Which of the following provides the MOST protection against emerging threats?
Which of the following is the MOST appropriate indicator of change management effectiveness?
Which of the following provides the MOST reliable method of preventing unauthonzed logon?
Which of the following is the BEST compensating control against segregation of duties conflicts in new code development?
Which of the following should be the FIRST step m managing the impact of a recently discovered zero-day attack?
An organization's IT department and internal IS audit function all report to the chief information officer (CIO). Which of the following is the GREATEST concern associated with this reporting structure?
An organization has partnered with a third party to transport backup drives to an offsite storage facility. Which of the following is MOST important before sending the drives?
An IS auditor is reviewing the security of a web-based customer relationship management (CRM) system that is directly accessed by customers via the Internet, which of the following should be a concern for the auditor?
Which of the following should be of GREATEST concern to an IS auditor conducting an audit of an organization that recently experienced a ransomware attack?
Which of the following should be of GREATEST concern to an IS auditor who is assessing an organization's configuration and release management process?
Users are complaining that a newly released enterprise resource planning (ERP) system is functioning too slowly. Which of the following tests during the quality assurance (QA) phase would have identified this concern?
A financial group recently implemented new technologies and processes, Which type of IS audit would provide the GREATEST level of assurance that the department's objectives have been met?
To reduce operational costs, IT management plans to reduce the number of servers currently used to run business applications. Which of the following is MOST helpful to review when identifying which servers are no longer required?
Which of the following provides the BE ST method for maintaining the security of corporate applications pushed to employee-owned mobile devices?
Which of the following is the BEST way for management to ensure the effectiveness of the cybersecurity incident response process?
An organization has assigned two new IS auditors to audit a new system implementation. One of the auditors has an IT-related degree, and one has a business degree. Which of the following is MOST important to meet the IS audit standard for proficiency?
Effective separation of duties in an online environment can BEST be achieved by utilizing:
In an IT organization where many responsibilities are shared which of the following is the BEST control for detecting unauthorized data changes?
Which of the following management decisions presents the GREATEST risk associated with data leakage?
Which of the following would BEST guide an IS auditor when determining an appropriate time to schedule the follow-up of agreed corrective actions for reported audit issues?
Which of the following is the MOST important consideration for a contingency facility?
Which of the following is the BEST way to detect unauthorized copies of licensed software on systems?
During audit planning, the IS audit manager is considering whether to budget for audits of entities regarded by the business as having low risk. Which of the following is the BEST course of action in this situation?
Which of the following is an IS auditor's BEST recommendation to protect an organization from attacks when its file server needs to be accessible to external users?
Which of the following is the MOST important factor when an organization is developing information security policies and procedures?
An IS auditor finds that periodic reviews of read-only users for a reporting system are not being performed. Which of the following should be the IS auditor's NEXT course of action?
When auditing the feasibility study of a system development project, the IS auditor should:
Which of the following should an IS auditor recommend be done FIRST when an organization is made aware of a new regulation that is likely to impact IT security requirements?
When developing customer-facing IT applications, in which stage of the system development life cycle (SDLC) is it MOST beneficial to consider data privacy principles?
An IS auditor is assigned to review the IS department s quality procedures. Upon contacting the IS manager, the auditor finds that there is an informal unwritten set of standards Which of the following should be the auditor's NEXT action1?
An IS auditor observes that a business-critical application does not currently have any level of fault tolerance. Which of the following is the GREATEST concern with this situation?
An IS auditor is reviewing an organization's business intelligence infrastructure. The BEST recommendation to help the organization achieve a reasonable level of data quality would be to:
Which of the following should be the FIRST step when conducting an IT risk assessment?
Which of the following BEST protects evidence in a forensic investigation?
Due to advancements in technology and electronic records, an IS auditor has completed an engagement by email only. Which of the following did the IS auditor potentially compromise?
Which of the following is the MOST effective method of destroying sensitive data stored on electronic media?
An organization considering the outsourcing of a business application should FIRST:
Which of the following findings would be of GREATEST concern to an IS auditor assessing an organization's patch management process?
An IS auditor finds a segregation of duties issue in an enterprise resource planning (ERP) system. Which of the following is the BEST way to prevent the misconfiguration from recurring?
Which of the following provides a new IS auditor with the MOST useful information to evaluate overall IT performance?
Which of the following is the BEST indication to an IS auditor that management's post-implementation review was effective?
Which of the following is the MOST significant impact to an organization that does not use an IT governance framework?
Which of the following is a PRIMARY benefit of using risk assessments to determine areas to be included in an audit plan?
