Valid CISA Dumps shared by ExamDiscuss.com for Helping Passing CISA Exam! ExamDiscuss.com now offer the newest CISA exam dumps, the ExamDiscuss.com CISA exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CISA dumps with Test Engine here:
Access CISA Dumps Premium Version
(1435 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 367/418
An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities. Which of the following is the BEST recommendation by the IS auditor?
Correct Answer: D
Explanation
The best recommendation by the IS auditor for finding that application servers had inconsistent security settings leading to potential vulnerabilities is to perform a configuration review. A configuration review is an audit procedure that involves examining and verifying the security settings and parameters of application servers against predefined standards or best practices. A configuration review can help to identify and remediate any deviations, inconsistencies, or misconfigurations that may expose the application servers to unauthorized access, exploitation, or compromise6. A configuration review can also help to ensure compliance with security policies and regulations, as well as enhance the performance and availability of application servers. The other options are less effective or incorrect because:
A: Improving the change management process is not the best recommendation by the IS auditor for finding that application servers had inconsistent security settings leading to potential vulnerabilities, as it does not address the root cause of the problem or provide a specific solution. While improving the change management process may help to prevent future inconsistencies or misconfigurations in application server settings, it does not ensure that the existing ones are detected and corrected.
B: Establishing security metrics is not the best recommendation by the IS auditor for finding that application servers had inconsistent security settings leading to potential vulnerabilities, as it does not address the root cause of the problem or provide a specific solution. While establishing security metrics may help to measure and monitor the security performance and posture of application servers, it does not ensure that the existing inconsistencies or misconfigurations in application server settings are detected and corrected.
C: Performing a penetration test is not the best recommendation by the IS auditor for finding that application servers had inconsistent security settings leading to potential vulnerabilities, as it does not address the root cause of the problem or provide a specific solution. While performing a penetration test may help to simulate and evaluate the impact of an attack on application servers, it does not ensure that the existing inconsistencies or misconfigurations in application server settings are detected and corrected. References: Configuring system to use application server security - IBM, Application Security Risk: Assessment and Modeling - ISACA, Five Key Components of an Application Security Program - ISACA, ISACA Practitioner Guidelines for Auditors - SSH, SCADA Cybersecurity Framework - ISACA
The best recommendation by the IS auditor for finding that application servers had inconsistent security settings leading to potential vulnerabilities is to perform a configuration review. A configuration review is an audit procedure that involves examining and verifying the security settings and parameters of application servers against predefined standards or best practices. A configuration review can help to identify and remediate any deviations, inconsistencies, or misconfigurations that may expose the application servers to unauthorized access, exploitation, or compromise6. A configuration review can also help to ensure compliance with security policies and regulations, as well as enhance the performance and availability of application servers. The other options are less effective or incorrect because:
A: Improving the change management process is not the best recommendation by the IS auditor for finding that application servers had inconsistent security settings leading to potential vulnerabilities, as it does not address the root cause of the problem or provide a specific solution. While improving the change management process may help to prevent future inconsistencies or misconfigurations in application server settings, it does not ensure that the existing ones are detected and corrected.
B: Establishing security metrics is not the best recommendation by the IS auditor for finding that application servers had inconsistent security settings leading to potential vulnerabilities, as it does not address the root cause of the problem or provide a specific solution. While establishing security metrics may help to measure and monitor the security performance and posture of application servers, it does not ensure that the existing inconsistencies or misconfigurations in application server settings are detected and corrected.
C: Performing a penetration test is not the best recommendation by the IS auditor for finding that application servers had inconsistent security settings leading to potential vulnerabilities, as it does not address the root cause of the problem or provide a specific solution. While performing a penetration test may help to simulate and evaluate the impact of an attack on application servers, it does not ensure that the existing inconsistencies or misconfigurations in application server settings are detected and corrected. References: Configuring system to use application server security - IBM, Application Security Risk: Assessment and Modeling - ISACA, Five Key Components of an Application Security Program - ISACA, ISACA Practitioner Guidelines for Auditors - SSH, SCADA Cybersecurity Framework - ISACA
- Question List (418q)
- Question 1: An IS auditor reviewing the threat assessment tor a data cen...
- Question 2: A database administrator (DBA) should be prevented from havi...
- Question 3: A small business unit is implementing a control self-assessm...
- Question 4: Which of the following is MOST important to consider when as...
- Question 5: Which of the following information security requirements BE ...
