An IS auditor discovers that validation controls in a web application have been moved from the server side into the browser to boost performance. This would MOST likely increase the risk of a successful attack by:
Following the sale of a business division, employees will be transferred to a new organization, but they will retain access to IT equipment from the previous employer. An IS auditor has recommended that both organizations agree to and document an acceptable use policy for the equipment. What type of control has been recommended?
An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's
GREATEST concern?
An IS auditor learns that an organization's business continuity plan (BCP) has not been updated in the last 18 months and that the organization recently closed a production plant. Which of the following is the auditor's BEST course of action?
Which of the following should be identified FIRST during the risk assessment process?
Which of the following would be MOST effective in detecting the presence of an unauthorized wireless access point on an internal network?
Which of the following approaches will ensure recovery time objectives (RTOs) are met for an organization's disaster recovery plan (DRP)?
Which of the following should be done FIRST when planning to conduct internal and external penetration testing for a client?
During a pre-deployment assessment, what is the BEST indication that a business case will lead to the achievement of business objectives?
Which of the following would be of GREATEST concern to an IS auditor reviewing an IT strategy document?
Which of the following should be given GREATEST consideration when implementing the use of an open-source product?
A secure server room has a badge reader system that records name, date, and time information whenever a staff member uses a badge to enter or exit. When reviewing the system logs, an IS auditor notices records for some employees entering, but not exiting, the room. Which of the following would be the MOST effective compensating control to recommend?
During the review of a system disruption incident, an IS auditor notes that IT support staff were put in a position to make decisions beyond their level of authority.
Which of the following is the BEST recommendation to help prevent this situation in the future?
Which of the following provides the BEST evidence of the validity and integrity of logs in an organization's security information and event management (SIEM) system?
During audit planning, the IS audit manager is considering whether to budget for audits of entities regarded by the business as having low risk. Which of the following is the BEST course of action in this situation?
To ensure confidentiality through the use of asymmetric encryption, a message is encrypted with which of the following?
When developing customer-facing IT applications, in which stage of the system development life cycle (SDLC) is it MOST beneficial to consider data privacy principles?
An organization that operates an e-commerce website wants to provide continuous service to its customers and is planning to invest in a hot site due to service criticality. Which of the following is the MOST important consideration when making this decision?
Which of the following metrics is the BEST indicator of the performance of a web application
Compared to developing a system in-house, acquiring a software package means that the need for testing by end users is:
Which of the following physical controls provides the GREATEST assurance that only authorized individuals can access a data center?
Which of the following BEST contributes to the quality of an audit of a business-critical application?
Several unattended laptops containing sensitive customer data were stolen from personnel offices Which of the following would be an IS auditor's BEST recommendation to protect data in case of recurrence?
An IS auditor is verifying the adequacy of an organization's internal controls and is concerned about potential circumvention of regulations. Which of the following is the BEST sampling method to use?
An organization is concerned about duplicate vendor payments on a complex system with a high volume of transactions. Which of the following would be MOST helpful to an IS auditor to determine whether duplicate vendor payments exist?
An IS auditor is planning an audit of an organization's risk management practices. Which of the following would provide the MOST useful information about
risk appetite?
Which of the following is the MOST effective accuracy control for entry of a valid numeric part number?
An IS auditor finds that periodic reviews of read-only users for a reporting system are not being performed. Which of the following should be the IS auditor's NEXT course of action?
An IS auditor has identified deficiencies within the organization's software development life cycle policies. Which of the following should be done NEXT?
During planning for a cloud service audit, audit management becomes aware that the assigned IS auditor is unfamiliar with the technologies in use and their associated risks to the business. To ensure audit quality, which of the following actions should audit management consider FIRST?
Which of the following statements appearing in an organization's acceptable use policy BEST demonstrates alignment with data classification standards related to the protection of information assets?
Which of the following is the MAIN responsibility of the IT steering committee?
Which of the following should be the GREATEST concern to an IS auditor reviewing an organization's method to transport sensitive data between offices?
Which of the following should be the FIRST step when developing a data loss prevention (DLP) solution for a large organization?
Which of the following is the BEST way for management to ensure the effectiveness of the cybersecurity incident response process?
The use of which of the following would BEST enhance a process improvement program?
Retention periods and conditions for the destruction of personal data should be determined by the.
An IS auditor reviewing incident response management processes notices that resolution times for reoccurring incidents have not shown improvement. Which of the following is the auditor's BEST recommendation?
Which of the following BEST demonstrates to senior management and the board that an audit function is compliant with standards and the code of ethics?
Which of the following areas of responsibility would cause the GREATEST segregation of duties conflict if the individual who performs the related tasks also has approval authority?
Which of the following is the PRIMARY benefit of a tabletop exercise for an incident response plan?
In a large organization, IT deadlines on important projects have been missed because IT resources are not prioritized properly. Which of the following is the BEST recommendation to address this problem?
Which of the following would BEST ensure that a backup copy is available for restoration of mission critical data after a disaster''
Which of the following is the BEST way to enforce the principle of least privilege on a server containing data with different security classifications?
Which of the following provides the BEST providence that outsourced provider services are being properly managed?
Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?
Which of the following is the BEST way to ensure that business continuity plans (BCPs) will work effectively in the event of a major disaster?
Which of the following types of environmental equipment will MOST likely be deployed below the floor tiles of a data center?
An IS auditor is reviewing the installation of a new server. The IS auditor's PRIMARY objective is to ensure that
PDF + Testing Engine |
---|
$87.15 |
Testing Engine |
---|
$78.75 |
PDF (Q&A) |
---|
$69.65 |
Isaca Free Exams |
---|
|