A proper audit trail of changes to server start-up procedures would include evidence of:
Cross-site scripting (XSS) attacks are BEST prevented through:
When an intrusion into an organization network is deleted, which of the following should be done FIRST?
Prior to a follow-up engagement, an IS auditor learns that management has decided to accept a level of residual risk related to an audit finding without remediation. The IS auditor is concerned about management's decision. Which of the following should be the IS auditor's NEXT course of action?
Which of the following is the BEST way to determine whether a test of a disaster recovery plan (DRP) was successful?
Which of the following should be the PRIMARY basis for prioritizing follow-up audits?
In a small IT web development company where developers must have write access to production, the BEST recommendation of an IS auditor would be to:
Which of the following is the PRIMARY advantage of parallel processing for a new system implementation?
Which of the following is the MOST effective control to mitigate unintentional misuse of authorized access?
An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?
During a follow-up audit, an IS auditor learns that some key management personnel have been replaced since the original audit, and current management has decided not to implement some previously accepted recommendations. What is the auditor's BEST course of action?
What should be the PRIMARY basis for selecting which IS audits to perform in the coming year?
The PRIMARY benefit lo using a dry-pipe fire-suppression system rather than a wet-pipe system is that a dry-pipe system:
Which of the following BEST guards against the risk of attack by hackers?
Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:
Which of the following fire suppression systems needs to be combined with an automatic switch to shut down the electricity supply in the event of activation?
A data breach has occurred due lo malware. Which of the following should be the FIRST course of action?
An online retailer is receiving customer complaints about receiving different items from what they ordered on the organization's website. The root cause has been traced to poor data quality. Despite efforts to clean erroneous data from the system, multiple data quality issues continue to occur. Which of the following recommendations would be the BEST way to reduce the likelihood of future occurrences?
A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization. Which of the following is MOST effective in detecting such an intrusion?
Which of the following is the BEST justification for deferring remediation testing until the next audit?
Which of the following should be GREATEST concern to an IS auditor reviewing data conversion and migration during the implementation of a new application system?
Which of the following is the BEST compensating control when segregation of duties is lacking in a small IS department?
During the design phase of a software development project, the PRIMARY responsibility of an IS auditor is to evaluate the:
What is BEST for an IS auditor to review when assessing the effectiveness of changes recently made to processes and tools related to an organization's business continuity plan (BCP)?
What is MOST important to verify during an external assessment of network vulnerability?
Which of the following documents should specify roles and responsibilities within an IT audit organization?
For an organization that has plans to implement web-based trading, it would be MOST important for an IS auditor to verify the organization's information security plan includes:
Which of the following activities would allow an IS auditor to maintain independence while facilitating a control sell-assessment (CSA)?
Which of the following environments is BEST used for copying data and transformation into a compatible data warehouse format?
In data warehouse (DW) management, what is the BEST way to prevent data quality issues caused by changes from a source system?
Which of the following is MOST important to verify when determining the completeness of the vulnerability scanning process?
The waterfall life cycle model of software development is BEST suited for which of the following situations?
When auditing the alignment of IT to the business strategy, it is MOST Important for the IS auditor to:
Which of the following conditions would be of MOST concern to an IS auditor assessing the risk of a successful brute force attack against encrypted data at test?
An IS audit learn is evaluating the documentation related to the most recent application user-access review performed by IT and business management It is determined that the user list was not system-generated. Which of the following should be the GREATEST concern?
Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (lDS)?
Which of the following is the BEST reason for an organization to use clustering?
Which of the following should be of MOST concern to an IS auditor reviewing the public key infrastructure (PKI) for enterprise email?
Providing security certification for a new system should include which of the following prior to the system's implementation?
The performance, risks, and capabilities of an IT infrastructure are BEST measured using a:
Which of the following is a detective control?
An internal audit department recently established a quality assurance (QA) program. Which of the following activities Is MOST important to include as part of the QA program requirements?
An IS auditor learns the organization has experienced several server failures in its distributed environment. Which of the following is the BEST recommendation to limit the potential impact of server failures in the future?
Which of the following is the PRIMARY role of the IS auditor m an organization's information classification process?
The due date of an audit project is approaching, and the audit manager has determined that only 60% of the audit has been completed. Which of the following should the audit manager do FIRST?
Which of the following Is the BEST way to ensure payment transaction data is restricted to the appropriate users?
Which of the following is the GREATEST risk associated with storing customer data on a web server?
A new system is being developed by a vendor for a consumer service organization. The vendor will provide its proprietary software once system development is completed Which of the following is the MOST important requirement to include In the vendor contract to ensure continuity?
An organization was recently notified by its regulatory body of significant discrepancies in its reporting data. A preliminary investigation revealed that the discrepancies were caused by problems with the organization's data quality Management has directed the data quality team to enhance their program. The audit committee has asked internal audit to be advisors to the process. To ensure that management concerns are addressed, which data set should internal audit recommend be reviewed FIRST?
An IS auditor is reviewing an industrial control system (ICS) that uses older unsupported technology in the scope of an upcoming audit. What should the auditor consider the MOST significant concern?
PDF + Testing Engine
|
---|
$99.6 |
Testing Engine
|
---|
$90 |
PDF (Q&A)
|
---|
$79.6 |
Isaca Free Exams |
---|
![]() |