[Dec 26, 2022] ISACA CISA Exam Dumps Files, Q401/508: An organization has an integrated development environment (IDE) on which the program libraries reside

Join the discussion

Question 401/508

An organization has an integrated development environment (IDE) on which the program libraries reside on the server, but modification/development and testing are done from PC workstations. Which of the following would be a strength of an IDE?

A. Controls the proliferation of multiple versions of programs

B. Expands the programming resources and aids available

C. Increases program and processing integrity

D. Prevents valid changes from being overwritten by other changes

Add Comments

Other Question (508q): Q1. Assessing IT risks is BEST achieved by:; Q2. A review of IT interface controls finds an organization does not have a process to identif...; Q3. An accounting department uses a spreadsheet lo calculate sensitive financial transactions ...; Q4. An IS auditor finds that not all employees are aware of the enterprise's information secur...; Q5. A system administrator recently informed the IS auditor about the occurrence of several un...; Q6. The PRIMARY purpose of audit trails is to:; Q7. An organization has performance metrics to track how well IT resources are being used, but...; Q8. A trojan horse simply cannot operate autonomously....; Q9. A substantive test to verify that tape library inventory records are accurate is:...; Q10. The BEST filter rule for protecting a network from being used as an amplifier in a denial ...; Q11. An IS auditor conducting a review of disaster recovery planning (DRP) at a financial proce...; Q12. An organization has been recently downsized, in light of this, an IS auditor decides to te...; Q13. Which of the following attack involves slicing small amount of money from a computerize tr...; Q14. Data flow diagrams are used by IS auditors to:...; Q15. In which phase of the internal audit process is contact established with the individuals r...; Q16. Responsibility for the governance of IT should rest with the:...; Q17. Which of the following is the dominating objective of BCP and DRP?...; Q18. Which of the following is the MOST important factor to consider when establishing a severi...; Q19. Which of the following controls would BEST detect intrusion?...; Q20. An IS auditor is reviewing a sample of production incidents and notes that a root cause an...; Q21. Which of the following is the MOST significant risk associated with peer-to-peer networkin...; Q22. Which of the following is a control over component communication failure/errors?...; Q23. Which of the following exposures could be caused by a line grabbing technique?...; Q24. An organization has recently incorporated robotic process automation (RPA) Which of the fo...; Q25. Which of the following would be an appropriate role of internal audit in helping to establ...; Q26. To ensure confidentiality through the use of asymmetric encryption, a message is encrypted...; Q27. Which of the following controls should be implemented to BEST minimize system downtime for...; Q28. Which testing approach is MOST appropriate to ensure that internal application interface e...; Q29. An IS auditor is reviewing environmental controls and finds extremely high levels of humid...; Q30. During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA...; Q31. When developing a disaster recovery plan (DRP). which of the following should be the MOST ...; Q32. The ability of the internal IS audit function to achieve desired objectives depends largel...; Q33. Which of the following would have the HIGHEST priority in a business continuity plan (BCP)...; Q34. To verify that the correct version of a data file was used for a production run, an IS aud...; Q35. Which of the following would provide the MOST important input during the planning phase fo...; Q36. Which of the following is MOST influential when defining disaster recovery strategies?...; Q37. The most common reason for the failure of information systems to meet the needs of users i...; Q38. Which of the following is the Most effective method to address software license violations...; Q39. The source code of an application has just been debugged. Which type of testing should be ...; Q40. The MOST effective control for addressing the risk of piggybacking is:...; Q41. IS management has decided to rewrite a legacy customer relations system using fourth gener...; Q42. Atomicity enforces data integrity by ensuring that a transaction is either completed in it...; Q43. Applying a digital signature to data traveling in a network provides:...; Q44. Which of the following provides the BEST single-factor authentication?...; Q45. Which of the following ensures components of an IT system are identified and baselined, an...; Q46. An IS auditor is conducting a pre-implementation review to determine a new system's produc...; Q47. Which of the following is a corrective control?...; Q48. An IS auditor conducting a review of software usage and licensing discovers that numerous ...; Q49. Which of the following would BEST provide assurance of the integrity of new staff?...; Q50. Which of the following IS functions can be performed by the same group or individual while...; Q51. What is the PRIMARY purpose of performing a parallel run of a new system?...; Q52. A user of a telephone banking system has forgotten his personal identification number (PIN...; Q53. What are the different types of Audits?; Q54. As part of an IS audit, the auditor notes the practices listed below. Which of the followi...; Q55. Which of the following is MOST important for the successful establishment of a security vu...; Q56. Which of the following refers to the proving of mathematical theorems by a computer progra...; Q57. A sequence of bits appended to a digital document that is used to secure an e-mail sent th...; Q58. Which of the following is the PRIMARY objective of an IT performance measurement process?...; Q59. What would be an IS auditor's GREATEST concern when using a test environment for an applic...; Q60. Which of the following would an IS auditor use to determine if unauthorized modifications ...; Q61. Which