An organization has assigned two now IS auditors to audit a now system implementation. One of the auditors has an IT-related degree, and one has a business degree. Which ol the following is MOST important to meet the IS audit standard for proficiency?
Due to limited storage capacity, an organization has decided to reduce the actual retention period for media containing completed low-value transactions. Which of the following is MOST important for the organization to ensure?
Which of the following BEST Indicates that an incident management process is effective?
Which of the following is the MOST appropriate and effective fire suppression method for an unstaffed computer room?
Which of the following is the MAIN purpose of an information security management system?
The BEST way to determine whether programmers have permission to alter data in the production environment is by reviewing:
Which of the following business continuity activities prioritizes the recovery of critical functions?
An organization with many desktop PCs is considering moving to a thin client architecture. Which of the following is the MAJOR advantage?
In an online application, which of the following would provide the MOST information about the transaction audit trail?
Which of the following is an example of a preventative control in an accounts payable system?
An organization has recently implemented a Voice-over IP (VoIP) communication system. Which ot the following should be the IS auditor's PRIMARY concern?
During the planning stage of a compliance audit, an IS auditor discovers that a bank's inventory of compliance requirements does not include recent regulatory changes related to managing data risk. What should the auditor do FIRST?
Which of the following conditions would be of MOST concern to an IS auditor assessing the risk of a successful brute force attack against encrypted data at test?
An IS auditor Is reviewing a recent security incident and is seeking information about me approval of a recent modification to a database system's security settings Where would the auditor MOST likely find this information?
An organization is considering allowing users to connect personal devices to the corporate network. Which of the following should be done FIRST?
Which of the following is MOST important for an IS auditor to consider when performing the risk assessment poor to an audit engagement?
When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:
An IS auditor learns the organization has experienced several server failures in its distributed environment. Which of the following is the BEST recommendation to limit the potential impact of server failures in the future?
In an environment that automatically reports all program changes, which of the following is the MOST efficient way to detect unauthorized changes to production programs?
Which of the following represents the HIGHEST level of maturity of an information security program?
An employee loses a mobile device resulting in loss of sensitive corporate data. Which o( the following would have BEST prevented data leakage?
An IS auditor is conducting a review of a data center. Which of the following observations could indicate an access control Issue?
Which of the following is the GREATEST security risk associated with data migration from a legacy human resources (HR) system to a cloud-based system?
A month after a company purchased and implemented system and performance monitoring software, reports were too large and therefore were not reviewed or acted upon The MOST effective plan of action would be to:
An IS auditor is reviewing the release management process for an in-house software development solution. In which environment Is the software version MOST likely to be the same as production?
In a RAO model, which of the following roles must be assigned to only one individual?
Which of the following findings should be of GREATEST concern to an IS auditor performing a review of IT operations?
Which of the following is the BEST source of information tor an IS auditor to use when determining whether an organization's information security policy is adequate?
Which of the following BEST protects an organization's proprietary code during a joint-development activity involving a third party?
An IS auditor finds that an organization's data loss prevention (DLP) system is configured to use vendor default settings to identify violations. The auditor's MAIN concern should be that:
Which of the following provides the MOST assurance over the completeness and accuracy ol loan application processing with respect to the implementation of a new system?
An IS auditor finds a high-risk vulnerability in a public-facing web server used to process online customer payments. The IS auditor should FIRST
Which of the following would be of MOST concern for an IS auditor evaluating the design of an organization's incident management processes?
An IS auditor is analyzing a sample of accesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found Which sampling method would be appropriate?
A project team has decided to switch to an agile approach to develop a replacement for an existing business application. Which of the following should an IS auditor do FIRST to ensure the effectiveness of the protect audit?
Which of the following would MOST effectively ensure the integrity of data transmitted over a network?
Which of the following Is the BEST way to ensure payment transaction data is restricted to the appropriate users?
Which of the following should be of MOST concern to an IS auditor reviewing the public key infrastructure (PKI) for enterprise email?
During a follow-up audit, it was found that a complex security vulnerability of low risk was not resolved within the agreed-upon timeframe. IT has stated that the system with the identified vulnerability is being replaced and is expected to be fully functional in two months Which of the following is the BEST course of action?
During the implementation of a new system, an IS auditor must assess whether certain automated calculations comply with the regulatory requirements Which of the following is the BEST way to obtain this assurance?
Which of the following provides IS audit professionals with the BEST source of direction for performing audit functions?
An IS audit learn is evaluating the documentation related to the most recent application user-access review performed by IT and business management It is determined that the user list was not system-generated. Which of the following should be the GREATEST concern?
The IS auditor has recommended that management test a new system before using it in production mode. The BEST approach for management in developing a test plan is to use processing parameters that are:
To develop meaningful recommendations 'or findings, which of the following is MOST important 'or an IS auditor to determine and understand?
An internal audit department recently established a quality assurance (QA) program. Which of the following activities Is MOST important to include as part of the QA program requirements?
Which of the following provides the BEST evidence of effective IT portfolio managements?