Which of the following is the BEST way to sanitize a hard disk for reuse to ensure the organization's information cannot be accessed?
When reviewing the functionality of an intrusion detection system (IDS), the IS auditor should be MOST concerned if:
When testing the accuracy of transaction data, which of the following situations BEST justifies the use of a smaller sample size?
An IS auditor is analyzing a sample of accounts payable transactions for a specific vendor and identifies one transaction with a value five times as high as the average transaction. Which of the following should the auditor do NEXT?
Which of the following provides the BEST audit evidence that a firewall is configured in compliance with the organization's security policy?
Which of the following should be of GREATEST concern to an |$ auditor reviewing data conversion and migration during the implementation of a newapplication system?
Which of the following concerns is MOST effectively addressed by implementing an IT framework for alignment between IT and business objectives?
Which of the following management decisions presents the GREATEST risk associated with data leakage?
Which of the following is the PRIMARY advantage of using virtualization technology for corporate applications?
A CFO has requested an audit of IT capacity management due to a series of finance system slowdowns during month-end reporting. What would be MOST important to consider before including this audit in the program?
Which of the following analytical methods would be MOST useful when trying to identify groups with similar behavior or characteristics in a large population?
Which of the following is an advantage of using agile software development methodology over the waterfall methodology?
Which of the following should an IS auditor recommend be done FIRST when an organization is made aware of a new regulation that is likely to impact IT security requirements?
An IS department is evaluated monthly on its cost-revenue ratio user satisfaction rate, and computer downtime This is BEST zed as an application of.
Which of the following is the PRIMARY reason for an IS audit manager to review the work performed by a senior IS auditor prior to presentation of a report?
When is it MOST important for an IS auditor to apply the concept of materiality in an audit?
Which of the following findings should be of GREATEST concern to an IS auditor reviewing an organization s newly implemented online security awareness program'?
An IT governance body wants to determine whether IT service delivery is based on consistently effective processes. Which of the following is the BEST approach?
The use of control totals satisfies which of the following control objectives?
Which of the following BEST enables alignment of IT with business objectives?
Which of the following is the MOST effective control to mitigate against the risk of inappropriate activity by employees?
Which of the following would be the BEST criteria for monitoring an IT vendor's service levels?
What Is the BEST method to determine if IT resource spending is aligned with planned project spending?
Which of the following types of environmental equipment will MOST likely be deployed below the floor tiles of a data center?
An IS auditor is reviewing processes for importing market price data from external data providers. Which of the following findings should the auditor consider MOST critical?
Which of the following should an IS auditor expect to see in a network vulnerability assessment?
What is the PRIMARY purpose of documenting audit objectives when preparing for an engagement?
Which of the following should an IS auditor ensure is classified at the HIGHEST level of sensitivity?
An externally facing system containing sensitive data is configured such that users have either read-only or administrator rights. Most users of the system have administrator access. Which of the following is the GREATEST risk associated with this situation?
An IS auditor finds that the process for removing access for terminated employees is not documented What is the MOST significant risk from this observation?
Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?
During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?
An IS auditor plans to review all access attempts to a video-monitored and proximity card-controlled communications room. Which of the following would be MOST useful to the auditor?
An IS auditor finds that capacity management for a key system is being performed by IT with no input from the business The auditor's PRIMARY concern would be:
A warehouse employee of a retail company has been able to conceal the theft of inventory items by entering adjustments of either damaged or lost stock items lo the inventory system. Which control would have BEST prevented this type of fraud in a retail environment?
Which of the following security measures will reduce the risk of propagation when a cyberattack occurs?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
Which of the following would be an appropriate role of internal audit in helping to establish an organization’s privacy program?
An organization is disposing of a system containing sensitive data and has deleted all files from the hard disk. An IS auditor should be concerned because:
Which of the following would an IS auditor recommend as the MOST effective preventive control to reduce the risk of data leakage?
An IS auditor assessing the controls within a newly implemented call center would First
When verifying the accuracy and completeness of migrated data for a new application system replacing a legacy system. It is MOST effective for an IS auditor to review;
Which of the following features of a library control software package would protect against unauthorized updating of source code?
When reviewing a data classification scheme, it is MOST important for an IS auditor to determine if.
Which of the following should be the IS auditor's PRIMARY focus, when evaluating an organization's offsite storage facility?