Which of the following would be an IS auditor's GREATEST concern when reviewing the organization's business continuity plan (BCP)?
An IS auditor is reviewing an organization's business continuity plan (BCP) following a change in organizational structure with significant impact to business processes. Which of the following findings should be the auditor's GREATEST concern?
Which of the following areas is MOST likely to be overlooked when implementing a new data classification process?
As part of business continuity planning, which of the following is MOST important to assess when conducting a business impact analysis (B1A)?
Which of the following is the PRIMARY benefit of a tabletop exercise for an incident response plan?
An IS auditor is reviewing the backup procedures in an organization that has high volumes of data with frequent changes to transactions. Which of the following is the BEST backup scheme to recommend given the need for a shorter restoration time in the event of a disruption?
Which of the following is the BEST way to ensure an organization's data classification policies are preserved during the process of data transformation?
An IS auditor is conducting an IT governance audit and notices many initiatives are managed informally by isolated project managers. Which of the following recommendations would have the GREATEST impact on improving the maturity of the IT team?
An IS auditor is verifying the adequacy of an organization's internal controls and is concerned about potential circumvention of regulations. Which of the following is the BEST sampling method to use?
During an external review, an IS auditor observes an inconsistent approach in classifying system criticality
within the organization. Which of the following should be recommended as the PRIMARY factor to
determine system criticality?
The use of which of the following is an inherent risk in the application container infrastructure?
Recovery facilities providing a redundant combination of Internet connections to the local communications loop is an example of which type of telecommunications continuity?
Which type of risk would MOST influence the selection of a sampling methodology?
Which of the following should be an IS auditor's PRIMARY consideration when determining which issues to include in an audit report?
After delivering an audit report, the audit manager discovers that evidence was overlooked during the audit This evidence indicates that a procedural control may have failed and could contradict a conclusion of the audit Which of the following risks is MOST affected by this oversight?
An organization has established hiring policies and procedures designed specifically to ensure network administrators are well qualified Which type of control is in place?
Which of the following is an example of a preventive control for physical access?
During an audit which of the following would be MOST helpful in establishing a baseline for measuring data quality?
Which of the following is the BEST way to verify the effectiveness of a data restoration process?
Which of the following would the IS auditor MOST likely review to determine whether modifications to the operating system parameters were authorized?
An internal audit team is deciding whether to use an audit management application hosted by a third party in a different country.
What should be the MOST important consideration related to the uploading of payroll audit documentation in the hosted
application?
An organization relies on an external vendor that uses a cloud-based Software as a Service (SaaS) model to back up its data. Which of the following is the GREATEST risk to the organization related to data backup and retrieval?
An IS auditor is evaluating the risk associated with moving from one database management system (DBMS) to another. Which of the following would be MOST helpful to ensure the integrity of the system throughout the change?
During the implementation of a new system, an IS auditor must assess whether certain automated calculations comply with the regulatory requirements Which of the following is the BEST way to obtain this assurance?
An IS auditor has been asked to audit the proposed acquisition of new computer hardware. The auditor’s PRIMARY concern Is that:
Which of the following business continuity activities prioritizes the recovery of critical functions?
Providing security certification for a new system should include which of the following prior to the system's implementation?
Which of the following BEST enables the timely identification of risk exposure?
An organization has assigned two now IS auditors to audit a now system implementation. One of the auditors has an IT-related degree, and one has a business degree. Which ol the following is MOST important to meet the IS audit standard for proficiency?
Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following occurs during the issues management process for a system development project?
The waterfall life cycle model of software development is BEST suited for which of the following situations?
In an online application, which of the following would provide the MOST information about the transaction audit trail?
Which of the following represents the HIGHEST level of maturity of an information security program?
The performance, risks, and capabilities of an IT infrastructure are BEST measured using a:
An organization plans to receive an automated data feed into its enterprise data warehouse from a third-party service provider. Which of the following would be the BEST way to prevent accepting bad data?
Which of the following should an IS auditor review FIRST when planning a customer data privacy audit?
Due to a recent business divestiture, an organization has limited IT resources to deliver critical projects Reviewing the IT staffing plan against which of the following would BEST guide IT management when estimating resource requirements for future projects?
Which of the following provides the MOST assurance over the completeness and accuracy ol loan application processing with respect to the implementation of a new system?
When auditing the alignment of IT to the business strategy, it is MOST Important for the IS auditor to:
Which of the following findings should be of GREATEST concern for an IS auditor when auditing the effectiveness of a phishing simu-lation test administered for staff members?