- Question 6: Which of the following testing methods is MOST appropriate f...
- Question 7: Which of the following is the BEST audit procedure to determ...
- Question 8: An IS auditor is following up on prior period items and find...
- Question 9: An organization allows its employees lo use personal mobile ...
- Question 10: Which of the following is a concern associated with virtuali...
- Question 11: An IS auditor is reviewing the perimeter security design of ...
- Question 12: An IS auditor conducts a review of a third-party vendor's re...
- Question 13: Which of the following would BEST ensure that a backup copy ...
- Question 14: When auditing the closing stages of a system development pro...
- Question 15: What would be an IS auditor's BEST course of action when an ...
- Question 16: The use of access control lists (ACLs) is the MOST effective...
- Question 17: Which of the following would minimize the risk of losing tra...
- Question 18: During a new system implementation, an IS auditor has been a...
- Question 19: Which of the following is MOST important to include in secur...
- Question 20: An IS department is evaluated monthly on its cost-revenue ra...
- Question 21: A secure server room has a badge reader system that records ...
- Question 22: The BEST way to provide assurance that a project is adhering...
- Question 23: A finance department has a multi-year project to upgrade the...
- Question 24: Which of the following would BEST manage the risk of changes...
- Question 25: An internal audit team is deciding whether to use an audit m...
- Question 26: Which of the following is an IS auditor's BEST recommendatio...
- Question 27: Which of the following would be of MOST concern for an IS au...
- Question 28: An IS auditor is reviewing enterprise governance and finds t...
- Question 29: Which of the following is MOST important for an IS auditor t...
- Question 30: Which of the following is the MOST effective method of destr...
- Question 31: A credit card company has decided to outsource the printing ...
- Question 32: An IS auditor determines that the vendor's deliverables do n...
- Question 33: Which of the following is the MOST significant impact to an ...
- Question 34: Which of the following presents the GREATEST risk of data le...
- Question 35: An organization's security team created a simulated producti...
- Question 36: An IS auditor has been asked to audit the proposed acquisiti...
- Question 37: An organization is concerned about duplicate vendor payments...
- Question 38: Capacity management enables organizations to:...
- Question 39: An organization is concerned with meeting new regulations fo...
- Question 40: During the planning stage of a compliance audit, an IS audit...
- Question 41: Which of the following is the BEST indication that there are...
- Question 42: During the review of a system disruption incident, an IS aud...
- Question 43: Which of the following is the MOST important reason to imple...
- Question 44: A national tax administration agency with a distributed netw...
- Question 45: Transaction records from a business database were inadverten...
- Question 46: Which of the following represents the HIGHEST level of matur...
- Question 47: Which of the following should an IS auditor ensure is classi...
- Question 48: Following the sale of a business division, employees will be...
- Question 49: Which of the following should be an IS auditor's GREATEST co...
- Question 50: Audit observations should be FIRST communicated with the aud...
- Question 51: Which of the following is MOST important to verify when dete...
- Question 52: Which type of attack targets security vulnerabilities in web...
- Question 53: An IS auditor wants to determine who has oversight of staff ...
- Question 54: A disaster recovery plan (DRP) should include steps for:...
- Question 55: Which of the following would be MOST effective in detecting ...
- Question 56: Which of the following is MOST important for an IS auditor t...
- Question 57: When planning an audit to assess application controls of a c...
- Question 58: An audit identified that a computer system is not assigning ...
- Question 59: An IS audit manager is reviewing workpapers for a recently c...
- Question 60: An IS auditor is evaluating the access controls for a shared...
- Question 61: An organization has implemented a distributed security admin...
- Question 62: A proper audit trail of changes to server start-up procedure...
- Question 63: When auditing an organization's software acquisition process...
- Question 64: Which of the following is the MOST important activity in the...
- Question 65: Controls related to authorized modifications to production p...
- Question 66: An information systems security officer's PRIMARY responsibi...
- Question 67: During which phase of the software development life cycle is...
- Question 68: A new system is being developed by a vendor for a consumer s...
- Question 69: An organization implemented a cybersecurity policy last year...
- Question 70: An IS auditor concludes that logging and monitoring mechanis...
- Question 71: Which of the following is the BEST source of information tor...
- Question 72: An IS auditor has completed the fieldwork phase of a network...
- Question 73: The use of control totals satisfies which of the following c...
- Question 74: Which of the following fire suppression systems needs to be ...
- Question 75: Which of the following is MOST important for an IS auditor t...
- Question 76: Which of the following is MOST useful to an IS auditor perfo...
- Question 77: Which of the following approaches will ensure recovery time ...
- Question 78: An IS auditor notes that several employees are spending an e...
- Question 79: An organization uses public key infrastructure (PKI) to prov...
- Question 80: Which of the following would provide an IS auditor with the ...
- Question 81: Which of the following is MOST important to define within a ...
- Question 82: Which of the following is MOST important to ensure that elec...
- Question 83: Which of the following is the MOST important prerequisite fo...
- Question 84: Spreadsheets are used to calculate project cost estimates. T...
- Question 85: An IT balanced scorecard is the MOST effective means of moni...
- Question 86: Which of the following BEST minimizes performance degradatio...
- Question 87: Which of the following should be of GREATEST concern to an I...
- Question 88: An organization has partnered with a third party to transpor...
- Question 89: During audit framework. an IS auditor teams that employees a...
- Question 90: Which of the following is the GREATEST security risk associa...
- Question 91: An organization has virtualized its server environment witho...
- Question 92: Which of the following should be done FIRST to minimize the ...
- Question 93: A manager Identifies active privileged accounts belonging to...
- Question 94: A company requires that all program change requests (PCRs) b...
- Question 95: Which of the following controls BEST ensures appropriate seg...
- Question 96: An IS auditor finds that capacity management for a key syste...
- Question 97: Which of the following is MOST critical to the success of an...
- Question 98: Which of the following findings from an IT governance review...
- Question 99: An IS auditor is evaluating the risk associated with moving ...
- Question 100: A checksum is classified as which type of control?...
- Question 101: When an IS audit reveals that a firewall was unable to recog...
- Question 102: An audit has identified that business units have purchased c...
- Question 103: An organization that has suffered a cyber-attack is performi...
- Question 104: An IS auditor observes that a business-critical application ...
- Question 105: Which of the following is the PRIMARY purpose of obtaining a...
- Question 106: Due to system limitations, segregation of duties (SoD) canno...
- Question 107: In a large organization, IT deadlines on important projects ...
- Question 108: Which of the following MOST effectively minimizes downtime d...
- Question 109: Which of the following should be of MOST concern to an IS au...
- Question 110: Which of the following is MOST critical to the success of an...
- Question 111: Aligning IT strategy with business strategy PRIMARILY helps ...
- Question 112: Which of the following physical controls provides the GREATE...
- Question 113: IT disaster recovery time objectives (RTOs) should be based ...
- Question 114: During the planning phase of a data loss prevention (DLP) au...
- Question 115: Which of the following is MOST important to determine during...
- Question 116: Which of the following is the BEST way to verify the effecti...
- Question 117: An IS auditor evaluating the change management process must ...
- Question 118: Which of the following is the BEST control to mitigate the m...
- Question 119: Which of the following BEST describes the role of a document...
- Question 120: An IS auditor follows up on a recent security incident and f...
- Question 121: Which of the following should an IS auditor be MOST concerne...
- Question 122: In which phase of the internal audit process is contact esta...
- Question 123: Which of the following conditions would be of MOST concern t...
- Question 124: Which of the following will be the MOST effective method to ...
- Question 125: Which of the following is the BEST way to identify whether t...
- Question 126: An IS auditor Is renewing the deployment of a new automated ...
- Question 127: During an external review, an IS auditor observes an inconsi...
- Question 128: Which of the following is the BEST justification for deferri...
- Question 129: When a data center is attempting to restore computing facili...
- Question 130: An incident response team has been notified of a virus outbr...
- Question 131: Which of the following is the MAJOR advantage of automating ...
- Question 132: A system development project is experiencing delays due to o...
- Question 133: Following a breach, what is the BEST source to determine the...
- Question 134: Which of the following is the PRIMARY reason for an IS audit...
- Question 135: Which of the following activities would allow an IS auditor ...
- Question 136: Management has learned the implementation of a new IT system...
- Question 137: A global organization's policy states that all workstations ...
- Question 138: Which type of control is being implemented when a biometric ...
- Question 139: Which of the following is the BEST security control to valid...
- Question 140: In response to an audit finding regarding a payroll applicat...
- Question 141: Which of the following BEST enables an organization to impro...
- Question 142: What is the FIRST step when creating a data classification p...
- Question 143: An IS auditor is evaluating an enterprise resource planning ...
- Question 144: Which of the following is a PRIMARY responsibility of an IT ...
- Question 145: Which of the following should be the GREATEST concern to an ...
- Question 146: Which of the following is the BEST compensating control when...
- Question 147: A web proxy server for corporate connections to external res...
- Question 148: Which of the following is the PRIMARY reason to perform a ri...
- Question 149: An organization is disposing of removable onsite media which...
- Question 150: Which of the following should an IS auditor consider the MOS...
- Question 151: In the case of a disaster where the data center is no longer...
- Question 152: Which of the following provides the MOST reliable audit evid...
- Question 153: An IS auditor finds that while an organization's IT strategy...
- Question 154: Which of the following is the BEST testing approach to facil...
- Question 155: An IS auditor is conducting a post-implementation review of ...
- Question 156: When implementing Internet Protocol security (IPsec) archite...
- Question 157: A programmer has made unauthorized changes lo key fields in ...
- Question 158: While evaluating the data classification process of an organ...
- Question 159: Which of the following is the MOST effective control for pro...
- Question 160: Which of the following would be an appropriate role of inter...
- Question 161: Which of the following is the MOST important area of focus f...
- Question 162: An IS auditor finds the log management system is overwhelmed...
- Question 163: In order to be useful, a key performance indicator (KPI) MUS...
- Question 164: An IS audit reveals that an organization operating in busine...
- Question 165: In which phase of penetration testing would host detection a...
- Question 166: Which of the following Is the BEST way to ensure payment tra...
- Question 167: An organization has outsourced its data processing function ...
- Question 168: Which of the following BEST helps to ensure data integrity a...
- Question 169: Which of the following are BEST suited for continuous auditi...
- Question 170: Which of the following is the MOST significant risk when an ...
- Question 171: Which of the following would BEST help to ensure that an inc...
- Question 172: Which of the following should be an IS auditor's GREATEST co...
- Question 173: Which of the following is the MOST important advantage of pa...
- Question 174: If enabled within firewall rules, which of the following ser...
- Question 175: Which of the following findings should be of GREATEST concer...
- Question 176: Which of the following provides the BE ST method for maintai...
- Question 177: Which of the following types of firewalls provide the GREATE...
- Question 178: Which of the following should be of GREATEST concern to an I...
- Question 179: An IS auditor is analyzing a sample of accounts payable tran...
- Question 180: Compared to developing a system in-house, acquiring a softwa...
- Question 181: What is the BEST way to reduce the risk of inaccurate or mis...
- Question 182: Which of the following would present the GREATEST concern du...
- Question 183: Which of the following are used in a firewall to protect the...
- Question 184: Which of the following provides a new IS auditor with the MO...
- 1 commentQuestion 185: During an IT governance audit, an IS auditor notes that IT p...
- Question 186: Which of the following is the MOST effective control to miti...
- Question 187: Which of the following findings from a database security aud...
- Question 188: An IS auditor is reviewing an organization's information ass...
- Question 189: Which of the following is the BEST methodology to use for es...
- Question 190: Which of the following is the BEST control to prevent the tr...
- Question 191: Which of the following should be of GREATEST concern to an I...
- Question 192: Which of the following would BEST detect that a distributed ...
- Question 193: Which of the following is MOST important to consider when sc...
- Question 194: Which of the following is the BEST way to detect unauthorize...
- Question 195: Which of the following is the BEST source of information for...
- Question 196: An organization's senior management thinks current security ...
- Question 197: Which of the following helps to ensure the integrity of data...
- Question 198: During an ongoing audit, management requests a briefing on t...
- Question 199: Which of the following should be the FIRST consideration whe...
- Question 200: A vendor requires privileged access to a key business applic...
- Question 201: An IS auditor discovers that validation controls in a web ap...
- Question 202: Which of the following is the MOST important Issue for an IS...
- Question 203: An IS auditor has found that an organization is unable to ad...
- Question 204: An organization has outsourced the development of a core app...
- Question 205: Which of the following is the MOST important reason for an I...
- Question 206: In an online application which of the following would provid...
- Question 207: Which of the following features of a library control softwar...
- Question 208: Retention periods and conditions for the destruction of pers...
- Question 209: Which of the following would provide the MOST important inpu...
- Question 210: Which of the following is MOST useful for determining whethe...
- Question 211: Which of the following provides the MOST protection against ...
- Question 212: Capacity management tools are PRIMARILY used to ensure that:...
