New Year Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > Isaca > Isaca Certification > CISA

CISA Certified Information Systems Auditor Question and Answers

Question # 4

A new regulation has been enacted that mandates specific information security practices for the protection of customer data. Which of the following is MOST useful for an IS auditor to review when auditing against the regulation?

A.

Compliance gap analysis

B.

Customer data protection roles and responsibilities

C.

Customer data flow diagram

D.

Benchmarking studies of adaptation to the new regulation

Full Access
Question # 5

An IS auditor noted a recent production incident in which a teller transaction system incorrectly charged fees to customers due to a defect from a recent release. Which of the following should be the auditor's NEXT step?

A.

Evaluate developer training.

B.

Evaluate the incident management process.

C.

Evaluate the change management process.

D.

Evaluate secure code practices.

Full Access
Question # 6

An organization requires the use of a key card to enter its data center. Recently, a control was implemented that requires biometric authentication for each employee. Which type of control has

been added?

A.

Detective

B.

Preventive

C.

Compensating

D.

Corrective

Full Access
Question # 7

A checksum is classified as which type of control?

A.

Corrective control

B.

Administrative control

C.

Detective control

D.

Preventive control

Full Access
Question # 8

A senior IS auditor suspects that a PC may have been used to perpetrate fraud in a finance department. The auditor should FIRST report this suspicion to:

A.

audit management.

B.

the police.

C.

the audit committee.

D.

auditee line management.

Full Access
Question # 9

Which of the following is the BEST recommendation to drive accountability for achieving the desired outcomes specified in a benefits realization plan for an IT project?

A.

Document the dependencies between the project and other projects within the same program.

B.

Ensure that IT takes ownership for the delivery and tracking of all aspects of the benefits realization plan.

C.

Ensure that the project manager has formal authority for managing the benefits realization plan.

D.

Assign responsibilities, measures, and timelines for each identified benefit within the plan.

Full Access
Question # 10

Following a breach, what is the BEST source to determine the maximum amount of time before customers must be notified that their personal information may have been compromised?

A.

Information security policy

B.

Industry standards

C.

Incident response plan

D.

Industry regulations

Full Access
Question # 11

Which of the following is the MOST appropriate responsibility of an IS auditor involved in a data center renovation project?

A.

Performing independent reviews of responsible parties engaged in the project

B.

Shortlisting vendors to perform renovations

C.

Ensuring the project progresses as scheduled and milestones are achieved

D.

Implementing data center operational controls

Full Access
Question # 12

A global bank plans to use a cloud provider for backup of customer financial data. Which of the following should be the PRIMARY focus of this project?

A.

Backup testing schedule

B.

Data retention policy

C.

Transfer frequency

D.

Data confidentiality

Full Access
Question # 13

Which of the following practices associated with capacity planning provides the GREATEST assurance that future incidents related to existing server performance will be prevented?

A.

Reviewing results from simulated high-demand stress test scenarios

B.

Performing a root cause analysis for past performance incidents

C.

Anticipating current service level agreements (SLAs) will remain unchanged

D.

Duplicating existing disk drive systems to improve redundancy and data storage

Full Access
Question # 14

During which IT project phase is it MOST appropriate to conduct a benefits realization analysis?

A.

Post-implementation review phase

B.

Final implementation phase

C.

User acceptance testing (UAT) phase

D.

Design review phase

Full Access
Question # 15

Which of the following is the GREATEST benefit of adopting an Agile audit methodology?

A.

Better ability to address key risks

B.

Less frequent client interaction

C.

Annual cost savings

D.

Reduced documentation requirements

Full Access
Question # 16

Which of the following staff should an IS auditor interview FIRST to obtain a general overview of the various technologies used across different programs?

A.

Technical architect

B.

Enterprise architect

C.

Program manager

D.

Solution architect

Full Access
Question # 17

Which of the following BEST indicates to an IS auditor that an organization handles emergency changes appropriately and transparently?

A.

The application operations manual contains procedures to ensure emergency fixes do not compromise system integrity.

B.

Special logon IDs are used to grant programmers permanent access to the production environment.

C.

Change management controls are retroactively applied.

D.

Emergency changes are applied to production libraries immediately.

Full Access
Question # 18

Which of the following is the MOST appropriate testing approach when auditing a daily data flow between two systems via an automated interface to confirm that it is complete and accurate?

A.

Confirm that the encryption standard applied to the interface is in line with best practice.

B.

Inspect interface configurations and an example output of the systems.

C.

Perform data reconciliation between the two systems for a sample of 25 days.

D.

Conduct code review for both systems and inspect design documentation.

Full Access
Question # 19

In an area susceptible to unexpected increases in electrical power, which of the following would MOST effectively protect the system?

A.

Generator

B.

Voltage regulator

C.

Circuit breaker

D.

Alternate power supply line

Full Access
Question # 20

Which of the following is the BEST indicator that a third-party vendor adheres to the controls required by the organization?

A.

Review of monthly performance reports submitted by the vendor

B.

Certifications maintained by the vendor

C.

Regular independent assessment of the vendor

D.

Substantive log file review of the vendor's system

Full Access
Question # 21

From a risk management perspective, which of the following is the BEST approach when implementing a large and complex data center IT infrastructure?

A.

Simulating the new infrastructure before deployment

B.

Prototyping and a one-phase deployment

C.

A deployment plan based on sequenced phases

D.

A big bang deployment with a successful proof of concept

Full Access
Question # 22

An IS auditor is reviewing an organization that performs backups on local database servers every two weeks and does not have a formal policy to govern data backup and restoration procedures. Which of the following findings presents the GREATEST risk to the organization?

A.

Lack of offsite data backups

B.

Absence of a data backup policy

C.

Lack of periodic data restoration testing

D.

Insufficient data backup frequency

Full Access
Question # 23

An IS auditor is evaluating the progress of a web-based customer service application development project. Which of the following would be MOST helpful for this evaluation?

A.

Backlog consumption reports

B.

Critical path analysis reports

C.

Developer status reports

D.

Change management logs

Full Access
Question # 24

Which of the following provides the MOST useful information regarding an organization's risk appetite and tolerance?

A.

Gap analysis

B.

Audit reports

C.

Risk profile

D.

Risk register

Full Access
Question # 25

A firewall between internal network segments improves security and reduces risk by:

A.

Jogging all packets passing through network segments

B.

inspecting all traffic flowing between network segments and applying security policies

C.

monitoring and reporting on sessions between network participants

D.

ensuring all connecting systems have appropriate security controls enabled.

Full Access
Question # 26

Which of the following controls is BEST implemented through system configuration?

    Network user accounts for temporary workers expire after 90 days.

    Application user access is reviewed every 180 days for appropriateness.

    Financial data in key reports is traced to source systems for completeness and accuracy.

A.

Computer operations personnel initiate batch processing jobs daily.

Full Access
Question # 27

An organization's IT risk assessment should include the identification of:

A.

vulnerabilities

B.

compensating controls

C.

business needs

D.

business process owners

Full Access
Question # 28

A senior auditor is reviewing work papers prepared by a junior auditor indicating that a finding was removed after the auditee said they corrected the problem. Which of the following is the senior auditor s MOST appropriate course of action?

A.

Ask the auditee to retest

B.

Approve the work papers as written

C.

Have the finding reinstated

D.

Refer the issue to the audit director

Full Access
Question # 29

Which of the following would BEST help to ensure that an incident receives attention from appropriate personnel in a timely manner?

A.

Completing the incident management log

B.

Broadcasting an emergency message

C.

Requiring a dedicated incident response team

D.

Implementing incident escalation procedures

Full Access
Question # 30

During a review, an IS auditor discovers that corporate users are able to access cloud-based applications and data any Internet-connected web browser. Which Of the following

is the auditor’s BEST recommendation to prevent unauthorized access?

A.

Implement an intrusion detection system (IDS),

B.

Update security policies and procedures.

C.

Implement multi-factor authentication.

D.

Utilize strong anti-malware controls on all computing devices.

Full Access
Question # 31

Which of the following is the GREATEST risk if two users have concurrent access to the same database record?

A.

Availability integrity

B.

Data integrity

C.

Entity integrity

D.

Referential integrity

Full Access
Question # 32

An internal audit team is deciding whether to use an audit management application hosted by a third party in a different country.

What should be the MOST important consideration related to the uploading of payroll audit documentation in the hosted

application?

A.

Financial regulations affecting the organization

B.

Data center physical access controls whore the application is hosted

C.

Privacy regulations affecting the organization

D.

Per-unit cost charged by the hosting services provider for storage

Full Access
Question # 33

An organization implemented a cybersecurity policy last year Which of the following is the GREATE ST indicator that the policy may need to be revised?

A.

A significant increase in authorized connections to third parties

B.

A significant increase in cybersecurity audit findings

C.

A significant increase in approved exceptions

D.

A significant increase in external attack attempts

Full Access
Question # 34

The PRIMARY purpose of a configuration management system is to:

A.

track software updates.

B.

define baselines for software.

C.

support the release procedure.

D.

standardize change approval.

Full Access
Question # 35

Which of the following is an advantage of using agile software development methodology over the waterfall methodology?

A.

Less funding required overall

B.

Quicker deliverables

C.

Quicker end user acceptance

D.

Clearly defined business expectations

Full Access
Question # 36

Users are complaining that a newly released enterprise resource planning (ERP) system is functioning too slowly. Which of the following tests during the quality assurance (QA) phase would have identified this concern?

A.

Stress

B.

Regression

C.

Interface

D.

Integration

Full Access
Question # 37

The PRIMARY benefit of automating application testing is to:

A.

provide test consistency.

B.

provide more flexibility.

C.

replace all manual test processes.

D.

reduce the time to review code.

Full Access
Question # 38

An IS auditor is performing a follow-up audit for findings identified in an organization's user provisioning process Which of the following is the MOST appropriate population to sample from when testing for remediation?

A.

All users provisioned after the finding was originally identified

B.

All users provisioned after management resolved the audit issue

C.

All users provisioned after the final audit report was issued

D.

All users who have followed user provisioning processes provided by management

Full Access
Question # 39

The BEST way to prevent fraudulent payments is to implement segregation of duties between the vendor setup and:

A.

payment processing.

B.

payroll processing.

C.

procurement.

D.

product registration.

Full Access
Question # 40

Which of the following are used in a firewall to protect the entity's internal resources?

A.

Remote access servers

B.

Secure Sockets Layers (SSLs)

C.

Internet Protocol (IP) address restrictions

D.

Failover services

Full Access
Question # 41

A CFO has requested an audit of IT capacity management due to a series of finance system slowdowns during month-end reporting. What would be MOST important to consider before including this audit in the program?

A.

Whether system delays result in more frequent use of manual processing

B.

Whether the system's performance poses a significant risk to the organization

C.

Whether stakeholders are committed to assisting with the audit

D.

Whether internal auditors have the required skills to perform the audit

Full Access
Question # 42

Which of the following is the MOST efficient solution for a multi-location healthcare organization that wants to be able to access patient data wherever patients present themselves

for care?

A.

Infrastructure as a Service (laaS) provider

B.

Software as a Service (SaaS) provider

C.

Network segmentation

D.

Dynamic localization

Full Access
Question # 43

When auditing an organization's software acquisition process the BEST way for an IS auditor to understand the software benefits to the organization would be to review the

A.

feasibility study

B.

business case

C.

request for proposal (RFP)

D.

alignment with IT strategy

Full Access
Question # 44

The operations team of an organization has reported an IS security attack Which of the following should be the FIRST step for the security incident response team?

A.

Report results to management

B.

Document lessons learned

C.

Perform a damage assessment

D.

Prioritize resources for corrective action

Full Access
Question # 45

An IS auditor has discovered that a software system still in regular use is years out of date and no longer supported. The auditee has stated that it will take six months until the software is running on the current version. Which of the following is the BEST way to reduce the immediate risk associated with using an unsupported version of the software?

A.

Verify all patches have been applied to the software system's outdated version.

B.

Close all unused ports on the outdated software system.

C.

Monitor network traffic attempting to reach the outdated software system.

D.

Segregate the outdated software system from the main network.

Full Access
Question # 46

An IS auditor learns a server administration team regularly applies workarounds to address repeated failures of critical data processing services Which of the following would BEST enable the organization to resolve this issue?

A.

Problem management

B.

Incident management

C.

Service level management

D.

Change management

Full Access
Question # 47

An IS auditor identifies that a legacy application to be decommissioned in three months cannot meet the security requirements established by the current policy. What is the BEST way (or the auditor to address this issue?

A.

Recommend the application be patched to meet requirements.

B.

Inform the IT director of the policy noncompliance.

C.

Verify management has approved a policy exception to accept the risk.

D.

Take no action since the application will be decommissioned in three months.

Full Access
Question # 48

An IS auditor evaluating the change management process must select a sample from the change log. What is the BEST way to the auditor to confirm the change log is complete?

A.

Interview change management personnel about completeness.

B.

Take an item from the log and trace it back to the system.

C.

Obtain management attestation of completeness.