Which of the following controls BEST ensures appropriate segregation of dudes within an accounts payable department?
A third-party consultant is managing the replacement of an accounting system. Which of the following should be the IS auditor's GREATEST concern?
Which of the following MUST be completed as part of the annual audit planning process?
Which of the following Is the BEST way to ensure payment transaction data is restricted to the appropriate users?
An IS auditor finds a high-risk vulnerability in a public-facing web server used to process online customer payments. The IS auditor should FIRST
Which of the following concerns is BEST addressed by securing production source libraries?
An IS auditor performs a follow-up audit and learns the approach taken by the auditee to fix the findings differs from the agreed-upon approach confirmed during the last audit. Which of the following should be the auditor's NEXT course of action?
Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (lDS)?
Which of the following is an example of a preventative control in an accounts payable system?
In data warehouse (DW) management, what is the BEST way to prevent data quality issues caused by changes from a source system?
Which of the following would lead an IS auditor to conclude that the evidence collected during a digital forensic investigation would not be admissible in court?
Which of the following observations would an IS auditor consider the GREATEST risk when conducting an audit of a virtual server farm tor potential software vulnerabilities?
Which of the following is the BEST reason for an organization to use clustering?
In a RAO model, which of the following roles must be assigned to only one individual?
Which of the following is the GREATEST security risk associated with data migration from a legacy human resources (HR) system to a cloud-based system?
Which of the following activities provides an IS auditor with the MOST insight regarding potential single person dependencies that might exist within the organization?
Which of the following is MOST helpful for measuring benefits realization for a new system?
An IS auditor notes that IT and the business have different opinions on the availability of their application servers. Which of the following should the IS auditor review FIRST in order to understand the problem?
Which of the following BEST demonstrates that IT strategy Is aligned with organizational goals and objectives?
Which of the following findings should be of GREATEST concern to an IS auditor performing a review of IT operations?
Which of the following will MOST likely compromise the control provided By a digital signature created using RSA encryption?
Which of the following is the BEST source of information for an IS auditor to use as a baseline to assess the adequacy of an organization's privacy policy?
During a follow-up audit, it was found that a complex security vulnerability of low risk was not resolved within the agreed-upon timeframe. IT has stated that the system with the identified vulnerability is being replaced and is expected to be fully functional in two months Which of the following is the BEST course of action?
Which of the following would be of MOST concern for an IS auditor evaluating the design of an organization's incident management processes?
For an organization that has plans to implement web-based trading, it would be MOST important for an IS auditor to verify the organization's information security plan includes:
UESTION NO: 210
An accounting department uses a spreadsheet to calculate sensitive financial transactions. Which of the following is the MOST important control for maintaining the security of data in the spreadsheet?
Which of the following is the MOST important activity in the data classification process?
Which of the following is MOST important for an IS auditor to consider when performing the risk assessment poor to an audit engagement?
The BEST way to determine whether programmers have permission to alter data in the production environment is by reviewing:
Which of the following is MOST important for an IS auditor to verify when evaluating an organization's firewall?
An IS audit learn is evaluating the documentation related to the most recent application user-access review performed by IT and business management It is determined that the user list was not system-generated. Which of the following should be the GREATEST concern?
An IS auditor learns the organization has experienced several server failures in its distributed environment. Which of the following is the BEST recommendation to limit the potential impact of server failures in the future?
An IS auditor is reviewing an industrial control system (ICS) that uses older unsupported technology in the scope of an upcoming audit. What should the auditor consider the MOST significant concern?
Which of the following is the PRIMARY reason to follow a configuration management process to maintain application?
Which of the following is the PRIMARY role of the IS auditor m an organization's information classification process?
During the planning stage of a compliance audit, an IS auditor discovers that a bank's inventory of compliance requirements does not include recent regulatory changes related to managing data risk. What should the auditor do FIRST?
An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives. Which of the following findings should be the IS auditor's GREATEST concern?
Which of the following weaknesses would have the GREATEST impact on the effective operation of a perimeter firewall?
A project team has decided to switch to an agile approach to develop a replacement for an existing business application. Which of the following should an IS auditor do FIRST to ensure the effectiveness of the protect audit?
When testing the adequacy of tape backup procedures, which step BEST verifies that regularly scheduled Backups are timely and run to completion?
An IS auditor is analyzing a sample of accesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found Which sampling method would be appropriate?
In an environment that automatically reports all program changes, which of the following is the MOST efficient way to detect unauthorized changes to production programs?