- Question 213: Which of the following is MOST useful when planning to audit...
- Question 214: An IS auditor requests direct access to data required to per...
- Question 215: Which of the following is the BEST data integrity check?...
- Question 216: An IS auditor is reviewing a bank's service level agreement ...
- Question 217: What is the MAIN reason to use incremental backups?...
- Question 218: An IS auditor learns that an organization's business continu...
- Question 219: Which of the following BEST facilitates the legal process in...
- Question 220: Which of the following is the MOST important benefit of invo...
- Question 221: Which of the following is the BEST source of information for...
- Question 222: An IS auditor should be MOST concerned if which of the follo...
- Question 223: To reduce operational costs, IT management plans to reduce t...
- Question 224: Which of the following is an IS auditor's BEST recommendatio...
- Question 225: An IS auditor notes that IT and the business have different ...
- Question 226: Which of the following is the BEST way for an IS auditor to ...
- Question 227: During the discussion of a draft audit report. IT management...
- Question 228: During an audit, an IT finding is agreed upon by all IT team...
- Question 229: An IS auditor is reviewing the service agreement with a tech...
- Question 230: While executing follow-up activities, an IS auditor is conce...
- Question 231: The charging method that effectively encourages the MOST eff...
- Question 232: Which of the following would be of GREATEST concern to an IS...
- Question 233: What is the Most critical finding when reviewing an organiza...
- Question 234: When physical destruction IS not practical, which of the fol...
- Question 235: Which of the following is the BEST way to address potential ...
- Question 236: Which type of attack poses the GREATEST risk to an organizat...
- Question 237: Which of the following should be the PRIMARY role of an inte...
- Question 238: An organization's IT risk assessment should include the iden...
- Question 239: Afire alarm system has been installed in the computer room T...
- Question 240: An IS audit reveals an IT application is experiencing poor p...
- Question 241: Which of the following should an IS auditor use when verifyi...
- Question 242: The PRIMARY purpose of a configuration management system is ...
- Question 243: What should be the PRIMARY basis for selecting which IS audi...
- Question 244: While auditing a small organization's data classification pr...
- Question 245: In which of the following system development life cycle (SDL...
- Question 246: An IS auditor discovers an option in a database that allows ...
- Question 247: Which of the following is the GREATEST benefit of adopting a...
- Question 248: Which of the following concerns is BEST addressed by securin...
- Question 249: An organization has replaced all of the storage devices at i...
- Question 250: Which of the following is the GREATEST advantage of outsourc...
- Question 251: Which of the following is MOST important for an IS auditor t...
- Question 252: Due to a recent business divestiture, an organization has li...
- Question 253: An IS audit learn is evaluating the documentation related to...
- Question 254: In an environment that automatically reports all program cha...
- Question 255: Which of the following would MOST likely impair the independ...
- Question 256: A new regulation in one country of a global organization has...
- Question 257: During the design phase of a software development project, t...
- Question 258: Which of the following BEST Indicates that an incident manag...
- Question 259: During the discussion of a draft audit report IT management ...
- Question 260: When testing the adequacy of tape backup procedures, which s...
- Question 261: What should an IS auditor do FIRST upon discovering that a s...
- Question 262: Which of the following BEST describes an audit risk?...
- Question 263: An organization's enterprise architecture (EA) department de...
- Question 264: Which of the following would be of GREATEST concern when rev...
- Question 265: Which of the following BEST protects evidence in a forensic ...
- Question 266: When testing the accuracy of transaction data, which of the ...
- Question 267: Which of the following should be an IS auditor's PRIMARY foc...
- Question 268: An organization has made a strategic decision to split into ...
- Question 269: An organization has developed mature risk management practic...
- Question 270: An IS auditor discovers that an IT organization serving seve...
- Question 271: Which of the following is the BEST detective control for a j...
- Question 272: An IS auditor is reviewing an industrial control system (ICS...
- Question 273: What is the BEST control to address SQL injection vulnerabil...
- Question 274: An organization's security team created a simulated producti...
- Question 275: Which of the following would be an IS auditor's GREATEST con...
- Question 276: Which of the following would be an appropriate rote of inter...
- Question 277: During a follow-up audit, an IS auditor learns that some key...
- Question 278: Which of the following would be the MOST useful metric for m...
- Question 279: When planning a follow-up, the IS auditor is informed by ope...
- Question 280: Which of the following access rights presents the GREATEST r...
- 2 commentQuestion 281: An IS auditor is reviewing security controls related to coll...
- Question 282: An IS auditor is reviewing an organization's primary router ...
- Question 283: An IS auditor finds a segregation of duties issue in an ente...
- Question 284: An IS auditor notes the transaction processing times in an o...
- Question 285: A data center's physical access log system captures each vis...
- Question 286: Which of the following is the BEST method to prevent wire tr...
- Question 287: As part of business continuity planning, which of the follow...
- Question 288: Which of the following types of environmental equipment will...
- Question 289: Which of the following areas of responsibility would cause t...
- Question 290: An IS auditor reviewing security incident processes realizes...
- Question 291: in a post-implantation Nation review of a recently purchased...
- Question 292: Which of the following should be the MOST important consider...
- Question 293: An IS auditor found that a company executive is encouraging ...
- Question 294: A system administrator recently informed the IS auditor abou...
- Question 295: IS management has recently disabled certain referential inte...
- Question 296: Which of the following is the BEST reason to implement a dat...
- Question 297: During an IT general controls audit of a high-risk area wher...
- Question 298: The PRIMARY objective of a control self-assessment (CSA) is ...
- Question 299: IT governance should be driven by:...
- Question 300: Using swipe cards to limit employee access to restricted are...
- Question 301: Which of the following would be MOST effective to protect in...
- Question 302: Several unattended laptops containing sensitive customer dat...
- Question 303: An IS auditor is assigned to review the IS department s qual...
- Question 304: A now regulation requires organizations to report significan...
- Question 305: Which type of review is MOST important to conduct when an IS...
- Question 306: Which of the following would be an IS auditor's GREATEST con...
- Question 307: Which task should an IS auditor complete FIRST during the pr...
- Question 308: Which of the following provides the BEST providence that out...
- Question 309: The PRIMARY focus of a post-implementation review is to veri...
- Question 310: Which of the following is the MOST appropriate indicator of ...
- Question 311: Which of the following is the MOST efficient way to identify...
- Question 312: An organization allows employees to retain confidential data...
- Question 313: In an IT organization where many responsibilities are shared...
- Question 314: An IS audit review identifies inconsistencies in privacy req...
- Question 315: Which of the following is MOST helpful to an IS auditor revi...
- Question 316: Which of the following audit procedures would provide the BE...
- Question 317: Which of the following is MOST important to ensure when plan...
- Question 318: After the merger of two organizations, which of the followin...
- Question 319: Which of the following is the BEST metric to measure the ali...
- Question 320: Which of the following provides the MOST assurance over the ...
- Question 321: What Is the BEST method to determine if IT resource spending...
- Question 322: The operations team of an organization has reported an IS se...
- Question 323: An organization has recently implemented a Voice-over IP (Vo...
- Question 324: During an audit of an organization's risk management practic...
- Question 325: Which of the following provides an IS auditor assurance that...
- Question 326: Prior to a follow-up engagement, an IS auditor learns that m...
- Question 327: When is it MOST important for an IS auditor to apply the con...
- Question 328: When reviewing an organization's information security polici...
- Question 329: An IS auditor notes that the previous year's disaster recove...
- Question 330: Which of the following should an organization do to anticipa...
- Question 331: Which of the following is the PRIMARY benefit of a tabletop ...
- Question 332: Which of the following documents would be MOST useful in det...
- Question 333: An IS auditor has identified deficiencies within the organiz...
- Question 334: Which of the following is the PRIMARY advantage of parallel ...
- Question 335: Which of the following BEST enables the timely identificatio...
- Question 336: Which of the following is the GREATEST risk associated with ...
- Question 337: Which of the following would lead an IS auditor to conclude ...
- Question 338: Coding standards provide which of the following?...
- Question 339: Which of the following documents should specify roles and re...
- Question 340: Which audit approach is MOST helpful in optimizing the use o...
- Question 341: Which of the following should be an IS auditor's GREATEST co...
- Question 342: Which of the following findings should be of GREATEST concer...
- Question 343: Which of the following be of GREATEST concern to an IS audit...
- Question 344: Which of the following is the BEST way for an organization t...
- Question 345: Which of the following biometric access controls has the HIG...
- Question 346: Which of the following would provide the BEST evidence of an...
- Question 347: In the development of a new financial application, the IS au...
- Question 348: Which of the following is the BEST way to address segregatio...
- Question 349: When evaluating information security governance within an or...
