Valid CISA Dumps shared by ExamDiscuss.com for Helping Passing CISA Exam! ExamDiscuss.com now offer the newest CISA exam dumps, the ExamDiscuss.com CISA exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CISA dumps with Test Engine here:
Access CISA Dumps Premium Version
(1435 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 490/579
During a database management evaluation an IS auditor discovers that some accounts with database administrator (DBA) privileges have been assigned a default password with an unlimited number of failed login attempts Which of the following is the auditor's BEST course of action?
Correct Answer: C
The auditor's best course of action is to document the finding and explain the risk of having administrator accounts with inappropriate security settings. This is because the auditor's role is to identify and report the issues, not to fix them or request others to fix them. The auditor should also communicate the impact of the finding, such as the possibility of unauthorized access, data tampering, or denial of service attacks. The auditor should not assume the responsibility of the IT manager or the DBA, who are in charge of changing the security parameters or disabling the accounts. References:
* CISA Review Manual (Digital Version), Chapter 4, Section 4.2.21
* CISA Online Review Course, Domain 1, Module 3, Lesson 32
* CISA Review Manual (Digital Version), Chapter 4, Section 4.2.21
* CISA Online Review Course, Domain 1, Module 3, Lesson 32
- Question List (579q)
- Question 1: Which of the following is MOST important for an IS auditor t...
- Question 2: Which of the following approaches would utilize data analyti...
- Question 3: The PRIMARY purpose of a configuration management system is ...
- Question 4: An external attacker spoofing an internal Internet Protocol ...
- Question 5: Which of the following is the MOST effective control to miti...
- Question 6: An IS auditor is reviewing logical access controls for an or...
- Question 7: When reviewing past results of a recurring annual audit, an ...
- Question 8: Which type of threat can utilize a large group of automated ...
- Question 9: What should an IS auditor do FIRST when management responses...
- Question 10: Which of the following should be the GREATEST concern to an ...
- Question 11: When reviewing an organization's information security polici...
- Question 12: Which of the following is MOST useful to an IS auditor perfo...
- Question 13: Which of the following tests is MOST likely to detect an err...
- Question 14: A security administrator is called in the middle of the nigh...
- Question 15: When assessing the overall effectiveness of an organization'...
- Question 16: Which of the following is an executive management concern th...
- Question 17: What is the PRIMARY purpose of performing a parallel run of ...
- Question 18: Which of the following should be the PRIMARY objective of co...
- Question 19: Which of the following is the BEST disposal method for flash...
- Question 20: Which of the following should be of GREATEST concern to an I...
- Question 21: A small IT department has embraced DevOps, which allows memb...
- Question 22: Which of the following conditions would be of MOST concern t...
- Question 23: Which of the following is MOST important for an IS auditor t...
- Question 24: The use of access control lists (ACLs) is the MOST effective...
- Question 25: An IS auditor is reviewing an artificial intelligence (Al) a...
- Question 26: An IS auditor determines elevated administrator accounts for...
- Question 27: The business case for an information system investment shoul...
- Question 28: Which of the following is the MAIN purpose of an information...
- Question 29: What is the FIRST step when creating a data classification p...
- Question 30: A bank performed minor changes to the interest calculation c...
- Question 31: Due to system limitations, segregation of duties (SoD) canno...
- Question 32: Which of the following types of environmental equipment will...
- Question 33: To mitigate the risk of exposing data through application pr...
- Question 34: An internal audit department recently established a quality ...
- Question 35: Which of the following should be performed FIRST before key ...
- Question 36: Which of the following metrics is the BEST indicator of the ...
- Question 37: Which of the following is the MOST efficient solution for a ...
- Question 38: Which of the following should an IS auditor be MOST concerne...
- Question 39: Which of the following is an effective way to ensure the int...
- Question 40: Which of the following is the BEST way to ensure that busine...
- Question 41: An organization's information security policies should be de...
- Question 42: Which of the following is the MOST effective way to maintain...
- Question 43: An organization's IT department and internal IS audit functi...
- Question 44: Which of the following is the BEST method to maintain an aud...
- Question 45: Which of the following findings related to segregation of du...
- Question 46: When an IS audit reveals that a firewall was unable to recog...
- Question 47: Which type of testing is used to identify security vulnerabi...
- Question 48: During the discussion of a draft audit report IT management ...
- Question 49: Which of the following is the MOST important consideration f...
- Question 50: An IS auditor should be MOST concerned if which of the follo...
- Question 51: During a review, an IS auditor discovers that corporate user...
- Question 52: An organization is ready to implement a new IT solution cons...
- Question 53: An auditee disagrees with a recommendation for corrective ac...
- Question 54: Which of the following is the PRIMARY reason to involve IS a...
- Question 55: Which of the following should be an IS auditor's GREATEST co...
- Question 56: Which of the following is the MOST effective control to miti...
