Join the discussion
Question 223/508
An organization's plans to implement a virtualization strategy enabling multiple operating systems on a single host. Which of the following should be the GREATEST concern with this strategy?
Correct Answer: A
Add Comments
- Other Question (508q)
- Q1. Assessing IT risks is BEST achieved by:
- Q2. A review of IT interface controls finds an organization does not have a process to identif...
- Q3. An accounting department uses a spreadsheet lo calculate sensitive financial transactions ...
- Q4. An IS auditor finds that not all employees are aware of the enterprise's information secur...
- Q5. A system administrator recently informed the IS auditor about the occurrence of several un...
- Q6. The PRIMARY purpose of audit trails is to:
- Q7. An organization has performance metrics to track how well IT resources are being used, but...
- Q8. A trojan horse simply cannot operate autonomously....
- Q9. A substantive test to verify that tape library inventory records are accurate is:...
- Q10. The BEST filter rule for protecting a network from being used as an amplifier in a denial ...
- Q11. An IS auditor conducting a review of disaster recovery planning (DRP) at a financial proce...
- Q12. An organization has been recently downsized, in light of this, an IS auditor decides to te...
- Q13. Which of the following attack involves slicing small amount of money from a computerize tr...
- Q14. Data flow diagrams are used by IS auditors to:...
- Q15. In which phase of the internal audit process is contact established with the individuals r...
- Q16. Responsibility for the governance of IT should rest with the:...
- Q17. Which of the following is the dominating objective of BCP and DRP?...
- Q18. Which of the following is the MOST important factor to consider when establishing a severi...
- Q19. Which of the following controls would BEST detect intrusion?...
- Q20. An IS auditor is reviewing a sample of production incidents and notes that a root cause an...
- Q21. Which of the following is the MOST significant risk associated with peer-to-peer networkin...
- Q22. Which of the following is a control over component communication failure/errors?...
- Q23. Which of the following exposures could be caused by a line grabbing technique?...
- Q24. An organization has recently incorporated robotic process automation (RPA) Which of the fo...
- Q25. Which of the following would be an appropriate role of internal audit in helping to establ...
- Q26. To ensure confidentiality through the use of asymmetric encryption, a message is encrypted...
- Q27. Which of the following controls should be implemented to BEST minimize system downtime for...
- Q28. Which testing approach is MOST appropriate to ensure that internal application interface e...
- Q29. An IS auditor is reviewing environmental controls and finds extremely high levels of humid...
- Q30. During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA...
- Q31. When developing a disaster recovery plan (DRP). which of the following should be the MOST ...
- Q32. The ability of the internal IS audit function to achieve desired objectives depends largel...
- Q33. Which of the following would have the HIGHEST priority in a business continuity plan (BCP)...
- Q34. To verify that the correct version of a data file was used for a production run, an IS aud...
- Q35. Which of the following would provide the MOST important input during the planning phase fo...
- Q36. Which of the following is MOST influential when defining disaster recovery strategies?...
- Q37. The most common reason for the failure of information systems to meet the needs of users i...
- Q38. Which of the following is the Most effective method to address software license violations...
- Q39. The source code of an application has just been debugged. Which type of testing should be ...
- Q40. The MOST effective control for addressing the risk of piggybacking is:...
- Q41. IS management has decided to rewrite a legacy customer relations system using fourth gener...
- Q42. Atomicity enforces data integrity by ensuring that a transaction is either completed in it...
- Q43. Applying a digital signature to data traveling in a network provides:...
- Q44. Which of the following provides the BEST single-factor authentication?...
- Q45. Which of the following ensures components of an IT system are identified and baselined, an...
- Q46. An IS auditor is conducting a pre-implementation review to determine a new system's produc...
- Q47. Which of the following is a corrective control?...
- Q48. An IS auditor conducting a review of software usage and licensing discovers that numerous ...
- Q49. Which of the following would BEST provide assurance of the integrity of new staff?...
- Q50. Which of the following IS functions can be performed by the same group or individual while...
- Q51. What is the PRIMARY purpose of performing a parallel run of a new system?...
- Q52. A user of a telephone banking system has forgotten his personal identification number (PIN...
- Q53. What are the different types of Audits?
- Q54. As part of an IS audit, the auditor notes the practices listed below. Which of the followi...
- Q55. Which of the following is MOST important for the successful establishment of a security vu...
- Q56. Which of the following refers to the proving of mathematical theorems by a computer progra...
- Q57. A sequence of bits appended to a digital document that is used to secure an e-mail sent th...
- Q58. Which of the following is the PRIMARY objective of an IT performance measurement process?...
- Q59. What would be an IS auditor's GREATEST concern when using a test environment for an applic...
- Q60. Which of the following would an IS auditor use to determine if unauthorized modifications ...
- Q61. Which of the following controls BEST mitigates the impact of a distributed denial of servi...
- Q62. An IS auditor recommends that an initial validation control be programmed into a credit ca...
- Q63. Which of the following service is a distributed database that translate host name to IP ad...