of the following controls BEST mitigates the impact of a distributed denial of servi...; Q62. An IS auditor recommends that an initial validation control be programmed into a credit ca...; Q63. Which of the following service is a distributed database that translate host name to IP ad...; Q64. An IS auditor seeks assurance that a new process for purging transactions does not have a ...; Q65. A disaster recovery plan for an organization's financial system specifies that the recover...; Q66. .Library control software restricts source code to:...; Q67. Which of the following would have the HIGHEST priority in a business continuity plan (BCP)...; Q68. An organization's audit charter should:; Q69. A number of system failures are occurring when corrections to previously detected errors a...; Q70. Which of the following would BEST detect unauthorized modification of data by a database a...; Q71. Which of the following disaster recovery/continuity plan components provides the GREATEST ...; Q72. Which of the following would be the MOST effective method to address software license viol...; Q73. Input/output controls should be implemented for which applications in an integrated system...; Q74. .The quality of the metadata produced from a data warehouse is _______________ in the ware...; Q75. An IS auditor is assessing an organization's implementation of a virtual network. Which of...; Q76. When conducting a penetration test of an IT system, an organization should be MOST concern...; Q77. A comprehensive and effective e-mail policy should address the issues of e-mail structure,...; Q78. Which of the following should an IS auditor use to detect duplicate invoice records within...; Q79. Which of the following would provide the BEST evidence for use in a forensic investigation...; Q80. The purpose of a deadman door controlling access to a computer facility is primarily to:...; Q81. Which of the following is the MOST reasonable option for recovering a noncritical system?...; Q82. To detect attack attempts that the firewall is unable to recognize, an IS auditor should r...; Q83. An IS auditor is reviewing a small organization's business continuity and disaster recover...; Q84. To maintain the confidentiality of information moved between office and home on removable ...; Q85. The GREATEST risk when end users have access to a database at its system level, instead of...; Q86. An IS auditor is involved in the user testing phase of a development project. The develope...; Q87. After the merger of two organizations, multiple self-developed legacy applications from bo...; Q88. Which of the following append themselves to files as a protection against viruses?...; Q89. Rather than simply reviewing the adequacy of access control, appropriateness of access pol...; Q90. Following best practices, formal plans for implementation of new information systems are d...; Q91. A new information security manager is charged with reviewing and revising the information ...; Q92. An organization is considering outsourcing the processing of customer insurance claims. An...; Q93. A hacker could obtain passwords without the use of computer tools or programs through the ...; Q94. Ensuring that security and control policies support business and IT objectives is a primar...; Q95. The MOST likely explanation for the use of applets in an Internet application is that:...; Q96. Which of the following BEST enables an audit department to improve the quality of work per...; Q97. In an environment that automatically reports all program changes, which of the following i...; Q98. As an auditor it is very important to ensure confidentiality, integrity, authenticity and ...; Q99. To develop a successful business continuity plan, end user involvement is critical during ...; Q100. .A transaction journal provides the information necessary for detecting unauthorized _____...; Q101. Which of the following would effectively verify the originator of a transaction?...; Q102. Which of the following functionality is NOT performed by the application layer of a TCP/IP...; Q103. A sender of an e-mail message applies a digital signature to the digest of the message. Th...; Q104. Loss-site scripting (XSS) attacks are BEST prevented through:...; Q105. Which of the following should an IS auditor be MOST concerned with during a post-implement...; Q106. The IS management of a multinational company is considering upgrading its existing virtual...; Q107. During the review of a web-based software development project, an IS auditor realizes that...; Q108. During a review of system access, an IS auditor notes that an employee who has recently ch...; Q109. An IS auditor is reviewing IT policies and found that most policies have not been reviewed...; Q110. Facilitating telecommunications continuity by providing redundant combinations of local ca...; Q111. In the event of a data center disaster, which of the following would be the MOST appropria...; Q112. In a cloud technology environment, which of the following would pose the GREATEST challeng...; Q113. An organization is currently replacing its accounting system. Which of the following strat...; Q114. Which of the following is the BEST source of information to determine the required level o...; Q115. Which of the following is the GREATEST risk of using a reciprocal site for disaster recove...; Q116. Which of the following statement INCORRECTLY describes circuit switching technique?...; Q117. As an IS auditor it is very important to understand software release management process. W...; Q118. Which of the following is BEST characterized by unauthorized modification of data before o...; Q119. Which of the following is the BEST approach to verify that internal help desk procedures a...; Q120. When preparing an audit report, the IS auditor should ensure that the results are supporte...; Q121. A USB device containing sensitive production data was lost by an employee and its contents...; Q122. In a typical SDLC, which group is PRIMARILY responsible for confirming compliance with req...; Q123. Which of the following approaches would utilize data analytics to facilitate the testing o...; Q124. Which of the following