- Question 57: The PRIMARY role of a control self-assessment (CSA) facilita...
- Question 58: In order to be useful, a key performance indicator (KPI) MUS...
- Question 59: Which of the following is the BEST method to safeguard data ...
- Question 60: An IS auditor discovers that a developer has used the same k...
- Question 61: Which of the following findings should be of GREATEST concer...
- Question 62: Prior to a follow-up engagement, an IS auditor learns that m...
- Question 63: An IS auditor is reviewing a contract for the outsourcing of...
- Question 64: Which of the following observations should be of GREATEST co...
- Question 65: Which of the following is MOST important with regard to an a...
- Question 66: After the merger of two organizations, which of the followin...
- Question 67: During an audit of a reciprocal disaster recovery agreement ...
- Question 68: When assessing a proposed project for the two-way replicatio...
- Question 69: When auditing the adequacy of a cooling system for a data ce...
- Question 70: Which of the following is the BEST indicator for measuring p...
- Question 71: Which of the following is the BEST source of information tor...
- Question 72: Which task should an IS auditor complete FIRST during the pr...
- Question 73: Compared to developing a system in-house, acquiring a softwa...
- Question 74: Which of the following is the BEST indication of effective g...
- Question 75: Which of the following should be used as the PRIMARY basis f...
- Question 76: Which of the following provides the BEST assurance that vend...
- Question 77: Which of the following is MOST helpful to an IS auditor when...
- Question 78: Which of the following is an analytical review procedure for...
- Question 79: An incident response team has been notified of a virus outbr...
- Question 80: Which of the following is the BEST way to mitigate the risk ...
- Question 81: Which of the following poses the GREATEST risk to the use of...
- Question 82: An organization is planning to implement a work-from-home po...
- Question 83: Which of the following is the BEST way to prevent social eng...
- Question 84: An IT balanced scorecard is PRIMARILY used for:...
- Question 85: When protecting the confidentiality of information assets, t...
- Question 86: Which of the following is a threat to IS auditor independenc...
- Question 87: During a new system implementation, an IS auditor has been a...
- Question 88: What should an IS auditor do FIRST upon discovering that a s...
- Question 89: Which of the following MOST effectively minimizes downtime d...
- Question 90: An organization considering the outsourcing of a business ap...
- Question 91: The waterfall life cycle model of software development is BE...
- Question 92: Which of the following would BEST guide an IS auditor when d...
- Question 93: Which of the following is the BEST source of information for...
- Question 94: For an organization that has plans to implement web-based tr...
- Question 95: Which of the following BEST describes an audit risk?...
- Question 96: Which of the following business continuity activities priori...
- Question 97: An organization has replaced all of the storage devices at i...
- Question 98: What is the GREATEST concern for an IS auditor reviewing con...
- Question 99: What is the BEST control to address SQL injection vulnerabil...
- Question 100: Following a breach, what is the BEST source to determine the...
- Question 101: Following the sale of a business division, employees will be...
- Question 102: Which of the following BEST demonstrates to senior managemen...
- Question 103: Which of the following should be the MOST important consider...
- Question 104: Which of the following helps to ensure the integrity of data...
- Question 105: Which of the following is the PRIMARY benefit of monitoring ...
- Question 106: What Is the BEST method to determine if IT resource spending...
- Question 107: Which of the following is the PRIMARY purpose of a rollback ...
- Question 108: What is MOST important to verify during an external assessme...
- Question 109: Spreadsheets are used to calculate project cost estimates. T...
- Question 110: Which of the following is the GREATEST risk associated with ...
- Question 111: Which of the following risk scenarios is BEST addressed by i...
- Question 112: Which of the following would be MOST effective to protect in...
- Question 113: A new system is being developed by a vendor for a consumer s...
- Question 114: Which of the following is MOST important when defining the I...
- Question 115: During audit planning, the IS audit manager is considering w...
- Question 116: Which of the following is the GREATEST risk of using a recip...
- Question 117: An IS auditor wants to determine who has oversight of staff ...
- Question 118: Following a merger, a review of an international organizatio...
- Question 119: Which of the following is the GREATEST risk when relying on ...
- Question 120: Which of the following is the GREATEST advantage of vulnerab...
- Question 121: Which of the following should an IS auditor be MOST concerne...
- Question 122: Which of the following is the MOST important activity in the...
- Question 123: An IS auditor is reviewing an organization that performs bac...
- Question 124: Which of the following is a challenge in developing a servic...
- Question 125: A programmer has made unauthorized changes to key fields in ...
- Question 126: An IS auditor Is renewing the deployment of a new automated ...
- Question 127: Which of the following would be of GREATEST concern to an IS...
- Question 128: Which of the following should an IS auditor recommend be don...
- 1 commentQuestion 129: A review of IT interface controls finds an organization does...