- Q64. An IS auditor seeks assurance that a new process for purging transactions does not have a ...
- Q65. A disaster recovery plan for an organization's financial system specifies that the recover...
- Q66. .Library control software restricts source code to:...
- Q67. Which of the following would have the HIGHEST priority in a business continuity plan (BCP)...
- Q68. An organization's audit charter should:
- Q69. A number of system failures are occurring when corrections to previously detected errors a...
- Q70. Which of the following would BEST detect unauthorized modification of data by a database a...
- Q71. Which of the following disaster recovery/continuity plan components provides the GREATEST ...
- Q72. Which of the following would be the MOST effective method to address software license viol...
- Q73. Input/output controls should be implemented for which applications in an integrated system...
- Q74. .The quality of the metadata produced from a data warehouse is _______________ in the ware...
- Q75. An IS auditor is assessing an organization's implementation of a virtual network. Which of...
- Q76. When conducting a penetration test of an IT system, an organization should be MOST concern...
- Q77. A comprehensive and effective e-mail policy should address the issues of e-mail structure,...
- Q78. Which of the following should an IS auditor use to detect duplicate invoice records within...
- Q79. Which of the following would provide the BEST evidence for use in a forensic investigation...
- Q80. The purpose of a deadman door controlling access to a computer facility is primarily to:...
- Q81. Which of the following is the MOST reasonable option for recovering a noncritical system?...
- Q82. To detect attack attempts that the firewall is unable to recognize, an IS auditor should r...
- Q83. An IS auditor is reviewing a small organization's business continuity and disaster recover...
- Q84. To maintain the confidentiality of information moved between office and home on removable ...
- Q85. The GREATEST risk when end users have access to a database at its system level, instead of...
- Q86. An IS auditor is involved in the user testing phase of a development project. The develope...
- Q87. After the merger of two organizations, multiple self-developed legacy applications from bo...
- Q88. Which of the following append themselves to files as a protection against viruses?...
- Q89. Rather than simply reviewing the adequacy of access control, appropriateness of access pol...
- Q90. Following best practices, formal plans for implementation of new information systems are d...
- Q91. A new information security manager is charged with reviewing and revising the information ...
- Q92. An organization is considering outsourcing the processing of customer insurance claims. An...
- Q93. A hacker could obtain passwords without the use of computer tools or programs through the ...
- Q94. Ensuring that security and control policies support business and IT objectives is a primar...
- Q95. The MOST likely explanation for the use of applets in an Internet application is that:...
- Q96. Which of the following BEST enables an audit department to improve the quality of work per...
- Q97. In an environment that automatically reports all program changes, which of the following i...
- Q98. As an auditor it is very important to ensure confidentiality, integrity, authenticity and ...
- Q99. To develop a successful business continuity plan, end user involvement is critical during ...
- Q100. .A transaction journal provides the information necessary for detecting unauthorized _____...
- Q101. Which of the following would effectively verify the originator of a transaction?...
- Q102. Which of the following functionality is NOT performed by the application layer of a TCP/IP...
- Q103. A sender of an e-mail message applies a digital signature to the digest of the message. Th...
- Q104. Loss-site scripting (XSS) attacks are BEST prevented through:...
- Q105. Which of the following should an IS auditor be MOST concerned with during a post-implement...
- Q106. The IS management of a multinational company is considering upgrading its existing virtual...
- Q107. During the review of a web-based software development project, an IS auditor realizes that...
- Q108. During a review of system access, an IS auditor notes that an employee who has recently ch...
- Q109. An IS auditor is reviewing IT policies and found that most policies have not been reviewed...
- Q110. Facilitating telecommunications continuity by providing redundant combinations of local ca...
- Q111. In the event of a data center disaster, which of the following would be the MOST appropria...
- Q112. In a cloud technology environment, which of the following would pose the GREATEST challeng...
- Q113. An organization is currently replacing its accounting system. Which of the following strat...
- Q114. Which of the following is the BEST source of information to determine the required level o...
- Q115. Which of the following is the GREATEST risk of using a reciprocal site for disaster recove...
- Q116. Which of the following statement INCORRECTLY describes circuit switching technique?...
- Q117. As an IS auditor it is very important to understand software release management process. W...
- Q118. Which of the following is BEST characterized by unauthorized modification of data before o...
- Q119. Which of the following is the BEST approach to verify that internal help desk procedures a...
- Q120. When preparing an audit report, the IS auditor should ensure that the results are supporte...
- Q121. A USB device containing sensitive production data was lost by an employee and its contents...
- Q122. In a typical SDLC, which group is PRIMARILY responsible for confirming compliance with req...
- Q123. Which of the following approaches would utilize data analytics to facilitate the testing o...
- Q124. Which of the following protocol is PRIMARILY used to provide confidentiality in a web base...
- Q125. Which of the following are examples of tools for launching Distributed DoS Attack (choose ...
- Q126. The MOST effective control for reducing the risk related to phishing is:...