D.

Take the last change from the system and trace it back to the log.

Full Access
Question # 49

An IT balanced scorecard is PRIMARILY used for:

A.

evaluating the IT project portfolio

B.

measuring IT strategic performance

C.

allocating IT budget and resources

D.

monitoring risk in lT-related processes

Full Access
Question # 50

Which of the following areas is MOST likely to be overlooked when implementing a new data classification process?

A.

End-user computing (EUC) systems

B.

Email attachments

C.

Data sent to vendors

D.

New system applications

Full Access
Question # 51

Which of the following can only be provided by asymmetric encryption?

A.

Information privacy

B.

256-brt key length

C.

Data availability

D.

Nonrepudiation

Full Access
Question # 52

Which of the following is the BEST way to help ensure new IT implementations align with enterprise architecture (EA) principles and requirements?

A.

Document the security view as part of the EA

B.

Consider stakeholder concerns when defining the EA

C.

Perform mandatory post-implementation reviews of IT implementations

D.

Conduct EA reviews as part of the change advisory board

Full Access
Question # 53

A checksum is classified as which type of control?

A.

Detective control

B.

Preventive control

C.

Corrective control

D.

Administrative control

Full Access
Question # 54

An IS auditor conducts a review of a third-party vendor's reporting of key performance indicators (KPIs) Which of the following findings should be of MOST concern to the auditor?

A.

KPI data is not being analyzed

B.

KPIs are not clearly defined

C.

Some KPIs are not documented

D.

KPIs have never been updated

Full Access
Question # 55

Which of the following provides the MOST useful information for performing a business impact analysis (B1A)?

A.

inventory of relevant business processes

B.

Policies for business procurement

C.

Documentation of application configurations

D.

Results of business resumption planning efforts

Full Access
Question # 56

When is it MOST important for an IS auditor to apply the concept of materiality in an audit?

A.

When planning an audit engagement

B.

When gathering information for the fieldwork

C.

When a violation of a regulatory requirement has been identified

D.

When evaluating representations from the auditee

Full Access
Question # 57

Which of the following is the BEST approach for determining the overall IT risk appetite of an organization when business units use different methods for managing IT risks?

A.

Average the business units’ IT risk levels

B.

Identify the highest-rated IT risk level among the business units

C.

Prioritize the organization's IT risk scenarios

D.

Establish a global IT risk scoring criteria

Full Access
Question # 58

Which of the following should be of GREATEST concern to an IS auditor conducting an audit of an organization that recently experienced a ransomware attack?

A.

Antivirus software was unable to prevent the attack even though it was properly updated

B.

The most recent security patches were not tested prior to implementation

C.

Backups were only performed within the local network

D.

Employees were not trained on cybersecurity policies and procedures

Full Access
Question # 59

An IS auditor is concerned that unauthorized access to a highly sensitive data center might be gained by piggybacking or tailgating. Which of the following is the BEST recommendation? (Choose Correct answer and give explanation from CISA Certification - Information Systems Auditor official book)

A.

Biometrics

B.

Procedures for escorting visitors

C.

Airlock entrance

D.

Intruder alarms

Full Access
Question # 60

Which of the following is the GREATEST benefit of adopting an international IT governance framework rather than establishing a new framework based on the actual situation of a specific organization1?

A.

Readily available resources such as domains and risk and control methodologies

B.

Comprehensive coverage of fundamental and critical risk and control areas for IT governance

C.

Fewer resources expended on trial-and-error attempts to fine-tune implementation methodologies

D.

Wide acceptance by different business and support units with IT governance objectives

Full Access
Question # 61

Which of the following management decisions presents the GREATEST risk associated with data leakage?

A.

There is no requirement for desktops to be encrypted

B.

Staff are allowed to work remotely

C.

Security awareness training is not provided to staff

D.

Security policies have not been updated in the past year

Full Access
Question # 62

Which of the following analytical methods would be MOST useful when trying to identify groups with similar behavior or characteristics in a large population?

A.

Deviation detection

B.

Cluster sampling

C.

Random sampling

D.

Classification

Full Access
Question # 63

Which of the following methods BEST enforces data leakage prevention in a multi-tenant cloud environment?

A.

Monitoring tools are configured to alert in case of downtime

B.

A comprehensive security review is performed every quarter.

C.

Data for different tenants is segregated by database schema

D.

Tenants are required to implement data classification polices

Full Access
Question # 64

Which of the following is a concern associated with virtualization?

A.

The physical footprint of servers could decrease within the data center.

B.

Performance issues with the host could impact the guest operating systems.

C.

Processing capacity may be shared across multiple operating systems.

D.

One host may have multiple versions of the same operating system.

Full Access
Question # 65

An IS auditor requests direct access to data required to perform audit procedures instead of asking management to provide the data Which of the following is the PRIMARY advantage of this approach?

A.

Audit transparency

B.

Data confidentiality

C.

Professionalism

D.

Audit efficiency

Full Access
Question # 66

When auditing the closing stages of a system development protect which of the following should be the MOST important consideration?

A.

Control requirements

B.

Rollback procedures

C.

Functional requirements documentation

D.

User acceptance lest (UAT) results

Full Access
Question # 67

During the discussion of a draft audit report IT management provided suitable evidence that a process has been implemented for a control that had been concluded by the IS auditor as ineffective Which of the following is the auditor's BEST action?

A.

Explain to IT management that the new control will be evaluated during follow-up

B.

Add comments about the action taken by IT management in the report

C.

Change the conclusion based on evidence provided by IT management

D.

Re-perform the audit before changing the conclusion

Full Access
Question # 68

When testing the accuracy of transaction data, which of the following situations BEST justifies the use of a smaller sample size?

A.

The IS audit staff has a high level of experience.

B.

It is expected that the population is error-free.

C.

Proper segregation of duties is in place.

D.

The data can be directly changed by users.

Full Access
Question # 69

Management has learned the implementation of a new IT system will not be completed on time and has requested an audit. Which of the following audit findings should be of GREATEST concern?

A.

The actual start times of some activities were later than originally scheduled.

B.

Tasks defined on the critical path do not have resources allocated.

C.

The project manager lacks formal certification.

D.

Milestones have not been defined for all project products.

Full Access
Question # 70

An IS auditor finds a segregation of duties issue in an enterprise resource planning (ERP) system. Which of the following is the BEST way to prevent the misconfiguration from recurring?

A.

Monitoring access rights on a regular basis

B.

Referencing a standard user-access matrix

C.

Granting user access using a role-based model

D.

Correcting the segregation of duties conflicts

Full Access
Question # 71

Which of the following would be the BEST criteria for monitoring an IT vendor's service levels?

A.

Service auditor's report

B.

Performance metrics

C.

Surprise visit to vendor

D.

Interview with vendor

Full Access
Question # 72

Which of the following should be the GREATEST concern to an IS auditor reviewing an organization's method to transport sensitive data between offices?

A.

The method relies exclusively on the use of asymmetric encryption algorithms.

B.

The method relies exclusively on the use of 128-bit encryption.

C.

The method relies exclusively on the use of digital signatures.

D.

The method relies exclusively on the use of public key infrastructure (PKI).

Full Access
Question # 73

Which of the following is the BEST way to verify the effectiveness of a data restoration process?

A.

Performing periodic reviews of physical access to backup media

B.

Performing periodic complete data restorations

C.

Validating off ne backups using software utilities

D.

Reviewing and updating data restoration policies annually

Full Access
Question # 74

A company requires that all program change requests (PCRs) be approved and all modifications be automatically logged. Which of the following IS audit procedures will BEST determine whether unauthorized changes have been made to production programs?

A.

Trace a sample of complete PCR forms to the log of all program changes

B.

Use source code comparison software to determine whether any changes have been made to a sample of programs since the last audit date

C.

Review a sample of PCRs for proper approval throughout the program change process

D.

Trace a sample of program change from the log to completed PCR forms

Full Access
Question # 75

An IS auditor reviewing the throat assessment for a data cantor would be MOST concerned if:

A.

some of the identified threats are unlikely to occur.

B.

all identified threats relate to external entities.

C.

the exercise was completed by local management.

D.

neighboring organizations' operations have been included.

Full Access
Question # 76

Which of the following methods will BEST reduce the risk associated with the transition to a new system using

technologies that are not compatible with the old system?

A.

Parallel changeover

B.

Modular changeover

C.

Phased operation

D.

Pilot operation

Full Access
Question # 77

When assessing a proposed project for the two-way replication of a customer database with a remote call center, the IS auditor should ensure that:

A.

database conflicts are managed during replication.

B.

end users are trained in the replication process.

C.

the source database is backed up on both sites.

D.

user rights are identical on both databases.

Full Access
Question # 78

Which of the following is MOST important for an IS auditor to verify when evaluating an organization's data conversion and infrastructure migration plan?

A.

Strategic: goals have been considered.

B.

A rollback plan is included.

C.

A code check review is included.

D.

A migration steering committee has been formed.

Full Access
Question # 79

Which of the following is the MOST important responsibility of user departments associated with program changes?

A.

Providing unit test data

B.

Analyzing change requests

C.

Updating documentation lo reflect latest changes

D.

Approving changes before implementation

Full Access
Question # 80

Which of the following information security requirements BE ST enables the tracking of organizational data in a bring your own device (BYOD) environment?

A.

Employees must immediately report lost or stolen mobile devices containing organizational data

B.

Employees must sign acknowledgment of the organization's mobile device acceptable use policy

C.

Employees must enroll their personal devices in the organization's mobile device management program

Full Access
Question # 81

Which of the following testing methods is MOST appropriate for assessing whether system integrity has been maintained after changes have been made?

A.

Regression testing

B.

Unit testing

C.

Integration testing

D.

Acceptance testing

Full Access
Question # 82

Which of the following BEST protects evidence in a forensic investigation?

A.

imaging the affected system

B.

Powering down the affected system

C.

Protecting the hardware of the affected system

D.

Rebooting the affected system

Full Access
Question # 83

Which of the following is the BEST indicator for measuring performance of IT help desk function?

A.

Percentage of problems raised from incidents

B.

Mean time to categorize tickets

C.

Number 0t incidents reported

D.

Number of reopened tickets

Full Access
Question # 84

An IS auditor finds the log management system is overwhelmed with false positive alerts. The auditor's BEST recommendation would be to:

A.

establish criteria for reviewing alerts.

B.

recruit more monitoring personnel.

C.

reduce the firewall rules.

D.

fine tune the intrusion detection system (IDS).

Full Access
Question # 85

Which of the following is MOST important to ensure when planning a black box penetration test?

A.

The management of the client organization is aware of the testing.

B.

The test results will be documented and communicated to management.

C.

The environment and penetration test scope have been determined.

D.

Diagrams of the organization's network architecture are available.

Full Access
Question # 86

An incorrect version of the source code was amended by a development team. This MOST likely indicates a weakness in:

A.

incident management.

B.

quality assurance (QA).

C.

change management.

D.

project management.

Full Access
Question # 87

Which of the following components of a risk assessment is MOST helpful to management in determining the level of risk mitigation to apply?

A.

Risk identification

B.

Risk classification

C.

Control self-assessment (CSA)

D.

Impact assessment

Full Access
Question # 88

What should be the PRIMARY basis for selecting which IS audits to perform in the coming year?

A.

Senior management's request

B.

Prior year's audit findings

C.

Organizational risk assessment

D.

Previous audit coverage and scope

Full Access
Question # 89

Which of the following documents would be MOST useful in detecting a weakness in segregation of duties?

A.

System flowchart

B.

Data flow diagram

C.

Process flowchart

D.

Entity-relationship diagram

Full Access
Question # 90

An IS auditor wants to determine who has oversight of staff performing a specific task and is referencing the organization's RACI chart. Which of the following roles within the chart would provide this information?

A.

Consulted

B.

Informed

C.

Responsible

D.

Accountable

Full Access
Question # 91

To confirm integrity for a hashed message, the receiver should use:

A.

the same hashing algorithm as the sender's to create a binary image of the file.

B.

a different hashing algorithm from the sender's to create a binary image of the file.

C.

the same hashing algorithm as the sender's to create a numerical representation of the file.

D.

a different hashing algorithm from the sender's to create a numerical representation of the file.

Full Access
Question # 92

Spreadsheets are used to calculate project cost estimates. Totals for each cost category are then keyed into the job-costing system. What is the BEST control to ensure that data is accurately entered into the system?

A.

Reconciliation of total amounts by project

B.

Validity checks, preventing entry of character data

C.

Reasonableness checks for each cost type

D.

Display the back of the project detail after the entry

Full Access
Question # 93

Which of the following is the BEST recommendation to prevent fraudulent electronic funds transfers by accounts payable employees?

A.

Periodic vendor reviews

B.

Dual control

C.

Independent reconciliation

D.

Re-keying of monetary amounts

E.

Engage an external security incident response expert for incident handling.

Full Access
Question # 94

Which of the following is MOST important for an IS auditor to examine when reviewing an organization's privacy policy?

A.

