Certified Information Systems Auditor
Last Update Apr 25, 2024
Total Questions : 928
We are offering FREE CISA Isaca exam questions. All you do is to just go and sign up. Give your details, prepare CISA free exam questions and then go for complete pool of Certified Information Systems Auditor test questions that will help you more.
An organization is planning an acquisition and has engaged an IS auditor lo evaluate the IT governance framework of the target company. Which of the following would be MOST helpful In determining the effectiveness of the framework?
Which of the following provides IS audit professionals with the BEST source of direction for performing audit functions?
In an online application which of the following would provide the MOST information about the transaction audit trail?
During an audit of a multinational bank's disposal process, an IS auditor notes several findings. Which of the following should be the auditor's GREATEST concern?
An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives. Which of the following findings should be the IS auditor's GREATEST concern?
Which of the following business continuity activities prioritizes the recovery of critical functions?
Which of the following is the BEST audit procedure to determine whether a firewall is configured in compliance with the organization's security policy?
Which of the following documents should specify roles and responsibilities within an IT audit organization?
Which of the following weaknesses would have the GREATEST impact on the effective operation of a perimeter firewall?
Which of the following will MOST likely compromise the control provided By a digital signature created using RSA encryption?
Which of the following is MOST important for an IS auditor to do during an exit meeting with an auditee?
To enable the alignment of IT staff development plans with IT strategy, which of the following should be done FIRST?
A third-party consultant is managing the replacement of an accounting system. Which of the following should be the IS auditor's GREATEST concern?
An internal audit department recently established a quality assurance (QA) program. Which of the following activities Is MOST important to include as part of the QA program requirements?
Which of the following would BEST manage the risk of changes in requirements after the analysis phase of a business application development project?
Which of the following is MOST important to verify when determining the completeness of the vulnerability scanning process?
An IS auditor finds that an organization's data loss prevention (DLP) system is configured to use vendor default settings to identify violations. The auditor's MAIN concern should be that:
Which of the following is the GREATEST risk associated with storing customer data on a web server?
While auditing a small organization's data classification processes and procedures, an IS auditor noticed that data is often classified at the incorrect level. What is the MOST effective way for the organization to improve this situation?
An employee loses a mobile device resulting in loss of sensitive corporate data. Which o( the following would have BEST prevented data leakage?
Which of the following BEST protects an organization's proprietary code during a joint-development activity involving a third party?
Which of the following must be in place before an IS auditor initiates audit follow-up activities?
Which of the following BEST enables the timely identification of risk exposure?
Which of the following BEST Indicates that an incident management process is effective?
An organization is considering allowing users to connect personal devices to the corporate network. Which of the following should be done FIRST?
During an exit interview, senior management disagrees with some of me facts presented m the draft audit report and wants them removed from the report. Which of the following would be the auditor's BEST course of action?
A new system is being developed by a vendor for a consumer service organization. The vendor will provide its proprietary software once system development is completed Which of the following is the MOST important requirement to include In the vendor contract to ensure continuity?
Which of the following is the BEST source of information for an IS auditor to use as a baseline to assess the adequacy of an organization's privacy policy?
A new regulation in one country of a global organization has recently prohibited cross-border transfer of personal data. An IS auditor has been asked to determine the organization's level of exposure In the affected country. Which of the following would be MOST helpful in making this assessment?
When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:
An IS auditor is conducting a review of a data center. Which of the following observations could indicate an access control Issue?
Which of the following is the MAIN purpose of an information security management system?
An organization that has suffered a cyber-attack is performing a forensic analysis of the affected users' computers. Which of the following should be of GREATEST concern for the IS auditor reviewing this process?
An IS audit learn is evaluating the documentation related to the most recent application user-access review performed by IT and business management It is determined that the user list was not system-generated. Which of the following should be the GREATEST concern?
Which of the following types of firewalls provide the GREATEST degree of control against hacker intrusion?