- Q127. An IS audit team s evaluating the documentation related to the most recent application use...
- Q128. During a routine check, a system administrator identifies unusual activity indicating an i...
- Q129. A small organization is experiencing rapid growth and plans to create a new information se...
- Q130. Which of the following is MOST effective against system intrusions?...
- Q131. When participating as a member of a system development team, the IS auditor should be awar...
- Q132. The MAIN benefit of using an integrated lest facility (ITF) as an online auditing techniqu...
- Q133. What should regression testing use to obtain accurate conclusions regarding the effects of...
- Q134. An organization has virtualized its server environment without making any other changes to...
- Q135. Which of the following attack occurs when a malicious action is performed by invoking the ...
- Q136. Who is responsible for providing adequate physical and logical security for IS program, da...
- Q137. In an IS auditor's review of an organization's configuration management practices for soft...
- Q138. Which of the following factor is LEAST important in the measurement of critical success fa...
- Q139. Of the following, who is BEST suited to establish an organization's risk tolerance?...
- Q140. On a daily basis, an in-house development team moves duplicate copies of production data c...
- Q141. The decision to accept an IT control risk related to data quality should be the responsibi...
- Q142. Which of the following would be the MOST appropriate reason for an organization to purchas...
- Q143. Digital signatures require the sender to "sign" the data by encrypting the data with the s...
- Q144. Which of the following is the BEST indicator that an application system's agreed-upon leve...
- Q145. Which of the following is MOST important to include in forensic data collection and preser...
- Q146. Due to system limitations, segregation of duties (SoD) cannot be enforced in an accounts p...
- Q147. In a cloud technology environment, which of the following would pose the GREATEST challeng...
- Q148. Which of the following statement correctly describes the difference between IPSec and SSH ...
- Q149. Which of the following is the PRIMARY role of an IS auditor with regard to data privacy?...
- Q150. Which of the following focus areas is a responsibility of IT management rather than IT gov...
- Q151. Which of the following approaches would BEST ensure that data protection controls are embe...
- Q152. How is risk affected if users have direct access to a database at the system level?...
- Q153. A multinational organization is integrating its existing payroll system with a human resou...
- Q154. An IS auditor who was involved in designing an organization's business continuity plan (BC...
- Q155. A company has decided to implement an electronic signature scheme based on public key infr...
- Q156. Naming conventions for system resources are important for access control because they:...
- Q157. Which of the following is a telecommunication device that translates data from digital for...
- Q158. What should an IS auditor review FIRST when assessing the results of a recent penetration ...
- Q159. Which of the following is the MOST reliable sender authentication method?...
- Q160. When using a digital signature, the message digest is computed:...
- Q161. Which of the following is the BEST way to loster continuous improvement of IS audit proces...
- Q162. When performing an IS strategy audit, an IS auditor should review both short-term (one- ye...
- Q163. Sophisticated database systems provide many layers and types of security, including (choos...
- Q164. isk analysis is not always possible because the IS auditor is attempting to calculate risk...
- Q165. In the development of a new financial application, the IS auditor's FIRST involvement shou...
- Q166. Which of the following is the process of repeating a portion of a test scenario or test pl...
- Q167. Which of the following is the GREATEST concern when using a cold backup site?...
- Q168. Which of the following is the BEST way to verify the effectiveness of a data restoration p...
- Q169. After observing suspicious activities in a server, a manager requests a forensic analysis....
- Q170. When auditing the effectiveness of a biometric system, which of the following indicators w...
- Q171. The PRIMARY objective of performing a postincident review is that it presents an opportuni...
- Q172. Which of the following would BEST assist senior management in evaluating IT performance as...
- Q173. Which of the following would be the GREATEST risk associated with a new chat feature on a ...
- Q174. When continuous monitoring systems are being implemented, an IS auditor should FIRST ident...
- Q175. An organization's IS audit charter should specify the:...
- Q176. Vendors have released patches fixing security flaws in their software. Which of the follow...
- Q177. What is a callback system?
- Q178. A company uses a standard form to document and approve all changes in production programs....
- Q179. In RFID technology which of the following risk could represent a threat to non-RFID networ...
- Q180. The FIRST step in data classification is to:
- Q181. An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 1...
- Q182. An employee loses a mobile device resulting in loss of sensitive corporate data. Which of ...
- Q183. Over the long term, which of the following has the greatest potential to improve the secur...
- Q184. An IS auditor is using a statistical sample to inventory the tape library. What type of te...
- Q185. A number of system failures are occurring when corrections to previously detected errors a...
- Q186. When facilitating the alignment of corporate governance and information security governanc...
- Q187. A maturity model can be used to aid the implementation of IT governance by identifying:...
- Q188. Sending a message and a message hash encrypted by the sender's private key will ensure:...
- Q189. The responsibilities of a disaster recovery relocation team include:...
- Q190. Which of the following sampling methods is MOST useful when testing for compliance?...
- Q191. Which of the following is a good time frame for making changes to passwords?...
- Q192. Which of the following is MOST important for an IS auditor to review when assessing the in...