Whether there is explicit permission from regulators to collect personal data

B.

The organization's legitimate purpose for collecting personal data

C.

Whether sharing of personal information with third-party service providers is prohibited

D.

The encryption mechanism selected by the organization for protecting personal data

Full Access
Question # 95

Which of the following should an IS auditor recommend as a PRIMARY area of focus when an organization decides to outsource technical support for its external customers?

A.

Align service level agreements (SLAs) with current needs.

B.

Monitor customer satisfaction with the change.

C.

Minimize costs related to the third-party agreement.

D.

Ensure right to audit is included within the contract.

Full Access
Question # 96

Which of the following is the BEST detective control for a job scheduling process involving data transmission?

A.

Metrics denoting the volume of monthly job failures are reported and reviewed by senior management.

B.

Jobs are scheduled to be completed daily and data is transmitted using a Secure File Transfer Protocol (SFTP).

C.

Jobs are scheduled and a log of this activity is retained for subsequent review.

D.

Job failure alerts are automatically generated and routed to support personnel.

Full Access
Question # 97

When evaluating the design of controls related to network monitoring, which of the following is MOST important for an IS auditor to review?

A.

Incident monitoring togs

B.

The ISP service level agreement

C.

Reports of network traffic analysis

D.

Network topology diagrams

Full Access
Question # 98

Management has requested a post-implementation review of a newly implemented purchasing package to determine to what extent business requirements are being met. Which of the following is MOST likely to be assessed?

A.

Purchasing guidelines and policies

B.

Implementation methodology

C.

Results of line processing

D.

Test results

Full Access
Question # 99

Which of the following demonstrates the use of data analytics for a loan origination process?

A.

Evaluating whether loan records are included in the batch file and are validated by the servicing system

B.

Comparing a population of loans input in the origination system to loans booked on the servicing system

C.

Validating whether reconciliations between the two systems are performed and discrepancies are investigated

D.

Reviewing error handling controls to notify appropriate personnel in the event of a transmission failure

Full Access
Question # 100

Which of the following is the BEST method to prevent wire transfer fraud by bank employees?

A.

Independent reconciliation

B.

Re-keying of wire dollar amounts

C.

Two-factor authentication control

D.

System-enforced dual control

Full Access
Question # 101

In a 24/7 processing environment, a database contains several privileged application accounts with passwords set to never expire. Which of the following recommendations would BEST address the risk with minimal disruption to the business?

A.

Modify applications to no longer require direct access to the database.

B.

Introduce database access monitoring into the environment

C.

Modify the access management policy to make allowances for application accounts.

D.

Schedule downtime to implement password changes.

Full Access
Question # 102

Which of the following should an IS auditor be MOST concerned with during a post-implementation review?

A.

The system does not have a maintenance plan.

B.

The system contains several minor defects.

C.

The system deployment was delayed by three weeks.

D.

The system was over budget by 15%.

Full Access
Question # 103

During an external review, an IS auditor observes an inconsistent approach in classifying system criticality within the organization. Which of the following should be recommended as the PRIMARY factor to determine system criticality?

A.

Key performance indicators (KPIs)

B.

Maximum allowable downtime (MAD)

C.

Recovery point objective (RPO)

D.

Mean time to restore (MTTR)

Full Access
Question # 104

Which of the following is a social engineering attack method?

A.

An unauthorized person attempts to gam access to secure premises by following an authonzed person through a secure door.

B.

An employee is induced to reveal confidential IP addresses and passwords by answering questions over the phone.

C.

A hacker walks around an office building using scanning tools to search for a wireless network to gain access.

D.

An intruder eavesdrops and collects sensitive information flowing through the network and sells it to third parties.

Full Access
Question # 105

An IS auditor discovers an option in a database that allows the administrator to directly modify any table. This option is necessary to overcome bugs in the software, but is rarely used. Changes to tables are automatically logged. The IS auditor's FIRST action should be to:

A.

recommend that the option to directly modify the database be removed immediately.

B.

recommend that the system require two persons to be involved in modifying the database.

C.

determine whether the log of changes to the tables is backed up.

D.

determine whether the audit trail is secured and reviewed.

Full Access
Question # 106

Which of the following is the BEST way to address segregation of duties issues in an organization with budget constraints?

A.

Rotate job duties periodically.

B.

Perform an independent audit.

C.

Hire temporary staff.

D.

Implement compensating controls.

Full Access
Question # 107

During the design phase of a software development project, the PRIMARY responsibility of an IS auditor is to evaluate the:

A.

Future compatibility of the application.

B.

Proposed functionality of the application.

C.

Controls incorporated into the system specifications.

D.

Development methodology employed.

Full Access
Question # 108

Which of the following BEST ensures the quality and integrity of test procedures used in audit analytics?

A.

Developing and communicating test procedure best practices to audit teams

B.

Developing and implementing an audit data repository

C.

Decentralizing procedures and Implementing periodic peer review

D.

Centralizing procedures and implementing change control

Full Access
Question # 109

During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor's NEXT step should be to:

A.

note the noncompliance in the audit working papers.

B.

issue an audit memorandum identifying the noncompliance.

C.

include the noncompliance in the audit report.

D.

determine why the procedures were not followed.

Full Access
Question # 110

An organization has recently acquired and implemented intelligent-agent software for granting loans to customers. During the post-implementation review, which of the following is the MOST important procedure for the IS auditor to perform?

A.

Review system and error logs to verify transaction accuracy.

B.

Review input and output control reports to verify the accuracy of the system decisions.

C.

Review signed approvals to ensure responsibilities for decisions of the system are well defined.

D.

Review system documentation to ensure completeness.

Full Access
Question # 111

During the discussion of a draft audit report. IT management provided suitable evidence fiat a process has been implemented for a control that had been concluded by the IS auditor as Ineffective. Which of the following is the auditor's BEST action?

A.

Explain to IT management that the new control will be evaluated during follow-up

B.

Re-perform the audit before changing the conclusion.

C.

Change the conclusion based on evidence provided by IT management.

D.

Add comments about the action taken by IT management in the report.

Full Access
Question # 112

What is the BEST control to address SQL injection vulnerabilities?

A.

Unicode translation

B.

Secure Sockets Layer (SSL) encryption

C.

Input validation

D.

Digital signatures

Full Access
Question # 113

Which of the following would BEST facilitate the successful implementation of an IT-related framework?

A.

Aligning the framework to industry best practices

B.

Establishing committees to support and oversee framework activities

C.

Involving appropriate business representation within the framework

D.

Documenting IT-related policies and procedures

Full Access
Question # 114

A proper audit trail of changes to server start-up procedures would include evidence of:

A.

subsystem structure.

B.

program execution.

C.

security control options.

D.

operator overrides.

Full Access
Question # 115

During a new system implementation, an IS auditor has been assigned to review risk management at each milestone. The auditor finds that several risks to project benefits have not been addressed. Who should be accountable for managing these risks?

A.

Enterprise risk manager

B.

Project sponsor

C.

Information security officer

D.

Project manager

Full Access
Question # 116

Secure code reviews as part of a continuous deployment program are which type of control?

A.

Detective

B.

Logical

C.

Preventive

D.

Corrective

Full Access
Question # 117

When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:

A.

the Internet.

B.

the demilitarized zone (DMZ).

C.

the organization's web server.

D.

the organization's network.

Full Access
Question # 118

One benefit of return on investment (ROI) analysts in IT decision making is that it provides the:

A.

basis for allocating indirect costs.

B.

cost of replacing equipment.

C.

estimated cost of ownership.

D.

basis for allocating financial resources.

Full Access
Question # 119

Which of the following provides the MOST reliable audit evidence on the validity of transactions in a financial application?

A.

Walk-through reviews

B.

Substantive testing

C.

Compliance testing

D.

Design documentation reviews

Full Access
Question # 120

Which of the following should be an IS auditor's GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?

A.

Business interruption due to remediation

B.

IT budgeting constraints

C.

Availability of responsible IT personnel

D.

Risk rating of original findings

Full Access
Question # 121

During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST

A.

perform a business impact analysis (BIA).

B.

issue an intermediate report to management.

C.

evaluate the impact on current disaster recovery capability.

D.

conduct additional compliance testing.

Full Access
Question # 122

An IS auditor is examining a front-end subledger and a main ledger. Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?

A.

Double-posting of a single journal entry

B.

Inability to support new business transactions

C.

Unauthorized alteration of account attributes

D.

Inaccuracy of financial reporting

Full Access
Question # 123

An IS auditor has found that an organization is unable to add new servers on demand in a cost-efficient manner. Which of the following is the auditor's BEST recommendation?

A.

Increase the capacity of existing systems.

B.

Upgrade hardware to newer technology.

C.

Hire temporary contract workers for the IT function.

D.

Build a virtual environment.

Full Access
Question # 124

Which of the following is MOST important for an IS auditor to review when evaluating the accuracy of a spreadsheet that contains several macros?

A.

Encryption of the spreadsheet

B.

Version history

C.

Formulas within macros

D.

Reconciliation of key calculations

Full Access
Question # 125

An organizations audit charier PRIMARILY:

A.

describes the auditors' authority to conduct audits.

B.

defines the auditors' code of conduct.

C.

formally records the annual and quarterly audit plans.

D.

documents the audit process and reporting standards.

Full Access
Question # 126

Which of the following is MOST important with regard to an application development acceptance test?

A.

The programming team is involved in the testing process.

B.

All data files are tested for valid information before conversion.

C.

User management approves the test design before the test is started.

D.

The quality assurance (QA) team is in charge of the testing process.

Full Access
Question # 127

An organization allows employees to retain confidential data on personal mobile devices. Which of the following is the BEST recommendation to mitigate the risk of data leakage from lost or stolen devices?

A.

Require employees to attend security awareness training.

B.

Password protect critical data files.

C.

Configure to auto-wipe after multiple failed access attempts.

D.

Enable device auto-lock function.

Full Access
Question # 128

Which of the following MOST effectively minimizes downtime during system conversions?

A.

Phased approach

B.

Direct cutover

C.

Pilot study

D.

Parallel run

Full Access
Question # 129

While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed with the audit function. In order to resolve the situation, the IS auditor's BEST course of action would be to:

A.

re-prioritize the original issue as high risk and escalate to senior management.

B.

schedule a follow-up audit in the next audit cycle.

C.

postpone follow-up activities and escalate the alternative controls to senior audit management.

D.

determine whether the alternative controls sufficiently mitigate the risk.

Full Access
Question # 130

During an ongoing audit, management requests a briefing on the findings to date. Which of the following is the IS auditor's BEST course of action?

A.

Review working papers with the auditee.

B.

Request the auditee provide management responses.

C.

Request management wait until a final report is ready for discussion.

D.

Present observations for discussion only.

Full Access
Question # 131

Which of the following is the BEST compensating control when segregation of duties is lacking in a small IS department?

A.

Background checks

B.

User awareness training

C.

Transaction log review

D.

Mandatory holidays

Full Access
Question # 132

Which of the following is MOST important for an effective control self-assessment (CSA) program?

A.

Determining the scope of the assessment

B.

Performing detailed test procedures

C.

Evaluating changes to the risk environment

D.

Understanding the business process

Full Access
Question # 133

Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organization's information security policy?

A.

Alignment with the IT tactical plan

B.

IT steering committee minutes

C.

Compliance with industry best practice

D.

Business objectives

Full Access
Question # 134

An IS auditor is reviewing an organization's information asset management process. Which of the following would be of GREATEST concern to the auditor?

A.

The process does not require specifying the physical locations of assets.

B.

Process ownership has not been established.

C.

The process does not include asset review.

D.

Identification of asset value is not included in the process.

Full Access
Question # 135

During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be MOST concerned with the:

A.

allocation of resources during an emergency.

B.

frequency of system testing.

C.

differences in IS policies and procedures.

D.

maintenance of hardware and software compatibility.

Full Access
Question # 136

The PRIMARY advantage of object-oriented technology is enhanced:

A.

efficiency due to the re-use of elements of logic.

B.

management of sequential program execution for data access.

C.

grouping of objects into methods for data access.

D.

management of a restricted variety of data types for a data object.

Full Access
Question # 137

An IS auditor is evaluating an organization's IT strategy and plans. Which of the following would be of GREATEST concern?

A.

There is not a defined IT security policy.

B.

The business strategy meeting minutes are not distributed.

C.

IT is not engaged in business strategic planning.

D.

There is inadequate documentation of IT strategic planning.

Full Access
Question # 138

Which of the following BEST indicates the effectiveness of an organization's risk management program?

A.

Inherent risk is eliminated.

B.

Residual risk is minimized.

C.

Control risk is minimized.

D.

Overall risk is quantified.

Full Access
Question # 139

During the implementation of an upgraded enterprise resource planning (ERP) system, which of the following is the MOST important consideration for a go-live decision?

A.

Rollback strategy

B.

Test cases

C.

Post-implementation review objectives

D.

Business case

Full Access
Question # 140

Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?

A.

The IS auditor provided consulting advice concerning application system best practices.

B.

