CISA Exam Dumps | An IS auditor is reviewing a small organization's business continuity and disaster recovery plans Which

<< Prev Question Next Question >>

Question 282/299

An IS auditor is reviewing a small organization's business continuity and disaster recovery plans Which of the following findings would pose the GREATEST concern?

A. Practice drills related to the plans are conducted infrequently

B. Data backup and storage is not performed every day

C. The plans are not periodically reviewed and updated

D. The organization's hardware is near end-of-the

Question List (299q): Question 1: A system undergoing acceptance testing is still subject to p...; Question 2: Which of the following would BEST help management maintain a...; Question 3: A sales representative is reviewing the organization's feedb...; Question 4: When evaluating an organization's information security progr...; Question 5: Which of the following is an example of a corrective control...; Question 6: To preserve chain-of-custody following an internal server co...; Question 7: Which of the following reports can MOST effectively be used ...; Question 8: Which of the following is MOST important for the successful ...; Question 9: An IT department installed critical patches provided by the ...; Question 10: planning an end-user computing (EUC) audit, it is MO ST impo...; Question 11: An audit report that specifies responsibility for the closur...; Question 12: Which of the following observations should be of MOST concer...; Question 13: What is the PRIMARY reason for including a clause requiring ...; Question 14: An organization is including a client side software componen...; Question 15: When assessing a business case as part of a post-implementat...; Question 16: During an internal review of the system development life cyc...; Question 17: During a "clean desk" audit, a USB flash drive labeled "conf...; Question 18: Which of the following security mechanisms should be used to...; Question 19: Which of the following would BEST indicate the independence ...; Question 20: The PRIMARY purpose of conducting a test of an alternate sit...; Question 21: The process of applying a hash function to a message, and ob...; Question 22: An organization has recently incorporated robotic process au...; Question 23: To confirm integrity for a hashed message, the receiver shou...; Question 24: Which of the following cloud computing models should an orga...; Question 25: Which of the following is an analytical review procedure for...; Question 26: Which of the following is the BEST way to mitigate the risk ...; Question 27: An IS auditor notes that several of a client's servers are v...; Question 28: Which of the following is MOST important for an IS auditor t...; Question 29: An IS auditor previously worked in an organization s IT depa...; Question 30: Which should be reviewed FIRST by an IS auditor To ensure th...; Question 31: When auditing the closing stages of a system development pro...; Question 32: A legacy application is running on an operating system that ...; Question 33: A new regulation requires organizations to report significan...; Question 34: The maturity level of an organization s problem management s...; Question 35: Which of the Which is the MOST effective control to reduce t...; Question 36: Which of the following would be considered a corrective cont...; Question 37: Following a security breach, an IS auditor finds an organiza...; Question 38: Which of the following should an IS auditor review FIRST whe...; Question 39: An employee has accidentally posted confidential data to the...; Question 40: Which of the following Is the MOST important consideration w...; Question 41: An IS auditor concludes that a local area network's (LAN's) ...; Question 42: An IS auditor is reviewing IT policies and found that most p...; Question 43: Which of the following activities is MOST important to consi...; Question 44: Which of the following could be used to evaluate the effecti...; Question 45: Which of the following is the MOST effective control In an o...; Question 46: Which of the following BEST enables an IS auditor to determi...; Question 47: Following an acquisition, it was decided that legacy applica...; Question 48: Which of the following documents would be MOST useful in det...; Question 49: Which of the following is the PRIMARY criterion for identify...; Question 50: What is the BEST way for an IS auditor to address the risk a...; Question 51: What is the PRIMARY objective of implementing data classific...; Question 52: During an IS audit the auditor identifies significant delays...; Question 53: Who is PRIMARILY responsible for data integrity and security...; Question 54: An external attacker spoofing an internal Internet protocol ...; Question 55: the use of a cloud service provider to obtain additional com...; Question 56: Performance monitoring tools report that servers are consist...; Question 57: An IS auditor discovers that due to resource constraints a d...; Question 58: What is the BEST strategy to prioritize work when planning a...; Question 59: Which of the following should an IS auditor recommend to red...; Question 60: Which of the following is the MOST effective control for pro...; Question 61: An IS auditor finds that confidential company data has been ...; Question 62: What is the PRIMARY reason for conducting a risk assessment ...; Question 63: An organization has fully outsourced its email functions to ...; Question 64: A transaction processing system interfaces with the general ...; Question 65: Which of the following should be performed immediately after...; Question 66: While reviewing transactions, an IS auditor discovers incons...; Question 67: An organization is considering replacing physical backup tap...; Question 68: Which of the following controls would BEST enable IT managem...; Question 69: Which of the following controls will BEST ensure that the bo...; Question 70: Which of the following should be the MOST