CISA Exam Dumps | Which of the following is the MOST effective way for an IS auditor to identify unauthorized changes to

<< Prev Question Next Question >>

Question 142/332

Which of the following is the MOST effective way for an IS auditor to identify unauthorized changes to the production state of a critical business application?

A. Run an automated scan of the production environment to detect missing software patches.

B. Review recently approved changes to application programming interfaces (API) in the production environment.

C. Review recent updates in the configuration management database (CMDB) for compliance with IT patches.

D. Compare a list of production system changes with the configuration management database

Question List (332q): Question 1: Which of the following is the MOST significant concerns when...; Question 2: An IS auditor suspects an organization's computer may have b...; Question 3: An IS auditor finds the timeliness and depth of information ...; Question 4: An enterprise receiving email should have procedures to cont...; Question 5: Which of the following is the MOST effective mechanism for e...; Question 6: Which of the following documents would be MOST useful in det...; Question 7: During a vulnerability assessment, an IS auditor finds a hig...; Question 8: Which of the following is the BEST physical security solutio...; Question 9: An IS auditor identifies key controls that have been overrid...; Question 10: Which of the following occurs during the issues management p...; Question 11: Which of the following would BEST detect that a distributed-...; Question 12: Which of the following should be an IS auditor's FIRST activ...; Question 13: Which of the following would be MOST helpful in ensuring sec...; Question 14: A development team has designed a new application and incorp...; Question 15: Which of the following is the BEST reason to perform root ca...; Question 16: An IS auditor discovers that management has created a system...; Question 17: A security administrator should have read-only access for wh...; Question 18: Which of the following controls would BEST decrease the expo...; Question 19: An organization has outsourced its data processing function ...; Question 20: Which of the following is MOST important for an IS auditor t...; Question 21: When introducing a maturity model to the IT management proce...; Question 22: When determining the specifications for a server supporting ...; Question 23: Which of the following roles combined with the role of a dat...; Question 24: Which of the following is MOST important when an incident ma...; Question 25: When physical destruction is not practical, which of the fol...; Question 26: When auditing a quality assurance plan, an IS auditor should...; Question 27: An IS auditor reviewing security incident processes realizes...; Question 28: Which function in the purchasing module of an enterprise res...; Question 29: Which of the following procedures should an IS auditor compl...; Question 30: Which of the following should be a PRIMARY control objective...; Question 31: An audit team has a completed schedule approved by the audit...; Question 32: A database is denormalized in order to:...; Question 33: Audit management has just completed the annual audit plan fo...; Question 34: Which of the following is MOST important for the IS auditor ...; Question 35: Which of the following is MOST important in the audit qualit...; Question 36: Which of the following is MOST important when planning a net...; Question 37: The quality assurance (QA) function should be prevented from...; Question 38: Which of the following is the PRIMARY role of an IS auditor ...; Question 39: Communicating which of the following would BEST encourage ma...; Question 40: An organization is using a single account shared by personne...; Question 41: When reviewing a disaster recovery plan (DRP) an IS auditor ...; Question 42: Which of the following data would be used when performing a ...; Question 43: Which of the following methods should be used to effectively...; Question 44: A legacy application is running on an operating system that ...; Question 45: Which of the following would provide the BEST evidence for a...; Question 46: Which of the following should the IS auditor do FIRST to ens...; Question 47: The recovery time objective (RTO) is normally determined on ...; Question 48: Which of the following would provide the BEST assurance that...; Question 49: When engaging services from external auditors, which of the ...; Question 50: The MAIN reason an organization's incident management proced...; Question 51: To help ensure the accuracy and completeness of end-user com...; Question 52: An audit committee is reviewing an annual IT risk assessment...; Question 53: A database administrator (DBA) extracts a user listing for a...; Question 54: A large insurance company is about to replace a major financ...; Question 55: Which of the following findings would have the GREATEST impa...; Question 56: Which of the following would be MOST important to update onc...; Question 57: Which of the following provides an IS auditor the MOST assur...; Question 58: Reviewing which of the following would be MOST helpful in as...; Question 59: Which of the following is the BEST key performance indicator...; Question 60: During an audit, which of the