement
program is to evaluate which of the following?
A. The adequacy and qualifications of internal audit personnel
B. The accuracy of prior-year internal audit results
C. The effectiveness of the internal audit function
D. The efficiency of internal audit processes
NEW QUESTION: 300

Which of the following tools is MOST helpful in estimating budgets for tasks within a large
IT business application project?
A. Balanced scorecard
B. Ganttchart
C. Critical path methodology (CPM)
D. Function point analysis (FPA)
NEW QUESTION: 301

An IS auditor would MOST likely recommend that IT management use a balanced
scorecard to:
A. Train and educate IT staff
B. Ensure that IT staff meet performance requirements
C. Indicate whether the organization meets quality standards
D. Assess IT functions and processes
NEW QUESTION: 302

Which of the following BEST determines if a batch update job was completed?
A. Obtaining process owner confirmation
B. Testing a sample of transactions
C. Reviewing a copy of the script
D. Reviewing the job log
NEW QUESTION: 303

Which of the following should be of GREATEST concern to an IS auditor reviewing an
organization's initiative to adopt an enterprise governance framework?
A. The organization's security department has not been involved with the initiative.
B. The organization has not identified the business drivers for adopting the framework.
C. The organization has not provided employees with formal training on the framework.
D. The organization has tried to adopt the entire framework at once.
NEW QUESTION: 304

An IT governance body wants to determine whether IT service delivery is based on
consistently efficient and effective processes. Which of the following would be the BEST
approach?
A. Analyze current and future capacity.
B. Implement a balanced scorecard
C. Evaluate key performance indicators (KPis).
D. Conduct a gap analysis.
NEW QUESTION: 305

Which of the following helps to ensure the integrity of data for an interface between a new
billing system and an accounts receivable system?
A. Audit logs are available for 30 days.
B. Access to the data requires authentication.
C. Control totals are calculated.
D. Data files are encrypted during transmission.
NEW QUESTION: 306
Which of the following functions is MOST likely to be performed by an operating system
utility residing on a web server?
A. Generating control totals for terminal devices such as point-of-sale devices
B. Monitoring utilization activity and traffic patterns
C. Configuring network protocols
D. Sending and receiving terminal warnings and error messages
NEW QUESTION: 307

An IS auditor performing an audit of backup procedures observes that backup tapes are
picked up weekly and stored offsite at a deed party hosting faculty. Which of the following
recommendations would be the BEST way to maintain data integrity during transport?
A. Ensure the transport company is licensed and assured.
B. Ensure that logging and recording of data transport takes place
C. Ensure the data is transported in locked tamper evident containers
D. Ensure the date is validated poor to transport
NEW QUESTION: 308

An organization is considering outsourcing the processing of customer insurance claims.
An IS auditor notes that customer data will be sent offshore for processing. Which of the
following would be the BEST way to address the risk of exposing customer data?
A. Assess whether the service provider meets the organization's data protection polices
B. Consider whether the service provider has the ability to meet service level agreements
(SLA)
C. Require background checks on service provider personnel involved in the processing of
data.
D. Recommend the use of a service provide within the same country as the organization
NEW QUESTION: 309

When assessing a business case as part of a post-implementation review, the IS auditor
MUST ensure that the:
A. feasibility of alternative project approaches has been assessed.
B. amendments to the business case have been approved.
C. business case has not been amended since project approval.
D. quality assurance measures have been applied throughout the project
NEW QUESTION: 310

Which audit technique provides the GREATEST assurance that incident management
procedures are effective?
A. Comparing incident management procedures to best practices
B. Determining whether incidents are categorized and addressed
C. Evaluating end-user satisfaction survey results
D. Performing comprehensive vulnerability scanning and penetration testing
NEW QUESTION: 311

Which of the following will BEST ensure that a proper cutoff has been established to
reinstate transactions and records to their condition just prior to a computer system failure?
A. Ensuring bisynchronous capabilities on all transmission lines
B. Rotating backup copies of transaction files off site
C. Using a database management system (DBMS) to dynamically back-out partially
processed transactions
D. Maintaining system console logs in electronic format
NEW QUESTION: 312