An IS auditor is reviewing the release management process for an in-house software development solution. In which environment Is the software version MOST likely to be the same as production?
Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following metrics would BEST measure the agility of an organization's IT function?
The GREATEST benefit of using a polo typing approach in software development is that it helps to:
An IS auditor concludes that an organization has a quality security policy. Which of the following is MOST important to determine next? The policy must be:
Which of the following should an IS auditor consider the MOST significant risk associated with a new health records system that replaces a legacy system?
An organization plans to receive an automated data feed into its enterprise data warehouse from a third-party service provider. Which of the following would be the BEST way to prevent accepting bad data?
Following a security breach in which a hacker exploited a well-known vulnerability in the domain controller, an IS audit has been asked to conduct a control assessment. the auditor's BEST course of action would be to determine if:
In an environment that automatically reports all program changes, which of the following is the MOST efficient way to detect unauthorized changes to production programs?
Which of the following activities would allow an IS auditor to maintain independence while facilitating a control sell-assessment (CSA)?
The IS auditor has recommended that management test a new system before using it in production mode. The BEST approach for management in developing a test plan is to use processing parameters that are:
An IS auditor is evaluating the risk associated with moving from one database management system (DBMS) to another. Which of the following would be MOST helpful to ensure the integrity of the system throughout the change?
The PRIMARY reason for an IS auditor to use data analytics techniques is to reduce which type of audit risk?
Which of the following activities provides an IS auditor with the MOST insight regarding potential single person dependencies that might exist within the organization?
Which of the following findings should be of GREATEST concern for an IS auditor when auditing the effectiveness of a phishing simu-lation test administered for staff members?
An IS auditor has been asked to advise on measures to improve IT governance within the organization. Which at the following is the BEST recommendation?
What is the PRIMARY benefit of an audit approach which requires reported findings to be issued together with related action plans, owners, and target dates?
In response to an audit finding regarding a payroll application, management implemented a new automated control. Which of the following would be MOST helpful to the IS auditor when evaluating the effectiveness of the new control?
An IS auditor discovers that an IT organization serving several business units assigns equal priority to all initiatives, creating a risk of delays in securing project funding Which of the following would be MOST helpful in matching demand for projects and services with available resources in a way that supports business objectives?
What should an IS auditor do FIRST upon discovering that a service provider did not notify its customers of a security breach?
Which of the following is the BEST reason to implement a data retention policy?
During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?
Which of the following is the BEST way to ensure that business continuity plans (BCPs) will work effectively in the event of a major disaster?
Management receives information indicating a high level of risk associated with potential flooding near the organization's data center within the next few years. As a result, a decision has been made to move data center operations to another facility on higher ground. Which approach has been adopted?
Which of the following issues associated with a data center's closed-circuit television (CCTV) surveillance cameras should be of MOST concern to an IS auditor?
Which of the following is the BEST metric to measure the alignment of IT and business strategy?
An organization has outsourced the development of a core application. However, the organization plans to bring the support and future maintenance of the application back in-house. Which of the following findings should be the IS auditor's GREATEST concern?
Which of the following should be of GREATEST concern to an IS auditor reviewing a network printer disposal process?
An IS auditor is reviewing processes for importing market price data from external data providers. Which of the following findings should the auditor consider MOST critical?
Which of the following is the GREATEST risk of using a reciprocal site for disaster recovery?
Which of the following would be MOST effective to protect information assets in a data center from theft by a vendor?
An IS auditor has found that a vendor has gone out of business and the escrow has an older version of the source code. What is the auditor's BEST recommendation for the organization?
Which of the following would be MOST useful when analyzing computer performance?
Which of the following would an IS auditor recommend as the MOST effective preventive control to reduce the risk of data leakage?
An IS auditor is reviewing documentation of application systems change control and identifies several patches that were not tested before being put into production. Which of the following is the MOST significant risk from this situation?
An organization has virtualized its server environment without making any other changes to the network or security infrastructure. Which of the following is the MOST significant risk?
Which of the following backup schemes is the BEST option when storage media is limited?
During an exit meeting, an IS auditor highlights that backup cycles
are being missed due to operator error and that these exceptions
are not being managed. Which of the following is the BEST way to
help management understand the associated risk?
Which of the following is the BEST way to mitigate the risk associated with unintentional modifications of complex calculations in end-user computing (EUC)?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
Which of the following BEST facilitates the legal process in the event of an incident?
A post-implementation review was conducted by issuing a survey to users. Which of the following should be of GREATEST concern to an IS auditor?
Which of the following should be performed FIRST before key performance indicators (KPIs) can be implemented?
An organization allows its employees lo use personal mobile devices for work. Which of the following would BEST maintain information security without compromising employee privacy?
An IS auditor finds that one employee has unauthorized access to confidential data. The IS auditor's BEST recommendation should be to:
An audit has identified that business units have purchased cloud-based applications without IPs support. What is the GREATEST risk associated with this situation?
An IS auditor finds that capacity management for a key system is being performed by IT with no input from the business The auditor's PRIMARY concern would be:
An IS auditor is reviewing logical access controls for an organization's financial business application Which of the following findings should be of GREATEST concern to the auditor?
Which of the following controls BEST ensures appropriate segregation of duties within an accounts payable department?
What should an IS auditor do FIRST when management responses
to an in-person internal control questionnaire indicate a key internal
control is no longer effective?
During an IT general controls audit of a high-risk area where both internal and external audit teams are reviewing the same approach to optimize resources?
An IS auditor follows up on a recent security incident and finds the incident response was not adequate. Which of the following findings should be considered MOST critical?
Which of the following is the PRIMARY advantage of using visualization technology for corporate applications?
Which of the following should be of GREATEST concern to an IS auditor reviewing an organization's business continuity plan (BCP)?
If enabled within firewall rules, which of the following services would present the GREATEST risk?
What would be an IS auditor's BEST recommendation upon finding that a third-party IT service provider hosts the organization's human resources (HR) system in a foreign country?
Which of the following types of environmental equipment will MOST likely be deployed below the floor tiles of a data center?
Which of the following would be an appropriate role of internal audit in helping to establish an organization’s privacy program?
The PRIMARY objective of value delivery in reference to IT governance is to:
An IS auditor has discovered that a software system still in regular use is years out of date and no longer supported the auditee has stated that it will take six months until the software is running on the current version. Which of the following is the BEST way to reduce the immediate risk associated with using an unsupported version of the software?
An audit identified that a computer system is not assigning sequential purchase order numbers to order requests. The IS auditor is conducting an audit follow-up to determine if management has reserved this finding. Which of two following is the MOST reliable follow-up procedure?
An IS auditor plans to review all access attempts to a video-monitored and proximity card-controlled communications room. Which of the following would be MOST useful to the auditor?
A credit card company has decided to outsource the printing of customer statements It Is MOST important for the company to verify whether:
Which of the following should an IS auditor expect to see in a network vulnerability assessment?
An IS auditor reviewing the threat assessment tor a data center would be MOST concerned if:
Which of the following security measures will reduce the risk of propagation when a cyberattack occurs?
An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities. Which of the following is the BEST recommendation by the IS auditor?
An IS auditor notes that the previous year's disaster recovery test was not completed within the scheduled time frame due to insufficient hardware allocated by a third-party vendor. Which of the following provides the BEST evidence that adequate resources are now allocated to successfully recover the systems?
A review of Internet security disclosed that users have individual user accounts with Internet service providers (ISPs) and use these accounts for downloading business data. The organization wants to ensure that only the corporate network is used. The organization should FIRST:
Which of the following is MOST critical for the effective implementation of IT governance?
Which of the following is the MOST effective way for an organization to help ensure agreed-upon action plans from an IS audit will be implemented?
Which of the following IT service management activities is MOST likely to help with identifying the root cause of repeated instances of network latency?