- Question 130: When planning a follow-up, the IS auditor is informed by ope...
- Question 131: An IS auditor learns a server administration team regularly ...
- Question 132: One advantage of monetary unit sampling is the fact that...
- Question 133: An IS auditor is reviewing an organization's business contin...
- Question 134: Which of the following approaches will ensure recovery time ...
- Question 135: Which of the following presents the GREATEST risk associated...
- Question 136: An IS auditor engaged in developing the annual internal audi...
- Question 137: Which of the following should be done FIRST when planning a ...
- Question 138: Which of the following IT service management activities is M...
- Question 139: An IS auditor should ensure that an application's audit trai...
- Question 140: Which of the following provides a new IS auditor with the MO...
- Question 141: Which of the following would MOST likely impair the independ...
- Question 142: Which of the following is MOST important to include in secur...
- Question 143: Which of the following should be of GREATEST concern to an I...
- Question 144: Which of the following application input controls would MOST...
- Question 145: When planning an audit to assess application controls of a c...
- Question 146: An IS auditor is reviewing the service agreement with a tech...
- Question 147: Which of the following would BEST help lo support an auditor...
- Question 148: Audit frameworks cart assist the IS audit function by:...
- Question 149: Which of the following BEST addresses the availability of an...
- Question 150: Which of the following should be the FIRST step when conduct...
- Question 151: Which of the following is a PRIMARY function of an intrusion...
- Question 152: Which of the following BEST supports the effectiveness of a ...
- Question 153: An organization's security team created a simulated producti...
- Question 154: An organization plans to receive an automated data feed into...
- Question 155: Which of the following is the BEST way to strengthen the sec...
- Question 156: An incident response team has been notified of a virus outbr...
- Question 157: Which of the following is an IS auditor's BEST approach when...
- Question 158: An organization plans to receive an automated data feed into...
- Question 159: The GREATEST benefit of using a polo typing approach in soft...
- Question 160: Which of the following is the BEST security control to valid...
- Question 161: Which of the following is the BEST way for management to ens...
- Question 162: An IS auditor is reviewing a network diagram. Which of the f...
- Question 163: Which of the following user actions poses the GREATEST risk ...
- Question 164: A small organization is experiencing rapid growth and plans ...
- Question 165: In an online application which of the following would provid...
- Question 166: Which of the following is the PRIMARY objective of enterpris...
- Question 167: To reduce operational costs, IT management plans to reduce t...
- Question 168: During a follow-up audit, an IS auditor learns that some key...
- Question 169: Which of the following should be of GREATEST concern to an |...
- Question 170: Which of the following provides the BEST audit evidence that...
- Question 171: What should an IS auditor do FIRST when a follow-up audit re...
- Question 172: A global bank plans to use a cloud provider for backup of cu...
- Question 173: Which of the following would be MOST useful when analyzing c...
- Question 174: Which of the following BEST enables a benefits realization p...
- Question 175: Which of the following would BEST prevent an arbitrary appli...
- Question 176: During which IT project phase is it MOST appropriate to cond...
- Question 177: An IS auditor finds that application servers had inconsisten...
- Question 178: Which of the following areas is MOST likely to be overlooked...
- Question 179: After delivering an audit report, the audit manager discover...
- Question 180: Capacity management tools are PRIMARILY used to ensure that:...
- Question 181: What is the PRIMARY purpose of documenting audit objectives ...
- Question 182: Which of the following is the MOST effective accuracy contro...
- Question 183: Which of the following BEST enables an organization to impro...
- Question 184: An IS auditor will be testing accounts payable controls by p...
- Question 185: The MOST important measure of the effectiveness of an organi...
- Question 186: Due to a recent business divestiture, an organization has li...
- Question 187: Which of the following is the GREATEST benefit of adopting a...
- Question 188: When developing customer-facing IT applications, in which st...
- Question 189: Which of the following is the BEST indication of effective I...
- Question 190: Stress testing should ideally be carried out under a:...
- Question 191: An organization is migrating its HR application to an Infras...
- Question 192: Which of the following is MOST important to consider when de...
- Question 193: Which of the following BEST indicates to an IS auditor that ...
- Question 194: Which of the following is the BEST control to minimize the r...
- Question 195: During a follow-up audit, it was found that a complex securi...
- Question 196: An IS auditor is conducting a review of a data center. Which...
- Question 197: Which of the following is the MAIN responsibility of the IT ...
- Question 198: Which of the following is the BEST way to foster continuous ...
- Question 199: Which of the following is the BEST methodology to use for es...
- Question 200: Which of the following is the PRIMARY reason an IS auditor w...
- Question 201: Which of the following is MOST important for an IS auditor t...
- Question 202: Which of the following is the MOST important Issue for an IS...
- Question 203: During an external review, an IS auditor observes an inconsi...
- Question 204: In order for a firewall to effectively protect a network aga...