The IS auditor participated as a member of the application system project team, but did not have operational responsibilities.

C.

The IS auditor designed an embedded audit module exclusively for auditing the application system.

D.

The IS auditor implemented a specific control during the development of the application system.

Full Access
Question # 141

Which of the following would BEST demonstrate that an effective disaster recovery plan (DRP) is in place?

A.

Frequent testing of backups

B.

Annual walk-through testing

C.

Periodic risk assessment

D.

Full operational test

Full Access
Question # 142

Which of the following is the MOST important prerequisite for the protection of physical information assets in a data center?

A.

Segregation of duties between staff ordering and staff receiving information assets

B.

Complete and accurate list of information assets that have been deployed

C.

Availability and testing of onsite backup generators

D.

Knowledge of the IT staff regarding data protection requirements

Full Access
Question # 143

Which of the following is the BEST source of information for assessing the effectiveness of IT process monitoring?

A.

Real-time audit software

B.

Performance data

C.

Quality assurance (QA) reviews

D.

Participative management techniques

Full Access
Question # 144

Which of the following should be of GREATEST concern to an IS auditor reviewing a network printer disposal process?

A.

Disposal policies and procedures are not consistently implemented

B.

Evidence is not available to verify printer hard drives have been sanitized prior to disposal.

C.

Business units are allowed to dispose printers directly to

D.

Inoperable printers are stored in an unsecured area.

Full Access
Question # 145

Which of the following is the BEST way to ensure that an application is performing according to its specifications?

A.

Unit testing

B.

Pilot testing

C.

System testing

D.

Integration testing

Full Access
Question # 146

An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities. Which of the following is the BEST recommendation by the IS auditor?

A.

Improve the change management process

B.

Establish security metrics.

C.

Perform a penetration test

D.

Perform a configuration review

Full Access
Question # 147

Which of the following should be of GREATEST concern for an IS auditor reviewing an organization's disaster recovery plan (DRP)?

A.

The DRP has not been formally approved by senior management.

B.

The DRP has not been distributed to end users.

C.

The DRP has not been updated since an IT infrastructure upgrade.

D.

The DRP contains recovery procedures for critical servers only.

Full Access
Question # 148

Which of the following should be of GREATEST concern to an IS auditor reviewing an organization's business continuity plan (BCP)?

A.

The BCP's contact information needs to be updated

B.

The BCP is not version controlled.

C.

The BCP has not been approved by senior management.

D.

The BCP has not been tested since it was first issued.

Full Access
Question # 149

What would be an IS auditor's BEST recommendation upon finding that a third-party IT service provider hosts the organization's human resources (HR) system in a foreign country?

A.

Perform background verification checks.

B.

Review third-party audit reports.

C.

Implement change management review.

D.

Conduct a privacy impact analysis.

Full Access
Question # 150

in a controlled application development environment, the MOST important segregation of duties should be between the person who implements changes into the production environment and the:

A.

application programmer

B.

systems programmer

C.

computer operator

D.

quality assurance (QA) personnel

Full Access
Question # 151

During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?

A.

Sampling risk

B.

Detection risk

C.

Control risk

D.

Inherent risk

Full Access
Question # 152

Which of the following would BEST detect that a distributed denial of service (DDoS) attack is occurring?

A.

Customer service complaints

B.

Automated monitoring of logs

C.

Server crashes

D.

Penetration testing

Full Access
Question # 153

Which of the following is the BEST evidence that an organization's IT strategy is aligned lo its business objectives?

A.

The IT strategy is modified in response to organizational change.

B.

The IT strategy is approved by executive management.

C.

The IT strategy is based on IT operational best practices.

D.

The IT strategy has significant impact on the business strategy

Full Access
Question # 154

An IS auditor plans to review all access attempts to a video-monitored and proximity card-controlled communications room. Which of the following would be MOST useful to the auditor?

A.

Alarm system with CCTV

B.

Access control log

C.

Security incident log

D.

Access card allocation records

Full Access
Question # 155

Which of the following is MOST important for an IS auditor to confirm when reviewing an organization's plans to implement robotic process automation (RPA> to automate routine business tasks?

A.

The end-to-end process is understood and documented.

B.

Roles and responsibilities are defined for the business processes in scope.

C.

A benchmarking exercise of industry peers who use RPA has been completed.

D.

A request for proposal (RFP) has been issued to qualified vendors.

Full Access
Question # 156

Which of the following is MOST important when planning a network audit?

A.

Determination of IP range in use

B.

Analysis of traffic content

C.

Isolation of rogue access points

D.

Identification of existing nodes

Full Access
Question # 157

An IS auditor discovers that an IT organization serving several business units assigns equal priority to all initiatives, creating a risk of delays in securing project funding Which of the following would be MOST helpful in matching demand for projects and services with available resources in a way that supports business objectives?

A.

Project management

B.

Risk assessment results

C.

IT governance framework

D.

Portfolio management

Full Access
Question # 158

Which of the following is the PRIMARY advantage of using visualization technology for corporate applications?

A.

Improved disaster recovery

B.

Better utilization of resources

C.

Stronger data security

D.

Increased application performance

Full Access
Question # 159

A post-implementation review was conducted by issuing a survey to users. Which of the following should be of GREATEST concern to an IS auditor?

A.

The survey results were not presented in detail lo management.

B.

The survey questions did not address the scope of the business case.

C.

The survey form template did not allow additional feedback to be provided.

D.

The survey was issued to employees a month after implementation.

Full Access
Question # 160

Which of the following BEST helps to ensure data integrity across system interfaces?

A.

Environment segregation

B.

Reconciliation

C.

System backups

D.

Access controls

Full Access
Question # 161

Which of the following would an IS auditor recommend as the MOST effective preventive control to reduce the risk of data leakage?

A.

Ensure that paper documents arc disposed security.

B.

Implement an intrusion detection system (IDS).

C.

Verify that application logs capture any changes made.

D.

Validate that all data files contain digital watermarks

Full Access
Question # 162

Which of the following should be performed FIRST before key performance indicators (KPIs) can be implemented?

A.

Analysis of industry benchmarks

B.

Identification of organizational goals

C.

Analysis of quantitative benefits

D.

Implementation of a balanced scorecard

Full Access
Question # 163

Which of the following is the MOST effective way for an organization to help ensure agreed-upon action plans from an IS audit will be implemented?

A.

Ensure sufficient audit resources are allocated,

B.

Communicate audit results organization-wide.

C.

Ensure ownership is assigned.

D.

Test corrective actions upon completion.

Full Access
Question # 164

An IS auditor reviewing security incident processes realizes incidents are resolved and closed, but root causes are not investigated. Which of the following should be the MAJOR concern with this situation?

A.

Abuses by employees have not been reported.

B.

Lessons learned have not been properly documented

C.

vulnerabilities have not been properly addressed

D.

Security incident policies are out of date.

Full Access
Question # 165

Which of the following would MOST effectively help to reduce the number of repealed incidents in an organization?

A.

Testing incident response plans with a wide range of scenarios

B.

Prioritizing incidents after impact assessment.

C.

Linking incidents to problem management activities

D.

Training incident management teams on current incident trends

Full Access
Question # 166

What is the GREATEST concern for an IS auditor reviewing contracts for licensed software that executes a critical business process?

A.

The contract does not contain a right-to-audit clause.

B.

An operational level agreement (OLA) was not negotiated.

C.

Several vendor deliverables missed the commitment date.

D.

Software escrow was not negotiated.

Full Access
Question # 167

Which of the following is MOST important to determine during the planning phase of a cloud-based messaging and collaboration platform acquisition?

A.

Role-based access control policies

B.

Types of data that can be uploaded to the platform

C.

Processes for on-boarding and off-boarding users to the platform

D.

Processes for reviewing administrator activity

Full Access
Question # 168

What Is the BEST method to determine if IT resource spending is aligned with planned project spending?

A.

Earned value analysis (EVA)

B.

Return on investment (ROI) analysis

C.

Gantt chart

D.

Critical path analysis

Full Access
Question # 169

A company has implemented an IT segregation of duties policy. In a role-based environment, which of the following roles may be assigned to an application developer?

A.

IT operator

B.

System administration

C.

Emergency support

D.

Database administration

Full Access
Question # 170

An organization has outsourced the development of a core application. However, the organization plans to bring the support and future maintenance of the application back in-house. Which of the following findings should be the IS auditor's GREATEST concern?

A.

The cost of outsourcing is lower than in-house development.

B.

The vendor development team is located overseas.

C.

A training plan for business users has not been developed.

D.

The data model is not clearly documented.

Full Access
Question # 171

Which of the following would BEST enable an organization to address the security risks associated with a recently implemented bring your own device (BYOD) strategy?

A.

Mobile device tracking program

B.

Mobile device upgrade program

C.

Mobile device testing program

D.

Mobile device awareness program

Full Access
Question # 172

Which of the following is the MOST significant risk that IS auditors are required to consider for each engagement?

A.

Process and resource inefficiencies

B.

Irregularities and illegal acts

C.

Noncompliance with organizational policies

D.

Misalignment with business objectives

Full Access
Question # 173

Which of the following would be an appropriate role of internal audit in helping to establish an organization’s privacy program?

A.

Analyzing risks posed by new regulations

B.

Developing procedures to monitor the use of personal data

C.

Defining roles within the organization related to privacy

D.

Designing controls to protect personal data

Full Access
Question # 174

When verifying the accuracy and completeness of migrated data for a new application system replacing a legacy system. It is MOST effective for an IS auditor to review;

A.

data analytics findings.

B.

audit trails

C.

acceptance lasting results

D.

rollback plans

Full Access
Question # 175

Which of the following is a corrective control?

A.

Separating equipment development testing and production

B.

Verifying duplicate calculations in data processing

C.

Reviewing user access rights for segregation

D.

Executing emergency response plans

Full Access
Question # 176

What should an IS auditor do FIRST when management responses

to an in-person internal control questionnaire indicate a key internal

control is no longer effective?

A.

Determine the resources required to make the control

effective.

B.

Validate the overall effectiveness of the internal control.

C.

Verify the impact of the control no longer being effective.

D.

Ascertain the existence of other compensating controls.

Full Access
Question # 177

What is the PRIMARY benefit of an audit approach which requires reported findings to be issued together with related action plans, owners, and target dates?

A.

it facilitates easier audit follow-up

B.

it enforces action plan consensus between auditors and auditees

C.

it establishes accountability for the action plans

D.

it helps to ensure factual accuracy of findings

Full Access
Question # 178

Which of the following will BEST ensure that a proper cutoff has been established to reinstate transactions and records to their condition just prior to a computer system failure?

A.

Rotating backup copies of transaction files offsite

B.

Using a database management system (DBMS) to dynamically back-out partially processed transactions

C.

Maintaining system console logs in electronic formal

D.

Ensuring bisynchronous capabilities on all transmission lines

Full Access
Question # 179

An IS auditor is reviewing documentation of application systems change control and identifies several patches that were not tested before being put into production. Which of the following is the MOST significant risk from this situation?

A.

Loss of application support

B.

Lack of system integrity

C.

Outdated system documentation

D.

Developer access 1o production

Full Access
Question # 180

An organization is disposing of a system containing sensitive data and has deleted all files from the hard disk. An IS auditor should be concerned because:

A.

deleted data cannot easily be retrieved.

B.

deleting the files logically does not overwrite the files' physical data.

C.

backup copies of files were not deleted as well.

D.

deleting all files separately is not as efficient as formatting the hard disk.

Full Access
Question # 181

An IS auditor finds that the process for removing access for terminated employees is not documented What is the MOST significant risk from this observation?

A.

Procedures may not align with best practices

B.

Human resources (HR) records may not match system access.

C.

Unauthorized access cannot he identified.

D.

Access rights may not be removed in a timely manner.

Full Access
Question # 182

Which of the following is the BEST way to ensure that business continuity plans (BCPs) will work effectively in the event of a major disaster?

A.

Prepare detailed plans for each business function.

B.

Involve staff at all levels in periodic paper walk-through exercises.

C.

Regularly update business impact assessments.

D.

Make senior managers responsible for their plan sections.

Full Access
Question # 183

What should an IS auditor do FIRST upon discovering that a service provider did not notify its customers of a security breach?

A.

Notify law enforcement of the finding.

B.

Require the third party to notify customers.

C.

The audit report with a significant finding.

D.

Notify audit management of the finding.

Full Access
Question # 184

Which of the following is the GREATEST risk of using a reciprocal site for disaster recovery?

A.

Inability to utilize the site when required

B.

Inability to test the recovery plans onsite

C.

Equipment compatibility issues at the site

D.

Mismatched organizational security policies

Full Access
Question # 185

Which of the following provides the BEST providence that outsourced provider services are being properly managed?

A.

The service level agreement (SLA) includes penalties for non-performance.

B.

Adequate action is taken for noncompliance with the service level agreement (SLA).

C.

The vendor provides historical data to demonstrate its performance.

D.

Internal performance standards align with corporate strategy.