following would be MOST helpfu...; Question 61: During a network security review the system log indicates an...; Question 62: Which of the following is MOST important to include in a con...; Question 63: Which of the following is a key success factor for implement...; Question 64: Buffer overflow in an Internet environment is of particular ...; Question 65: A post-implementation review of a system implementation has ...; Question 66: During a help desk review, an IS auditor determines the call...; Question 67: Which of the following is MOST important to include in foren...; Question 68: What is an IS auditor's BEST recommendation to management if...; Question 69: Which of the following would provide the BEST evidence of su...; Question 70: Which of the following would BEST detect logic bombs in new ...; Question 71: MOST effective way to determine if IT is meeting business re...; Question 72: An IS auditor is planning a risk-based audit of the human re...; Question 73: An IS auditor learns that after each scheduled batch process...; Question 74: The operations team of an organization has reported an IS se...; Question 75: An IS auditor is examining a front-end sub ledger and a main...; Question 76: Which of the following findings should hr of GREATEST concer...; Question 77: An IS auditor notes that several users have not logged into ...; Question 78: In which of the following cloud service models does the user...; Question 79: In the IT department where segregation of duties is not feas...; Question 80: An IS auditor is assessing a recent migration of mission cri...; Question 81: An IS auditor is planning an audit of an organization s payr...; Question 82: As part of an IS audit, the auditor notes the practices list...; Question 83: Due to the increasing size of a database, user access times ...; Question 84: To confirm integrity for a hashed message, the receiver shou...; Question 85: A retirement system verifies that the field for employee sta...; Question 86: An IS auditor is conducting a review of an organization s in...; Question 87: Which of the following is the MOST critical characteristic o...; Question 88: Previous audits have found that a large organization has had...; Question 89: Which of the following poses the GREATEST risk to data secur...; Question 90: Which of the following should be done FIRST when planning a ...; Question 91: An advantage of object-oriented system development is that i...; Question 92: Which of the following IS audit findings should be of GREATE...; Question 93: Which of the following would be the MOST effective control t...; Question 94: In a decentralized organization, the selection and purchase ...; Question 95: When conducting a requirements analysis for a project, the B...; Question 96: Which of the following is the KST source of information for ...; Question 97: Which of the following would BEST prevent data from being or...; Question 98: Which combination of access controls provides the BEST physi...; Question 99: Which of the following is MOST important to helping incident...; Question 100: An IS Auditor is performing a business continuity plan (BCP)...; Question 101: Which of the following would BEST indicate the effectiveness...; Question 102: For an organization which uses a VoIP telephony system exclu...; Question 103: An IS auditor is assessing an organization's implementation ...; Question 104: Which of the following is the GREATEST risk resulting from c...; Question 105: Which of the following is the MAIN purpose of implementing a...; Question 106: Which of the following attacks is BEST detected by an intrus...; Question 107: An IS audit had identified that default passwords for a newl...; Question 108: An IS auditor should ensure that an application's audit trai...; Question 109: Within a payroll department, which of the following responsi...; Question 110: When auditing the security architecture of an e-commerce env...; Question 111: Which of the following BEST enables timely detection of chan...; Question 112: An IS auditor is evaluating a virtual server environment and...; Question 113: Which of the following procedures would BEST contribute to t...; Question 114: An IS auditor finds ad hoc vulnerability scanning is in plac...; Question 115: A sales representative is reviewing the organization's feedb...; Question 116: An IS auditor is observing transaction processing and notes ...; Question 117: Which of the following will BEST help to ensure that an in-h...; Question 118: A potential risk of executing a program on an Internet site ...; Question 119: An IS auditor was involved in the design phase for a new sys...; Question 120: Which of the following should the IS auditor use to BEST det...; Question 121: Which of the following is a reason for implementing a decent...; Question 122: Which of the following provides the GREATEST assurance that ...; Question 123: An organization implements a data loss prevention tool as a ...; Question 124: Which of the following would be an IS auditor's GREATEST con...; Question 125: Which of the following is the BEST development methodology t...; Question 126: During an audit of an organization's financial statements, a...; Question 127: Which of the following is MOST important to consider when re...; Question 128: An IS auditor found that a company executive is encouraging ...; Question 129: An internal audit has revealed a large number of incidents f...; Question 130: Which of the following areas are the MOST likely cause of an...; Question 131: An IS auditor has identified that some IT staff have adminis...; Question 132: Which of the following is the GREATEST advantage of implemen...; Question 133: Which of the following should be of MOST concern to an IS au...; Question 134: An IS auditor has performed an agreed-upon procedures engage...; Question 135: An IS auditor reviewing an incident management process ident...; Question 136: Spreadsheets are used to calculate project cost estimates To...; Question 137: Which of the following should be reviewed as part of a data ...; Question 138: Which of the following BEST enables an audit department to i...; Question 139: Prior to the migration of acquired software into production,...; Question 140: An IS auditor auditing the effectiveness of utilizing a hot ...; Question 141: An IS auditor observes that an organization s critical IT sy...; Question 142: Which of the following is the MOST effective way for an IS a...; Question 143: An IS auditor is reviewing an organization's implementation ...; Question 144: Which of the following should MOST concern an IS auditor rev...; Question 145: A financial institution suspects that a manager has been cre...; Question 146: Which of the following should be of GREATEST concern to an I...; Question 147: An organization is moving its on-site application servers to...; Question 148: Which of the following is the BEST way to reduce the risk of...; Question 149: After the release of an application system, an IS auditor wa...; Question 150: During a review of an insurance company s claims system, the...; Question 151: The MOST efficient way to confirm that an ERP system being i...; Question 152: Of the following procedures for testing a disaster recovery ...; Question 153: Which of the following is the MOST significant driver of eff...; Question 154: Which of the following key performance indicators (KPIs) pro...; Question 155: Reorganization of databases is undertaken PRIMARILY to:...; Question 156: An organization is developing a web portal using some extern...; Question 157: An employee transfers from an organization's risk management...; Question 158: Which of the following requirements in a document control st...; Question 159: Privileged account access is require to start an ad hoc batc...; Question 160: Which of the following is the GREATEST risk associated with ...; Question 161: Which of the following is the GREATEST concern with conducti...; Question 162: Which of the following would provide the MOST reliable evide...; Question 163: A review of Internet security disclosed that users have indi...; Question 164: Which of the following activities would allow an IS auditor ...; Question 165: An organization is choosing key performance indicators (KPIs...; Question 166: An organization has performance metrics to track how well IT...; Question 167: A recent audit identified duplicate software licenses and te...; Question 168: Which of the following would BEST facilitate the detection o...; Question 169: What is the purpose of using a write blocker during the acqu...; Question 170: Which of the following would BEST assist senior management i...; Question 171: An IS auditor is assigned to review the development of a spe...; Question 172: Which of the following is MOST important for an IS auditor t...; Question 173: Which of the following is the MOST effective way to identify...; Question 174: An organization has decided to migrate payroll processing to...; Question 175: An organization is deciding whether to outsource its custome...; Question 176: A security company and service provider have merged and the ...; Question 177: Following an IS audit recommendation, all Telnet and File Tr...; Question 178: Which of the following is the PRIMARY benefit of implementin...; Question 179: Which of the following metrics would BEST measure the agilit...; Question 180: Which of the following is the PRIMARY benefit of using an in...; Question 181: Which of the following would be an appropriate role of inter...; Question 182: When planning for the implementation of a new system, an org...; Question 183: Which of the following sampling techniques is commonly used ...; Question 184: During an audit, it is discovered that several suppliers wit...; Question 185: During an ERP post-implementation review, it was noted that ...; Question 186: An IS auditor finds that the process for removing access for...; Question 187: A manufacturing company is implementing application software...; Question 188: The BEST method an organization can employ to align its busi...; Question 189: An IS auditor is using data analytics in an audit and has ob...; Question 190: While reviewing similar issues in an organization s help des...; Question 191: Which of the following is the BEST way to control the concur...; Question 192: Which of the following is the MOST important consideration w...; Question 193: Using swipe cards to limit employee access to restricted are...; Question 194: Which of the following provides the BEST audit evidence that...; Question 195: MOST critical security weakness of a packet level firewall i...; Question 196: The grants management system is used to calculate grant paym...; Question 197: The