Which of the following metrics would BEST measure the agility of an organization's IT function?
A new system is being developed by a vendor for a consumer service organization. The vendor will provide its proprietary software once system development is completed Which of the following is the MOST important requirement to include In the vendor contract to ensure continuity?
Which of the following is the MOST important reason to classify a disaster recovery plan (DRP) as confidential?
Which of the following is MOST important to consider when scheduling follow-up audits?
Following a security breach in which a hacker exploited a well-known vulnerability in the domain controller, an IS audit has been asked to conduct a control assessment. the auditor's BEST course of action would be to determine if:
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
An IS auditor has completed the fieldwork phase of a network security review and is preparing the initial following findings should be ranked as the HIGHEST risk?
Which of the following would be the MOST useful metric for management to consider when reviewing a project portfolio?
Which of the following is MOST important to ensure that electronic evidence collected during a forensic investigation will be admissible in future legal proceedings?
Which of the following is the BEST evidence that an organization's IT strategy is aligned lo its business objectives?
Management receives information indicating a high level of risk associated with potential flooding near the organization's data center within the next few years. As a result, a decision has been made to move data center operations to another facility on higher ground. Which approach has been adopted?
A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization. Which of the following is MOST effective in detecting such an intrusion?
Which of the following would be an appropriate role of internal audit in helping to establish an organization’s privacy program?
What should an IS auditor do FIRST upon discovering that a service provider did not notify its customers of a security breach?
Which of the following presents the GREATEST challenge to the alignment of business and IT?
Which of the following is the BEST reason to implement a data retention policy?
An IS auditor discovers that an IT organization serving several business units assigns equal priority to all initiatives, creating a risk of delays in securing project funding Which of the following would be MOST helpful in matching demand for projects and services with available resources in a way that supports business objectives?
Which of the following issues associated with a data center's closed-circuit television (CCTV) surveillance cameras should be of MOST concern to an IS auditor?
Which of the following backup schemes is the BEST option when storage media is limited?
Which of the following BEST facilitates the legal process in the event of an incident?
Which of the following is MOST important for an IS auditor to determine during the detailed design phase of a system development project?
Which of the following BEST enables the effectiveness of an agile project for the rapid development of a new software application?
Which of the following should be the IS auditor's PRIMARY focus, when evaluating an organization's offsite storage facility?
What is the GREATEST concern for an IS auditor reviewing contracts for licensed software that executes a critical business process?
During audit framework. an IS auditor teams that employees are allowed to connect their personal devices to company-owned computers. How can the auditor BEST validate that appropriate security controls are in place to prevent data loss?
An IS auditor is reviewing processes for importing market price data from external data providers. Which of the following findings should the auditor consider MOST critical?
Which of the following features of a library control software package would protect against unauthorized updating of source code?
Which of the following is MOST important when implementing a data classification program?
An IS auditor notes that the previous year's disaster recovery test was not completed within the scheduled time frame due to insufficient hardware allocated by a third-party vendor. Which of the following provides the BEST evidence that adequate resources are now allocated to successfully recover the systems?
Which of the following would BEST help to ensure that potential security issues are considered by the development team as part of incremental changes to agile-developed software?
An IS auditor assessing the controls within a newly implemented call center would First
An organization allows its employees lo use personal mobile devices for work. Which of the following would BEST maintain information security without compromising employee privacy?
Which of the following is the BEST metric to measure the alignment of IT and business strategy?
Which of the following is the MOST effective way for an organization to help ensure agreed-upon action plans from an IS audit will be implemented?
Which of the following should be the FIRST step in the incident response process for a suspected breach?
An IS auditor follows up on a recent security incident and finds the incident response was not adequate. Which of the following findings should be considered MOST critical?
Which of the following is the BEST way to ensure that business continuity plans (BCPs) will work effectively in the event of a major disaster?
Which of the following is the MOST efficient way to identify segregation of duties violations in a new system?
Which of the following would be MOST effective to protect information assets in a data center from theft by a vendor?
Which of the following is the GREATEST risk of using a reciprocal site for disaster recovery?
An externally facing system containing sensitive data is configured such that users have either read-only or administrator rights. Most users of the system have administrator access. Which of the following is the GREATEST risk associated with this situation?
Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?
Which of the following would MOST effectively help to reduce the number of repealed incidents in an organization?
A review of Internet security disclosed that users have individual user accounts with Internet service providers (ISPs) and use these accounts for downloading business data. The organization wants to ensure that only the corporate network is used. The organization should FIRST:
An IS auditor has found that a vendor has gone out of business and the escrow has an older version of the source code. What is the auditor's BEST recommendation for the organization?