Full Access
Question # 186

Which of the following features of a library control software package would protect against unauthorized updating of source code?

A.

Required approvals at each life cycle step

B.

Date and time stamping of source and object code

C.

Access controls for source libraries

D.

Release-to-release comparison of source code

Full Access
Question # 187

An IS auditor is reviewing the installation of a new server. The IS auditor's PRIMARY objective is to ensure that

A.

security parameters are set in accordance with the manufacturer s standards.

B.

a detailed business case was formally approved prior to the purchase.

C.

security parameters are set in accordance with the organization's policies.

D.

the procurement project invited lenders from at least three different suppliers.

Full Access
Question # 188

An IS auditor has completed the fieldwork phase of a network security review and is preparing the initial following findings should be ranked as the HIGHEST risk?

A.

Network penetration tests are not performed

B.

The network firewall policy has not been approved by the information security officer.

C.

Network firewall rules have not been documented.

D.

The network device inventory is incomplete.

Full Access
Question # 189

During an IT general controls audit of a high-risk area where both internal and external audit teams are reviewing the same approach to optimize resources?

A.

Leverage the work performed by external audit for the internal audit testing.

B.

Ensure both the internal and external auditors perform the work simultaneously.

C.

Request that the external audit team leverage the internal audit work.

D.

Roll forward the general controls audit to the subsequent audit year.

Full Access
Question # 190

Which of the following would be the MOST useful metric for management to consider when reviewing a project portfolio?

A.

Cost of projects divided by total IT cost

B.

Expected return divided by total project cost

C.

Net present value (NPV) of the portfolio

D.

Total cost of each project

Full Access
Question # 191

Which of the following is a challenge in developing a service level agreement (SLA) for network services?

A.

Establishing a well-designed framework for network servirces.

B.

Finding performance metrics that can be measured properly

C.

Ensuring that network components are not modified by the client

D.

Reducing the number of entry points into the network

Full Access
Question # 192

Which of the following should an IS auditor ensure is classified at the HIGHEST level of sensitivity?

A.

Server room access history

B.

Emergency change records

C.

IT security incidents

D.

Penetration test results

Full Access
Question # 193

In response to an audit finding regarding a payroll application, management implemented a new automated control. Which of the following would be MOST helpful to the IS auditor when evaluating the effectiveness of the new control?

A.

Approved test scripts and results prior to implementation

B.

Written procedures defining processes and controls

C.

Approved project scope document

D.

A review of tabletop exercise results

Full Access
Question # 194

During an audit of an organization's risk management practices, an IS auditor finds several documented IT risk acceptances have not been renewed in a timely manner after the assigned expiration date When assessing the seventy of this finding, which mitigating factor would MOST significantly minimize the associated impact?

A.

There are documented compensating controls over the business processes.

B.

The risk acceptances were previously reviewed and approved by appropriate senior management

C.

The business environment has not significantly changed since the risk acceptances were approved.

D.

The risk acceptances with issues reflect a small percentage of the total population

Full Access
Question # 195

When reviewing a data classification scheme, it is MOST important for an IS auditor to determine if.

A.

each information asset is to a assigned to a different classification.

B.

the security criteria are clearly documented for each classification

C.

Senior IT managers are identified as information owner.

D.

the information owner is required to approve access to the asset

Full Access
Question # 196

Management receives information indicating a high level of risk associated with potential flooding near the organization's data center within the next few years. As a result, a decision has been made to move data center operations to another facility on higher ground. Which approach has been adopted?

A.

Risk avoidance

B.

Risk transfer

C.

Risk acceptance

D.

Risk reduction

Full Access
Question # 197

What is the PRIMARY purpose of documenting audit objectives when preparing for an engagement?

A.

To address the overall risk associated with the activity under review

B.

To identify areas with relatively high probability of material problems

C.

To help ensure maximum use of audit resources during the engagement

D.

To help prioritize and schedule auditee meetings

Full Access
Question # 198

Which of the following is MOST critical for the effective implementation of IT governance?

A.

Strong risk management practices

B.

Internal auditor commitment

C.

Supportive corporate culture

D.

Documented policies

Full Access
Question # 199

Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?

A.

Apply single sign-on for access control

B.

Implement segregation of duties.

C.

Enforce an internal data access policy.

D.

Enforce the use of digital signatures.

Full Access
Question # 200

Which of the following is MOST important when implementing a data classification program?

A.

Understanding the data classification levels

B.

Formalizing data ownership

C.

Developing a privacy policy

D.

Planning for secure storage capacity

Full Access
Question # 201

An audit has identified that business units have purchased cloud-based applications without IPs support. What is the GREATEST risk associated with this situation?

A.

The applications are not included in business continuity plans (BCFs)

B.

The applications may not reasonably protect data.

C.

The application purchases did not follow procurement policy.

D.

The applications could be modified without advanced notice.

Full Access
Question # 202

Which of the following application input controls would MOST likely detect data input errors in the customer account number field during the processing of an accounts receivable transaction?

A.

Limit check

B.

Parity check

C.

Reasonableness check

D.

Validity check

Full Access
Question # 203

Which type of control is being implemented when a biometric access device is installed at the entrance to a facility?

A.

Preventive

B.

Deterrent

C.

Corrective

D.

Detective

Full Access
Question # 204

Which of the following should an IS auditor expect to see in a network vulnerability assessment?

A.

Misconfiguration and missing updates

B.

Malicious software and spyware

C.

Zero-day vulnerabilities

D.

Security design flaws

Full Access
Question # 205

Which of the following should be identified FIRST during the risk assessment process?

A.

Vulnerability to threats

B.

Existing controls

C.

Information assets

D.

Legal requirements

Full Access
Question # 206

Which of the following is the MAIN responsibility of the IT steering committee?

A.

Reviewing and assisting with IT strategy integration efforts

B.

Developing and assessing the IT security strategy

C.

Implementing processes to integrate security with business objectives

D.

Developing and implementing the secure system development framework

Full Access
Question # 207

An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, which of the following should present the GREATEST concern to the auditor?

A.

Hardware configurations

B.

Access control requirements

C.

Help desk availability

D.

Perimeter network security diagram

Full Access
Question # 208

Which of the following responsibilities of an organization's quality assurance (QA) function should raise concern for an IS auditor?

A.

Ensuring standards are adhered to within the development process

B.

Ensuring the test work supports observations

C.

Updating development methodology

D.

Implementing solutions to correct defects

Full Access
Question # 209

An organization's IT department and internal IS audit function all report to the chief information officer (CIO). Which of the following is the GREATEST concern associated with this reporting structure?

A.

Potential for inaccurate audit findings

B.

Compromise of IS audit independence

C.

IS audit resources being shared with other IT functions

D.

IS audit being isolated from other audit functions

Full Access
Question # 210

The PRIMARY objective of a control self-assessment (CSA) is to:

A.

educate functional areas on risks and controls.

B.

ensure appropriate access controls are implemented.

C.

eliminate the audit risk by leveraging management's analysis.

D.

gain assurance for business functions that cannot be audited.

Full Access
Question # 211

The FIRST step in an incident response plan is to:

A.

validate the incident.

B.

notify the head of the IT department.

C.

isolate systems impacted by the incident.

D.

initiate root cause analysis.

Full Access
Question # 212

Which of the following provides the BEST evidence of the validity and integrity of logs in an organization's security information and event management (SIEM) system?

A.

Compliance testing

B.

Stop-or-go sampling

C.

Substantive testing

D.

Variable sampling

Full Access
Question # 213

Which of the following areas of responsibility would cause the GREATEST segregation of duties conflict if the individual who performs the related tasks also has approval authority?

A.

Purchase requisitions and purchase orders

B.

Invoices and reconciliations

C.

Vendor selection and statements of work

D.

Good receipts and payments

Full Access
Question # 214

An IS auditor should look for which of the following to ensure the risk associated with scope creep has been mitigated during software development?

A.

Source code version control

B.

Project change management controls

C.

Existence of an architecture review board

D.

Configuration management

Full Access
Question # 215

A security administrator is called in the middle of the night by the on-call programmer A number of programs have failed, and the programmer has asked for access to the live system. What IS the BEST course of action?

A.

Require that a change request be completed and approved

B.

Give the programmer an emergency ID for temporary access and review the activity

C.

Give the programmer read-only access to investigate the problem

D.

Review activity logs the following day and investigate any suspicious activity

Full Access
Question # 216

Which of the following is MOST important for the successful establishment of a security vulnerability management program?

A.

A robust tabletop exercise plan

B.

A comprehensive asset inventory

C.

A tested incident response plan

D.

An approved patching policy

Full Access
Question # 217

Which type of attack poses the GREATEST risk to an organization's most sensitive data?

A.

Password attack

B.

Eavesdropping attack

C.

Insider attack

D.

Spear phishing attack

Full Access
Question # 218

Aligning IT strategy with business strategy PRIMARILY helps an organization to:

A.

optimize investments in IT.

B.

create risk awareness across business units.

C.

increase involvement of senior management in IT.

D.

monitor the effectiveness of IT.

Full Access
Question # 219

An IS auditor is verifying the adequacy of an organization's internal controls and is concerned about potential circumvention of regulations. Which of the following is the BEST sampling method to use?

A.

Variable sampling

B.

Random sampling

C.

Cluster sampling

D.

Attribute sampling

Full Access
Question # 220

Which of the following is MOST helpful for an IS auditor to review when evaluating an organizations business process that are supported by applications and IT systems?

A.

Configuration management database (CMDB)

B.

Enterprise architecture (EA)

C.

IT portfolio management

D.

IT service management

Full Access
Question # 221

An IS auditor reviewing a job scheduling tool notices performance and reliability problems. Which of the following is MOST likely affecting the tool?

A.

Administrator passwords do not meet organizational security and complexity requirements.

B.

The number of support staff responsible for job scheduling has been reduced.

C.

The scheduling tool was not classified as business-critical by the IT department.

D.

Maintenance patches and the latest enhancement upgrades are missing.

Full Access
Question # 222

An IS auditor discovers that validation controls in a web application have been moved from the server side into the browser to boost performance. This would MOST likely increase the risk of a successful attack by:

A.

structured query language (SQL) injection

B.

buffer overflow.

C.

denial of service (DoS).

D.

phishing.

Full Access
Question # 223

An IS audit manager is reviewing workpapers for a recently completed audit of the corporate disaster recovery test. Which of the following should the IS audit manager specifically review to substantiate the conclusions?

A.

Overviews of interviews between data center personnel and the auditor

B.

Prior audit reports involving other corporate disaster recovery audits

C.

Summary memos reflecting audit opinions regarding noted weaknesses

D.

Detailed evidence of the successes and weaknesses of all contingency testing

Full Access
Question # 224

An IS auditor has been asked to advise on measures to improve IT governance within the organization. Which of the following IS the BEST recommendation?

A.

Benchmark organizational performance against industry peers

B.

Implement key performance indicators (KPIs).

C.

Require executive management to draft IT strategy

D.

Implement annual third-party audits.

Full Access
Question # 225

Which of the following is the MOST important control for virtualized environments?

A.

Regular updates of policies for the operation of the virtualized environment

B.

Hardening for the hypervisor and guest machines

C.

Redundancy of hardware resources and network components

D.

Monitoring utilization of resources at the guest operating system level

Full Access
Question # 226

Which of the following is the BEST way to identify whether the IT help desk is meeting service level agreements (SLAS)?

A.

Review exception reports

B.

Review IT staffing schedules.

C.

Analyze help desk ticket logs

D.

Conduct IT management interviews

Full Access
Question # 227

During audit planning, the IS audit manager is considering whether to budget for audits of entities regarded by the business as having low risk. Which of the following is the BEST course of action in this situation?

A.

Outsource low-risk audits to external audit service providers.

B.

Conduct limited-scope audits of low-risk business entities.

C.

Validate the low-risk entity ratings and apply professional judgment.

D.

Challenge the risk rating and include the low-risk entities in the plan.

Full Access
Question # 228

Which of the following provides the MOST protection against emerging threats?

A.

Demilitarized zone (DMZ)

B.

Heuristic intrusion detection system (IDS)

C.

Real-time updating of antivirus software

D.

Signature-based intrusion detection system (IDS)

Full Access
Question # 229

An organization relies on an external vendor that uses a cloud-based Software as a Service (SaaS) model to back up its data. Which of the following is the GREATEST risk to the organization related to data backup and retrieval?

A.

The organization may be locked into an unfavorable contract with the vendor.

B.

The vendor may be unable to restore critical data.

C.

The vendor may be unable to restore data by recovery time objective (RTO) requirements.

D.

The organization may not be allowed to inspect the vendor's data center.

Full Access
Question # 230

Which of the following BEST supports the effectiveness of a compliance program?

A.

Implementing an awareness plan regarding compliance regulation requirements

B.

Implementing a governance, risk, and compliance (GRC) tool to track compliance to regulations

C.

Assessing and tracking all compliance audit findings

D.

Monitoring which compliance regulations apply to the organization

Full Access
Question # 231

What is the FIRST step when creating a data classification program?