BEST way to prevent fraudulent payments is to implement ...; Question 198: Which of the following controls can BEST detect accidental c...; Question 199: Which of the following should be the PRIMARY consideration w...; Question 200: While reviewing an organization s business continuity plan (...; Question 201: Which of the following should an IS auditor be MOST concerne...; Question 202: Which of the following is the MOST effective means of helpin...; Question 203: internal IS auditor recommends that incoming accounts payabl...; Question 204: An airlines online booking system uses an automated script t...; Question 205: Which of the following system deployments requires the cloud...; Question 206: An organization is replacing a mission-critical system. Whic...; Question 207: An organization using instant messaging to communicate with ...; Question 208: Which of the following would represent an acceptable test of...; Question 209: Which of the following is the BEST IS audit strategy?...; Question 210: Which of the following is the FIRST consideration when devel...; Question 211: An IS auditor notes that the anticipated benefits from an on...; Question 212: An IS auditor is reviewing an organization's method to trans...; Question 213: Which of the following is the MOST important reason for upda...; Question 214: Which of the following should an IS auditor do FIRST when de...; Question 215: Which of the following should be an IS auditor's PRIMARY foc...; Question 216: The demilitarized zone (DMZ) is the part of a network where ...; Question 217: A system administrator recently informed the IS auditor abou...; Question 218: In a small organization, an IS auditor finds that security a...; Question 219: Which of the following is the MOST important process to ensu...; Question 220: What is the MOST important role of a certificate authority (...; Question 221: Which of the following is MOST likely to result from complia...; Question 222: Which of the following is corrective control?...; Question 223: The CIO of an organization is concerned that the information...; Question 224: As part of a mergers and acquisitions activity, an acquiring...; Question 225: An IS auditor is assessing an organization's data loss preve...; Question 226: During a review of system access, an IS auditor notes that a...; Question 227: After an external IS audit, which of the following should be...; Question 228: Which of the following would BEST enable alignment of IT wit...; Question 229: An IS auditor discovers that validation controls in a web ap...; Question 230: During an audit, the client learns that the IS auditor has r...; Question 231: An organization uses two data centers. Which of the followin...; Question 232: When testing segregation of duties, which of the following a...; Question 233: To restore service at a large processing facility after a di...; Question 234: Which of the following BEST indicates the effectiveness of a...; Question 235: When designing a data analytics process, which of the follow...; Question 236: When an organization is having new software implemented unde...; Question 237: Which of the following would BEST facilitate the successful ...; Question 238: A small organization is experiencing rapid growth and plans ...; Question 239: An IS auditor reviewing the acquisition of new equipment wou...; Question 240: When preparing to evaluate the effectiveness of an organizat...; Question 241: An operations manager has recently moved to internal audit W...; Question 242: Which of the following tasks should be performed during an o...; Question 243: An organization with high security requirements is evaluatin...; Question 244: Which of the following stakeholders should be PRIMARILY resp...; Question 245: A government organization uses standard Wi-Fi Protected Acce...; Question 246: An IS auditor notes that a number of application plug-ins cu...; Question 247: An IS auditor notes that due to the small size of the organi...; Question 248: Which of the following cloud deployment models would BEST me...; Question 249: To effectively classify data, which of the following MUST be...; Question 250: A technology service organization has recently acquired a ne...; Question 251: Which of the following is a prerequisite to help ensure that...; Question 252: Which of the following should an IS auditor verify when audi...; Question 253: An IS auditor has discovered that unauthorized customer mana...; Question 254: Which of the following is an IS auditor s GREATEST concern w...; Question 255: Which of the following poses the GREATEST risk to the enforc...; Question 256: An IS auditor is evaluating the risks and controls associate...; Question 257: An IS auditor notes that help desk personnel are required to...; Question 258: An IS auditor performing an application development review a...; Question 259: Requiring that passwords contain a combination of numeric an...; Question 260: An organization has established three IS processing environm...; Question 261: When initiating an IT project, which of the following should...; Question 262: Which of the following access rights in the production envir...; Question 263: Which of the following is a passive attack on a network?...; Question 264: Which of the following is the GREATEST risk associated with ...; Question 265: A small startup organization does