important consider...; Question 71: During development of an information security policy, which ...; Question 72: Assessments of critical information systems are based on a c...; Question 73: Of the following, who is BEST suited to establish an organiz...; Question 74: Which of the following may be adversely affected when thin c...; Question 75: An IS auditor discovers instances where software with the sa...; Question 76: Which of the following would be an IS auditors GREATEST conc...; Question 77: Which of the following is the BEST audit technique to identi...; Question 78: Invoking a business continuity plan (BCP) is demonstrating w...; Question 79: An effective implementation of security roles and responsibi...; Question 80: When designing metrics for information security, the MOST im...; Question 81: Which of the following Is the MOST effective way for an IS a...; Question 82: Which of the following system deployments requires the cloud...; Question 83: Which of the following is the MOST important factor when an ...; Question 84: Which of the following is the BEST way to achieve high avail...; Question 85: Which of the following is the PRIMARY reason for an IS audit...; Question 86: An IS audit of an organization's data classification policie...; Question 87: Which of the following poses the GREATEST risk to data secur...; Question 88: An IS auditor is asked to review a large organization's chan...; Question 89: An organization outsourced its IS functions. To meet its res...; Question 90: Which of the following projects would be MOST important to r...; Question 91: An advantage of object-oriented system development is that i...; Question 92: An IS auditor is performing a post-implementation review of ...; Question 93: Which of the following tools is MOST helpful in estimating b...; Question 94: While performing a risk-based audit, which of the following ...; Question 95: A 5 year audit plan provides for general audits every year a...; Question 96: Which of the following attacks would MOST likely result in t...; Question 97: An IS auditor has found that a vendor has gone out of busine...; Question 98: When removing a financial application system from production...; Question 99: Which of the following should be of MOST concern to an IS au...; Question 100: Which of the following types of environmental equipment will...; Question 101: While reviewing an independent audit report of a service pro...; Question 102: An IS auditor is reviewing the upgrading of an operating sys...; Question 103: The PRIMARY purpose of a precedence diagramming method in ma...; Question 104: Which of the following audit procedures would be MOST conclu...; Question 105: Which of the following is the PRIMARY benefit of conducting ...; Question 106: Which of the following would BEST help to ensure that an inc...; Question 107: A multinational organization is integrating its existing pay...; Question 108: Which of the following is the BEST indicator of a mature qua...; Question 109: Which of the following reflects inadequate segregation of du...; Question 110: An IS auditor is following upon a finding that determined el...; Question 111: Using development and operations (DevOps) processes an organ...; Question 112: Which of the following is the BEST way to transmit documents...; Question 113: An IS auditor notes that nightly hatch processing is frequen...; Question 114: Which of the following is the BEST control to detect errors ...; Question 115: A retirement system verifies that the field for employee sta...; Question 116: Which of the following should an IS auditor expect to see in...; Question 117: An auditor is creating an audit program in which the objecti...; Question 118: An organization experienced a domain name system (DNS) attac...; Question 119: Which of the following IT resource management practices is M...; Question 120: When engaging services from external auditors, which of the ...; Question 121: Which of the following is the BEST way to evaluate the effec...; Question 122: Which of the following stakeholders is accountable for contr...; Question 123: An organization has outsourced the development of a core app...; Question 124: Which of the following roles is ULTIMATELY accountable for t...; Question 125: An IS audit manager has been advised that hackers have enter...; Question 126: An IS auditor determines that an online retailer processing ...; Question 127: An organization's sensitive data is stored in a cloud comput...; Question 128: Which of the following is a reason for implementing a decent...; Question 129: An IT department is unaware of spreadsheets and databases th...; Question 130: The information security function in a large organization is...; Question 131: An organization has recently acquired another organization. ...; Question 132: The results of an IS audit indicating the need to strengthen...; Question 133: An organization plans to migrate some applications to an ext...; Question 134: Which of the following is the BEST control to prevent the tr...; Question 135: Which of the following MOST effectively mitigates the impact...; Question 136: An IS auditor determines that a business impact analysis (BI...; Question 137: Which of the following findings is the GREATES concern when ...; Question 138: A small startup organization does not have the resources to ...; Question 139: Which of the following could provide an organization with th...; Question 140: Which of the following is the MOST appropriate responsibilit...; Question 141: Which of the following is MOST important for an IS auditor t...; Question 142: Which of the following could an IS auditor recommend to impr...; Question 143: Which of the following will enable a customer to authenticat...; Question 144: An organization shares some of its customers' personally Ide...; Question 145: An IS auditor reviewing the acquisition of new equipment wou...; Question 146: Which of the following roles is responsible for validating c...; Question 147: While reviewing