A digital signature addresses which of the following concerns?
A. Message copying
B. Message theft
C. Unauthorized reading
D. Message alteration
NEW QUESTION: 313

An IS auditor has assessed a payroll service provider's security policy and finds significant
topics are missing.
Which of the following is the auditor's BEST course of action?
A. Report the risk to internal management
B. Recommend replacement of the service provider
C. Recommend the service provider update their policy
D. Notify the service provider of the discrepancies.
NEW QUESTION: 314

The PRIMARY advantage of object oriented technology is enhanced:
A. Management of sequential program execution for data access
B. Efficiency due to the reuse of elements of logic
C. Grouping of objects into methods for data access
D. Management of a restricted variety of data types for a data object
NEW QUESTION: 315

An IS auditor plans to review all access attempts to a video-monitored and proximity card-
controlled communications room. Which of the following would be MOST useful to the
auditor?
A. Manual sign-in and sign-out log
B. Security incident log
C. System electronic log
D. Alarm system with CCTV
NEW QUESTION: 316

Which of the following would MOST effectively and executive management in achieving IT
and business alignment?
A. Performance measurement
B. Balanced scorecard
C. Risk assessment
D. Value delivery assessment
NEW QUESTION: 317

Which of the following is an example of a data analytics use case during the fieldwork
phase of an IS audit?
A. Assessing the audit universe to identify high-risk entities to be included in the annual
audit plan
B. Matching ingress records to egress records to identify tailgated access to sensitive IT
areas
C. Applying data visualization techniques to generate s report to audit management
D. Evaluating security controls against globally recognized security frameworks
NEW QUESTION: 318
Which of the following is MOST important for an IS auditor to verify when reviewing a
critical business application that requires high availability?
A. Users participate in offsite business continuity testing.
B. Algorithms are reviewed to resolve process ineffictencies.
C. There is no single point of failure.
D. Service level agreements (SlAs) are monitored.
NEW QUESTION: 319

An IS auditor finds that an organization's data loss prevention (DLP) system is configured
to use vendor default settings to identify violations. The auditor's MAIN concern should be
that:
A. violation reports may not be retained according to the organization's risk profile.
B. violation reports may not be reviewed in a timely manner.
C. violations may not be categorized according to the organization's risk profile.
D. a significant number of false positive violations may be reported.
NEW QUESTION: 320

The risk that the IS auditor will not find an error that has occurred is identified by which of
the following terms?
A. Detection
B. Prevention
C. Control
D. Inherent
NEW QUESTION: 321

An organization transmits large amount of data from one internal system to another. The IS
auditor is reviewing quality of the data at the originating point. Which of the following
should the auditor verify first?
A. The source data is accurate
B. The data has been encrypted
C. The data extraction process is completed
D. The data transformation is accurate
NEW QUESTION: 322

Which of the following presents the GREATEST concern when implementing data flow
across borders?
A. National privacy laws
B. Software piracy laws
C. Political unrest
D. Equipment incompatibilities
NEW QUESTION: 323

Which of the following would be an auditor's GREATEST concern when reviewing data
inputs from spreadsheets into the core finance system?
A. The department data protection policy has not been reviewed or updated for two years
B. Undocumented code formats data and transmits directly to the database
C. Spreadsheets are accessible by all members of the finance department
D. There is not a complete inventory of spreadsheets, and file naming is inconsistent
NEW QUESTION: 324

An IS auditor has observed gaps in the data available to the organization for detecting
incidents. Which of the following would be the BEST recommendation to improve the
organization's security incident response capability?
A. Correlate security logs collected from multiple sources.
B. Document procedures for incident classification
C. Document procedures for incident escalation.
D. Centralize alerts and security log information.
NEW QUESTION: 325

Which of the following communication modes should be of GREATEST concern to an IS
auditor evaluating end user networking?
A. Host-to-host
B. Client-to-server
C. Peer-to-peer
D. System-to-system
NEW QUESTION: 326

What is the GREASTEST concern for an IS auditory reviewing contracts for licensed
software that executes a critical business process?
A. The contract does not contain a right-to-audit clause.
B. Several vendor deliveries missed the commitment data.
C. Software escrow not negotiated.
D. An operational level agreement (OLA) was not negotiated.
NEW QUESTION: 327