not have the resources to ...; Question 266: Which of the following controls would BEST ensure that payro...; Question 267: Which of the following activities is MOST important to consi...; Question 268: Which of the following findings should be an IS auditor's GR...; Question 269: Which of the following is the BCST way to determine the effe...; Question 270: Which of the following auditing techniques would be used to ...; Question 271: An information systems security officer's PRIMARY responsibi...; Question 272: Which of the following is MOST likely to improve the portabi...; Question 273: Which of the following is the BEST evidence that an organiza...; Question 274: Which of the following controls is MOST appropriate against ...; Question 275: Which of the following is the MOST important consideration w...; Question 276: An organization considers implementing a system that uses a ...; Question 277: Which of the following should be of GREATEST concern to an I...; Question 278: Which of the following is the PRIMARY function of technology...; Question 279: Which of the following is MOST important for an IS auditor t...; Question 280: Which of the following would be the MOST appropriate reason ...; Question 281: Which of the following is the GREATEST risk of cloud computi...; Question 282: Which of the following is the BEST way to ensure enterprise ...; Question 283: An IS auditor previously worked in an organization s IT depa...; Question 284: Loss-site scripting (XSS) attacks are BEST prevented through...; Question 285: Which of the following sampling methods is the BEST approach...; Question 286: When connecting to an organization's intranet from the Inter...; Question 287: Two organizations will share ownership of a new enterprise r...; Question 288: Which of the following group is MOST likely responsible for ...; Question 289: Which of the following controls MOST effectively reduces the...; Question 290: What is the MOST difficult aspect of access control in a mul...; Question 291: Following a breach, what is the BEST source to determine the...; Question 292: Which of the following would be considered the BEST compensa...; Question 293: Which of the following metrics would be MOST helpful to an I...; Question 294: As part of business continuity planning. Which of the follow...; Question 295: An organization was recently notified by its regulatory body...; Question 296: Which of the following is the BEST way to detect potentially...; Question 297: Which of the following BEST describes the relationship betwe...; Question 298: When reviewing a contract for a disaster recovery hot site, ...; Question 299: The PRIMARY purpose of an internal audit department's qualit...; Question 300: Which of the following tools is MOST helpful in estimating b...; Question 301: An IS auditor would MOST likely recommend that IT management...; Question 302: Which of the following BEST determines if a batch update job...; Question 303: Which of the following should be of GREATEST concern to an I...; Question 304: An IT governance body wants to determine whether IT service ...; Question 305: Which of the following helps to ensure the integrity of data...; Question 306: Which of the following functions is MOST likely to be perfor...; Question 307: An IS auditor performing an audit of backup procedures obser...; Question 308: An organization is considering outsourcing the processing of...; Question 309: When assessing a business case as part of a post-implementat...; Question 310: Which audit technique provides the GREATEST assurance that i...; Question 311: Which of the following will BEST ensure that a proper cutoff...; Question 312: A digital signature addresses which of the following concern...; Question 313: An IS auditor has assessed a payroll service provider's secu...; Question 314: The PRIMARY advantage of object oriented technology is enhan...; Question 315: An IS auditor plans to review all access attempts to a video...; Question 316: Which of the following would MOST effectively and executive ...; Question 317: Which of the following is an example of a data analytics use...; Question 318: Which of the following is MOST important for an IS auditor t...; Question 319: An IS auditor finds that an organization's data loss prevent...; Question 320: The risk that the IS auditor will not find an error that has...; Question 321: An organization transmits large amount of data from one inte...; Question 322: Which of the following presents the GREATEST concern when im...; Question 323: Which of the following would be an auditor's GREATEST concer...; Question 324: An IS auditor has observed gaps in the data available to the...; Question 325: Which of the following communication modes should be of GREA...; Question 326: What is the GREASTEST concern for an IS auditory reviewing c...; Question 327: In attribute sampling, what is the relationship between expe...; Question 328: An IS auditor is planning to audit an organization's infrast...; Question 329: Which of the following is the PRIMARY advantage of using vir...; Question 330: IT service engineers at a large organization are unable to e...; Question 331: An organization recently experienced a phishing attack that ...; Question 332: Which of the following is the PRIMARY objective of the IS au...

Question 142/332

LEAVE A REPLY

Download PDF File