A.

Categorize and prioritize data.

B.

Develop data process maps.

C.

Categorize information by owner.

D.

Develop a policy.

Full Access
Question # 232

Which of the following would BEST indicate the effectiveness of a security awareness training program?

A.

Results of third-party social engineering tests

B.

Employee satisfaction with training

C.

Increased number of employees completing training

D.

Reduced unintentional violations

Full Access
Question # 233

Which of the following is MOST critical to the success of an information security program?

A.

User accountability for information security

B.

Management's commitment to information security

C.

Integration of business and information security

D.

Alignment of information security with IT objectives

Full Access
Question # 234

An IS auditor is reviewing an organization's business intelligence infrastructure. The BEST recommendation to help the organization achieve a reasonable level of data quality would be to:

A.

review data against data classification standards.

B.

outsource data cleansing to skilled service providers.

C.

consolidate data stored across separate databases into a warehouse.

D.

analyze the data against predefined specifications.

Full Access
Question # 235

When reviewing an IT strategic plan, the GREATEST concern would be that

A.

an IT strategy committee has not been created

B.

the plan does not support relevant organizational goals.

C.

there are no key performance indicators (KPls).

D.

the plan was not formally approved by the board of directors

Full Access
Question # 236

Which of the following should be done FIRST to minimize the risk of unstructured data?

A.

Identify repositories of unstructured data.

B.

Purchase tools to analyze unstructured data.

C.

Implement strong encryption for unstructured data.

D.

Implement user access controls to unstructured data.

Full Access
Question # 237

A transaction processing system interfaces with the general ledger. Data analytics has identified that some transactions are being recorded twice in the general ledger. While management states a system fix has been implemented, what should the IS auditor recommend to validate the interface is working in the future?

A.

Perform periodic reconciliations.

B.

Ensure system owner sign-off for the system fix.

C.

Conduct functional testing.

D.

Improve user acceptance testing (UAT).

Full Access
Question # 238

Which of the following is BEST used for detailed testing of a business application's data and configuration files?

A.

Version control software

B.

Audit hooks

C.

Utility software

D.

Audit analytics tool

Full Access
Question # 239

What should an IS auditor evaluate FIRST when reviewing an organization's response to new privacy legislation?

A.

Implementation plan for restricting the collection of personal information

B.

Privacy legislation in other countries that may contain similar requirements

C.

Operational plan for achieving compliance with the legislation

D.

Analysis of systems that contain privacy components

Full Access
Question # 240

Which of the following is the BEST security control to validate the integrity of data communicated between production databases and a big data analytics

system?

A.

Hashing in-scope data sets

B.

Encrypting in-scope data sets

C.

Running and comparing the count function within the in-scope data sets

D.

Hosting a digital certificate for in-scope data sets

Full Access
Question # 241

Which of the following is the MOST important advantage of participating in beta testing of software products?

A.

It increases an organization's ability to retain staff who prefer to work with new technology.

B.

It improves vendor support and training.

C.

It enhances security and confidentiality.

D.

It enables an organization to gain familiarity with new products and their functionality.

Full Access
Question # 242

Retention periods and conditions for the destruction of personal data should be determined by the.

A.

risk manager.

B.

database administrator (DBA).

C.

privacy manager.

D.

business owner.

Full Access
Question # 243

Which of the following should be done FIRST when planning to conduct internal and external penetration testing for a client?

A.

Establish the timing of testing.

B.

Identify milestones.

C.

Determine the test reporting

D.

Establish the rules of engagement.

Full Access
Question # 244

Which of the following is the MOST effective accuracy control for entry of a valid numeric part number?

A.

Hash totals

B.

Online review of description

C.

Comparison to historical order pattern

D.

Self-checking digit

Full Access
Question # 245

During the review of a system disruption incident, an IS auditor notes that IT support staff were put in a position to make decisions beyond their level of authority.

Which of the following is the BEST recommendation to help prevent this situation in the future?

A.

Introduce escalation protocols.

B.

Develop a competency matrix.

C.

Implement fallback options.

D.

Enable an emergency access ID.

Full Access
Question # 246

An organization is disposing of removable onsite media which contains sensitive information. Which of the following is the MOST effective method to prevent disclosure of sensitive data?

A.

Encrypting and destroying keys

B.

Machine shredding

C.

Software formatting

D.

Wiping and rewriting three times

Full Access
Question # 247

Which of the following is the BEST reason to implement a data retention policy?

A.

To establish a recovery point objective (RPO) for disaster recovery procedures

B.

To limit the liability associated with storing and protecting information

C.

To document business objectives for processing data within the organization

D.

To assign responsibility and ownership for data protection outside IT

Full Access
Question # 248

Which of the following is the BEST method to maintain an audit trail of changes made to the source code of a program?

A.

Embed details within source code.

B.

Standardize file naming conventions.

C.

Utilize automated version control.

D.

Document details on a change register.

Full Access
Question # 249

During an operational audit on the procurement department, the audit team encounters a key system that uses an artificial intelligence (Al) algorithm. The audit team does not have the necessary knowledge to proceed with the audit. Which of the following is the BEST way to handle this situation?

A.

Perform a skills assessment to identify members from other business units with knowledge of Al.

B.

Remove the Al portion from the audit scope and proceed with the audit.

C.

Delay the audit until the team receives training on Al.

D.

Engage external consultants who have audit experience and knowledge of Al.

Full Access
Question # 250

Which of the following would provide management with the MOST reasonable assurance that a new data warehouse will meet the needs of the

organization?

A.

Integrating data requirements into the system development life cycle (SDLC)

B.

Appointing data stewards to provide effective data governance

C.

Classifying data quality issues by the severity of their impact to the organization

D.

Facilitating effective communication between management and developers

Full Access
Question # 251

Which of the following BEST describes the role of a document owner when implementing a data classification policy in an organization?

A.

Classifies documents to correctly reflect the level of sensitivity of information they contain

B.

Defines the conditions under which documents containing sensitive information may be transmitted

C.

Classifies documents in accordance with industry standards and best practices

D.

Ensures documents are handled in accordance With the sensitivity of information they contain

Full Access
Question # 252

Which of the following BEST enables a benefits realization process for a system development project?

A.

Metrics for the project have been selected before the project begins.

B.

Project budget includes costs to execute the project and costs associated with the solution.

C.

Estimates of business benefits are backed by similar previously completed projects.

D.

Metrics are evaluated immediately after the project has been implemented.

Full Access
Question # 253

Which of the following is the BEST compensating control against segregation of duties conflicts in new code development?

A.

Adding the developers to the change approval board

B.

A small number of people have access to deploy code

C.

Post-implementation change review

D.

Creation of staging environments

Full Access
Question # 254

Which of the following is an IS auditor's BEST recommendation to mitigate the risk of eavesdropping

associated with an application programming interface (API) integration implementation?

A.

Encrypt the extensible markup language (XML) file.

B.

Implement Transport Layer Security (TLS).

C.

Implement Simple Object Access Protocol (SOAP).

D.

Mask the API endpoints.

Full Access
Question # 255

An IS auditor learns that an organization's business continuity plan (BCP) has not been updated in the last 18 months and that the organization recently closed a production plant. Which of the following is the auditor's BEST course of action?

A.

Determine whether the business impact analysis (BIA) is current with the organization's structure and context.

B.

Determine the types of technologies used at the plant and how they may affect the BCP.

C.

Perform testing to determine the impact to the recovery time objective (R TO).

D.

Assess the risk to operations from the closing of the plant.

Full Access
Question # 256

A global organization's policy states that all workstations must be scanned for malware each day. Which of the following would provide an IS auditor with the BEST evidence of continuous compliance with this policy?

A.

Penetration testing results

B.

Management attestation

C.

Anti-malware tool audit logs

D.

Recent malware scan reports

Full Access
Question # 257

An IS auditor is providing input to an RFP to acquire a financial application system. Which of the following is MOST important for the auditor to recommend?

A.

The application should meet the organization's requirements.

B.

Audit trails should be included in the design.

C.

Potential suppliers should have experience in the relevant area.

D.

Vendor employee background checks should be conducted regularly.

Full Access
Question # 258

Which of the following would be MOST effective in detecting the presence of an unauthorized wireless access point on an internal network?

A.

Continuous network monitoring

B.

Periodic network vulnerability assessments

C.

Review of electronic access logs

D.

Physical security reviews

Full Access
Question # 259

Which of the following is the PRIMARY benefit of a tabletop exercise for an incident response plan?

A.

It demonstrates the maturity of the incident response program.

B.

It reduces the likelihood of an incident occurring.

C.

It identifies deficiencies in the operating environment.

D.

It increases confidence in the team's response readiness.

Full Access
Question # 260

Which of the following methods would BEST help detect unauthorized disclosure of confidential documents sent over corporate email?

A.

Requiring all users to encrypt documents before sending

B.

Installing firewalls on the corporate network

C.

Reporting all outgoing emails that are marked as confidential

D.

Monitoring all emails based on pre-defined criteria

Full Access
Question # 261

Which of the following criteria is MOST important for the successful delivery of benefits from an IT project?

A.

Assessing the impact of changes to individuals and business units within the organization

B.

Involving key stakeholders during the development and execution phases of the project

C.

Ensuring that IT project managers have sign-off authority on the business case

D.

Quantifying the size of the software development effort required by the project

Full Access
Question # 262

An IS auditor is reviewing a machine learning algorithm-based system for loan approvals and is preparing a data set to test the algorithm for bias. Which of the following is MOST important for the auditor’s test data set to include?

A.

Applicants of all ages

B.

Applicants from a range of geographic areas and income levels

C.

Incomplete records and incorrectly formatted data

D.

Duplicate records

Full Access
Question # 263

An IS auditor discovers that a developer has used the same key to grant access to multiple applications making calls to an application programming interface (API). Which of the following is the BEST recommendation to address this situation?

A.

Replace the API key with time-limited tokens that grant least privilege access.

B.

Authorize the API key to allow read-only access by all applications.

C.

Implement a process to expire the API key after a previously agreed-upon period of time.

D.

Coordinate an API key rotation exercise with all impacted application owners.

Full Access
Question # 264

An organization's security team created a simulated production environment with multiple vulnerable applications. What would be the PRIMARY purpose of creating such an environment?

A.

To test the intrusion detection system (IDS)

B.

To provide training to security managers

C.

To collect digital evidence of cyberattacks

D.

To attract attackers in order to study their behavior

Full Access
Question # 265

The BEST way to provide assurance that a project is adhering to the project plan is to:

A.

require design reviews at appropriate points in the life cycle.

B.

have an IS auditor participate on the steering committee.

C.

have an IS auditor participate on the quality assurance (QA) team.

D.

conduct compliance audits at major system milestones.

Full Access
Question # 266

An IS auditor has learned that access privileges are not periodically reviewed or updated. Which of the following would provide the BEST evidence to determine whether transactions have been executed by authorized employees?

A.

Audit trails

B.

Control totals

C.

Reconciliations

D.

Change logs

Full Access
Question # 267

Due to limited storage capacity, an organization has decided to reduce the actual retention period for media containing completed low-value transactions. Which of the following is MOST important for the organization to ensure?

A.

The policy includes a strong risk-based approach.

B.

The retention period allows for review during the year-end audit.

C.

The retention period complies with data owner responsibilities.

D.

The total transaction amount has no impact on financial reporting

Full Access
Question # 268

An IS auditor Is reviewing a recent security incident and is seeking information about me approval of a recent modification to a database system's security settings Where would the auditor MOST likely find this information?

A.

System event correlation report

B.

Database log

C.

Change log

D.

Security incident and event management (SIEM) report

Full Access
Question # 269

An employee loses a mobile device resulting in loss of sensitive corporate data. Which o( the following would have BEST prevented data leakage?

A.

Data encryption on the mobile device

B.

Complex password policy for mobile devices

C.

The triggering of remote data wipe capabilities

D.

Awareness training for mobile device users

Full Access
Question # 270

A manager Identifies active privileged accounts belonging to staff who have left the organization. Which of the following is the threat actor In this scenario?

A.

Terminated staff

B.

Unauthorized access

C.

Deleted log data

D.

Hacktivists

Full Access
Question # 271

Which of the following represents the HIGHEST level of maturity of an information security program?

A.

A training program is in place to promote information security awareness.

B.

A framework is in place to measure risks and track effectiveness.

C.

Information security policies and procedures are established.

D.

The program meets regulatory and compliance requirements.

Full Access
Question # 272

UESTION NO: 210

An accounting department uses a spreadsheet to calculate sensitive financial transactions. Which of the following is the MOST important control for maintaining the security of data in the spreadsheet?

A.

There Is a reconciliation process between the spreadsheet and the finance system

B.

A separate copy of the spreadsheet is routinely backed up

C.

The spreadsheet is locked down to avoid inadvertent changes

D.

Access to the spreadsheet is given only to those who require access

Full Access
Question # 273

During an audit of a financial application, it was determined that many terminated users' accounts were not disabled. Which of the following should be the IS auditor's NEXT step?