An IS auditor is reviewing logical access controls for an organization's financial business application Which of the following findings should be of GREATEST concern to the auditor?
An IS auditor is reviewing the installation of a new server. The IS auditor's PRIMARY objective is to ensure that
An organization has made a strategic decision to split into separate operating entities to improve profitability. However, the IT infrastructure remains shared between the entities. Which of the following would BEST help to ensure that IS audit still covers key risk areas within the IT environment as part of its annual plan?
Which of the following security measures will reduce the risk of propagation when a cyberattack occurs?
Which of the following BEST helps to ensure data integrity across system interfaces?
Which of the following is the BEST way to enforce the principle of least privilege on a server containing data with different security classifications?
Which of the following would provide an IS auditor with the GREATEST assurance that data disposal controls support business strategic objectives?
Which of the following is the BEST way to mitigate the risk associated with unintentional modifications of complex calculations in end-user computing (EUC)?
An IS auditor has discovered that a software system still in regular use is years out of date and no longer supported the auditee has stated that it will take six months until the software is running on the current version. Which of the following is the BEST way to reduce the immediate risk associated with using an unsupported version of the software?
During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?
A review of an organization’s IT portfolio revealed several applications that are not in use. The BEST way to prevent this situation from recurring would be to implement.
If enabled within firewall rules, which of the following services would present the GREATEST risk?
Which of the following would be MOST useful when analyzing computer performance?
Which of the following is MOST important for an IS auditor to confirm when reviewing an organization's plans to implement robotic process automation (RPA> to automate routine business tasks?
Which of the following is the MOST significant risk that IS auditors are required to consider for each engagement?
Which of the following should be of GREATEST concern for an IS auditor reviewing an organization's disaster recovery plan (DRP)?
Which of the following should be performed FIRST before key performance indicators (KPIs) can be implemented?
Which of the following application input controls would MOST likely detect data input errors in the customer account number field during the processing of an accounts receivable transaction?
Which of the following is a challenge in developing a service level agreement (SLA) for network services?
Which task should an IS auditor complete FIRST during the preliminary planning phase of a database security review?
Which of the following will BEST ensure that a proper cutoff has been established to reinstate transactions and records to their condition just prior to a computer system failure?
Which of the following should an IS auditor ensure is classified at the HIGHEST level of sensitivity?
Which of the following audit procedures would be MOST conclusive in evaluating the effectiveness of an e-commerce application system's edit routine?
What would be an IS auditor's BEST recommendation upon finding that a third-party IT service provider hosts the organization's human resources (HR) system in a foreign country?
An IS auditor finds that the process for removing access for terminated employees is not documented What is the MOST significant risk from this observation?
Which of the following is necessary for effective risk management in IT governance?
Which of the following types of environmental equipment will MOST likely be deployed below the floor tiles of a data center?
During a follow-up audit, an IS auditor finds that some critical recommendations have the IS auditor's BEST course of action?
Which of the following documents would be MOST useful in detecting a weakness in segregation of duties?
Secure code reviews as part of a continuous deployment program are which type of control?
During an ongoing audit, management requests a briefing on the findings to date. Which of the following is the IS auditor's BEST course of action?
When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:
An IS auditor has found that an organization is unable to add new servers on demand in a cost-efficient manner. Which of the following is the auditor's BEST recommendation?
Which audit approach is MOST helpful in optimizing the use of IS audit resources?
Which of the following is the MOST effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines?
Which of the following is the BEST detective control for a job scheduling process involving data transmission?
An IS auditor is following up on prior period items and finds management did not address an audit finding. Which of the following should be the IS auditor's NEXT course of action?
Which of the following is an executive management concern that could be addressed by the implementation of a security metrics dashboard?
Which of the following is the BEST control to prevent the transfer of files to external parties through instant messaging (IM) applications?
A system development project is experiencing delays due to ongoing staff shortages. Which of the following strategies would provide the GREATEST assurance of system quality at implementation?
Which of the following is MOST important for an IS auditor to review when evaluating the accuracy of a spreadsheet that contains several macros?
Which of the following will be the MOST effective method to verify that a service vendor keeps control levels as required by the client?
When determining whether a project in the design phase will meet organizational objectives, what is BEST to compare against the business case?
An IS auditor notes the transaction processing times in an order processing system have significantly increased after a major release. Which of the following should the IS auditor review FIRST?