a hot site, the IS auditor discovers that on...; Question 148: When continuous monitoring systems are being implemented, an...; Question 149: Which of the following would provide the BEST evidence of th...; Question 150: An IS auditor reviewing a new application for compliance wit...; Question 151: Which of the following concerns is BEST addressed by securin...; Question 152: During a post-incident review of a security breach, what typ...; Question 153: The MAIN benefit of using an Integrated test facility (ITF) ...; Question 154: The application systems quality assurance (QA) function shou...; Question 155: Which of the following is the BEST source of information whe...; Question 156: An organization plans to receive an automated data feed into...; Question 157: An IS auditor finds that one employee has unauthorized acces...; Question 158: An organization has outsourced its help desk services. Which...; Question 159: An IS auditor observed a lack of compliance with a documente...; Question 160: An IS auditor Is reviewing a complete population of incident...; Question 161: Which of the following is an advantage of using electronic d...; Question 162: Which of the following is MOST important with regard to an a...; Question 163: An organization has purchased a replacement mainframe comput...; Question 164: An IS auditor follows up on a recent security incident and f...; Question 165: The IS auditor's PRIMARY role in control self-assessment (CS...; Question 166: An IS auditor is evaluating a virtual server environment and...; Question 167: Which of the following is MOST important to consider when de...; Question 168: Which of the following should be used to assess the level of...; Question 169: During the review of an organization's software development ...; Question 170: Which of the following is a benefit of requiring management ...; Question 171: Which of the following entities is BEST suited to define the...; Question 172: The GREATEST benefit of using a prototyping approach in soft...; Question 173: Which of the following is the MOST important determining fac...; Question 174: An IS audit team is planning to rely on a system-generated r...; Question 175: Which of the following methods should be used to effectively...; Question 176: The results of a feasibility study for acquiring a new syste...; Question 177: An IS auditor finds an IT department does not perform period...; Question 178: What should be the PRIMARY basis for scheduling a follow-up ...; Question 179: Following Pie last external review, the audit client impleme...; Question 180: During a network security review the system log indicates an...; Question 181: Which of the following audit procedures would provide the BE...; Question 182: A previously agreed-upon recommendation was not implemented ...; Question 183: Which of the following is the BEST indication of control mat...; Question 184: Which of the following is the MOST effective control to rest...; Question 185: Which of the following is the BEST evidence of senior manage...; Question 186: Which of the following would be the MOST efficient audit app...; Question 187: Which of the following reports would BEST assist an IS audit...; Question 188: An IS auditor should ensure that an application's audit trai...; Question 189: Coding standards provide which of the following?...; Question 190: Which of the following is found in an audit charter?...; Question 191: Which of the following is MOST important for an IS auditor t...; Question 192: A financial services organization has just been granted a ba...; Question 193: Which of the following is the MOST important feature of acce...; Question 194: Which of the following access rights in the production envir...; Question 195: Which of the following BEST helps to ensure system resilienc...; Question 196: Management has requested a post-implementation review of a n...; Question 197: An IS auditor Is asked to review an organization's data back...; Question 198: During a vulnerability assessment, an IS auditor finds a hig...; Question 199: The IS security group is planning to implement single sign-o...; Question 200: Which of the following should be performed FIRST when prepar...; Question 201: Information security awareness programs in a large organizat...; Question 202: Which of the following Is MOST important for successful Inci...; Question 203: Which of the following is the PRIMARY concern if a business ...; Question 204: Due to limited storage capacity, an organization has decided...; Question 205: Which of the following should be of GREATEST concern to an I...; Question 206: In a typical system development life cycle (SDLC), which gro...; Question 207: IS management has decided to replace the current single-serv...; Question 208: A database audit reveals an issue with the way data ownershi...; Question 209: An organization transmits large amount of data from one inte...; Question 210: A multinational company wants to establish a mandatory globa...; Question 211: Which of the following is the KST source of information for ...; Question 212: An organization wants to classify database tables according ...; Question 213: Segregation of duties would be compromised if:...; Question 214: A business area has Been experiencing an ongoing Issue with ...; Question 215: An IS auditor is assessing a recent migration of mission cri...; Question 216: After discussing findings with an auditee, an IS auditor is ...; Question 217: For a company that outsources payroll processing, which of t...; Question 218: The purpose of data migration testing is to validate data:...; Question 219: A web application is developed in-house by an organization. ...; Question 220: Which of the following activities provides an IS auditor wit...; Question 221: When replacing a critical software application, which of the...; Question 222: During an annual audit an IS auditor finds there is no writt...; Question 223: An organization has contracted with a third party to impleme...; Question 