- Question 205: An IS auditor finds that firewalls are outdated and not supp...
- Question 206: Data from a system of sensors located outside of a network i...
- Question 207: Which of the following should be the IS auditor's PRIMARY fo...
- Question 208: A new regulation requires organizations to report significan...
- Question 209: Which of the following presents the GREATEST challenge to th...
- Question 210: An organization has recently acquired and implemented intell...
- Question 211: Which of the following BEST enables an IS auditor to combine...
- Question 212: Using swipe cards to limit employee access to restricted are...
- Question 213: When assessing whether an organization's IT performance meas...
- Question 214: Who should be the FIRST to evaluate an audit report prior to...
- Question 215: Which of the following components of a risk assessment is MO...
- Question 216: During the design phase of a software development project, t...
- Question 217: Which of the following BEST Indicates that an incident manag...
- Question 218: An organization allows employees to retain confidential data...
- Question 219: An IS auditor has found that a vendor has gone out of busine...
- Question 220: Which of the following is the BEST way to mitigate the impac...
- Question 221: A source code repository should be designed to:...
- Question 222: Which of the following should be an IS auditor's GREATEST co...
- Question 223: An audit has identified that business units have purchased c...
- Question 224: An organization is considering allowing users to connect per...
- Question 225: An organization uses public key infrastructure (PKI) to prov...
- Question 226: When reviewing the functionality of an intrusion detection s...
- Question 227: As part of business continuity planning, which of the follow...
- Question 228: Which of the following should be an IS auditor's GREATEST co...
- Question 229: An IS audit manager was temporarily tasked with supervising ...
- Question 230: Audit observations should be FIRST communicated with the aud...
- Question 231: A new regulation in one country of a global organization has...
- Question 232: Which of the following is MOST critical to the success of an...
- Question 233: How is nonrepudiation supported within a public key infrastr...
- Question 234: Which of the following should be of GREATEST concern to an I...
- Question 235: An IS audit learn is evaluating the documentation related to...
- Question 236: Which of the following should be done FIRST when planning to...
- Question 237: During which process is regression testing MOST commonly use...
- Question 238: What is BEST for an IS auditor to review when assessing the ...
- Question 239: Which of the following should be of GREATEST concern to an I...
- Question 240: During an information security review, an IS auditor learns ...
- Question 241: An externally facing system containing sensitive data is con...
- Question 242: What should an IS auditor evaluate FIRST when reviewing an o...
- Question 243: During the planning phase of a data loss prevention (DLP) au...
- Question 244: A senior IS auditor suspects that a PC may have been used to...
- Question 245: Demonstrated support from which of the following roles in an...
- Question 246: What is the BEST way to reduce the risk of inaccurate or mis...
- Question 247: A senior auditor is reviewing work papers prepared by a juni...
- Question 248: Which of the following types of firewalls provides the GREAT...
- Question 249: An IS audit reveals an IT application is experiencing poor p...
- Question 250: In an environment that automatically reports all program cha...
- Question 251: Which of the following observations regarding change managem...
- Question 252: Which of the following provides the BEST evidence that syste...
- Question 253: An IS auditor finds that capacity management for a key syste...
- Question 254: Which of the following findings should be of GREATEST concer...
- Question 255: During an audit of a financial application, it was determine...
- Question 256: Which of the following is MOST important for an IS auditor t...
- Question 257: The implementation of an IT governance framework requires th...
- Question 258: Which of the following is the MOST appropriate testing appro...
- Question 259: Which of the following is the MOST effective way to detect a...
- Question 260: Which of the following is the BEST way to address segregatio...
- Question 261: Which of the following is the BEST detective control for a j...
- Question 262: A system administrator recently informed the IS auditor abou...
- Question 263: Which of the following are used in a firewall to protect the...
- Question 264: Which of the following is MOST important when implementing a...
- Question 265: Which of the following is an IS auditor's BEST recommendatio...
- Question 266: Which of the following represents the HIGHEST level of matur...
- Question 267: Which of the following is MOST important during software lic...
- Question 268: A database administrator (DBA) should be prevented from havi...
- Question 269: An organization has decided to build a data warehouse using ...
- Question 270: Which of the following is the BEST way to address potential ...
- Question 271: In the development of a new financial application, the IS au...
- Question 272: An IS audit reveals that an organization operating in busine...
- Question 273: An IS auditor is reviewing an organization's incident manage...
- Question 274: An IS auditor Is reviewing a recent security incident and is...
- Question 275: A checksum is classified as which type of control?...
- Question 276: A small business unit is implementing a control self-assessm...
- Question 277: Which of the following is MOST important for an IS auditor t...
- Question 278: An organization has both an IT strategy committee and an IT ...
- Question 279: Which of the following should be the PRIMARY focus when comm...
- Question 280: The BEST way to provide assurance that a project is adhering...