protocol is PRIMARILY used to provide confidentiality in a web base...; Q125. Which of the following are examples of tools for launching Distributed DoS Attack (choose ...; Q126. The MOST effective control for reducing the risk related to phishing is:...; Q127. An IS audit team s evaluating the documentation related to the most recent application use...; Q128. During a routine check, a system administrator identifies unusual activity indicating an i...; Q129. A small organization is experiencing rapid growth and plans to create a new information se...; Q130. Which of the following is MOST effective against system intrusions?...; Q131. When participating as a member of a system development team, the IS auditor should be awar...; Q132. The MAIN benefit of using an integrated lest facility (ITF) as an online auditing techniqu...; Q133. What should regression testing use to obtain accurate conclusions regarding the effects of...; Q134. An organization has virtualized its server environment without making any other changes to...; Q135. Which of the following attack occurs when a malicious action is performed by invoking the ...; Q136. Who is responsible for providing adequate physical and logical security for IS program, da...; Q137. In an IS auditor's review of an organization's configuration management practices for soft...; Q138. Which of the following factor is LEAST important in the measurement of critical success fa...; Q139. Of the following, who is BEST suited to establish an organization's risk tolerance?...; Q140. On a daily basis, an in-house development team moves duplicate copies of production data c...; Q141. The decision to accept an IT control risk related to data quality should be the responsibi...; Q142. Which of the following would be the MOST appropriate reason for an organization to purchas...; Q143. Digital signatures require the sender to "sign" the data by encrypting the data with the s...; Q144. Which of the following is the BEST indicator that an application system's agreed-upon leve...; Q145. Which of the following is MOST important to include in forensic data collection and preser...; Q146. Due to system limitations, segregation of duties (SoD) cannot be enforced in an accounts p...; Q147. In a cloud technology environment, which of the following would pose the GREATEST challeng...; Q148. Which of the following statement correctly describes the difference between IPSec and SSH ...; Q149. Which of the following is the PRIMARY role of an IS auditor with regard to data privacy?...; Q150. Which of the following focus areas is a responsibility of IT management rather than IT gov...; Q151. Which of the following approaches would BEST ensure that data protection controls are embe...; Q152. How is risk affected if users have direct access to a database at the system level?...; Q153. A multinational organization is integrating its existing payroll system with a human resou...; Q154. An IS auditor who was involved in designing an organization's business continuity plan (BC...; Q155. A company has decided to implement an electronic signature scheme based on public key infr...; Q156. Naming conventions for system resources are important for access control because they:...; Q157. Which of the following is a telecommunication device that translates data from digital for...; Q158. What should an IS auditor review FIRST when assessing the results of a recent penetration ...; Q159. Which of the following is the MOST reliable sender authentication method?...; Q160. When using a digital signature, the message digest is computed:...; Q161. Which of the following is the BEST way to loster continuous improvement of IS audit proces...; Q162. When performing an IS strategy audit, an IS auditor should review both short-term (one- ye...; Q163. Sophisticated database systems provide many layers and types of security, including (choos...; Q164. isk analysis is not always possible because the IS auditor is attempting to calculate risk...; Q165. In the development of a new financial application, the IS auditor's FIRST involvement shou...; Q166. Which of the following is the process of repeating a portion of a test scenario or test pl...; Q167. Which of the following is the GREATEST concern when using a cold backup site?...; Q168. Which of the following is the BEST way to verify the effectiveness of a data restoration p...; Q169. After observing suspicious activities in a server, a manager requests a forensic analysis....; Q170. When auditing the effectiveness of a biometric system, which of the following indicators w...; Q171. The PRIMARY objective of performing a postincident review is that it presents an opportuni...; Q172. Which of the following would BEST assist senior management in evaluating IT performance as...; Q173. Which of the following would be the GREATEST risk associated with a new chat feature on a ...; Q174. When continuous monitoring systems are being implemented, an IS auditor should FIRST ident...; Q175. An organization's IS audit charter should specify the:...; Q176. Vendors have released patches fixing security flaws in their software. Which of the follow...; Q177. What is a callback system?; Q178. A company uses a standard form to document and approve all changes in production programs....; Q179. In RFID technology which of the following risk could represent a threat to non-RFID networ...; Q180. The FIRST step in data classification is to:; Q181. An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 1...; Q182. An employee loses a mobile device resulting in loss of sensitive corporate data. Which of ...; Q183. Over the long term, which of the following has the greatest potential to improve the secur...; Q184. An IS auditor is using a statistical sample to inventory the tape library. What type of te...; Q185. A number of system failures are occurring when corrections to previously detected errors a...; Q186. When facilitating the alignment of corporate governance and information security governanc...; Q187. A maturity model can be used to aid the implementation of IT governance by identifying:...; Q188. Sending a message and a message hash encrypted by the sender's