- Q193. Which of the following is the MOST efficient way to identify segregation of duties violati...
- Q194. The GREATEST advantage of using web services for the exchange of information between two s...
- Q195. If inadequate, which of the following would be the MOST likely contributor to a denial-of-...
- Q196. Which of the following should be an IS auditor's BEST recommendation to prevent installati...
- Q197. Which of the following should be of MOST concern to an IS auditor evaluating a forensics p...
- Q198. While reviewing sensitive electronic work papers, the IS auditor noticed that they were no...
- Q199. A bank has implemented a new accounting system. Which of the following is the BEST lime fo...
- Q200. Which of the following is the PRIMARY benefit of using a capability maturity model?...
- Q201. An IS auditor conducting audit follow-up activities learns that some previously agreed-upo...
- Q202. What is the PRIMARY reason to adopt a risk-based IS audit strategy?...
- Q203. In a small organization, an employee performs computer operations and, when the situation ...
- Q204. Stress testing should ideally be carried out under a:...
- Q205. Which of the following tests would provide the BEST assurance that a health care organizat...
- Q206. Which of the following is MOST critical for the successful implementation and maintenance ...
- Q207. Which of the following results in a denial-of-service attack?...
- Q208. To ensure authentication, confidentiality and integrity of a message, the sender should en...
- Q209. During an external assessment of network vulnerability, which of the following activities ...
- Q210. Which of the following should an IS auditor do FIRST when determining whether to employ da...
- Q211. Which of the following should be of MOST concern to an IS auditor reviewing the BCP?...
- Q212. The use of risk assessment tools for classifying risk factors should be formalized in your...
- Q213. A data center has a badge-entry system. Which of the following is MOST important to protec...
- Q214. Which of the following is MOST appropriate to prevent unauthorized retrieval of confidenti...
- Q215. Which of the following layer of an OSI model encapsulates packets into frames?...
- Q216. .What is an effective countermeasure for the vulnerability of data entry operators potenti...
- Q217. For an application system with a large master Tile and a small transact ion-activity file,...
- Q218. Assurance tasks required to support security accreditation/certification should be identif...
- Q219. A database administrator (DBA) extracts a user listing for an auditor as testing evidence....
- Q220. Which of the following will BEST provide an organization with ongoing assurance of the inf...
- Q221. Which of the following is an advantage of asymmetric crypto system over symmetric key cryp...
- Q222. Which of the following data validation control validates input data against predefined ran...
- Q223. An organization's plans to implement a virtualization strategy enabling multiple operating...
- Q224. A large chain of shops with electronic funds transfer (EFT) at point-of-sale devices has a...
- Q225. A critical server for a hospital has been encrypted by ransomware. The hospital is unable ...
- Q226. Of the following alternatives, the FIRST approach to developing a disaster recovery strate...
- Q227. An organization is planning to re-purpose workstations mat were used to handle confidentia...
- Q228. What would be an IS auditor's BEST recommendation upon finding that a third-party IT servi...
- Q229. Which of the following is a passive attack to a network?...
- Q230. A LAN administrator normally would be restricted from:...
- Q231. An IS auditor analyzing the audit log of a database management system (DBMS) finds that so...
- Q232. The ultimate purpose of IT governance is to:
- Q233. During the development of an application, the quality assurance testing and user acceptanc...
- Q234. Which of the following is an advantage of the top-down approach to software testing?...
- Q235. Which of the following is an example of a passive attack initiated through the Internet?...
- Q236. The BEST filter rule for protecting a network from being used as an amplifier in a denial ...
- Q237. Which of the following findings should be of GREATEST concern to an IS auditor performing ...
- Q238. An IS auditor finds that confidential company data has been inadvertently leaked through s...
- Q239. All Social Engineering techniques are based on flaws in:...
- Q240. Which of the following can help detect transmission errors by appending specially calculat...
- Q241. Which testing approach is MOST appropriate to ensure that internal application interface e...
- Q242. What should be done to determine the appropriate level of audit coverage for an organizati...
- Q243. An IS auditor is reviewing IT policies and found that most policies have not been reviewed...
- Q244. Which of the following control provides an alternative measure of control?...
- Q245. Which of the following is the MOST appropriate responsibility of an IS auditor involved in...
- Q246. Which of the following is the BEST way for an information security manager to justify cont...
- Q247. Which of the following tasks should be performed FIRST when preparing a disaster recovery ...
- Q248. Which of the following should be of GREATEST concern to an IS auditor when auditing an org...
- Q249. A retirement system verifies that the field for employee status has either a value of A (f...
- Q250. An organization is disposing of a system containing sensitive data and has deleted all fil...
- Q251. An IS auditor has found that a vendor has gone out of business and the escrow has an older...
- Q252. The Trojan.Linux.JBellz Trojan horse runs as a malformed file of what format?...
- Q253. An IS auditor issues an audit report pointing out the lack of firewall protection features...
- Q254. An organization has fully outsourced its email functions to a third-party cloud service pr...