224: An IS auditor identified hard-coded credentials within the s...; Question 225: When physical destruction is not practical, which of the fol...; Question 226: A software development project has had a significant scope r...; Question 227: Which of the following roles is BEST suited to determine inf...; Question 228: Which of the following is the PRIMARY responsibility of an i...; Question 229: Which of the following backup methods is MOST appropriate wh...; Question 230: An IS auditor is planning on utilizing attribute sampling to...; Question 231: An IS auditor is preparing a data set for a data analytics p...; Question 232: A start-up organization is expecting to leverage application...; Question 233: Which of the following controls BEST mitigates the impact of...; Question 234: Which of the following provides the BEST indication that IT ...; Question 235: An organization s audit charter PRIMARILY:...; Question 236: In a high-volume, real-time system, the MOST effective techn...; Question 237: What is the MOST critical finding when reviewing an organiza...; Question 238: An organization's IT security policy states that user ID's m...; Question 239: Which of the following is the BEST indication of a mature qu...; Question 240: Which of the following should be established FIRST when init...; Question 241: The BEST data backup strategy for mobile users is to:...; Question 242: When implementing a software product (middleware) to pass da...; Question 243: During an audit of a reciprocal disaster recovery agreement ...; Question 244: For an application system with a large master Tile and a sma...; Question 245: An IS auditor learns an organization does not perform full d...; Question 246: Which of the following is the GREATEST benefit of implementi...; Question 247: Which of the following control? MOST efficiently ensures tha...; Question 248: Which of the following is the MOST important control to help...; Question 249: The PRIMARY objective of parallel testing an application is ...; Question 250: During a review of operations, it is noted that during a bat...; Question 251: An organization is designing an application programming inte...; Question 252: An external audit team is deciding whether to rely on intern...; Question 253: Which of the following should an IS auditor be MOST concerne...; Question 254: Loss-site scripting (XSS) attacks are BEST prevented through...; Question 255: An IS auditor found that a company executive is encouraging ...; Question 256: Which of the following functions is MOST likely to be perfor...; Question 257: Both statistical and nonstatistical sampling techniques:...; Question 258: Which combination of access controls provides the BEST physi...; Question 259: The BEST reason for implementing a virtual private network (...; Question 260: select a sample for testing, which must include the 80 large...; Question 261: During a software acquision review, an IS auditor should rec...; Question 262: An IS auditor is planning a risk-based audit of the human re...; Question 263: The lack of which of the following represents the GREATEST r...; Question 264: An IS auditor discovers trial a security information and eve...; Question 265: Categories for classifying an organization's data are BEST d...; Question 266: An IS auditor is conducting a project review for the impleme...; Question 267: Which of the following is the MOST critical element impactin...; Question 268: An IS audit had identified that default passwords for a newl...; Question 269: Which of the following controls should be implemented to BES...; Question 270: Which of the following is the BEST method to secure credit c...; Question 271: When preparing to evaluate the effectiveness of an organizat...; Question 272: During a post-implementation review, a step in determining w...; Question 273: Which of the following presents the GREATEST concern when im...; Question 274: A subsidiary company uses macro-enabled spreadsheets to conv...; Question 275: Which of the following is the PRIMARY advantage of using an ...; Question 276: Which of the following is the BEST method to assess the adeq...; Question 277: Which of the following methods should be used to purge confi...; Question 278: A potential risk of executing a program on an Internet site ...; Question 279: Which of the following is BEST addressed when using a timest...; Question 280: Which of the following would be MOST useful to an IS auditor...; Question 281: Which of the following should be the PRIMARY reason to estab...; Question 282: An IS auditor is reviewing a small organization's business c...; Question 283: The PRIMARY benefit of using secure shell (SSH) to access a ...; Question 284: When reviewing capacity monitoring, an IS auditor notices se...; Question 285: Which of the following would provide the BEST evidence for u...; Question 286: The PRIMARY purpose for an IS auditor to review previous aud...; Question 287: An IS auditor finds that firewalls are outdated and not supp...; Question 288: What type of control is being used when an organization publ...; Question 289: Which of the following reliably associates users and their p...; Question 290: Which of the following findings would be of GREATEST concern...; Question 291: Which of the following is the BEST recommendation for the es...; Question 292: Which of the following is a prerequisite to help ensure that...; Question 293: An IS auditor has been asked to advise on the design and imp...; Question 294: In a database management system (DBMS) normalization is used...; Question 295: Which of the following Is MOST appropriate to prevent unauth...; Question 296: An IS auditor finds multiple situations where the help desk ...; Question 297: An organization wants to reuse company-provided smartphones ...; Question 298: An organization uses a web server hosting critical applicati...; Question 299: An organization is planning to develop a system using rapid ...

Question 282/299

LEAVE A REPLY

Download PDF File