private key will ensure:...; Q189. The responsibilities of a disaster recovery relocation team include:...; Q190. Which of the following sampling methods is MOST useful when testing for compliance?...; Q191. Which of the following is a good time frame for making changes to passwords?...; Q192. Which of the following is MOST important for an IS auditor to review when assessing the in...; Q193. Which of the following is the MOST efficient way to identify segregation of duties violati...; Q194. The GREATEST advantage of using web services for the exchange of information between two s...; Q195. If inadequate, which of the following would be the MOST likely contributor to a denial-of-...; Q196. Which of the following should be an IS auditor's BEST recommendation to prevent installati...; Q197. Which of the following should be of MOST concern to an IS auditor evaluating a forensics p...; Q198. While reviewing sensitive electronic work papers, the IS auditor noticed that they were no...; Q199. A bank has implemented a new accounting system. Which of the following is the BEST lime fo...; Q200. Which of the following is the PRIMARY benefit of using a capability maturity model?...; Q201. An IS auditor conducting audit follow-up activities learns that some previously agreed-upo...; Q202. What is the PRIMARY reason to adopt a risk-based IS audit strategy?...; Q203. In a small organization, an employee performs computer operations and, when the situation ...; Q204. Stress testing should ideally be carried out under a:...; Q205. Which of the following tests would provide the BEST assurance that a health care organizat...; Q206. Which of the following is MOST critical for the successful implementation and maintenance ...; Q207. Which of the following results in a denial-of-service attack?...; Q208. To ensure authentication, confidentiality and integrity of a message, the sender should en...; Q209. During an external assessment of network vulnerability, which of the following activities ...; Q210. Which of the following should an IS auditor do FIRST when determining whether to employ da...; Q211. Which of the following should be of MOST concern to an IS auditor reviewing the BCP?...; Q212. The use of risk assessment tools for classifying risk factors should be formalized in your...; Q213. A data center has a badge-entry system. Which of the following is MOST important to protec...; Q214. Which of the following is MOST appropriate to prevent unauthorized retrieval of confidenti...; Q215. Which of the following layer of an OSI model encapsulates packets into frames?...; Q216. .What is an effective countermeasure for the vulnerability of data entry operators potenti...; Q217. For an application system with a large master Tile and a small transact ion-activity file,...; Q218. Assurance tasks required to support security accreditation/certification should be identif...; Q219. A database administrator (DBA) extracts a user listing for an auditor as testing evidence....; Q220. Which of the following will BEST provide an organization with ongoing assurance of the inf...; Q221. Which of the following is an advantage of asymmetric crypto system over symmetric key cryp...; Q222. Which of the following data validation control validates input data against predefined ran...; Q223. An organization's plans to implement a virtualization strategy enabling multiple operating...; Q224. A large chain of shops with electronic funds transfer (EFT) at point-of-sale devices has a...; Q225. A critical server for a hospital has been encrypted by ransomware. The hospital is unable ...; Q226. Of the following alternatives, the FIRST approach to developing a disaster recovery strate...; Q227. An organization is planning to re-purpose workstations mat were used to handle confidentia...; Q228. What would be an IS auditor's BEST recommendation upon finding that a third-party IT servi...; Q229. Which of the following is a passive attack to a network?...; Q230. A LAN administrator normally would be restricted from:...; Q231. An IS auditor analyzing the audit log of a database management system (DBMS) finds that so...; Q232. The ultimate purpose of IT governance is to:; Q233. During the development of an application, the quality assurance testing and user acceptanc...; Q234. Which of the following is an advantage of the top-down approach to software testing?...; Q235. Which of the following is an example of a passive attack initiated through the Internet?...; Q236. The BEST filter rule for protecting a network from being used as an amplifier in a denial ...; Q237. Which of the following findings should be of GREATEST concern to an IS auditor performing ...; Q238. An IS auditor finds that confidential company data has been inadvertently leaked through s...; Q239. All Social Engineering techniques are based on flaws in:...; Q240. Which of the following can help detect transmission errors by appending specially calculat...; Q241. Which testing approach is MOST appropriate to ensure that internal application interface e...; Q242. What should be done to determine the appropriate level of audit coverage for an organizati...; Q243. An IS auditor is reviewing IT policies and found that most policies have not been reviewed...; Q244. Which of the following control provides an alternative measure of control?...; Q245. Which of the following is the MOST appropriate responsibility of an IS auditor involved in...; Q246. Which of the following is the BEST way for an information security manager to justify cont...; Q247. Which of the following tasks should be performed FIRST when preparing a disaster recovery ...; Q248. Which of the following should be of GREATEST concern to an IS auditor when auditing an org...; Q249. A retirement system verifies that the field for employee status has either a value of A (f...; Q250. An organization is disposing of a system containing sensitive data and has deleted all fil...; Q251. An IS auditor has found that a vendor has gone out of business and the escrow has an older...; Q252. The Trojan.Linux.JBellz Trojan horse runs as a malformed file of what format?...; Q253. An IS auditor issues an audit report