Which of the following is the GREATEST concern associated with a high number of IT policy exceptions approved by management?
Which of the following BEST indicates the effectiveness of an organization's risk management program?
What should be the PRIMARY basis for selecting which IS audits to perform in the coming year?
During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period. Which of the following is the auditor's MOST important course of action?
An IS auditor has been asked to assess the security of a recently migrated database system that contains personal and financial data for a bank's customers. Which of the following controls is MOST important for the auditor to confirm is in place?
Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?
During an external review, an IS auditor observes an inconsistent approach in classifying system criticality within the organization. Which of the following should be recommended as the PRIMARY factor to determine system criticality?
An IS auditor who was instrumental in designing an application is called upon to review the application. The auditor should:
Which of the following is the PRIMARY advantage of parallel processing for a new system implementation?
Which of the following is the BEST compensating control when segregation of duties is lacking in a small IS department?
An organization has recently acquired and implemented intelligent-agent software for granting loans to customers. During the post-implementation review, which of the following is the MOST important procedure for the IS auditor to perform?
While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed with the audit function. In order to resolve the situation, the IS auditor's BEST course of action would be to:
Prior to a follow-up engagement, an IS auditor learns that management has decided to accept a level of residual risk related to an audit finding without remediation. The IS auditor is concerned about management's decision. Which of the following should be the IS auditor's NEXT course of action?
Which of the following is the BEST justification for deferring remediation testing until the next audit?
An IS auditor wants to determine who has oversight of staff performing a specific task and is referencing the organization's RACI chart. Which of the following roles within the chart would provide this information?
Which of the following demonstrates the use of data analytics for a loan origination process?
Which of the following is the BEST way to determine whether a test of a disaster recovery plan (DRP) was successful?
Which of the following would be to MOST concern when determine if information assets are adequately safequately safeguarded during transport and disposal?
Which of the following is MOST important to include in forensic data collection and preservation procedures?
An organization's enterprise architecture (EA) department decides to change a legacy system's components while maintaining its original functionality. Which of the following is MOST important for an IS auditor to understand when reviewing this decision?
The PRIMARY benefit lo using a dry-pipe fire-suppression system rather than a wet-pipe system is that a dry-pipe system:
Due to limited storage capacity, an organization has decided to reduce the actual retention period for media containing completed low-value transactions. Which of the following is MOST important for the organization to ensure?
During a new system implementation, an IS auditor has been assigned to review risk management at each milestone. The auditor finds that several risks to project benefits have not been addressed. Who should be accountable for managing these risks?
Which of the following is MOST useful for determining whether the goals of IT are aligned with the organization's goals?
Which of the following should be an IS auditor's GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?
What is MOST important to verify during an external assessment of network vulnerability?
Which of the following is MOST important for an IS auditor to examine when reviewing an organization's privacy policy?
An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?
Which of the following is the MOST effective way for an organization to project against data loss?
Which of the following is the MOST important prerequisite for the protection of physical information assets in a data center?
An IS auditor discovers that validation controls m a web application have been moved from the server side into the browser to boost performance This would MOST likely increase the risk of a successful attack by.
During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor's NEXT step should be to:
In a small IT web development company where developers must have write access to production, the BEST recommendation of an IS auditor would be to:
An organization plans to receive an automated data feed into its enterprise data warehouse from a third-party service provider. Which of the following would be the BEST way to prevent accepting bad data?
Which of the following BEST minimizes performance degradation of servers used to authenticate users of an e-commerce website?
When implementing Internet Protocol security (IPsec) architecture, the servers involved in application delivery:
An IS auditor is conducting a post-implementation review of an enterprise resource planning (ERP) system. End users indicated concerns with the accuracy of critical automatic calculations made by the system. The auditor's FIRST course of action should be to:
Which of the following BEST guards against the risk of attack by hackers?
Which of the following strategies BEST optimizes data storage without compromising data retention practices?
Which of the following is the MOST important reason to implement version control for an end-user computing (EUC) application?
During a follow-up audit, an IS auditor learns that some key management personnel have been replaced since the original audit, and current management has decided not to implement some previously accepted recommendations. What is the auditor's BEST course of action?
An incorrect version of the source code was amended by a development team. This MOST likely indicates a weakness in:
Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?
Which of the following fire suppression systems needs to be combined with an automatic switch to shut down the electricity supply in the event of activation?
Which of the following is the PRIMARY concern when negotiating a contract for a hot site?
Which of the following is the PRIMARY reason for an IS auditor to conduct post-implementation reviews?
During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST