An IS auditor Is reviewing a recent security incident and is seeking information about me approval of a recent modification to a database system's security settings Where would the auditor MOST likely find this information?
An organization has recently implemented a Voice-over IP (VoIP) communication system. Which ot the following should be the IS auditor's PRIMARY concern?
Which of the following occurs during the issues management process for a system development project?
Which of the following would BEST manage the risk of changes in requirements after the analysis phase of a business application development project?
Which of the following should an IS auditor consider FIRST when evaluating firewall rules?
Which of the following will MOST likely compromise the control provided By a digital signature created using RSA encryption?
An information systems security officer's PRIMARY responsibility for business process applications is to:
Which of the following controls BEST ensures appropriate segregation of dudes within an accounts payable department?
During a follow-up audit, it was found that a complex security vulnerability of low risk was not resolved within the agreed-upon timeframe. IT has stated that the system with the identified vulnerability is being replaced and is expected to be fully functional in two months Which of the following is the BEST course of action?
Which of the following activities would allow an IS auditor to maintain independence while facilitating a control sell-assessment (CSA)?
Which of the following provides IS audit professionals with the BEST source of direction for performing audit functions?
An IS auditor finds that the cost of developing an application is now projected to significantly exceed the budget. Which of the following is the GREATEST risk to communicate to senior management?
Which of the following should be an IS auditor's PRIMARY consideration when determining which issues to include in an audit report?
A senior IS auditor suspects that a PC may have been used to perpetrate fraud in a finance department. The auditor should FIRST report this suspicion to:
What is the MAIN reason to use incremental backups?
Which of the following Is the BEST way to ensure payment transaction data is restricted to the appropriate users?
Which of the following is the GREATEST risk associated with hypervisors in virtual environments?
What is the PRIMARY reason to adopt a risk-based IS audit strategy?
An IS auditor observes that a business-critical application does not currently have any level of fault tolerance. Which of the following is the GREATEST concern with this situation?
An IS auditor has been asked to review the quality of data in a general ledger system. Which of the following would provide the auditor with the MOST meaningful results?
Which of the following BEST ensures that effective change management is in place in an IS environment?
Which of the following is MOST important when creating a forensic image of a hard drive?
Which of the following is the MOST appropriate responsibility of an IS auditor involved in a data center renovation project?
Which of the following is MOST helpful for understanding an organization’s key driver to modernize application platforms?
Which of the following network communication protocols is used by network devices such as routers to send error messages and operational information indicating success or failure when communicating with another IP address?
Which of the following is the PRIMARY reason to involve IS auditors in the software acquisition process?
Audit frameworks can assist the IS audit function by:
Which of the following is the PRIMARY reason an IS auditor would recommend offsite backups although critical data is already on a redundant array of inexpensive disks (RAID)?
If a recent release of a program has to be backed out of production, the corresponding changes within the delta version of the code should be:
Which of the following will BEST ensure that archived electronic information of permanent importance remains accessible over time?
During the audit of an enterprise resource planning (ERP) system, an IS auditor found an applicationpatch was applied to the production environment. It is MOST
important for the IS auditor to verify approval from the:
An IS auditor finds that a new network connection allows communication between the Internet and the internal enterprise resource planning (ERP) system. Which of the following is the PRIMARY business impact to include when presenting this observation to management?
An IS auditor reviewing an information processing environment decides to conduct external penetration testing. Which of the following is MOST appropriate to include in the audit scope for the organization to distinguish between the auditor's penetration attacks and actual attacks?
An IS auditor finds ad hoc vulnerability scanning is in place with no clear alignment to the organization's wider security threat and vulnerability management program.
Which of the following would BEST enable the organization to work toward improvement in this area?
Which of the following is the GREATEST impact as a result of the ongoing deterioration of a detective control?
Which of the following provides the BEST evidence that all elements of a business continuity plan (BCP) are operating effectively?
Which of the following procedures for testing a disaster recovery plan (DRP) is MOST effective?
What should be an IS auditor's PRIMARY focus when reviewing a patch management procedure in an environment where availability is a top priority?
An IS auditor is supporting a forensic investigation. An image of affected storage media has been captured while collecting digital forensic evidence. Which of the following techniques would BEST enable an IS auditor to verify that the captured image is an exact, unchanged replica of the original media?
Which of the following is the PRIMARY purpose of a rollback plan for a system change?
Which of the following should be of GREATEST concern to an IS auditor reviewing an organization's business continuity plan (BCP)?
Having knowledge in which of the following areas is MOST relevant for an IS auditor reviewing public key infrastructure (PKI)?
Which of the following is the PRIMARY objective of enterprise architecture (EA)?
An IT governance body wants to determine whether IT service delivery is based on consistently effective processes. Which of the following is the BEST approach?
Which of the following is the BEST way to prevent social engineering incidents?
A startup organization wants to develop a data loss prevention (DLP) program. The FIRST step should be to implement:
Management is concerned about sensitive information being intentionally or unintentionally emailed as attachments outside the organization by employees. What is the MOST important task before implementing any associated email controls?
Which of the following non-audit activities may impair an IS auditor's independence and objectivity?
A checksum is classified as which type of control?
Which of the following will provide the GREATEST assurance to IT management that a quality management system (QMS) is effective?
PDF + Testing Engine
|
---|
$99.6 |
Testing Engine
|
---|
$90 |
PDF (Q&A)
|
---|
$79.6 |
Isaca Free Exams |
---|
|