- Question 281: Which of the following provides the BEST providence that out...
- Question 282: Which of the following is MOST important to ensure that elec...
- Question 283: In which phase of penetration testing would host detection a...
- Question 284: The BEST way to evaluate the effectiveness of a newly develo...
- Question 285: Which of the following is the BEST way for an organization t...
- Question 286: During an external review, an IS auditor observes an inconsi...
- Question 287: An IS auditor is reviewing the installation of a new server....
- Question 288: Which of the following is MOST effective for controlling vis...
- Question 289: Which of the following is the MOST important prerequisite fo...
- Question 290: An IS auditor notes that not all security tests were complet...
- Question 291: Which of the following BEST enables an IS auditor to priorit...
- Question 292: Which of the following is MOST appropriate to prevent unauth...
- Question 293: Which of the following information security requirements BE ...
- Question 294: Which of the following findings should be of GREATEST concer...
- Question 295: A mission-critical application utilizes a one-node database ...
- Question 296: Which of the following should be the GREATEST concern to an ...
- Question 297: An IS auditor is examining a front-end subledger and a main ...
- Question 298: Which of the following should be an IS auditor's GREATEST co...
- Question 299: Which of the following strategies BEST optimizes data storag...
- Question 300: An organization that has suffered a cyber-attack is performi...
- Question 301: Which of the following would BEST enable an organization to ...
- Question 302: Management receives information indicating a high level of r...
- Question 303: During a security audit, an IS auditor is tasked with review...
- Question 304: Which of the following is the PRIMARY benefit of effective i...
- Question 305: An IS auditor has been asked to audit the proposed acquisiti...
- Question 306: Which of the following are BEST suited for continuous auditi...
- Question 307: Which of the following is the MOST important consideration w...
- Question 308: Which of the following is the MOST significant risk that IS ...
- Question 309: Which of the following biometric access controls has the HIG...
- Question 310: An IS auditor has found that an organization is unable to ad...
- Question 311: Which of the following will BEST ensure that a proper cutoff...
- Question 312: A warehouse employee of a retail company has been able to co...
- Question 313: An IS auditor conducts a review of a third-party vendor's re...
- Question 314: While conducting a follow-up on an asset management audit, t...
- Question 315: Which of the following would be of MOST concern for an IS au...
- Question 316: The use of which of the following is an inherent risk in the...
- Question 317: Which of the following is MOST important for an IS auditor t...
- Question 318: Which of the following would MOST effectively help to reduce...
- Question 319: An organization is concerned with meeting new regulations fo...
- Question 320: Which of the following is the MOST effective control over vi...
- Question 321: An IS auditor finds that while an organization's IT strategy...
- Question 322: An IS auditor finds that an organization's data loss prevent...
- Question 323: A disaster recovery plan (DRP) should include steps for:...
- Question 324: Which of the following is an advantage of using agile softwa...
- Question 325: Which of the following backup schemes is the BEST option whe...
- Question 326: Which of the following is a PRIMARY responsibility of a qual...
- Question 327: A system development project is experiencing delays due to o...
- Question 328: An organization has implemented a new data classification sc...
- Question 329: Which of the following is the BEST evidence that an organiza...
- Question 330: Recovery facilities providing a redundant combination of Int...
- Question 331: During an ongoing audit, management requests a briefing on t...
- Question 332: An organization has implemented a distributed security admin...
- Question 333: Which of the following is the GREATEST risk if two users hav...
- Question 334: The PRIMARY purpose of an incident response plan is to:...
- Question 335: When evaluating the design of controls related to network mo...
- Question 336: During an audit which of the following would be MOST helpful...
- Question 337: Which of the following should be of MOST concern to an IS au...
- Question 338: An IS auditor found that a company executive is encouraging ...
- Question 339: Which of the following is MOST important to consider when re...
- Question 340: In a high-volume, real-time system, the MOST effective techn...
- Question 341: Which of the following would BEST indicate the effectiveness...
- Question 342: An IS auditor has been asked to provide support to the contr...
- Question 343: Which of the following should be the GREATEST concern for an...
- Question 344: Which of the following BEST reflects a mature strategic plan...
- Question 345: Which of the following provides the MOST assurance of the in...
- Question 346: An organization plans to centrally decommission end-of-life ...
- Question 347: Which of the following is the PRIMARY objective of implement...
- Question 348: Which of the following is the PRIMARY advantage of using vis...
- Question 349: An IS auditor reviewing a job scheduling tool notices perfor...
- Question 350: An organization has decided to purchase a web-based email se...
- Question 351: Which of the following is the BEST way to detect unauthorize...
- Question 352: Which of the following findings from a database security aud...
- Question 353: A senior IS auditor suspects that a PC may have been used to...
- Question 354: Which of the following would be MOST helpful to an IS audito...
- Question 355: Which of the following can only be provided by asymmetric en...