An IS auditor has completed the fieldwork phase of a network security review and is preparing the initial following findings should be ranked as the HIGHEST risk?
What is the GREATEST concern for an IS auditor reviewing contracts for licensed software that executes a critical business process?
Which of the following is MOST important to ensure that electronic evidence collected during a forensic investigation will be admissible in future legal proceedings?
A company has implemented an IT segregation of duties policy. In a role-based environment, which of the following roles may be assigned to an application developer?
Which of the following is MOST important for an IS auditor to confirm when reviewing an organization's plans to implement robotic process automation (RPA> to automate routine business tasks?
Which of the following is the MOST efficient way to identify segregation of duties violations in a new system?
Which of the following would BEST ensure that a backup copy is available for restoration of mission critical data after a disaster''
Which of the following is the BEST evidence that an organization's IT strategy is aligned lo its business objectives?
During audit framework. an IS auditor teams that employees are allowed to connect their personal devices to company-owned computers. How can the auditor BEST validate that appropriate security controls are in place to prevent data loss?
Which of the following would be of GREATEST concern when reviewing an organization's security information and event management (SIEM) solution?
Which of the following should be the FIRST step in the incident response process for a suspected breach?
Which of the following is MOST important for an IS auditor to look
for in a project feasibility study?
Which of the following is the BEST method to safeguard data on an organization's laptop computers?
Which of the following is the BEST detective control for a job scheduling process involving data transmission?
Which of the following is MOST important to ensure when planning a black box penetration test?
Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:
Which of the following is the MOST effective way to maintain network integrity when using mobile devices?
During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor's NEXT step should be to:
Which of the following provides the MOST reliable audit evidence on the validity of transactions in a financial application?
A data breach has occurred due lo malware. Which of the following should be the FIRST course of action?
Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?
An IS auditor finds the log management system is overwhelmed with false positive alerts. The auditor's BEST recommendation would be to:
An organization's security policy mandates that all new employees must receive appropriate security awareness training. Which of the following metrics would BEST assure compliance with this policy?
The decision to accept an IT control risk related to data quality should be the responsibility of the:
Secure code reviews as part of a continuous deployment program are which type of control?
An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization s objectives?
Prior to a follow-up engagement, an IS auditor learns that management has decided to accept a level of residual risk related to an audit finding without remediation. The IS auditor is concerned about management's decision. Which of the following should be the IS auditor's NEXT course of action?
From an IS auditor's perspective, which of the following would be the GREATEST risk associated with an incomplete inventory of deployed software in an organization?
A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization. Which of the following is MOST effective in detecting such an intrusion?
Which of the following would BEST demonstrate that an effective disaster recovery plan (DRP) is in place?
During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period. Which of the following is the auditor's MOST important course of action?
A system development project is experiencing delays due to ongoing staff shortages. Which of the following strategies would provide the GREATEST assurance of system quality at implementation?
An online retailer is receiving customer complaints about receiving different items from what they ordered on the organization's website. The root cause has been traced to poor data quality. Despite efforts to clean erroneous data from the system, multiple data quality issues continue to occur. Which of the following recommendations would be the BEST way to reduce the likelihood of future occurrences?
Which of the following data would be used when performing a business impact analysis (BIA)?
Which of the following is the BEST method to prevent wire transfer fraud by bank employees?
Which of the following is the MOST important reason to implement version control for an end-user computing (EUC) application?
During the evaluation of controls over a major application development project, the MOST effective use of an IS auditor's time would be to review and evaluate:
Which of the following is MOST useful for determining whether the goals of IT are aligned with the organization's goals?
An IS auditor is evaluating an organization's IT strategy and plans. Which of the following would be of GREATEST concern?
During the design phase of a software development project, the PRIMARY responsibility of an IS auditor is to evaluate the:
An IS auditor has been asked to assess the security of a recently migrated database system that contains personal and financial data for a bank's customers. Which of the following controls is MOST important for the auditor to confirm is in place?
Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?
An IS auditor discovers an option in a database that allows the administrator to directly modify any table. This option is necessary to overcome bugs in the software, but is rarely used. Changes to tables are automatically logged. The IS auditor's FIRST action should be to:
An IS auditor finds that firewalls are outdated and not supported by vendors. Which of the following should be the auditor's NEXT course of action?
An incorrect version of the source code was amended by a development team. This MOST likely indicates a weakness in:
An organization allows employees to retain confidential data on personal mobile devices. Which of the following is the BEST recommendation to mitigate the risk of data leakage from lost or stolen devices?
Which of the following is the PRIMARY concern when negotiating a contract for a hot site?
The PRIMARY benefit lo using a dry-pipe fire-suppression system rather than a wet-pipe system is that a dry-pipe system:
Which of the following BEST ensures the quality and integrity of test procedures used in audit analytics?
An IS auditor is examining a front-end subledger and a main ledger. Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?
Which of the following is the BEST way to mitigate the impact of ransomware attacks?
An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?
Which of the following should be an IS auditor's GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?
The implementation of an IT governance framework requires that the board of directors of an organization:
During an ongoing audit, management requests a briefing on the findings to date. Which of the following is the IS auditor's BEST course of action?
A proper audit trail of changes to server start-up procedures would include evidence of:
What should be the PRIMARY basis for selecting which IS audits to perform in the coming year?
What is BEST for an IS auditor to review when assessing the effectiveness of changes recently made to processes and tools related to an organization's business continuity plan (BCP)?
Which of the following should be the PRIMARY basis for prioritizing follow-up audits?
Which of the following demonstrates the use of data analytics for a loan origination process?
An IS auditor wants to determine who has oversight of staff performing a specific task and is referencing the organization's RACI chart. Which of the following roles within the chart would provide this information?
In a 24/7 processing environment, a database contains several privileged application accounts with passwords set to never expire. Which of the following recommendations would BEST address the risk with minimal disruption to the business?
Which of the following should be an IS auditor's PRIMARY focus when developing a risk-based IS audit program?
Which of the following is the BEST way to address segregation of duties issues in an organization with budget constraints?
An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?
Which of the following is the MOST important benefit of involving IS audit when implementing governance of enterprise IT?
An IS auditor is following up on prior period items and finds management did not address an audit finding. Which of the following should be the IS auditor's NEXT course of action?
Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following is the IS auditor's BEST recommendation?
During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST
During an external review, an IS auditor observes an inconsistent approach in classifying system criticality within the organization. Which of the following should be recommended as the PRIMARY factor to determine system criticality?
An IS auditor discovers that validation controls m a web application have been moved from the server side into the browser to boost performance This would MOST likely increase the risk of a successful attack by.
When auditing the security architecture of an online application, an IS auditor should FIRST review the:
Management is concerned about sensitive information being intentionally or unintentionally emailed as attachments outside the organization by employees. What is the MOST important task before implementing any associated email controls?
Which of the following would be to MOST concern when determine if information assets are adequately safequately safeguarded during transport and disposal?
When evaluating the design of controls related to network monitoring, which of the following is MOST important for an IS auditor to review?
An organization plans to receive an automated data feed into its enterprise data warehouse from a third-party service provider. Which of the following would be the BEST way to prevent accepting bad data?
During the implementation of an upgraded enterprise resource planning (ERP) system, which of the following is the MOST important consideration for a go-live decision?
Which of the following will be the MOST effective method to verify that a service vendor keeps control levels as required by the client?
Which of the following management decisions presents the GREATEST risk associated with data leakage?
Which of the following should be the FIRST step in a data migration project?
An IS auditor is concerned that unauthorized access to a highly sensitive data center might be gained by piggybacking or tailgating. Which of the following is the BEST recommendation? (Choose Correct answer and give explanation from CISA Certification - Information Systems Auditor official book)
An IS auditor requests direct access to data required to perform audit procedures instead of asking management to provide the data Which of the following is the PRIMARY advantage of this approach?