- Q255. A policy has been established requiring users to install mobile device management (MDM) so...
- Q256. Which of the following types of testing would determine whether a new or modified system c...
- Q257. Which of the following is MOST likely to be included in computer operating procedures in a...
- Q258. The PRIMARY advantage of a continuous audit approach is that it:...
- Q259. Which of the following should be included in emergency change control procedures?...
- Q260. The IS management of a multinational company is considering upgrading its existing virtual...
- Q261. The MOST significant security concerns when using flash memory (e.g., USB removable disk) ...
- Q262. Which of the following is the FIRST step in initiating a data classification program?...
- Q263. When preparing to evaluate the effectiveness of an organizations IT strategy, an IS audito...
- Q264. An organization using development operations (DevOps) processes has deployed tools to prov...
- Q265. The GREATEST advantage of rapid application development (RAD) over the traditional system ...
- Q266. Identify the WAN message switching technique being used from the description presented bel...
- Q267. The application systems quality assurance (QA) function should:...
- Q268. Which of the following statement correctly describes one way SSL authentication between a ...
- Q269. If enabled within firewall rules, which of the following services would present the GREATE...
- Q270. When auditing the proposed acquisition of a new computer system, an IS auditor should FIRS...
- Q271. An organization is developing a web portal using some external components. Which of the fo...
- Q272. Which of the following is a distinctive feature of the Secure Electronic Transactions (SET...
- Q273. The decision to accept an IT control risk related to data quality should be the responsibi...
- Q274. When performing an audit of a client relationship management (CRM) system migration projec...
- Q275. An IS auditor is reviewing logical access controls for an organization's financial busines...
- Q276. During the implementation of an upgraded enterprise resource planning (ERP) system, which ...
- Q277. Which of the following statement correctly describes one way SSL authentication between a ...
- Q278. In an organization, the responsibilities for IT security are clearly assigned and enforced...
- Q279. .Ensuring that security and control policies support business and IT objectives is a prima...
- Q280. An organization is using symmetric encryption. Which of the following would be a valid rea...
- Q281. Which of the following would BEST determine whether a post-implementation review (PIR) per...
- Q282. Which of the following is the PRIMARY advantage of using virtualization technology for cor...
- Q283. An organization has recently converted its infrastructure to a virtualized environment. Th...
- Q284. Which of the following would prevent unauthorized changes to information stored in a serve...
- Q285. Which of the following programs would a sound information security policy MOST likely incl...
- Q286. Coding standards provide which of the following?...
- Q287. An organization is planning an acquisition and has engaged an IS auditor lo evaluate the I...
- Q288. The IS auditor has recommended that management test a new system before using it in produc...
- Q289. What kind of protocols does the OSI Transport Layer of the TCP/IP protocol suite provide t...
- Q290. Which of the following could be determined by an entity-relationship diagram?...
- Q291. Which of the following control is intended to discourage a potential attacker?...
- Q292. For an organization that has plans to implement web-based trading, it would be MOST import...
- Q293. Which of the following findings should be of GREATEST concern to an IS auditor performing ...
- Q294. An IS auditor is mapping controls to risk for an accounts payable system What is the BEST ...
- Q295. Using the OSI reference model, what layer(s) is/are used to encrypt data?...
- Q296. Which of the following is the BEST indication of control maturity in an organization's sys...
- Q297. Which of the following is MOST important when evaluating the retention period for a cloud ...
- Q298. Which of the following processes should an IS auditor recommend to assist in the recording...
- Q299. An IS auditor noted that a change to a critical calculation was placed into the production...
- Q300. Which of the following is an effective method for controlling downloading of files via FTP...
- Q301. .Which type of major BCP test only requires representatives from each operational area to ...
- Q302. An information security team has discovered that users are sharing a login account to an a...
- Q303. Which of the following is the MOST important consideration tor an IS auditor when reviewin...
- Q304. An IS auditor is performing a network security review of a telecom company that provides I...
- Q305. Network environments often add to the complexity of program-to-program communication, maki...
- Q306. An IS auditor is conducting a review of a healthcare organization's IT policies for handli...
- Q307. Which of the following functions is performed by a virtual private network (VPN)?...
- Q308. An IS auditor is reviewing a project that is using an Agile software development approach....
- Q309. A data administrator is responsible for:
- Q310. The phases and deliverables of a system development life cycle (SDLC) project should be de...
- Q311. Which of the following is a continuity plan test that uses actual resources to simulate a ...
- Q312. During a privileged access review, an IS auditor observes many help desk employees have pr...
- Q313. Which of the following represents the GREATEST potential risk in an EDI environment?...
- Q314. Which of the following would an IS auditor consider to be the MOST helpful when evaluating...
- Q315. The 'trusted systems' approach has been predominant in the design of:...
- Q316. Which of the following provides the BEST audit evidence that a firewall is configured in c...
- Q317. Which of the following situations would increase the likelihood of fraud?...
- Q318. Which of the following is the BEST development methodology to help manage project requirem...