In attribute sampling, what is the relationship between expected error rate and sample
size?
A. The greater the expected error rate. The greater the sample size.
B. The greater the sample size, the tower The expected error rate.
C. The greater the expected error rate, the smaller the sample size.
D. The sample size is not affected by expected error rate.
NEW QUESTION: 328

An IS auditor is planning to audit an organization's infrastructure for access, patching, and
change management. Which of the following is the BEST way to prioritize the systems?
A. Complexity of the environment
B. System retirement plan
C. System hierarchy within the infrastructure
D. Criticality of the system
NEW QUESTION: 329

Which of the following is the PRIMARY advantage of using virtualization technology for
corporate applications?
A. Stronger data security
B. Improved disaster recovery
C. Better utilization of resources
D. Increased application performance
NEW QUESTION: 330

IT service engineers at a large organization are unable to effectively prioritize system-
generated alerts from hundreds of applications running across multiple servers and
databases. As a result many alerts are often ignored, leading to major problems including
downtime. Which of the following is the BEST IS audit recommendation to address this
situation?
A. Prioritize alerts from legacy applications that may require remote support from external
vendors.
B. Develop a classification scheme that prioritizes alerts according to potential business
impact.
C. Group alerts from related systems and immediately escalate to the application owner.
D. Implement a threshold management system that prioritizes alerts over a certain age.
NEW QUESTION: 331

An organization recently experienced a phishing attack that resulted in a breach of
confidential information.
Which of the following would be MOST relevant for an IS auditor to review when
determining the root cause of the incident?
A. Browser configurations
B. Simple mail transfer protocol (SMTP) logging
C. Audit logging
D. Email configurations
NEW QUESTION: 332

Which of the following is the PRIMARY objective of the IS audit function?
A. Perform reviews based on standards developed by professional organizations
B. Report to management on the functioning of internal controls.
C. Facilitate extraction of computer-based data for substantive testing.
D. Certify the accuracy of financial data

ISACA CISA v2020-10-23 q332

Uploaded by

Copyright:

Available Formats

ISACA CISA v2020-10-23 q332

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ISACA CISA v2020-10-23 q332

Uploaded by

Copyright:

Available Formats

ISACA.CISA.v2020-10-23.

NEW QUESTION: 100

NEW QUESTION: 101

NEW QUESTION: 102

NEW QUESTION: 103

NEW QUESTION: 104

NEW QUESTION: 105

NEW QUESTION: 106

NEW QUESTION: 107

NEW QUESTION: 108

NEW QUESTION: 109

NEW QUESTION: 110

NEW QUESTION: 111

NEW QUESTION: 112

NEW QUESTION: 114

NEW QUESTION: 115

NEW QUESTION: 116

NEW QUESTION: 117

NEW QUESTION: 118

NEW QUESTION: 119

NEW QUESTION: 120

NEW QUESTION: 121

NEW QUESTION: 122

NEW QUESTION: 123

NEW QUESTION: 124

NEW QUESTION: 125

NEW QUESTION: 126

NEW QUESTION: 127

NEW QUESTION: 128

NEW QUESTION: 129

NEW QUESTION: 130

NEW QUESTION: 131

NEW QUESTION: 132

NEW QUESTION: 133

NEW QUESTION: 134

NEW QUESTION: 135

NEW QUESTION: 136

NEW QUESTION: 137

NEW QUESTION: 138

NEW QUESTION: 139

NEW QUESTION: 140

NEW QUESTION: 141

NEW QUESTION: 142

NEW QUESTION: 143

NEW QUESTION: 144

NEW QUESTION: 145

NEW QUESTION: 146

NEW QUESTION: 147

NEW QUESTION: 148

NEW QUESTION: 149

NEW QUESTION: 150

NEW QUESTION: 151

NEW QUESTION: 152

NEW QUESTION: 153

NEW QUESTION: 154

NEW QUESTION: 155

NEW QUESTION: 156

NEW QUESTION: 157

NEW QUESTION: 158