Which of the following would BEST demonstrate that an effective disaster recovery plan (DRP) is in place?
Which of the following is MOST important to ensure when planning a black box penetration test?
When implementing Internet Protocol security (IPsec) architecture, the servers involved in application delivery:
Which of the following should be the PRIMARY basis for prioritizing follow-up audits?
Which of the following should be an IS auditor's GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?
During the discussion of a draft audit report. IT management provided suitable evidence fiat a process has been implemented for a control that had been concluded by the IS auditor as Ineffective. Which of the following is the auditor's BEST action?
Which of the following provides the MOST reliable audit evidence on the validity of transactions in a financial application?
Which of the following is the MOST effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines?
The decision to accept an IT control risk related to data quality should be the responsibility of the:
Which of the following would be an IS auditor's GREATEST concern when reviewing the early stages of a software development project?
Which of the following is the BEST compensating control when segregation of duties is lacking in a small IS department?
What is the BEST control to address SQL injection vulnerabilities?
Which of the following should be GREATEST concern to an IS auditor reviewing data conversion and migration during the implementation of a new application system?
Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?
An IT balanced scorecard is the MOST effective means of monitoring:
Which of the following is a social engineering attack method?
An IS auditor is reviewing an organization's information asset management process. Which of the following would be of GREATEST concern to the auditor?
During the design phase of a software development project, the PRIMARY responsibility of an IS auditor is to evaluate the:
An IS auditor suspects an organization's computer may have been used to commit a crime. Which of the following is the auditor's BEST course of action?
Which of the following strategies BEST optimizes data storage without compromising data retention practices?
An organization's enterprise architecture (EA) department decides to change a legacy system's components while maintaining its original functionality. Which of the following is MOST important for an IS auditor to understand when reviewing this decision?
Which of the following is the GREATEST concern associated with a high number of IT policy exceptions approved by management?
An IS auditor is following up on prior period items and finds management did not address an audit finding. Which of the following should be the IS auditor's NEXT course of action?
Which of the following fire suppression systems needs to be combined with an automatic switch to shut down the electricity supply in the event of activation?
An IS auditor finds the log management system is overwhelmed with false positive alerts. The auditor's BEST recommendation would be to:
Which of the following components of a risk assessment is MOST helpful to management in determining the level of risk mitigation to apply?
Which of the following MOST effectively minimizes downtime during system conversions?
Secure code reviews as part of a continuous deployment program are which type of control?
An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?
The PRIMARY advantage of object-oriented technology is enhanced:
The PRIMARY benefit lo using a dry-pipe fire-suppression system rather than a wet-pipe system is that a dry-pipe system:
An IS auditor has been asked to assess the security of a recently migrated database system that contains personal and financial data for a bank's customers. Which of the following controls is MOST important for the auditor to confirm is in place?
An IS auditor is evaluating an organization's IT strategy and plans. Which of the following would be of GREATEST concern?
When an intrusion into an organization network is deleted, which of the following should be done FIRST?
Which of the following is the BEST detective control for a job scheduling process involving data transmission?
During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST
An organizations audit charier PRIMARILY:
Which of the following is the BEST control to mitigate the malware risk associated with an instant messaging (IM) system?
An incorrect version of the source code was amended by a development team. This MOST likely indicates a weakness in:
Which of the following should be an IS auditor's PRIMARY focus when developing a risk-based IS audit program?
During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period. Which of the following is the auditor's MOST important course of action?
Coding standards provide which of the following?
Which of the following is MOST important to include in forensic data collection and preservation procedures?
An IS auditor finds that a key Internet-facing system is vulnerable to attack and that patches are not available. What should the auditor recommend be done FIRST?
Which of the following is the PRIMARY reason for an IS auditor to conduct post-implementation reviews?
During the implementation of an upgraded enterprise resource planning (ERP) system, which of the following is the MOST important consideration for a go-live decision?
In a small IT web development company where developers must have write access to production, the BEST recommendation of an IS auditor would be to:
Which of the following is the BEST source of information for assessing the effectiveness of IT process monitoring?
Which of the following is an audit reviewer's PRIMARY role with regard to evidence?
An IS auditor is conducting a post-implementation review of an enterprise resource planning (ERP) system. End users indicated concerns with the accuracy of critical automatic calculations made by the system. The auditor's FIRST course of action should be to:
PDF + Testing Engine
|
---|
$99.6 |
Testing Engine
|
---|
$90 |
PDF (Q&A)
|
---|
$79.6 |
Isaca Free Exams |
---|
![]() |