Which of the following presents the GREATEST risk to an organization's ability to manage quality control (QC) processes?
An organization is concerned about duplicate vendor payments on a complex system with a high volume of transactions. Which of the following would be MOST helpful to an IS auditor to determine whether duplicate vendor payments exist?
An IS auditor discovers that due to resource constraints a database administrator (DBA) is responsible for developing and executing changes into the production environment Which ot the following should the auditor do FIRSTS
Which of the following is MOST important to define within a disaster recovery plan (DRP)?
An IS auditor evaluating the change management process must select a sample from the change log. What is the BEST way to the auditor to confirm the change log is complete?
A new system development project is running late against a critical implementation deadline Which of the following is the MOST important activity?
The use of which of the following is an inherent risk in the application container infrastructure?
Which of the following findings from a database security audit presents the GREATEST risk of critical security exposures?
Which of the following controls is MOST important for ensuring the integrity of system interfaces?
Which of the following is the BEST reason for an IS auditor to emphasize to management the importance of using an IT governance framework?
Which of the following is the BEST way to ensure an organization's data classification policies are preserved during the process of data transformation?
An organization is disposing of removable onsite media which contains sensitive information. Which of the following is the MOST effective method to prevent disclosure of sensitive data?
What is the PRIMARY reason for an organization to classify the data stored on its internal networks?
An IT governance body wants to determine whether IT service delivery is based on consistently effective processes. Which of the following is the BEST approach?
An IS auditor discovers from patch logs that some in-scope systems are not compliant with the regular patching schedule. What should the auditor do NEXT?
A national tax administration agency with a distributed network experiences service disruptions due to a large influx of traffic to a regional office near the end of each year. Which of the following would BEST enable the agency to improve the performance of its servers during the busy period?
When testing the accuracy of transaction data, which of the following situations BEST justifies the use of a smaller sample size?
Which of following is MOST important to determine when conducting a post-implementation review?
Which of the following is the MOST important reason for an IS auditor to examine the results of a post-incident review performed after a security incident?
An IS auditor identifies that a legacy application to be decommissioned in three months cannot meet the security requirements established by the current policy. What is the BEST way (or the auditor to address this issue?
An internal audit team is deciding whether to use an audit management application hosted by a third party in a different country.
What should be the MOST important consideration related to the uploading of payroll audit documentation in the hosted
application?
A security administrator is called in the middle of the night by the on-call programmer A number of programs have failed, and the programmer has asked for access to the live system. What IS the BEST course of action?
To mitigate the risk of exposing data through application programming interface (API) queries. which of the following design considerations is MOST important?
Which of the following is the BEST indication of effective IT investment management?
If a source code is not recompiled when program changes are implemented, which of the following is a compensating control to ensure synchronization of source and object?
An IS audit reveals that an organization operating in business continuity mode during a pandemic situation has not performed a simulation test of the
business continuity plan (BCP). Which of the following is the auditor's BEST course of action?
Which of the following responses to risk associated with segregation of duties would incur the LOWEST initial cost?
Which of the following should be given GREATEST consideration when implementing the use of an open-source product?
Which of the following is the MOST effective control over visitor access to highly secured areas?
When planning a follow-up, the IS auditor is informed by operational management that recent organizational changes have addressed the previously identified risk and implementing the action plan is no longer necessary. What should the auditor do NEXT?
Which of the following should be of GREATEST concern to an |$ auditor reviewing data conversion and migration during the implementation of a new application system?
Management has learned the implementation of a new IT system will not be completed on time and has requested an audit. Which of the following audit findings should be of GREATEST concern?
Which of the following is the MOST appropriate testing approach when auditing a daily data flow between two systems via an automated interface to confirm that it is complete and accurate?
