An IS auditor reviewing the threat assessment tor a data center would be MOST concerned if:
An organization has made a strategic decision to split into separate operating entities to improve profitability. However, the IT infrastructure remains shared between the entities. Which of the following would BEST help to ensure that IS audit still covers key risk areas within the IT environment as part of its annual plan?
An organization has virtualized its server environment without making any other changes to the network or security infrastructure. Which of the following is the MOST significant risk?
An organization has outsourced the development of a core application. However, the organization plans to bring the support and future maintenance of the application back in-house. Which of the following findings should be the IS auditor's GREATEST concern?
Which of the following would BEST help to ensure that potential security issues are considered by the development team as part of incremental changes to agile-developed software?
The PRIMARY role of a control self-assessment (CSA) facilitator is to:
Which of the following should be performed FIRST before key performance indicators (KPIs) can be implemented?
An IS auditor assessing the controls within a newly implemented call center would First
An IS auditor reviewing security incident processes realizes incidents are resolved and closed, but root causes are not investigated. Which of the following should be the MAJOR concern with this situation?
An audit identified that a computer system is not assigning sequential purchase order numbers to order requests. The IS auditor is conducting an audit follow-up to determine if management has reserved this finding. Which of two following is the MOST reliable follow-up procedure?
An IS auditor has discovered that a software system still in regular use is years out of date and no longer supported the auditee has stated that it will take six months until the software is running on the current version. Which of the following is the BEST way to reduce the immediate risk associated with using an unsupported version of the software?
When verifying the accuracy and completeness of migrated data for a new application system replacing a legacy system. It is MOST effective for an IS auditor to review;
Management receives information indicating a high level of risk associated with potential flooding near the organization's data center within the next few years. As a result, a decision has been made to move data center operations to another facility on higher ground. Which approach has been adopted?
Which of the following is MOST important for an IS auditor to determine during the detailed design phase of a system development project?
Which of the following is necessary for effective risk management in IT governance?
What is the PRIMARY purpose of documenting audit objectives when preparing for an engagement?
An IS auditor is reviewing documentation of application systems change control and identifies several patches that were not tested before being put into production. Which of the following is the MOST significant risk from this situation?
During an IT general controls audit of a high-risk area where both internal and external audit teams are reviewing the same approach to optimize resources?
A review of an organization’s IT portfolio revealed several applications that are not in use. The BEST way to prevent this situation from recurring would be to implement.
The PRIMARY benefit of information asset classification is that it:
A review of Internet security disclosed that users have individual user accounts with Internet service providers (ISPs) and use these accounts for downloading business data. The organization wants to ensure that only the corporate network is used. The organization should FIRST:
Which of the following would be MOST useful when analyzing computer performance?
Which of the following is the MOST significant risk that IS auditors are required to consider for each engagement?
Which of the following BEST helps to ensure data integrity across system interfaces?
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
During an audit of an organization's risk management practices, an IS auditor finds several documented IT risk acceptances have not been renewed in a timely manner after the assigned expiration date When assessing the seventy of this finding, which mitigating factor would MOST significantly minimize the associated impact?
Which of the following BEST describes an audit risk?
A company has implemented an IT segregation of duties policy. In a role-based environment, which of the following roles may be assigned to an application developer?
Which of the following should an IS auditor expect to see in a network vulnerability assessment?
Which of the following is MOST important to ensure that electronic evidence collected during a forensic investigation will be admissible in future legal proceedings?
Which of the following would BEST detect that a distributed denial of service (DDoS) attack is occurring?
An IS auditor notes that the previous year's disaster recovery test was not completed within the scheduled time frame due to insufficient hardware allocated by a third-party vendor. Which of the following provides the BEST evidence that adequate resources are now allocated to successfully recover the systems?
Which of the following backup schemes is the BEST option when storage media is limited?
Which of the following is the BEST evidence that an organization's IT strategy is aligned lo its business objectives?
Which of the following should be of GREATEST concern for an IS auditor reviewing an organization's disaster recovery plan (DRP)?
In response to an audit finding regarding a payroll application, management implemented a new automated control. Which of the following would be MOST helpful to the IS auditor when evaluating the effectiveness of the new control?
Which of the following is the BEST reason to implement a data retention policy?
Which of the following is MOST important when implementing a data classification program?
Which of the following is the PRIMARY advantage of using visualization technology for corporate applications?
Which of the following would MOST effectively help to reduce the number of repealed incidents in an organization?
Which of the following features of a library control software package would protect against unauthorized updating of source code?
An IS auditor finds that one employee has unauthorized access to confidential data. The IS auditor's BEST recommendation should be to:
A post-implementation review was conducted by issuing a survey to users. Which of the following should be of GREATEST concern to an IS auditor?
An IS auditor finds that capacity management for a key system is being performed by IT with no input from the business The auditor's PRIMARY concern would be:
An IS auditor follows up on a recent security incident and finds the incident response was not adequate. Which of the following findings should be considered MOST critical?
During the planning phase of a data loss prevention (DLP) audit, management expresses a concern about mobile computing. Which of the following should the IS auditor identity as the associated risk?
Which of the following would provide an IS auditor with the GREATEST assurance that data disposal controls support business strategic objectives?
Which of the following should an IS auditor ensure is classified at the HIGHEST level of sensitivity?
Which of the following is the MOST effective way for an organization to help ensure agreed-upon action plans from an IS audit will be implemented?
Which of the following is MOST critical for the effective implementation of IT governance?
PDF + Testing Engine
|
---|
$99.6 |
Testing Engine
|
---|
$90 |
PDF (Q&A)
|
---|
$79.6 |
Isaca Free Exams |
---|
|