- Q319. Which of the following is the PRIMARY reason for an IS audit manager to review the work pe...
- Q320. A virtual private network (VPN) provides data confidentiality by using:...
- Q321. A project manager of a project that is scheduled to take 18 months to complete announces t...
- Q322. Which of the following will replace system binaries and/or hook into the function calls of...
- Q323. Which of the following is the MOST reliable sender authentication method?...
- Q324. .If an IS auditor observes that individual modules of a system perform correctly in develo...
- Q325. After observing suspicious activities in a server, a manager requests a forensic analysis....
- Q326. To ensure authentication, confidentiality and integrity of a message, the sender should en...
- Q327. Which significant risk is introduced by running the file transfer protocol (FTP) service o...
- Q328. Which of the following is the MOST effective control to ensure electronic records beyond t...
- Q329. What type of BCP test uses actual resources to simulate a system crash and validate the pl...
- Q330. An organization plans to receive an automated data feed into its enterprise data warehouse...
- Q331. Physical access controls are usually implemented based on which of the following means (ch...
- Q332. Which of the following BEST guards against the risk of attack by hackers?...
- Q333. Which procedure provides the GREATEST assurance that corrective action to an audit report ...
- Q334. The BEST way to prevent fraudulent payments is to implement segregation of duties between ...
- Q335. Which of the following findings should be of GREATEST concern to an IS auditor conducting ...
- Q336. Disaster recovery planning (DRP) addresses the:...
- Q337. Which of the following group is MOST likely responsible for the implementation of IT proje...
- Q338. Which of the following should be of GREATEST concern to an IS auditor reviewing actions ta...
- Q339. An appropriate control for ensuring the authenticity of orders received in an EDI applicat...
- Q340. When following up on a data breach, an IS auditor finds a system administrator may have co...
- Q341. Which of the following is the MOST effective method for dealing with the spreading of a ne...
- Q342. In which of the following database model is the data organized into a tree-like structure,...
- Q343. Which of the following is the BEST way for an IS auditor to assess the effectiveness of ba...
- Q344. A malicious code that changes itself with each file it infects is called a:...
- Q345. An organization's IT security policy requires annual security awareness training for all e...
- Q346. The BEST way to evaluate a shared control environment is to obtain an assurance report and...
- Q347. A financial services organization is developing and documenting business continuity measur...
- Q348. A hardware control that helps to detect errors when data are communicated from one compute...
- Q349. Which of the following technique is used for speeding up network traffic flow and making i...
- Q350. A web application is developed in-house by an organization. Which of the following would p...
- Q351. A certificate authority (CA) can delegate the processes of:...
- Q352. As an auditor it is very important to ensure confidentiality, integrity, authenticity and ...
- Q353. An IS auditor has completed a review of an outsourcing agreement and has communicating the...
- Q354. Functionality is a characteristic associated with evaluating the quality of software produ...
- Q355. The reliability of an application system's audit trail may be questionable if:...
- Q356. In which of the following payment mode, the payer creates payment transfer instructions, s...
- Q357. Which of the following exposures associated with the spooling of sensitive reports for off...
- Q358. Which of the following is a risk of cross-training?...
- Q359. During a review of system access, an IS auditor notes that an employee who has recently ch...
- Q360. A virus typically consists of what major parts (choose all that apply):...
- Q361. Which of the following user profiles should be of MOST concern to an IS auditor when perfo...
- Q362. Due to changes in IT, the disaster recovery plan of a large organization has been changed....
- Q363. Which of the following protocol is used for electronic mail service?...
- Q364. While conducting a system architecture review, an IS auditor learns of multiple complaints...
- Q365. Since data storage of a critical business application is on a redundant array of inexpensi...
- Q366. Upon completion of audit work, an IS auditor should:...
- Q367. Which of the following is the BEST recommendation to prevent fraudulent electronic funds t...
- Q368. The PRIMARY objective of testing a business continuity plan is to:...
- Q369. If a programmer has update access to a live system, IS auditors are more concerned with th...
- Q370. Which of the following is the client organization's responsibility in a Software as a Serv...
- Q371. An IS auditor noted that an organization had adequate business continuity plans (BCPs) for...
- Q372. In an organization, the responsibilities for IT security are clearly assigned and enforced...
- Q373. .After identifying potential security vulnerabilities, what should be the IS auditor's nex...
- Q374. An IS auditor reviewing a proposed application software acquisition should ensure that the...
- Q375. Which of the following is a passive attack to a network?...
- Q376. During the review of a biometrics system operation, an IS auditor should FIRST review the ...
- Q377. Which of the following provides the best evidence of the adequacy of a security awareness ...
- Q378. The use of symmetric key encryption controls to protect sensitive data transmitted over a ...
- Q379. "Which of the following BEST describes the concept of ""defense in depth""?"...
- Q380. A bank is selecting a server for its retail accounts application. To ensure that the serve...
- Q381. IT best practices for the availability and continuity of IT services should:...