- Question 350: In a review of the organization standards and guidelines for...
- Question 351: An IS auditor is reviewing the release management process fo...
- Question 352: Which of the following BEST protects an organization's propr...
- Question 353: Malicious program code was found in an application and corre...
- Question 354: One benefit of return on investment (ROI) analysts in IT dec...
- Question 355: Which of the following risk scenarios is BEST addressed by i...
- Question 356: An IS auditor reviewing a job scheduling tool notices perfor...
- Question 357: Which of the following is the MOST appropriate and effective...
- Question 358: Backup procedures for an organization's critical data are co...
- Question 359: Which of the following is MOST important with regard to an a...
- Question 360: The PRIMARY benefit lo using a dry-pipe fire-suppression sys...
- Question 361: Which of the following should an IS auditor review when eval...
- Question 362: Which of the following should an IS auditor recommend be don...
- Question 363: Which of the following is the PRIMARY basis on which audit o...
- Question 364: Which of the following is MOST important when implementing a...
- Question 365: Which of the following is MOST important to consider when de...
- Question 366: Which of the following is the PRIMARY reason for an IS audit...
- Question 367: An IS auditor finds that application servers had inconsisten...
- Question 368: Which of the following responsibilities of an organization's...
- Question 369: Which of the following is the BEST way to prevent social eng...
- Question 370: In a 24/7 processing environment, a database contains severa...
- Question 371: An IS auditor is reviewing an organization's business intell...
- Question 372: Which of the following is the BEST way to sanitize a hard di...
- Question 373: During an audit of a financial application, it was determine...
- Question 374: An IS auditor is reviewing the installation of a new server....
- Question 375: Demonstrated support from which of the following roles in an...
- Question 376: An IS auditor is verifying the adequacy of an organization's...
- Question 377: Which of the following should be the FIRST step in the incid...
- Question 378: Which of the following should be of GREATEST concern to an I...
- Question 379: Which of the following issues associated with a data center'...
- Question 380: When assessing a proposed project for the two-way replicatio...
- Question 381: During a database management evaluation an IS auditor discov...
- Question 382: Which of the following BEST describes a digital signature?...
- Question 383: When reviewing a project to replace multiple manual data ent...
- Question 384: Which of the following provides the BEST audit evidence that...
- Question 385: Which of following is MOST important to determine when condu...
- Question 386: When reviewing an IT strategic plan, the GREATEST concern wo...
- Question 387: Which of the following is MOST important for an IS auditor t...
- Question 388: Which of the following is the MOST important reason to class...
- Question 389: The decision to accept an IT control risk related to data qu...
- Question 390: Which of the following is MOST helpful for an IS auditor to ...
- Question 391: An internal audit department recently established a quality ...
- Question 392: The BEST way to prevent fraudulent payments is to implement ...
- Question 393: A core system fails a week after a scheduled update, causing...
- Question 394: Which of the following provides IS audit professionals with ...
- Question 395: The BEST way to determine whether programmers have permissio...
- Question 396: An organization relies on an external vendor that uses a clo...
- Question 397: Which of the following should be of GREATEST concern to an I...
- Question 398: Which of the following technologies has the SMALLEST maximum...
- Question 399: If a source code is not recompiled when program changes are ...
- Question 400: During a project assessment, an IS auditor finds that busine...
- Question 401: Which of the following is MOST important for an IS auditor t...
- Question 402: Which of the following is the BEST method to safeguard data ...
- Question 403: Which of the following provides the MOST useful information ...
- Question 404: Audit frameworks cart assist the IS audit function by:...
- Question 405: Which of the following findings should be of GREATEST concer...
- Question 406: An organization's IT department and internal IS audit functi...
- Question 407: With regard to resilience, which of the following is the GRE...
- Question 408: Which of the following should be restricted from a network a...
- Question 409: Which of the following is MOST important during software lic...
- Question 410: Which of the following is MOST critical for the effective im...
- Question 411: Which of the following is the PRIMARY reason for an IS audit...
- Question 412: Due to advancements in technology and electronic records, an...
- Question 413: An IS auditor is reviewing a client's outsourced payroll sys...
- Question 414: Which of the following is an executive management concern th...
- Question 415: What is BEST for an IS auditor to review when assessing the ...
- Question 416: Which of the following is the BEST recommendation to include...
- Question 417: An organization is shifting to a remote workforce In prepara...
- Question 418: A computer forensic audit is MOST relevant in which of the f...