- Question 356: Which of the following provides an IS auditor assurance that...
- Question 357: An IS auditor follows up on a recent security incident and f...
- Question 358: An IS auditor reviewing incident response management process...
- Question 359: An organization allows programmers to change production syst...
- Question 360: Which of the following is MOST helpful for understanding an ...
- Question 361: An IS auditor has learned that access privileges are not per...
- Question 362: An IS auditor concludes that logging and monitoring mechanis...
- Question 363: A credit card company has decided to outsource the printing ...
- Question 364: Which of the following is the MOST efficient way to identify...
- Question 365: During a pre-implementation review, an IS auditor notes that...
- Question 366: Management has requested a post-implementation review of a n...
- Question 367: Which of the following is the BEST method to prevent wire tr...
- Question 368: Which of the following would MOST effectively ensure the int...
- Question 369: Which of the following would be an appropriate role of inter...
- Question 370: An IS auditor finds that the process for removing access for...
- Question 371: Which of the following is the PRIMARY reason for an IS audit...
- Question 372: During a follow-up audit, an IS auditor finds that some crit...
- Question 373: In which of the following sampling methods is the entire sam...
- Question 374: Which of the following is MOST important for an IS auditor t...
- Question 375: When an IS audit reveals that a firewall was unable to recog...
- Question 376: Effective separation of duties in an online environment can ...
- Question 377: In an organization's feasibility study to acquire hardware t...
- Question 378: During an exit meeting, an IS auditor highlights that backup...
- Question 379: Which of the following is the BEST recommendation to prevent...
- Question 380: The waterfall life cycle model of software development is BE...
- Question 381: An IS auditor is evaluating an organization's IT strategy an...
- Question 382: When auditing the feasibility study of a system development ...
- Question 383: During planning for a cloud service audit, audit management ...
- Question 384: An IS auditor is tasked to review an organization's plan-do-...
- Question 385: One benefit of return on investment (ROI) analysts in IT dec...
- Question 386: A proper audit trail of changes to server start-up procedure...
- Question 387: Which of the following is the GREATEST concern related to an...
- Question 388: During a review of system access, an IS auditor notes that a...
- Question 389: An organization is establishing a steering committee for the...
- Question 390: Which of the following BEST indicates that the effectiveness...
- Question 391: Which of the following would be MOST impacted if an IS audit...
- Question 392: To help determine whether a controls-reliant approach to aud...
- Question 393: An organization is disposing of removable onsite media which...
- Question 394: An IS auditor finds that the cost of developing an applicati...
- Question 395: Which of the following would the IS auditor MOST likely revi...
- Question 396: Which of the following is the MOST important responsibility ...
- Question 397: Which of the following is the GREATEST benefit of adopting a...
- Question 398: Which of the following should an IS auditor consider FIRST w...
- Question 399: An IS auditor found that operations personnel failed to run ...
- Question 400: During an operational audit on the procurement department, t...
- Question 401: An IS auditor is performing a follow-up audit for findings i...
- Question 402: An IS auditor is analyzing a sample of accounts payable tran...
- Question 403: Which of the following is MOST important when creating a for...
- Question 404: A project team has decided to switch to an agile approach to...
- Question 405: An IS audit team is evaluating documentation of the most rec...
- Question 406: In an annual audit cycle, the audit of an organization's IT ...
- Question 407: Which of the following be of GREATEST concern to an IS audit...
- Question 408: Which of the following is MOST important to review during th...
- Question 409: To ensure confidentiality through the use of asymmetric encr...
- Question 410: Which of the following methods will BEST reduce the risk ass...
- Question 411: Which of the following should be an IS auditor's GREATEST co...
- Question 412: Which of the following is the BEST indicator of the effectiv...
- Question 413: Which of the following provides the BE ST method for maintai...
- Question 414: In an environment where data virtualization is used, which o...
- Question 415: Stress testing should ideally be earned out under a:...
- Question 416: Which of the following is the BEST way for an IS auditor to ...
- Question 417: Which of the following is MOST critical to the success of an...
- Question 418: An organization has outsourced the development of a core app...
- 1 commentQuestion 419: How does a continuous integration/continuous development (CI...
- Question 420: An IS auditor suspects an organization's computer may have b...
- Question 421: During a review, an IS auditor discovers that corporate user...
- Question 422: When auditing the closing stages of a system development pro...
- Question 423: What would be an IS auditor's BEST recommendation upon findi...
- Question 424: Which of the following would be the GREATEST concern to an I...
- Question 425: Which of the following is the MOST important privacy conside...
- Question 426: Which of the following is the MOST important reason for an I...
- Question 427: An IS auditor observes that a business-critical application ...
- Question 428: Which of the following is the BEST source of information for...
- Question 429: During a follow-up audit, an IS auditor finds that senior ma...
- Question 430: The due date of an audit project is approaching, and the aud...
- Question 431: Which of the following is BEST used for detailed testing of ...
- Question 432: Which of the following should be the PRIMARY basis for prior...
- Question 433: What should be the PRIMARY focus during a review of a busine...
- Question 434: The PRIMARY focus of a post-implementation review is to veri...
- Question 435: Which of the following would an IS auditor find to be the GR...
- Question 436: An organization implemented a cybersecurity policy last year...
- Question 437: An organization relies on an external vendor that uses a clo...
- Question 438: Who is PRIMARILY responsible for the design of IT controls t...
- Question 439: During an audit of a multinational bank's disposal process, ...
- Question 440: During the implementation of a new system, an IS auditor mus...
- Question 441: An IS auditor is reviewing an organization's information ass...
- Question 442: Which of the following would provide an IS auditor with the ...
- Question 443: In data warehouse (DW) management, what is the BEST way to p...
- Question 444: Following a breach, what is the BEST source to determine the...
- Question 445: An IS auditor is verifying the adequacy of an organization's...
- Question 446: Which of the following is the PRIMARY benefit of benchmarkin...
- Question 447: An IS auditor reviewing the system development life cycle (S...
- Question 448: Which of the following should be of GREATEST concern to an I...
- Question 449: Which of the following is the BEST performance indicator for...
- Question 450: Which of the following is MOST critical to the success of an...
- Question 451: Which of the following is the MOST important area of focus f...
- Question 452: During the implementation of an upgraded enterprise resource...
- Question 453: An organization's software developers need access to persona...
- Question 454: Which of the following would BEST facilitate the successful ...
- Question 455: Which of the following should be done FIRST to minimize the ...
- Question 456: Which of the following is the BEST control to mitigate the m...
- Question 457: Which of the following is a social engineering attack method...
- Question 458: Which of the following is a PRIMARY benefit of using risk as...
- Question 459: An organization is planning an acquisition and has engaged a...
- Question 460: When designing metrics for information security, the MOST im...
- Question 461: When planning an audit, it is acceptable for an IS auditor t...
- Question 462: Which of the following is MOST important for an IS auditor t...
- Question 463: An IS auditor has discovered that a software system still in...
- Question 464: Which of the following should be of GREATEST concern to an I...
- Question 465: Which of the following network communication protocols is us...
- Question 466: Which of the following is the MOST significant impact to an ...
- Question 467: Which of the following audit procedures would be MOST conclu...
- Question 468: Which of the following is the MOST appropriate indicator of ...
- Question 469: Which of the following activities provides an IS auditor wit...
- Question 470: A system administrator recently informed the IS auditor abou...
- Question 471: An organization's strategy to source certain IT functions fr...
- Question 472: An organization is shifting to a remote workforce In prepara...
- Question 473: Which of the following is a detective control?...
- Question 474: Which of the following is the BEST audit procedure to determ...
- Question 475: During a routine internal software licensing review, an IS a...
- Question 476: Which of the following would be the BEST criteria for monito...
- Question 477: Which of the following would be of GREATEST concern to an IS...
- Question 478: An IS auditor learns that an organization's business continu...
- Question 479: Which of the following findings would be of GREATEST concern...
- Question 480: What would be an IS auditor's BEST course of action when an ...
- Question 481: A data breach has occurred due lo malware. Which of the foll...
- Question 482: The PRIMARY benefit of automating application testing is to:...
- Question 483: Documentation of workaround processes to keep a business fun...
- Question 484: Which of the following BEST describes a digital signature?...
- Question 485: An IS auditor evaluating the change management process must ...
- Question 486: Which of the following is the BEST way to verify the effecti...
- Question 487: An incorrect version of the source code was amended by a dev...
- Question 488: During audit framework. an IS auditor teams that employees a...
- Question 489: Which type of risk would MOST influence the selection of a s...
- Question 490: During a database management evaluation an IS auditor discov...
- Question 491: Which of the following is the GREATEST impact as a result of...
- Question 492: Which of the following technology trends can lead to more ro...
- Question 493: Which of the following is MOST useful when planning to audit...
- Question 494: An organization that operates an e-commerce website wants to...
- Question 495: Audit frameworks can assist the IS audit function by:...
- Question 496: An IS auditor is reviewing the security of a web-based custo...
- Question 497: Who is accountable for an organization's enterprise risk man...
- Question 498: During a pre-deployment assessment, what is the BEST indicat...
- Question 499: Which of the following provides the MOST useful information ...
- Question 500: A now regulation requires organizations to report significan...
- Question 501: Which of the following is the GREATEST advantage of outsourc...
- Question 502: A core system fails a week after a scheduled update, causing...
- Question 503: Which of the following should be the GREATEST concern to an ...
- Question 504: A web application is developed in-house by an organization. ...
- Question 505: Which of the following BEST facilitates strategic program ma...