An IS auditor is performing a follow-up audit for findings identified in an organization's user provisioning process Which of the following is the MOST appropriate population to sample from when testing for remediation?
An IS auditor is evaluating an enterprise resource planning (ERP) migration from local systems to the cloud. Who should be responsible for the data
classification in this project?
Which of the following is the GREATEST advantage of outsourcing the development of an e-banking solution when in-house technical expertise is not available?
An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management
experience. What is the BEST course of action?
During a database management evaluation an IS auditor discovers that some accounts with database administrator (DBA) privileges have been assigned a default password with an unlimited number of failed login attempts Which of the following is the auditor's BEST course of action?
Which of the following is the MOST effective control to mitigate against the risk of inappropriate activity by employees?
Which of the following should be the GREATEST concern for an IS auditor assessing an organization's disaster recovery plan (DRP)?
What is the PRIMARY purpose of performing a parallel run of a now system?
A web proxy server for corporate connections to external resources reduces organizational risk by:
While evaluating the data classification process of an organization, an IS auditor's PRIMARY focus should be on whether:
Which of the following observations should be of GREATEST concern to an IS auditor performing an audit of change and release management controls for a new complex system developed by a small in-house IT team?
Which of following areas is MOST important for an IS auditor to focus on when reviewing the maturity model for a technology organization?
Which type of attack poses the GREATEST risk to an organization's most sensitive data?
Which of the following is MOST important for an IS auditor to confirm when reviewing an organization's incident response management program?
When assessing a proposed project for the two-way replication of a customer database with a remote call center, the IS auditor should ensure that:
Which of the following provides the MOST reliable method of preventing unauthonzed logon?
An IS auditor is reviewing the backup procedures in an organization that has high volumes of data with frequent changes to transactions. Which of the following is the BEST backup scheme to recommend given the need for a shorter restoration time in the event of a disruption?
Which of the following is the BEST testing approach to facilitate rapid identification of application interface errors?
An IS auditor learns that an in-house system development life cycle (SDLC) project has not met user specifications. The auditor should FIRST examine requirements from which of the following phases?
Which of the following metrics is the BEST indicator of the performance of a web application
Which of the following is the MOST important responsibility of data owners when implementing a data classification process?
Which of the following is MOST critical to the success of an information security program?
An IS auditor has identified deficiencies within the organization's software development life cycle policies. Which of the following should be done NEXT?
An IS auditor reviewing a job scheduling tool notices performance and reliability problems. Which of the following is MOST likely affecting the tool?
Which of the following is the BEST indication of effective governance over IT infrastructure?
Which of the following would BEST help to ensure that an incident receives attention from appropriate personnel in a timely manner?
Which of the following is the BEST way for an organization to mitigate the risk associated with third-party application performance?
An organization has developed mature risk management practices that are followed across all departments What is the MOST effective way for the audit team to leverage this risk management maturity?
Which of the following security risks can be reduced by a property configured network firewall?
Which of the following is the PRIMARY reason to follow a configuration management process to maintain application?
When testing the adequacy of tape backup procedures, which step BEST verifies that regularly scheduled Backups are timely and run to completion?
For an organization that has plans to implement web-based trading, it would be MOST important for an IS auditor to verify the organization's information security plan includes:
An IS auditor is reviewing an industrial control system (ICS) that uses older unsupported technology in the scope of an upcoming audit. What should the auditor consider the MOST significant concern?
After the merger of two organizations, which of the following is the MOST important task for an IS auditor to perform?
Due to system limitations, segregation of duties (SoD) cannot be enforced in an accounts payable system. Which of the following is the IS auditor's BEST recommendation for a compensating control?
Which of the following would be an appropriate rote of internal audit in helping to establish an organization's privacy program?
Which of the following is the BEST reason for an organization to use clustering?
Which of the following environments is BEST used for copying data and transformation into a compatible data warehouse format?
Which of the following is an example of a preventative control in an accounts payable system?
Which of the following findings from an IT governance review should be of GREATEST concern?