pointing out the lack of firewall protection features...; Q254. An organization has fully outsourced its email functions to a third-party cloud service pr...; Q255. A policy has been established requiring users to install mobile device management (MDM) so...; Q256. Which of the following types of testing would determine whether a new or modified system c...; Q257. Which of the following is MOST likely to be included in computer operating procedures in a...; Q258. The PRIMARY advantage of a continuous audit approach is that it:...; Q259. Which of the following should be included in emergency change control procedures?...; Q260. The IS management of a multinational company is considering upgrading its existing virtual...; Q261. The MOST significant security concerns when using flash memory (e.g., USB removable disk) ...; Q262. Which of the following is the FIRST step in initiating a data classification program?...; Q263. When preparing to evaluate the effectiveness of an organizations IT strategy, an IS audito...; Q264. An organization using development operations (DevOps) processes has deployed tools to prov...; Q265. The GREATEST advantage of rapid application development (RAD) over the traditional system ...; Q266. Identify the WAN message switching technique being used from the description presented bel...; Q267. The application systems quality assurance (QA) function should:...; Q268. Which of the following statement correctly describes one way SSL authentication between a ...; Q269. If enabled within firewall rules, which of the following services would present the GREATE...; Q270. When auditing the proposed acquisition of a new computer system, an IS auditor should FIRS...; Q271. An organization is developing a web portal using some external components. Which of the fo...; Q272. Which of the following is a distinctive feature of the Secure Electronic Transactions (SET...; Q273. The decision to accept an IT control risk related to data quality should be the responsibi...; Q274. When performing an audit of a client relationship management (CRM) system migration projec...; Q275. An IS auditor is reviewing logical access controls for an organization's financial busines...; Q276. During the implementation of an upgraded enterprise resource planning (ERP) system, which ...; Q277. Which of the following statement correctly describes one way SSL authentication between a ...; Q278. In an organization, the responsibilities for IT security are clearly assigned and enforced...; Q279. .Ensuring that security and control policies support business and IT objectives is a prima...; Q280. An organization is using symmetric encryption. Which of the following would be a valid rea...; Q281. Which of the following would BEST determine whether a post-implementation review (PIR) per...; Q282. Which of the following is the PRIMARY advantage of using virtualization technology for cor...; Q283. An organization has recently converted its infrastructure to a virtualized environment. Th...; Q284. Which of the following would prevent unauthorized changes to information stored in a serve...; Q285. Which of the following programs would a sound information security policy MOST likely incl...; Q286. Coding standards provide which of the following?...; Q287. An organization is planning an acquisition and has engaged an IS auditor lo evaluate the I...; Q288. The IS auditor has recommended that management test a new system before using it in produc...; Q289. What kind of protocols does the OSI Transport Layer of the TCP/IP protocol suite provide t...; Q290. Which of the following could be determined by an entity-relationship diagram?...; Q291. Which of the following control is intended to discourage a potential attacker?...; Q292. For an organization that has plans to implement web-based trading, it would be MOST import...; Q293. Which of the following findings should be of GREATEST concern to an IS auditor performing ...; Q294. An IS auditor is mapping controls to risk for an accounts payable system What is the BEST ...; Q295. Using the OSI reference model, what layer(s) is/are used to encrypt data?...; Q296. Which of the following is the BEST indication of control maturity in an organization's sys...; Q297. Which of the following is MOST important when evaluating the retention period for a cloud ...; Q298. Which of the following processes should an IS auditor recommend to assist in the recording...; Q299. An IS auditor noted that a change to a critical calculation was placed into the production...; Q300. Which of the following is an effective method for controlling downloading of files via FTP...; Q301. .Which type of major BCP test only requires representatives from each operational area to ...; Q302. An information security team has discovered that users are sharing a login account to an a...; Q303. Which of the following is the MOST important consideration tor an IS auditor when reviewin...; Q304. An IS auditor is performing a network security review of a telecom company that provides I...; Q305. Network environments often add to the complexity of program-to-program communication, maki...; Q306. An IS auditor is conducting a review of a healthcare organization's IT policies for handli...; Q307. Which of the following functions is performed by a virtual private network (VPN)?...; Q308. An IS auditor is reviewing a project that is using an Agile software development approach....; Q309. A data administrator is responsible for:; Q310. The phases and deliverables of a system development life cycle (SDLC) project should be de...; Q311. Which of the following is a continuity plan test that uses actual resources to simulate a ...; Q312. During a privileged access review, an IS auditor observes many help desk employees have pr...; Q313. Which of the following represents the GREATEST potential risk in an EDI environment?...; Q314. Which of the following would an IS auditor consider to be the MOST helpful when evaluating...; Q315. The 'trusted systems' approach has been predominant in the design of:...; Q316. Which of the following provides the BEST audit evidence that a firewall is configured in c...; Q317. Which of the following situations would increase the likelihood of fraud?...; Q318. Which of the following is the BEST development methodology to help manage project requirem...; Q319. Which of the following is the PRIMARY reason for an IS audit manager to review the work pe...; Q320. A virtual private network (VPN) provides data confidentiality by using:...; Q321. A project manager of a project that is scheduled to take 18 months to complete announces t...; Q322. Which of the following will replace system binaries and/or hook into the function calls of...; Q323. Which of the following is the MOST reliable sender authentication method?...; Q324. .If an IS auditor observes that individual modules of a system perform correctly in develo...; Q325. After observing suspicious activities in a server, a manager requests a forensic analysis....; Q326. To ensure authentication, confidentiality and integrity of a message, the sender should en...; Q327. Which significant risk is introduced by running the file transfer protocol (FTP) service o...; Q328. Which of the following is the MOST effective control to ensure electronic records beyond t...; Q329. What type of BCP test uses actual resources to simulate a system crash and validate the pl...; Q330. An organization plans to receive an automated data feed into its enterprise data warehouse...; Q331. Physical access controls are usually implemented based on which of the following means (ch...; Q332. Which of the following BEST guards against the risk of attack by hackers?...; Q333. Which procedure provides the GREATEST assurance that corrective action to an audit report ...; Q334. The BEST way to prevent fraudulent payments is to implement segregation of duties between ...; Q335. Which of the following findings should be of GREATEST concern to an IS auditor conducting ...; Q336. Disaster recovery planning (DRP) addresses the:...; Q337. Which of the following group is MOST likely responsible for the implementation of IT proje...; Q338. Which of the following should be of GREATEST concern to an IS auditor reviewing actions ta...; Q339. An appropriate control for ensuring the authenticity of orders received in an EDI applicat...; Q340. When following up on a data breach, an IS auditor finds a system administrator may have co...; Q341. Which of the following is the MOST effective method for dealing with the spreading of a ne...; Q342. In which of the following database model is the data organized into a tree-like structure,...; Q343. Which of the following is the BEST way for an IS auditor to assess the effectiveness of ba...; Q344. A malicious code that changes itself with each file it infects is called a:...; Q345. An organization's IT security policy requires annual security awareness training for all e...; Q346. The BEST way to evaluate a shared control environment is to obtain an assurance report and...; Q347. A financial services organization is developing and documenting business continuity measur...; Q348. A hardware control that helps to detect errors when data are communicated from one compute...; Q349. Which of the following technique is used for speeding up network traffic flow and making i...; Q350. A web application is developed in-house by an organization. Which of the following would p...; Q351. A certificate authority (CA) can delegate the processes of:...; Q352. As an auditor it is very important to ensure confidentiality, integrity, authenticity and ...; Q353. An IS auditor has completed a review of an outsourcing agreement and has communicating the...; Q354. Functionality is a characteristic associated with evaluating the quality of software produ...; Q355. The reliability of an application system's audit trail may be questionable if:...; Q356. In which of the following payment mode, the payer creates payment transfer instructions, s...; Q357. Which of the following exposures associated with the spooling of sensitive reports for off...; Q358. Which of the following is a risk of cross-training?...; Q359. During a review of system access, an IS auditor notes that an employee who has recently ch...; Q360. A virus typically consists of what major parts (choose all that apply):...; Q361. Which of the following user profiles should be of MOST concern to an IS auditor when perfo...; Q362. Due to changes in IT, the disaster recovery plan of a large organization has been changed....; Q363. Which of the following protocol is used for electronic mail service?...; Q364. While conducting a system architecture review, an IS auditor learns of multiple complaints...; Q365. Since data storage of a critical business application is on a redundant array of inexpensi...; Q366. Upon completion of audit work, an IS auditor should:...; Q367. Which of the following is the BEST recommendation to prevent fraudulent electronic funds t...; Q368. The PRIMARY objective of testing a business continuity plan is to:...; Q369. If a programmer has update access to a live system, IS auditors are more concerned with th...; Q370. Which of the following is the client organization's responsibility in a Software as a Serv...; Q371. An IS auditor noted that an organization had adequate business continuity plans (BCPs) for...; Q372. In an organization, the responsibilities for IT security are clearly assigned and enforced...; Q373. .After identifying potential security vulnerabilities, what should be the IS auditor's nex...; Q374. An IS auditor reviewing a proposed application software acquisition should ensure that the...; Q375. Which of the following is a passive attack to a network?...; Q376. During the review of a biometrics system operation, an IS auditor should FIRST review the ...; Q377. Which of the following provides the best evidence of the adequacy of a security awareness ...; Q378. The use of symmetric key encryption controls to protect sensitive data transmitted over a ...; Q379. "Which of the following BEST describes the concept of ""defense in depth""?"...; Q380. A bank is selecting a server for its retail accounts application. To ensure that the serve...; Q381. IT best practices for the availability and continuity of IT services should:...; Q382. An IT steering committee assists the board of directors to fulfill IT governance duties by...; Q383. Which of the following can help ensure that IT deliverables are linked to business goals a...; Q384. An organization is replacing a mission-critical system. Which of the following is the BEST...; Q385. An IS auditor is assigned to audit a software development project which is more than 80 pe...; Q386. Of the three major types of off-site processing facilities, what type is characterized by ...; Q387. An IS auditor assessing the controls within a newly implemented call center would FIRST...; Q388. What kind of protocols does the OSI Transport Layer of the TCP/IP protocol suite provide t...; Q389. When auditing the security architecture of an e-commerce environment, an IS auditor should...; Q390. An IS auditor finds that client requests were processed multiple times when received from ...; Q391. While performing a risk-based audit, which of the following would BEST enable an IS audito...; Q392. Reviewing project plans and status reports throughout the development life cycle will:...; Q393. Which of the following should an IS auditor review to understand project progress in terms...; Q394. Which of the following access rights in the production environment should be granted to a ...; Q395. If an IS auditor observes that an IS department fails to use formal documented methodologi...; Q396. A change to the scope of an IT project has been formally submitted to the project manager....; Q397. As part of a mergers and acquisitions activity, an acquiring organization wants to consoli...; Q398. Which of the following recommendations by an IS auditor is the BEST control to protect an ...; Q399. Well-written risk assessment guidelines for IS auditing should specify which of the follow...; Q400. Which of the following provides nonrepudiation services for e-commerce transactions?...; Q401. An organization has an integrated development environment (IDE) on which the program libra...; Q402. Which of the following would prevent accountability for an action performed, thus allowing...; Q403. Which of the following would be MOST effective when justifying the cost of adding security...; Q404. During Involuntary termination of an employee, which of the following is the MOST importan...; Q405. When should an application-level edit check to verify that availability of funds was compl...; Q406. Buffer overflow in an Internet environment is of particular concern to the IS auditor beca...; Q407. Which of the following is the GREATEST security threat when an organization allows remote ...; Q408. The objective of using coding standards for systems development is to:...; Q409. A new regulation requires organizations to report significant security incidents to the re...; Q410. An emergency power-off switch should:; Q411. Which of the following should an IS auditor verify when auditing the effectiveness of viru...; Q412. Total billing amounts on invoices are automatically transferred to an organization's accou...; Q413. An IS auditor finds that, at certain times of the day, the data warehouse query performanc...; Q414. During the planning stage of an IS audit, the PRIMARY goal of an IS auditor is to:...; Q415. Which of the following layer of an OSI model ensures that messages are delivered error-fre...; Q416. In computer forensics, which of the following is the process that allows bit-for-bit copy ...; Q417. Which of the following would help to ensure the completeness of batch file transfers?...; Q418. Which of the following will help detect changes made by an intruder to the system log of a...; Q419. Which of the following is the MOST important criterion when selecting a location for an of...; Q420. When reviewing an organization's strategic IT plan an IS auditor should expect to find:...; Q421. The business case for an IS project has changed during the course of the project due to ne...; Q422. If an IS auditor finds evidence of risk involved in not implementing proper segregation of...; Q423. An organization has a number of branches across a wide geographical areA. To ensure that a...; Q424. Which of the following can degrade network performance?...; Q425. An existing system is being extensively enhanced by extracting and reusing design and prog...; Q426. An IS auditor identities that the accounts payable clerk has direct access to the payment ...; Q427. During a vulnerability assessment, an IS auditor finds a high-risk vulnerability in a publ...; Q428. To develop meaningful recommendations for findings, which of the following is MOST importa...; Q429. During a review of a production schedule, an IS auditor observes that a staff member is no...; Q430. An audit of environmental controls at a data center could include a review of the...; Q431. Before implementing an IT balanced scorecard, an organization must:...; Q432. An IS auditor reviewing an outsourcing contract of IT facilities would expect it to define...; Q433. An organization allows employee use of personal mobile devices for corporate email. Which ...; Q434. An IS auditor who was involved in designing an organization's business continuity plan (BC...; Q435. Which of the following is a benefit of the DevOps development methodology?...; Q436. An IS auditor is reviewing security controls related to collaboration to unit responsible ...; Q437. Which of the following is MOST important to review when evaluating the performance of a cr...; Q438. Which of the following is the MOST effective control over visitor access to a data center?...; Q439. Which of the following would normally be the MOST reliable evidence for an auditor?...; Q440. An organization has outsourced its help desk activities. An IS auditor's GREATEST concern ...; Q441. When performing an audit of access rights, an IS auditor should be suspicious of which of ...; Q442. Which of the following would prevent accountability for an action performed, thus allowing...; Q443. Which of the following should be of GREATEST concern to an IS auditor reviewing on-site pr...; Q444. In a client-server architecture, a domain name service (DNS) is MOST important because it ...; Q445. A client/server configuration