Which of the following is the BEST compensating control when segregation of duties is lacking in a small IS department?
A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization. Which of the following is MOST effective in detecting such an intrusion?
An IS auditor notes that several employees are spending an excessive amount of time using social media sites for personal reasons. Which of the following should the auditor recommend be performed FIRST?
An IS auditor finds that firewalls are outdated and not supported by vendors. Which of the following should be the auditor's NEXT course of action?
The implementation of an IT governance framework requires that the board of directors of an organization:
Which of the following is the MOST effective way to maintain network integrity when using mobile devices?
Which of the following is the BEST control to mitigate the malware risk associated with an instant messaging (IM) system?
Which of the following is the MOST important benefit of involving IS audit when implementing governance of enterprise IT?
Which of the following is the BEST indication of effective governance over IT infrastructure?
Which of the following should be the GREATEST concern to an IS auditor reviewing an organization's method to transport sensitive data between offices?
A bank wants to outsource a system to a cloud provider residing in another country. Which of the following would be the MOST appropriate IS audit recommendation?
An organization relies on an external vendor that uses a cloud-based Software as a Service (SaaS) model to back up its data. Which of the following is the GREATEST risk to the organization related to data backup and retrieval?
During a review of system access, an IS auditor notes that an employee who has recently changed roles within the organization still has previous access rights. The auditor's NEXT step should be to:
A national tax administration agency with a distributed network experiences service disruptions due to a large influx of traffic to a regional office near the end of each year. Which of the following would BEST enable the agency to improve the performance of its servers during the busy period?
What should an IS auditor recommend to management as the MOST important action before selecting a Software as a Service (SaaS) vendor?
During a pre-deployment assessment, what is the BEST indication that a business case will lead to the achievement of business objectives?
Which of the following is MOST important for the successful establishment of a security vulnerability management program?
Which of the following provides the BEST evidence of the validity and integrity of logs in an organization's security information and event management (SIEM) system?
An IS auditor is assigned to perform a post-implementation review of an application system. Which of the following would impair the auditor's independence?
An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?
In a high-volume, real-time system, the MOST effective technique by which to continuously monitor and analyze transaction processing is:
Which of the following would the IS auditor MOST likely review to determine whether modifications to the operating system parameters were authorized?
Which of the following is the MOST important advantage of participating in beta testing of software products?
Which of the following is the BEST way to ensure an organization's data classification policies are preserved during the process of data transformation?
Which type of control is being implemented when a biometric access device is installed at the entrance to a facility?
Which of the following areas of responsibility would cause the GREATEST segregation of duties conflict if the individual who performs the related tasks also has approval authority?
Which of the following responses to risk associated with segregation of duties would incur the LOWEST initial cost?
Which of the following is the BEST audit procedure to determine whether a firewall is configured in compliance with the organization's security policy?
Which of the following would lead an IS auditor to conclude that the evidence collected during a digital forensic investigation would not be admissible in court?
Which of the following controls BEST ensures appropriate segregation of dudes within an accounts payable department?
An information systems security officer's PRIMARY responsibility for business process applications is to:
Which of the following is MOST helpful for measuring benefits realization for a new system?
After the merger of two organizations, which of the following is the MOST important task for an IS auditor to perform?
In an online application which of the following would provide the MOST information about the transaction audit trail?
A third-party consultant is managing the replacement of an accounting system. Which of the following should be the IS auditor's GREATEST concern?
To enable the alignment of IT staff development plans with IT strategy, which of the following should be done FIRST?
The performance, risks, and capabilities of an IT infrastructure are BEST measured using a:
In data warehouse (DW) management, what is the BEST way to prevent data quality issues caused by changes from a source system?
A new system is being developed by a vendor for a consumer service organization. The vendor will provide its proprietary software once system development is completed Which of the following is the MOST important requirement to include In the vendor contract to ensure continuity?
When planning an audit to assess application controls of a cloud-based system, it is MOST important tor the IS auditor to understand the.
Which of the following documents should specify roles and responsibilities within an IT audit organization?
An IS auditor has been asked to audit the proposed acquisition of new computer hardware. The auditor’s PRIMARY concern Is that:
Which of the following should an IS auditor review FIRST when planning a customer data privacy audit?
Which of the following must be in place before an IS auditor initiates audit follow-up activities?
Which of the following should an IS auditor consider the MOST significant risk associated with a new health records system that replaces a legacy system?
Which of the following is MOST important to consider when scheduling follow-up audits?
Which of the following would be an appropriate rote of internal audit in helping to establish an organization's privacy program?