A.

Perform substantive testing of terminated users' access rights.

B.

Perform a review of terminated users' account activity

C.

Communicate risks to the application owner.

D.

Conclude that IT general controls ate ineffective.

Full Access
Question # 274

An organization that has suffered a cyber-attack is performing a forensic analysis of the affected users' computers. Which of the following should be of GREATEST concern for the IS auditor reviewing this process?

A.

An imaging process was used to obtain a copy of the data from each computer.

B.

The legal department has not been engaged.

C.

The chain of custody has not been documented.

D.

Audit was only involved during extraction of the Information

Full Access
Question # 275

Which of the following MUST be completed as part of the annual audit planning process?

A.

Business impact analysis (BIA)

B.

Fieldwork

C.

Risk assessment

D.

Risk control matrix

Full Access
Question # 276

When planning an audit to assess application controls of a cloud-based system, it is MOST important tor the IS auditor to understand the.

A.

architecture and cloud environment of the system.

B.

business process supported by the system.

C.

policies and procedures of the business area being audited.

D.

availability reports associated with the cloud-based system.

Full Access
Question # 277

An IS auditor is analyzing a sample of accesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found Which sampling method would be appropriate?

A.

Discovery sampling

B.

Judgmental sampling

C.

Variable sampling

D.

Stratified sampling

Full Access
Question # 278

Which of the following findings should be of GREATEST concern to an IS auditor performing a review of IT operations?

A.

The job scheduler application has not been designed to display pop-up error messages.

B.

Access to the job scheduler application has not been restricted to a maximum of two staff members

C.

Operations shift turnover logs are not utilized to coordinate and control the processing environment

D.

Changes to the job scheduler application's parameters are not approved and reviewed by an operations supervisor

Full Access
Question # 279

The PRIMARY reason for an IS auditor to use data analytics techniques is to reduce which type of audit risk?

A.

Technology risk

B.

Detection risk

C.

Control risk

D.

Inherent risk

Full Access
Question # 280

Which of the following documents should specify roles and responsibilities within an IT audit organization?

A.

Organizational chart

B.

Audit charier

C.

Engagement letter

D.

Annual audit plan

Full Access
Question # 281

Which of the following business continuity activities prioritizes the recovery of critical functions?

A.

Business continuity plan (BCP) testing

B.

Business impact analysis (BIA)

C.

Disaster recovery plan (DRP) testing

D.

Risk assessment

Full Access
Question # 282

Which of the following BEST Indicates that an incident management process is effective?

A.

Decreased time for incident resolution

B.

Increased number of incidents reviewed by IT management

C.

Decreased number of calls lo the help desk

D.

Increased number of reported critical incidents

Full Access
Question # 283

Which of the following observations would an IS auditor consider the GREATEST risk when conducting an audit of a virtual server farm tor potential software vulnerabilities?

A.

Guest operating systems are updated monthly

B.

The hypervisor is updated quarterly.

C.

A variety of guest operating systems operate on one virtual server

D.

Antivirus software has been implemented on the guest operating system only.

Full Access
Question # 284

A now regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification. Which of the following is the IS auditor’s BEST recommendation to facilitate compliance with the regulation?

A.

Establish key performance indicators (KPls) for timely identification of security incidents.

B.

Engage an external security incident response expert for incident handling.

C.

Enhance the alert functionality of the intrusion detection system (IDS).

D.

Include the requirement in the incident management response plan.

Full Access
Question # 285

An organization has recently implemented a Voice-over IP (VoIP) communication system. Which ot the following should be the IS auditor's PRIMARY concern?

A.

A single point of failure for both voice and data communications

B.

Inability to use virtual private networks (VPNs) for internal traffic

C.

Lack of integration of voice and data communications

D.

Voice quality degradation due to packet toss

Full Access
Question # 286

An IS auditor is reviewing the release management process for an in-house software development solution. In which environment Is the software version MOST likely to be the same as production?

A.

Staging

B.

Testing

C.

Integration

D.

Development

Full Access
Question # 287

Which of the following must be in place before an IS auditor initiates audit follow-up activities?

A.

Available resources for the activities included in the action plan

B.

A management response in the final report with a committed implementation date

C.

A heal map with the gaps and recommendations displayed in terms of risk

D.

Supporting evidence for the gaps and recommendations mentioned in the audit report

Full Access
Question # 288

Which of the following will MOST likely compromise the control provided By a digital signature created using RSA encryption?

A.

Reversing the hash function using the digest

B.

Altering the plaintext message

C.

Deciphering the receiver's public key

D.

Obtaining the sender's private key

Full Access
Question # 289

An IS auditor is reviewing an industrial control system (ICS) that uses older unsupported technology in the scope of an upcoming audit. What should the auditor consider the MOST significant concern?

A.

Attack vectors are evolving for industrial control systems.

B.

There is a greater risk of system exploitation.

C.

Disaster recovery plans (DRPs) are not in place.

D.

Technical specifications are not documented.

Full Access
Question # 290

An organization plans to receive an automated data feed into its enterprise data warehouse from a third-party service provider. Which of the following would be the BEST way to prevent accepting bad data?

A.

Obtain error codes indicating failed data feeds.

B.

Purchase data cleansing tools from a reputable vendor.

C.

Appoint data quality champions across the organization.

D.

Implement business rules to reject invalid data.

Full Access
Question # 291

Which of the following is the PRIMARY reason to follow a configuration management process to maintain application?

A.

To optimize system resources

B.

To follow system hardening standards

C.

To optimize asset management workflows

D.

To ensure proper change control

Full Access
Question # 292

An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives. Which of the following findings should be the IS auditor's GREATEST concern?

A.

Users are not required to sign updated acceptable use agreements.

B.

Users have not been trained on the new system.

C.

The business continuity plan (BCP) was not updated.

D.

Mobile devices are not encrypted.

Full Access
Question # 293

Which of the following is the MOST important reason to classify a disaster recovery plan (DRP) as confidential?

A.

Ensure compliance with the data classification policy.

B.

Protect the plan from unauthorized alteration.

C.

Comply with business continuity best practice.

D.

Reduce the risk of data leakage that could lead to an attack.

Full Access
Question # 294

An IS auditor is reviewing an organization's primary router access control list. Which of the following should result in a finding?

A.

There are conflicting permit and deny rules for the IT group.

B.

The network security group can change network address translation (NAT).

C.

Individual permissions are overriding group permissions.

D.

There is only one rule per group with access privileges.

Full Access
Question # 295

During an exit interview, senior management disagrees with some of me facts presented m the draft audit report and wants them removed from the report. Which of the following would be the auditor's BEST course of action?

A.

Revise the assessment based on senior management's objections.

B.

Escalate the issue to audit management.

C.

Finalize the draft audit report without changes.

D.

Gather evidence to analyze senior management's objections

Full Access
Question # 296

Which of the following is MOST important for an IS auditor to consider when performing the risk assessment poor to an audit engagement?

A.

The design of controls

B.

Industry standards and best practices

C.

The results of the previous audit

D.

The amount of time since the previous audit

Full Access
Question # 297

For an organization that has plans to implement web-based trading, it would be MOST important for an IS auditor to verify the organization's information security plan includes:

A.

attributes for system passwords.

B.

security training prior to implementation.

C.

security requirements for the new application.

D.

the firewall configuration for the web server.

Full Access
Question # 298

Which of the following occurs during the issues management process for a system development project?

A.

Contingency planning

B.

Configuration management

C.

Help desk management

D.

Impact assessment

Full Access
Question # 299

Which of the following is the BEST source of information for an IS auditor to use as a baseline to assess the adequacy of an organization's privacy policy?

A.

Historical privacy breaches and related root causes

B.

Globally accepted privacy best practices

C.

Local privacy standards and regulations

D.

Benchmark studies of similar organizations

Full Access
Question # 300

An organization has developed mature risk management practices that are followed across all departments What is the MOST effective way for the audit team to leverage this risk management maturity?

A.

Implementing risk responses on management's behalf

B.

Integrating the risk register for audit planning purposes

C.

Providing assurances to management regarding risk

D.

Facilitating audit risk identification and evaluation workshops

Full Access
Question # 301

When auditing the alignment of IT to the business strategy, it is MOST Important for the IS auditor to:

A.

compare the organization's strategic plan against industry best practice.

B.

interview senior managers for their opinion of the IT function.

C.

ensure an IT steering committee is appointed to monitor new IT projects.

D.

evaluate deliverables of new IT initiatives against planned business services.

Full Access
Question # 302

During a follow-up audit, it was found that a complex security vulnerability of low risk was not resolved within the agreed-upon timeframe. IT has stated that the system with the identified vulnerability is being replaced and is expected to be fully functional in two months Which of the following is the BEST course of action?

A.

Require documentation that the finding will be addressed within the new system

B.

Schedule a meeting to discuss the issue with senior management

C.

Perform an ad hoc audit to determine if the vulnerability has been exploited

D.

Recommend the finding be resolved prior to implementing the new system

Full Access
Question # 303

The performance, risks, and capabilities of an IT infrastructure are BEST measured using a:

A.

risk management review

B.

control self-assessment (CSA).

C.

service level agreement (SLA).

D.

balanced scorecard.

Full Access
Question # 304

An organization was recently notified by its regulatory body of significant discrepancies in its reporting data. A preliminary investigation revealed that the discrepancies were caused by problems with the organization's data quality Management has directed the data quality team to enhance their program. The audit committee has asked internal audit to be advisors to the process. To ensure that management concerns are addressed, which data set should internal audit recommend be reviewed FIRST?

A.

Data with customer personal information

B.

Data reported to the regulatory body

C.

Data supporting financial statements

D.

Data impacting business objectives

Full Access
Question # 305

An IS auditor notes that IT and the business have different opinions on the availability of their application servers. Which of the following should the IS auditor review FIRST in order to understand the problem?

A.

The exact definition of the service levels and their measurement

B.

The alerting and measurement process on the application servers

C.

The actual availability of the servers as part of a substantive test

D.

The regular performance-reporting documentation

Full Access
Question # 306

In order to be useful, a key performance indicator (KPI) MUST

A.

be approved by management.

B.

be measurable in percentages.

C.

be changed frequently to reflect organizational strategy.

D.

have a target value.

Full Access
Question # 307

In an online application which of the following would provide the MOST information about the transaction audit trail?

A.

File layouts

B.

Data architecture

C.

System/process flowchart

D.

Source code documentation

Full Access
Question # 308

Which of the following would be of MOST concern for an IS auditor evaluating the design of an organization's incident management processes?

A.

Service management standards are not followed.

B.

Expected time to resolve incidents is not specified.

C.

Metrics are not reported to senior management.

D.

Prioritization criteria are not defined.

Full Access
Question # 309

Which of the following is MOST important to verify when determining the completeness of the vulnerability scanning process?

A.

The organization's systems inventory is kept up to date.

B.

Vulnerability scanning results are reported to the CISO.

C.

The organization is using a cloud-hosted scanning tool for Identification of vulnerabilities

D.

Access to the vulnerability scanning tool is periodically reviewed

Full Access
Question # 310

During an audit of a multinational bank's disposal process, an IS auditor notes several findings. Which of the following should be the auditor's GREATEST concern?

A.

Backup media are not reviewed before disposal.

B.

Degaussing is used instead of physical shredding.

C.

Backup media are disposed before the end of the retention period

D.

Hardware is not destroyed by a certified vendor.

Full Access
Question # 311

An internal audit department recently established a quality assurance (QA) program. Which of the following activities Is MOST important to include as part of the QA program requirements?

A.

Long-term Internal audit resource planning

B.

Ongoing monitoring of the audit activities

C.

Analysis of user satisfaction reports from business lines

D.

Feedback from Internal audit staff

Full Access
Question # 312

An information systems security officer's PRIMARY responsibility for business process applications is to:

A.

authorize secured emergency access

B.

approve the organization's security policy

C.

ensure access rules agree with policies

D.

create role-based rules for each business process

Full Access
Question # 313

Which of the following provides IS audit professionals with the BEST source of direction for performing audit functions?

A.

Audit charter

B.

IT steering committee

C.

Information security policy

D.

Audit best practices

Full Access
Question # 314

Which of the following BEST demonstrates that IT strategy Is aligned with organizational goals and objectives?

A.

IT strategies are communicated to all Business stakeholders

B.

Organizational strategies are communicated to the chief information officer (CIO).

C.

Business stakeholders are Involved In approving the IT strategy.

D.

The chief information officer (CIO) is involved In approving the organizational strategies

Full Access
Question # 315

Which of the following findings should be of GREATEST concern for an IS auditor when auditing the effectiveness of a phishing simu-lation test administered for staff members?

A.

Staff members who failed the test did not receive follow-up education

B.

Test results were not communicated to staff members.

C.

Staff members were not notified about the test beforehand.

D.

Security awareness training was not provided prior to the test.

Full Access
Question # 316

A month after a company purchased and implemented system and performance monitoring software, reports were too large and therefore were not reviewed or acted upon The MOST effective plan of action would be to:

A.

evaluate replacement systems and performance monitoring software.

