During the review of a system disruption incident, an IS auditor notes that IT support staff were put in a position to make decisions beyond their level of authority.
Which of the following is the BEST recommendation to help prevent this situation in the future?
What should an IS auditor recommend to management as the MOST important action before selecting a Software as a Service (SaaS) vendor?
Which of the following is the BEST reason to implement a data retention policy?
An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, which of the following should present the GREATEST concern to the auditor?
An IS auditor should be MOST concerned if which of the following fire suppression systems is utilized to protect an asset storage closet?
An organization has partnered with a third party to transport backup drives to an offsite storage facility. Which of the following is MOST important before sending the drives?
The BEST way to evaluate the effectiveness of a newly developed application is to:
Which type of risk would MOST influence the selection of a sampling methodology?
Aligning IT strategy with business strategy PRIMARILY helps an organization to:
Which type of attack targets security vulnerabilities in web applications to gain access to data sets?
Which of the following is MOST important for the successful establishment of a security vulnerability management program?
An IS auditor finds that periodic reviews of read-only users for a reporting system are not being performed. Which of the following should be the IS auditor's NEXT course of action?
Compared to developing a system in-house, acquiring a software package means that the need for testing by end users is:
The PRIMARY objective of a control self-assessment (CSA) is to:
Which of the following is the PRIMARY objective of implementing privacy-related controls within an organization?
The PRIMARY purpose of an incident response plan is to:
Which of the following is the MAIN responsibility of the IT steering committee?
An IS auditor is assigned to perform a post-implementation review of an application system. Which of the following would impair the auditor's independence?
An IS auditor has identified deficiencies within the organization's software development life cycle policies. Which of the following should be done NEXT?
An IS audit reveals an IT application is experiencing poor performance including data inconsistency and integrity issues. What is the MOST likely cause?
An organization's security team created a simulated production environment with multiple vulnerable applications. What would be the PRIMARY purpose of creating such an environment?
The use of which of the following would BEST enhance a process improvement program?
An IS auditor is reviewing enterprise governance and finds there is no defined organizational structure for technology risk governance. Which of the following is the GREATEST concern with this lack of structure?
Which of the following would be of GREATEST concern to an IS auditor reviewing an IT strategy document?
In an organization's feasibility study to acquire hardware to support a new web server, omission of which of the following would be of MOST concern?
An IS auditor is conducting a physical security audit of a healthcare facility and finds closed-circuit television (CCTV) systems located in a patient care area. Which of the following is the GREATEST concern?
Which of the following is BEST used for detailed testing of a business application's data and configuration files?
The following findings are the result of an IS auditor's post-implementation review of a newly implemented system. Which of the following findings is of GREATEST significance?
Which of the following is MOST important for an IS auditor to verify when evaluating tne upgrade of an organization's enterprise resource planning (ERP) application?
Which of the following is the MOST important consideration when establishing operational log management?
Data from a system of sensors located outside of a network is received by the open ports on a server. Which of the following is the BEST way to ensure the integrity of the data being collected from the sensor system?
Which of the following should be of GREATEST concern to an IS auditor when auditing an organization's IT strategy development process?
Capacity management tools are PRIMARILY used to ensure that:
Which of the following is the BEST way to sanitize a hard disk for reuse to ensure the organization's information cannot be accessed?
Which of the following is MOST important to consider when reviewing an organization's defined data backup and restoration procedures?
A new regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification. Which of the following is the IS auditor's BEST recommendation to facilitate compliance with the regulation?
Which of the following is the BEST method to prevent wire transfer fraud by bank employees?
An IS auditor discovers an option in a database that allows the administrator to directly modify any table. This option is necessary to overcome bugs in the software, but is rarely used. Changes to tables are automatically logged. The IS auditor's FIRST action should be to:
An IS audit reveals that an organization is not proactively addressing known vulnerabilities. Which of the following should the IS auditor recommend the organization do FIRST?
During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor's NEXT step should be to:
A system development project is experiencing delays due to ongoing staff shortages. Which of the following strategies would provide the GREATEST assurance of system quality at implementation?
Which audit approach is MOST helpful in optimizing the use of IS audit resources?
The decision to accept an IT control risk related to data quality should be the responsibility of the:
What is the BEST control to address SQL injection vulnerabilities?
Which of the following is the MOST effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines?
Which of the following BEST indicates the effectiveness of an organization's risk management program?
An IS auditor discovers that validation controls m a web application have been moved from the server side into the browser to boost performance This would MOST likely increase the risk of a successful attack by.
Which of the following is the PRIMARY reason for an IS auditor to conduct post-implementation reviews?
An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization s objectives?
From an IS auditor's perspective, which of the following would be the GREATEST risk associated with an incomplete inventory of deployed software in an organization?
PDF + Testing Engine
|
---|
$87.15 |
Testing Engine
|
---|
$78.75 |
PDF (Q&A)
|
---|
$69.65 |
Isaca Free Exams |
---|
![]() |