An organization saves confidential information in a file with password protection and the file is placed in a shared folder. An attacker has stolen this information by obtaining the password through social engineering. Implementing which of the following would BEST enable the organization to prevent this type of incident in the future?
Which of the following is the MAIN objective of enterprise architecture (EA) governance?
Which of the following system redundancy configurations BEST improves system resiliency and reduces the possibility of a single cause of failure impacting system dependability?
Before the release of a new application into an organization’s production environment, which of the following should be in place to ensure that proper testing has occurred and rollback plans are in place?
An IS auditor has been tasked with analyzing an organization's capital expenditures against its repair and maintenance costs. Which of the following is the BEST reason to use a data analytics tool for this purpose?
During a pre-implementation review, an IS auditor notes that some scenarios have not been tested. Management has indicated that the project is critical and cannot be postponed. Which of the following is the auditor's BEST course of action?
Which of the following observations should be of GREATEST concern to an IS auditor assessing access controls for the accounts payable module of a finance system?
Which of the following should be of GREATEST concern to an IS auditor assessing an organization's patch management program?
An IS auditor is reviewing an organization that performs backups on local database servers every two weeks and does not have a formal policy to govern data backup and restoration procedures. Which of the following findings presents the GREATEST risk to the organization?
Management has requested a post-implementation review of a newly implemented purchasing package to determine the extent that business requirements are being met. Which of the following
is MOST likely to be assessed?
A small organization is experiencing rapid growth and plans to create a new information security policy. Which of the following is MOST relevant to creating the policy?
An organization that has decided to approve the use of end-user computing (EUC) should FIRST ensure:
An IS audit team is evaluating documentation of the most recent application user access review. It is determined that the user list was not system generated. Which of the following should be of
MOST concern?
Which of the following is the BEST way to foster continuous improvement of IS audit processes and practices?
An organization has both an IT strategy committee and an IT steering committee. When reviewing the minutes of the IT steering committee, an IS auditor would expect to find that the
committee:
Which of the following is the PRIMARY advantage of using an automated security log monitoring tool instead of conducting a manual review to monitor the use of privileged access?
An IS auditor is reviewing a data conversion project. Which of the following is the auditor's BEST recommendation prior to go-live?
Which of the following is the BEST indicator that a third-party vendor adheres to the controls required by the organization?
Which of the following provides the BEST evidence that all elements of a business continuity plan (BCP) are operating effectively?
An organization is implementing a new system that supports a month-end business process. Which of the following implementation strategies would be MOST efficient to decrease business downtime?
How is nonrepudiation supported within a public key infrastructure (PKI) environment?
Which of the following should an IS auditor recommend be done FIRST when an organization is planning to implement an IT compliance program?
An IS auditor is conducting an IT governance audit and notices many initiatives are managed informally by isolated project managers. Which of the following recommendations would have the GREATEST impact on improving the maturity of the IT team?
Which of the following controls is BEST implemented through system configuration?
Network user accounts for temporary workers expire after 90 days.
Application user access is reviewed every 180 days for appropriateness.
Financial data in key reports is traced to source systems for completeness and accuracy.
Which of the following should be of GREATEST concern to an IS auditor reviewing project documentation for a client relationship management (CRM) system migration project?
An organization's sensitive data is stored in a cloud computing environment and is encrypted. Which of the following findings should be of GREATEST concern to an IS auditor?
Which of the following is the MOST effective way to detect as many abnormalities as possible during an IS audit?
Which of the following is an effective way to ensure the integrity of file transfers in a peer-to-peer (P2P) computing environment?
When conducting an audit of an organization's use of AI in its customer service chatbots, an IS auditor should PRIMARILY focus on the:
Which of the following will provide the GREATEST assurance to IT management that a quality management system (QMS) is effective?
Which of the following should be the PRIMARY focus when communicating an IS audit issue to management?
An IS auditor is reviewing processes for importing market price data from external data providers. Which of the following findings should the auditor consider MOST critical?
Which of the following poses the GREATEST risk to an organization related to system interfaces?
Which of the following should be the PRIMARY consideration when incorporating user training and awareness into a data loss prevention (DLP) strategy?
Which of the following is the BEST review for an IS auditor to conduct when a vulnerability has been exploited by an employee?
Which of the following is the MOST important consideration when relying on the work of the prior auditor?
Which of the following is MOST important for an IS auditor to verify when reviewing the planned use of Benford's law as a data analytics technique to detect fraud in a set of credit card transactions?
An IS auditor is planning a review of an organizations cybersecurity incident response maturity Which of the following methodologies would provide the MOST reliable conclusions?
When reviewing whether IT investments are meeting business objectives, which of the following evaluations would be MOST useful?
Which of the following should be done FIRST following an incident that has caused internal servers to be inaccessible, disrupting normal business operations?
An IS auditor has been asked to review the quality of data in a general ledger system. Which of the following would provide the auditor with the MOST meaningful results?
Which of the following procedures for testing a disaster recovery plan (DRP) is MOST effective?
Which type of testing is used to identify security vulnerabilities in source code in the development environment?
Which of the following is the GREATEST impact as a result of the ongoing deterioration of a detective control?
Which of the following is MOST important to define within a disaster recovery plan (DRP)?
An IS auditor is reviewing an artificial intelligence (Al) and expert system application. The system has produced several critical errors with severe impact. Which of the following should the IS auditor do NEXT to understand the cause of the errors?