- Question 506: Which of the following provides the BEST evidence of the val...
- Question 507: An organization has made a strategic decision to split into ...
- Question 508: When planning an internal penetration test, which of the fol...
- Question 509: Capacity management enables organizations to:...
- Question 510: Which of the following will BEST ensure that archived electr...
- Question 511: Which of the following findings should be of GREATEST concer...
- Question 512: Which of the following should be considered when examining f...
- Question 513: Which of the following controls BEST ensures appropriate seg...
- Question 514: Which of the following is the GREATEST risk related to the u...
- Question 515: During a project assessment, an IS auditor finds that busine...
- Question 516: An IS auditor discovers that validation controls m a web app...
- Question 517: When is it MOST important for an IS auditor to apply the con...
- Question 518: Which of the following is MOST useful for determining whethe...
- Question 519: Which of the following would be an auditor's GREATEST concer...
- Question 520: An organization conducted an exercise to test the security a...
- Question 521: An organization offers an e-commerce platform that allows co...
- Question 522: An IS auditor is reviewing the backup procedures in an organ...
- Question 523: The PRIMARY purpose of requiring source code escrow in a con...
- Question 524: Which of the following should be an IS auditor's PRIMARY foc...
- Question 525: Which of the following should be an IS auditor's GREATEST co...
- Question 526: Which of the following is MOST important to define within a ...
- Question 527: An IS auditor is evaluating the access controls for a shared...
- Question 528: Which of the following should be the PRIMARY consideration w...
- Question 529: An organization requires the use of a key card to enter its ...
- Question 530: Which of the following is the BEST justification for deferri...
- Question 531: Which of the following staff should an IS auditor interview ...
- Question 532: Which of the following is the MOST appropriate control to en...
- Question 533: Several unattended laptops containing sensitive customer dat...
- Question 534: Which of the following analytical methods would be MOST usef...
- Question 535: An IT governance body wants to determine whether IT service ...
- Question 536: When reviewing a business case for a proposed implementation...
- Question 537: An IS auditor is assigned to perform a post-implementation r...
- Question 538: Following a security breach in which a hacker exploited a we...
- Question 539: Which of the following should be the FIRST consideration whe...
- Question 540: Which of the following findings would be of GREATEST concern...
- Question 541: Controls related to authorized modifications to production p...
- Question 542: Which of the following is MOST important to determine during...
- Question 543: Which of the following is the GREATEST advantage of maintain...
- Question 544: Which of the following types of firewalls provide the GREATE...
- Question 545: An IT strategic plan that BEST leverages IT in achieving org...
- Question 546: Which of the following is the MOST important outcome of an i...
- Question 547: While executing follow-up activities, an IS auditor is conce...
- Question 548: Who is PRIMARILY responsible for the design of IT controls t...
- Question 549: Which of the following should be of GREATEST concern for an ...
- Question 550: To enable the alignment of IT staff development plans with I...
- Question 551: Which of the following is the PRIMARY purpose of obtaining a...
- Question 552: An IS auditor notes that the previous year's disaster recove...
- Question 553: Which of the following findings from an IT governance review...
- Question 554: Which of the following is the MOST effective method of destr...
- Question 555: Which of the following approaches BEST enables an IS auditor...
- Question 556: When planning a review of IT governance, an IS auditor is MO...
- Question 557: Which of the following would a digital signature MOST likely...
- Question 558: An IS auditor finds a high-risk vulnerability in a public-fa...
- Question 559: Which of the following provides the MOST useful information ...
- Question 560: Which of the following provides the BEST evidence that a thi...
- Question 561: An IS auditor is reviewing a data conversion project. Which ...
- Question 562: A programmer has made unauthorized changes lo key fields in ...
- Question 563: Which of the following is an IS auditor's BEST recommendatio...
- Question 564: Which of the following is the MOST important control for vir...
- Question 565: Which of the following is the BEST way to enforce the princi...
- Question 566: Which of the following is the BEST indicator that a third-pa...
- Question 567: An IS auditor notes that IT and the business have different ...
- Question 568: The PRIMARY reason to assign data ownership for protection o...
- Question 569: Which of the following is MOST likely to be reduced when imp...
- Question 570: Management has learned the implementation of a new IT system...
- Question 571: Which of the following procedures for testing a disaster rec...
- Question 572: Which of the following would BEST manage the risk of changes...
- Question 573: An IS auditor is reviewing a machine learning algorithm-base...
- Question 574: Which of the following is a PRIMARY responsibility of an IT ...
- Question 575: in a controlled application development environment, the MOS...
- Question 576: What is the PRIMARY reason to adopt a risk-based IS audit st...
- Question 577: An organization has recently moved to an agile model for dep...
- Question 578: A month after a company purchased and implemented system and...
- Question 579: Which of the following is the MOST reliable way for an IS au...