- Q382. An IT steering committee assists the board of directors to fulfill IT governance duties by...
- Q383. Which of the following can help ensure that IT deliverables are linked to business goals a...
- Q384. An organization is replacing a mission-critical system. Which of the following is the BEST...
- Q385. An IS auditor is assigned to audit a software development project which is more than 80 pe...
- Q386. Of the three major types of off-site processing facilities, what type is characterized by ...
- Q387. An IS auditor assessing the controls within a newly implemented call center would FIRST...
- Q388. What kind of protocols does the OSI Transport Layer of the TCP/IP protocol suite provide t...
- Q389. When auditing the security architecture of an e-commerce environment, an IS auditor should...
- Q390. An IS auditor finds that client requests were processed multiple times when received from ...
- Q391. While performing a risk-based audit, which of the following would BEST enable an IS audito...
- Q392. Reviewing project plans and status reports throughout the development life cycle will:...
- Q393. Which of the following should an IS auditor review to understand project progress in terms...
- Q394. Which of the following access rights in the production environment should be granted to a ...
- Q395. If an IS auditor observes that an IS department fails to use formal documented methodologi...
- Q396. A change to the scope of an IT project has been formally submitted to the project manager....
- Q397. As part of a mergers and acquisitions activity, an acquiring organization wants to consoli...
- Q398. Which of the following recommendations by an IS auditor is the BEST control to protect an ...
- Q399. Well-written risk assessment guidelines for IS auditing should specify which of the follow...
- Q400. Which of the following provides nonrepudiation services for e-commerce transactions?...
- Q401. An organization has an integrated development environment (IDE) on which the program libra...
- Q402. Which of the following would prevent accountability for an action performed, thus allowing...
- Q403. Which of the following would be MOST effective when justifying the cost of adding security...
- Q404. During Involuntary termination of an employee, which of the following is the MOST importan...
- Q405. When should an application-level edit check to verify that availability of funds was compl...
- Q406. Buffer overflow in an Internet environment is of particular concern to the IS auditor beca...
- Q407. Which of the following is the GREATEST security threat when an organization allows remote ...
- Q408. The objective of using coding standards for systems development is to:...
- Q409. A new regulation requires organizations to report significant security incidents to the re...
- Q410. An emergency power-off switch should:
- Q411. Which of the following should an IS auditor verify when auditing the effectiveness of viru...
- Q412. Total billing amounts on invoices are automatically transferred to an organization's accou...
- Q413. An IS auditor finds that, at certain times of the day, the data warehouse query performanc...
- Q414. During the planning stage of an IS audit, the PRIMARY goal of an IS auditor is to:...
- Q415. Which of the following layer of an OSI model ensures that messages are delivered error-fre...
- Q416. In computer forensics, which of the following is the process that allows bit-for-bit copy ...
- Q417. Which of the following would help to ensure the completeness of batch file transfers?...
- Q418. Which of the following will help detect changes made by an intruder to the system log of a...
- Q419. Which of the following is the MOST important criterion when selecting a location for an of...
- Q420. When reviewing an organization's strategic IT plan an IS auditor should expect to find:...
- Q421. The business case for an IS project has changed during the course of the project due to ne...
- Q422. If an IS auditor finds evidence of risk involved in not implementing proper segregation of...
- Q423. An organization has a number of branches across a wide geographical areA. To ensure that a...
- Q424. Which of the following can degrade network performance?...
- Q425. An existing system is being extensively enhanced by extracting and reusing design and prog...
- Q426. An IS auditor identities that the accounts payable clerk has direct access to the payment ...
- Q427. During a vulnerability assessment, an IS auditor finds a high-risk vulnerability in a publ...
- Q428. To develop meaningful recommendations for findings, which of the following is MOST importa...
- Q429. During a review of a production schedule, an IS auditor observes that a staff member is no...
- Q430. An audit of environmental controls at a data center could include a review of the...
- Q431. Before implementing an IT balanced scorecard, an organization must:...
- Q432. An IS auditor reviewing an outsourcing contract of IT facilities would expect it to define...
- Q433. An organization allows employee use of personal mobile devices for corporate email. Which ...
- Q434. An IS auditor who was involved in designing an organization's business continuity plan (BC...
- Q435. Which of the following is a benefit of the DevOps development methodology?...
- Q436. An IS auditor is reviewing security controls related to collaboration to unit responsible ...
- Q437. Which of the following is MOST important to review when evaluating the performance of a cr...
- Q438. Which of the following is the MOST effective control over visitor access to a data center?...
- Q439. Which of the following would normally be the MOST reliable evidence for an auditor?...
- Q440. An organization has outsourced its help desk activities. An IS auditor's GREATEST concern ...
- Q441. When performing an audit of access rights, an IS auditor should be suspicious of which of ...
- Q442. Which of the following would prevent accountability for an action performed, thus allowing...
- Q443. Which of the following should be of GREATEST concern to an IS auditor reviewing on-site pr...
- Q444. In a client-server architecture, a domain name service (DNS) is MOST important because it ...
- Q445. A client/server configuration will:
- Q446. In which of the following database model is the data organized into a tree-like structure,...
- Q447. Which of the following is the GREATEST risk associated with data conversion and migration ...
- Q448. Physical access controls are usually implemented based on which of the following means (Ch...
- Q449. Proper segregation of duties does not prohibit a quality control administrator from also b...
- Q450. When reviewing an organization's IT governance processes, which of the following provides ...
- Q451. The decision to accept an IT control risk related to data quality should be the responsibi...
- Q452. Which of the following BEST describes the role of a directory server in a public key infra...
- Q453. Functionality is a characteristic associated with evaluating the quality of software produ...
- Q454. To minimize the cost of a software project, quality management techniques should be applie...
- Q455. Which of the following is the GREATEST benefit of utilizing data analytics?...
- Q456. Which of the following is the MOST critical step prior to performing a network penetration...
- Q457. Which of the following fire-suppression methods is considered to be the most environmental...
- Q458. An IS auditor finds that a system under development has 12 linked modules and each item of...
- Q459. Which of the following BEST supports the prioritization of new IT projects?...
- Q460. A firewall has been installed on the company's web server. Which concern does the firewall...
- Q461. An IS auditor is reviewing an IT security risk management program. Measures of security ri...
- Q462. An IS auditor evaluating logical access controls should FIRST:...
- Q463. Which of the following is the GREATEST concern when an organization allows personal device...
- Q464. During the review of an organization's software development process, which of the followin...
- Q465. An IS auditor observed that most users do not comply with physical access controls. The bu...
- Q466. IS management has decided to install a level 1 Redundant Array of Inexpensive Disks (RAID)...
- Q467. Which of the following governance functions is responsible for ensuring IT projects have s...
- Q468. Which of the following protocol does NOT work at Network interface layer in TCP/IP model?...
- Q469. Which of the following technique is NOT used by a preacher against a Private Branch Exchan...
- Q470. An organization has outsourced its wide area network (WAN) to a third-party service provid...
- Q471. Which of the following is the INCORRECT Layer to Protocol mapping used in the DOD TCP/IP m...
- Q472. Whenever business processes have been re-engineered, the IS auditor attempts to identify a...
- Q473. Which of the following backup techniques is the MOST appropriate when an organization requ...
- Q474. Several unattended laptops containing sensitive customer data were stolen from personnel o...
- Q475. An organization which uses external cloud services extensively is concerned with risk moni...
- Q476. Management considered two projections for its business continuity plan; plan A with two mo...
- Q477. An organization is developing data classification standards and has asked internal audit f...
- Q478. Which of the following is MOST important to include in an organization's incident response...
- Q479. Which of the following is the MAIN benefit of using data analytics when testing the effect...
- Q480. In which of the following situations is it MOST appropriate to implement data mirroring as...
- Q481. An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, wh...
- Q482. Which of the following IT governance best practices improves strategic alignment?...
- Q483. Which of the following would be the BEST population to take a sample from when testing pro...
- Q484. In which of the following sampling methodologies does each member of the population have a...
- Q485. Which of the following is a mechanism for mitigating risks?...
- Q486. A transaction journal provides the information necessary for detecting unauthorized ______...
- Q487. During the system testing phase of an application development project the IS auditor shoul...
- Q488. Which of the following BEST demonstrates to an IS auditor that an organization has impleme...
- Q489. Which of the following is a passive attack on a network?...
- Q490. .What is a data validation edit control that matches input data to an occurrence rate? Cho...
- Q491. The recovery time objective (RTO) is normally determined on the basis of the:...
- Q492. Which of the following is BEST suited for secure communications within a small group?...
- Q493. Which of the following protocol is developed jointly by VISA and Master Card to secure pay...
- Q494. An organization plans to deploy Wi-Fi location analytics to count the number of shoppers p...
- Q495. IT operations for a large organization have been outsourced. An IS auditor reviewing the o...
- Q496. When responding to an ongoing denial of service (DoS) attack, an organization's FIRST cour...
- Q497. Which of the following should be a concern to an IS auditor reviewing a digital forensic p...
- Q498. An IS auditor should expect the responsibility for authorizing access rights to production...
- Q499. Common implementations of strong authentication may use which of the following factors in ...
- Q500. The information security policy that states 'each individual must have their badge read at...
- Q501. As part of the IEEE 802.11 standard ratified in September 1999, WEP uses the CRC- 32 check...
- Q502. The BEST data backup strategy for mobile users is to:...
- Q503. After observing suspicious activities in a server, a manager requests a forensic analysis....
- Q504. In a public key infrastructure (PKI), which of the following may be relied upon to prove t...
- Q505. When auditing a disaster recovery plan for a critical business area, an IS auditor finds t...
- Q506. During a project meeting for the Implementation of an Enterprise resource planning (ERP). ...
- Q507. The PRIMARY purpose of a configuration management system is to:...
- Q508. Which of the following will replace system binaries and/or hook into the function calls of...