will:; Q446. In which of the following database model is the data organized into a tree-like structure,...; Q447. Which of the following is the GREATEST risk associated with data conversion and migration ...; Q448. Physical access controls are usually implemented based on which of the following means (Ch...; Q449. Proper segregation of duties does not prohibit a quality control administrator from also b...; Q450. When reviewing an organization's IT governance processes, which of the following provides ...; Q451. The decision to accept an IT control risk related to data quality should be the responsibi...; Q452. Which of the following BEST describes the role of a directory server in a public key infra...; Q453. Functionality is a characteristic associated with evaluating the quality of software produ...; Q454. To minimize the cost of a software project, quality management techniques should be applie...; Q455. Which of the following is the GREATEST benefit of utilizing data analytics?...; Q456. Which of the following is the MOST critical step prior to performing a network penetration...; Q457. Which of the following fire-suppression methods is considered to be the most environmental...; Q458. An IS auditor finds that a system under development has 12 linked modules and each item of...; Q459. Which of the following BEST supports the prioritization of new IT projects?...; Q460. A firewall has been installed on the company's web server. Which concern does the firewall...; Q461. An IS auditor is reviewing an IT security risk management program. Measures of security ri...; Q462. An IS auditor evaluating logical access controls should FIRST:...; Q463. Which of the following is the GREATEST concern when an organization allows personal device...; Q464. During the review of an organization's software development process, which of the followin...; Q465. An IS auditor observed that most users do not comply with physical access controls. The bu...; Q466. IS management has decided to install a level 1 Redundant Array of Inexpensive Disks (RAID)...; Q467. Which of the following governance functions is responsible for ensuring IT projects have s...; Q468. Which of the following protocol does NOT work at Network interface layer in TCP/IP model?...; Q469. Which of the following technique is NOT used by a preacher against a Private Branch Exchan...; Q470. An organization has outsourced its wide area network (WAN) to a third-party service provid...; Q471. Which of the following is the INCORRECT Layer to Protocol mapping used in the DOD TCP/IP m...; Q472. Whenever business processes have been re-engineered, the IS auditor attempts to identify a...; Q473. Which of the following backup techniques is the MOST appropriate when an organization requ...; Q474. Several unattended laptops containing sensitive customer data were stolen from personnel o...; Q475. An organization which uses external cloud services extensively is concerned with risk moni...; Q476. Management considered two projections for its business continuity plan; plan A with two mo...; Q477. An organization is developing data classification standards and has asked internal audit f...; Q478. Which of the following is MOST important to include in an organization's incident response...; Q479. Which of the following is the MAIN benefit of using data analytics when testing the effect...; Q480. In which of the following situations is it MOST appropriate to implement data mirroring as...; Q481. An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, wh...; Q482. Which of the following IT governance best practices improves strategic alignment?...; Q483. Which of the following would be the BEST population to take a sample from when testing pro...; Q484. In which of the following sampling methodologies does each member of the population have a...; Q485. Which of the following is a mechanism for mitigating risks?...; Q486. A transaction journal provides the information necessary for detecting unauthorized ______...; Q487. During the system testing phase of an application development project the IS auditor shoul...; Q488. Which of the following BEST demonstrates to an IS auditor that an organization has impleme...; Q489. Which of the following is a passive attack on a network?...; Q490. .What is a data validation edit control that matches input data to an occurrence rate? Cho...; Q491. The recovery time objective (RTO) is normally determined on the basis of the:...; Q492. Which of the following is BEST suited for secure communications within a small group?...; Q493. Which of the following protocol is developed jointly by VISA and Master Card to secure pay...; Q494. An organization plans to deploy Wi-Fi location analytics to count the number of shoppers p...; Q495. IT operations for a large organization have been outsourced. An IS auditor reviewing the o...; Q496. When responding to an ongoing denial of service (DoS) attack, an organization's FIRST cour...; Q497. Which of the following should be a concern to an IS auditor reviewing a digital forensic p...; Q498. An IS auditor should expect the responsibility for authorizing access rights to production...; Q499. Common implementations of strong authentication may use which of the following factors in ...; Q500. The information security policy that states 'each individual must have their badge read at...; Q501. As part of the IEEE 802.11 standard ratified in September 1999, WEP uses the CRC- 32 check...; Q502. The BEST data backup strategy for mobile users is to:...; Q503. After observing suspicious activities in a server, a manager requests a forensic analysis....; Q504. In a public key infrastructure (PKI), which of the following may be relied upon to prove t...; Q505. When auditing a disaster recovery plan for a critical business area, an IS auditor finds t...; Q506. During a project meeting for the Implementation of an Enterprise resource planning (ERP). ...; Q507. The PRIMARY purpose of a configuration management system is to:...; Q508. Which of the following will replace system binaries and/or hook into the function calls of...

Join the discussion

Question 401/508

Add Comments

Download PDF File