B.

restrict functionality of system monitoring software to security-related events.

C.

re-install the system and performance monitoring software.

D.

use analytical tools to produce exception reports from the system and performance monitoring software

Full Access
Question # 317

The due date of an audit project is approaching, and the audit manager has determined that only 60% of the audit has been completed. Which of the following should the audit manager do FIRST?

A.

Determine where delays have occurred

B.

Assign additional resources to supplement the audit

C.

Escalate to the audit committee

D.

Extend the audit deadline

Full Access
Question # 318

Which of the following types of firewalls provide the GREATEST degree of control against hacker intrusion?

A.

Circuit gateway

B.

Application level gateway

C.

Packet filtering router

D.

Screening router

Full Access
Question # 319

What is the Most critical finding when reviewing an organization’s information security management?

A.

No dedicated security officer

B.

No official charier for the information security management system

C.

No periodic assessments to identify threats and vulnerabilities

D.

No employee awareness training and education program

Full Access
Question # 320

Which of the following should be of MOST concern to an IS auditor reviewing the public key infrastructure (PKI) for enterprise email?

A.

The certificate revocation list has not been updated.

B.

The PKI policy has not been updated within the last year.

C.

The private key certificate has not been updated.

D.

The certificate practice statement has not been published

Full Access
Question # 321

An IS auditor is reviewing security controls related to collaboration tools for a business unit responsible for intellectual property and patents. Which of the following observations should be of MOST concern to the auditor?

A.

Training was not provided to the department that handles intellectual property and patents

B.

Logging and monitoring for content filtering is not enabled.

C.

Employees can share files with users outside the company through collaboration tools.

D.

The collaboration tool is hosted and can only be accessed via an Internet browser

Full Access
Question # 322

During an IT governance audit, an IS auditor notes that IT policies and procedures are not regularly reviewed and updated. The GREATEST concern to the IS auditor is that policies and procedures might not:

A.

reflect current practices.

B.

include new systems and corresponding process changes.

C.

incorporate changes to relevant laws.

D.

be subject to adequate quality assurance (QA).

Full Access
Question # 323

Which of the following activities provides an IS auditor with the MOST insight regarding potential single person dependencies that might exist within the organization?

A.

Reviewing vacation patterns

B.

Reviewing user activity logs

C.

Interviewing senior IT management

D.

Mapping IT processes to roles

Full Access
Question # 324

Which of the following controls BEST ensures appropriate segregation of dudes within an accounts payable department?

A.

Ensuring that audit trails exist for transactions

B.

Restricting access to update programs to accounts payable staff only

C.

Including the creator's user ID as a field in every transaction record created

D.

Restricting program functionality according to user security profiles

Full Access
Question # 325

Which of the following would lead an IS auditor to conclude that the evidence collected during a digital forensic investigation would not be admissible in court?

A.

The person who collected the evidence is not qualified to represent the case.

B.

The logs failed to identify the person handling the evidence.

C.

The evidence was collected by the internal forensics team.

D.

The evidence was not fully backed up using a cloud-based solution prior to the trial.

Full Access
Question # 326

An IS auditor should ensure that an application's audit trail:

A.

has adequate security.

B.

logs ail database records.

C.

Is accessible online

D.

does not impact operational efficiency

Full Access
Question # 327

Which of the following is the MOST important success factor for implementing a data loss prevention (DLP) tool?

A.

Implementing the tool in monitor mode to avoid unnecessary blocking of communication

B.

Defining and configuring policies and tool rule sets to monitor sensitive data movement

C.

Testing the tool in a test environment before moving to the production environment

D.

Assigning responsibilities for maintaining the tool to applicable data owners and stakeholders

Full Access
Question # 328

What type of control has been implemented when secure code reviews are conducted as part of a deployment program?

A.

Monitoring

B.

Deterrent

C.

Detective

D.

Corrective

Full Access
Question # 329

Which of the following is MOST important to define within a disaster recovery plan (DRP)?

A.

A comprehensive list of disaster recovery scenarios and priorities

B.

Business continuity plan (BCP)

C.

Test results for backup data restoration

D.

Roles and responsibilities for recovery team members

Full Access
Question # 330

Data from a system of sensors located outside of a network is received by the open ports on a server. Which of the following is the BEST way to ensure the integrity of the data being collected from the sensor system?

A.

Route the traffic from the sensor system through a proxy server.

B.

Hash the data that is transmitted from the sensor system.

C.

Implement network address translation on the sensor system.

D.

Transmit the sensor data via a virtual private network (VPN) to the server.

Full Access
Question # 331

Which of the following should be an IS auditor's GREATEST concern when assessing an IT service configuration database?

A.

The database is read-accessible for all users.

B.

The database is write-accessible for all users.

C.

The database is not encrypted at rest.

D.

The database is executable for all users.

Full Access
Question # 332

Which of the following audit procedures would provide the BEST assurance that an application program is functioning as designed?

A.

Using a continuous auditing module

B.

Interviewing business management

C.

Confirming accounts

D.

Reviewing program documentation

Full Access
Question # 333

Which of the following presents the GREATEST risk associated with end-user computing (EUC) applica-tions over financial reporting?

A.

Inability to quickly modify and deploy a solution

B.

Lack of portability for users

C.

Loss of time due to manual processes

D.

Calculation errors in spreadsheets

Full Access
Question # 334

An IS auditor found that operations personnel failed to run a script contributing to year-end financial statements. Which of the following is the BEST recommendation?

A.

Retrain operations personnel.

B.

Implement a closing checklist.

C.

Update the operations manual.

D.

Bring staff with financial experience into operations.

Full Access
Question # 335

Which of the following is the MOST important consideration when establishing operational log management?

A.

Types of data

B.

Log processing efficiency

C.

IT organizational structure

D.

Log retention period

Full Access
Question # 336

Which of the following BEST indicates a need to review an organization's information security policy?

A.

High number of low-risk findings in the audit report

B.

Increasing exceptions approved by management

C.

Increasing complexity of business transactions

D.

Completion of annual IT risk assessment

Full Access
Question # 337

An IS auditor is assessing the adequacy of management's remediation action plan. Which of the following should be the MOST important consideration?

A.

Plan approval by the audit committee

B.

Impacts on future audit work

C.

Criticality of audit findings

D.

Potential cost savings

Full Access
Question # 338

An organization has implemented a new data classification scheme and asks the IS auditor to evaluate its effectiveness. Which of the following would be of

GREATEST concern to the auditor?

A.

End-user managers determine who should access what information.

B.

The organization has created a dozen different classification categories.

C.

The compliance manager decides how the information should be classified.

D.

The organization classifies most of its information as confidential.

Full Access
Question # 339

An organization allows programmers to change production systems in emergency situations without seeking prior approval. Which of the following controls should an IS auditor consider MOST

important?

A.

Programmers' subsequent reports

B.

Limited number of super users

C.

Operator logs

D.

Automated log of changes

Full Access
Question # 340

Which of the following should be of MOST concern to an IS auditor reviewing an organization's operational log management?

A.

Log file size has grown year over year.

B.

Critical events are being logged to immutable log files.

C.

Applications are logging events into multiple log files.

D.

Data formats have not been standardized across all logs.

Full Access
Question # 341

An IS auditor is reviewing a medical device that is attached to a patient’s body, which automatically takes and uploads measurements to a cloud server. Treatment may be updated based on the measurements. Which of the following should be the auditor's PRIMARY focus?

A.

Physical access controls on the device

B.

Security and quality certification of the device

C.

Device identification and authentication

D.

Confirmation that the device is regularly updated

Full Access
Question # 342

Which of the following is a threat to IS auditor independence?

A.

Internal auditors share the audit plan and control test plans with management prior to audit commencement.

B.

Internal auditors design remediation plans to address control gaps identified by internal audit.

C.

Internal auditors attend IT steering committee meetings.

D.

Internal auditors recommend appropriate controls for systems in development.

Full Access
Question # 343

A network analyst is monitoring the network after hours and detects activity that appears to be a brute-force attempt to compromise a critical server. After reviewing the alerts to ensure their accuracy, what should be done NEXT?

A.

Perform a root cause analysis.

B.

Document all steps taken in a written report.

C.

Isolate the affected system.

D.

Invoke the incident response plan.

Full Access
Question # 344

The PRIMARY role of an IS auditor in the remediation of problems found during an audit engagement is to:

A.

help auditee management by providing the solution.

B.

explain the findings and provide general advice.

C.

present updated policies to management for approval.

D.

take ownership of the problems and oversee remediation efforts.

Full Access
Question # 345

Which of the following findings related to segregation of duties should be of GREATEST concern to an IS auditor?

A.

The person who tests source code also approves changes.

B.

The person who administers servers is also part of the infrastructure management team.

C.

The person who creates new user accounts also modifies user access levels.

D.

The person who edits source code also has write access to production.

Full Access
Question # 346

Which of the following should be an IS auditor's GREATEST concern when reviewing an organization's security controls for policy compliance?

A.

The security policy has not been reviewed within the past year.

B.

Security policy documents are available on a public domain website.

C.

Security policies are not applicable across all business units.

D.

End users are not required to acknowledge security policy training.

Full Access
Question # 347

An organization's information security policies should be developed PRIMARILY on the basis of:

A.

enterprise architecture (EA).

B.

industry best practices.

C.

a risk management process.

D.

past information security incidents.

Full Access
Question # 348

Which of the following is the MOST effective way to detect as many abnormalities as possible during an IS audit?

A.

Conduct a walk-through of the process.

B.

Perform substantive testing on sampled records.

C.

Perform judgmental sampling of key processes.

D.

Use a data analytics tool to identify trends.

Full Access
Question # 349

An IS auditor would MOST likely recommend that IT management use a balanced scorecard to:

A.

indicate whether the organization meets quality standards.

B.

ensure that IT staff meet performance requirements.

C.

train and educate IT staff.

D.

assess IT functions and processes.

Full Access
Question # 350

When designing metrics for information security, the MOST important consideration is that the metrics:

A.

conform to industry standards.

B.

apply to all business units.

C.

provide actionable data.

D.

are easy to understand.

Full Access
Question # 351

In a review of the organization standards and guidelines for IT management, which of the following should be included in an IS development methodology?

A.

Value-added activity analysis

B.

Risk management techniques

C.

Access control rules

D.

Incident management techniques

Full Access
Question # 352

Which of the following is the MOST important consideration when developing tabletop exercises within a cybersecurity incident response plan?

A.

Ensure participants are selected from all cross-functional units in the organization.

B.

Create exercises that are challenging enough to prove inadequacies in the current incident response plan.

C.

Ensure the incident response team will have enough distractions to simulate real-life situations.

D.

Identify the scope and scenarios that are relevant to current threats faced by the organization.

Full Access
Question # 353

An organization has decided to build a data warehouse using source data from several disparate systems to support strategic decision-making.

Which of the following is the BEST way to ensure the accuracy and completeness of the data used to support business decisions?

A.

The source data is pre-selected so that it already supports senior management's desired business decision outcome.

B.

The source data is from the current year of operations so that irrelevant data from prior years is not included.

C.

The source data is modified in the data warehouse to remove confidential or sensitive information.

D.

The source data is standardized and cleansed before loading into the data warehouse.

Full Access
Question # 354

Which of the following findings would be of GREATEST concern to an IS auditor reviewing the security architecture of an organization that has just implemented a Zero Trust solution?

A.

An increase in security-related costs

B.

User complaints about the new mode of working

C.

An increase in user identification errors

D.

A noticeable drop in the performance of IT systems

Full Access
Question # 355

Which of the following should be an IS auditor's PRIMARY focus when auditing the implementation of a new IT operations performance monitoring system?

A.

Reviewing whether all changes have been implemented

B.

Validating whether baselines have been established

C.

Confirming whether multi-factor authentication (MFA) is deployed as part of the operational enhancements

D.

Determining whether there is a process for annual review of the maintenance manual

Full Access
Question # 356

A system performance dashboard indicates several application servers are reaching the defined threshold for maximum CPU allocation. Which of the following would be the IS auditor's BEST recommendation for the IT department?

A.

Increase the defined processing threshold to reflect capacity consumption during normal operations.

B.

Notify end users of potential disruptions caused by degradation of servers.

C.

Terminate both ingress and egress connections of these servers to avoid overload.

D.

Validate the processing capacity of these servers is adequate to complete computing tasks.

Full Access
Question # 357

When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the

firewall and:

A.

the organization's network.

B.

the demilitarized zone (DMZ).

C.

the Internet.

D.

the organization's web server.

Full Access
Question # 358

A security review focused on data loss prevention (DLP) revealed the organization has no visibility to data stored in the cloud. What is the IS auditor's BEST recommendation to address this

issue?

A.

Enhance the firewall at the network perimeter.

B.

Implement a file system scanner to discover data stored in the cloud.

C.

Employ a cloud access security broker (CASB).

D.

Utilize a DLP tool on desktops to monitor user activities.

Full Access