Valid CISA Dumps shared by ExamDiscuss.com for Helping Passing CISA Exam! ExamDiscuss.com now offer the newest CISA exam dumps, the ExamDiscuss.com CISA exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CISA dumps with Test Engine here:
Access CISA Dumps Premium Version
(1435 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 166/492
An IS auditor is reviewing the security of a web-based customer relationship management (CRM) system that is directly accessed by customers via the Internet, which of the following should be a concern for the auditor?
Correct Answer: D
A web-based CRM system that is directly accessed by customers via the Internet should be hosted in a secure and isolated environment to protect it from external threats and unauthorized access. A web-based CRM system should also be reliable, trusted, and backed up regularly1.
Hosting the system on an external third-party service provider's servers (A) or a hybrid-cloud platform managed by a service provider (B) may not be a concern for the auditor if the service provider has adequate security measures and service level agreements in place. The auditor should verify the security controls and contractual terms of the service provider before trusting them with the CRM data23.
Hosting the system within a demilitarized zone (DMZ) of a corporate network is a common practice to provide an extra layer of security to the CRM system from untrusted networks, such as the Internet. A DMZ is a perimeter network that isolates the CRM system from the internal network and filters the incoming traffic from the external network using a security gateway4567.
Hosting the system within an internal segment of a corporate network (D) is a concern for the auditor because it exposes the CRM system and the internal network to potential attacks from the Internet. The CRM system should not be directly accessible from the Internet without a DMZ or a firewall to protect it. This could compromise the confidentiality, integrity, and availability of the CRM data and the internal network78.
Hosting the system on an external third-party service provider's servers (A) or a hybrid-cloud platform managed by a service provider (B) may not be a concern for the auditor if the service provider has adequate security measures and service level agreements in place. The auditor should verify the security controls and contractual terms of the service provider before trusting them with the CRM data23.
Hosting the system within a demilitarized zone (DMZ) of a corporate network is a common practice to provide an extra layer of security to the CRM system from untrusted networks, such as the Internet. A DMZ is a perimeter network that isolates the CRM system from the internal network and filters the incoming traffic from the external network using a security gateway4567.
Hosting the system within an internal segment of a corporate network (D) is a concern for the auditor because it exposes the CRM system and the internal network to potential attacks from the Internet. The CRM system should not be directly accessible from the Internet without a DMZ or a firewall to protect it. This could compromise the confidentiality, integrity, and availability of the CRM data and the internal network78.
- Question List (492q)
- Question 1: An IS auditor is reviewing a machine learning algorithm-base...
- Question 2: Secure code reviews as part of a continuous deployment progr...
- Question 3: Which of the following should be an IS auditor's GREATEST co...
- Question 4: The PRIMARY role of an IS auditor in the remediation of prob...
- Question 5: Which of the following is the MOST important reason to class...
- Question 6: What Is the BEST method to determine if IT resource spending...
- Question 7: Which of the following approaches will ensure recovery time ...
- Question 8: An organization allows its employees lo use personal mobile ...
- Question 9: Which of the following is the PRIMARY advantage of using vis...
- Question 10: Which of the following is the BEST way to verify the effecti...
- Question 11: Which of following is MOST important to determine when condu...
- Question 12: Which of the following is MOST important for an IS auditor t...
- Question 13: To confirm integrity for a hashed message, the receiver shou...
- Question 14: An organization's sensitive data is stored in a cloud comput...
- Question 15: Which of the following provides the GREATEST assurance that ...
- Question 16: What should an IS auditor do FIRST when management responses...
- Question 17: Which of the following is a social engineering attack method...
- Question 18: Which of the following controls is BEST implemented through ...
- Question 19: Which of the following is a threat to IS auditor independenc...
- Question 20: Which of the following is the MOST important area of focus f...
- Question 21: Which of the following is the BEST methodology to use for es...
- Question 22: Which of the following metrics is the BEST indicator of the ...
- Question 23: Which of the following is the BEST way to detect unauthorize...
- Question 24: Which of the following would protect the confidentiality of ...
- Question 25: Which of the following should be of GREATEST concern to an I...
- Question 26: In which of the following sampling methods is the entire sam...
- Question 27: A telecommunications company has recently created a new frau...
- Question 28: Which of the following is MOST useful for determining whethe...
- Question 29: Which of the following findings would be of GREATEST concern...
- Question 30: An IS auditor can BEST evaluate the business impact of syste...
- Question 31: Which of the following observations regarding change managem...
- Question 32: Audit frameworks cart assist the IS audit function by:...
- Question 33: The PRIMARY purpose of an incident response plan is to:...
- Question 34: Which of the following is the BEST sampling method to use wh...
- Question 35: The process of applying a hash function to a message and obt...
- Question 36: During a project assessment, an IS auditor finds that busine...
- Question 37: Which type of review is MOST important to conduct when an IS...
- Question 38: Which of the following is MOST helpful to an IS auditor when...
- Question 39: While executing follow-up activities, an IS auditor is conce...
- Question 40: The PRIMARY responsibility of a project steering committee i...
- Question 41: A checksum is classified as which type of control?...
- Question 42: Which of the following would lead an IS auditor to conclude ...
- Question 43: Which of the following risk scenarios is BEST addressed by i...
- Question 44: Which of the following will BEST ensure that a proper cutoff...
- Question 45: A finance department has a multi-year project to upgrade the...
- Question 46: An organization has an acceptable use policy in place, but u...
- Question 47: Which of the following documents should specify roles and re...
- Question 48: Which of the following is an effective way to ensure the int...
- Question 49: Which of the following is the PRIMARY objective of implement...
- Question 50: The use of which of the following would BEST enhance a proce...
- Question 51: IS management has recently disabled certain referential inte...
- Question 52: What is the GREATEST concern for an IS auditor reviewing con...
- Question 53: An organization is disposing of removable onsite media which...
- Question 54: What should an IS auditor evaluate FIRST when reviewing an o...
- Question 55: The BEST way to evaluate the effectiveness of a newly develo...
- Question 56: Which of the following BEST ensures the quality and integrit...
- Question 57: Which of the following is the BEST point in time to conduct ...
- Question 58: A small IT department has embraced DevOps, which allows memb...
- Question 59: Which of the following is the PRIMARY reason an IS auditor w...
- Question 60: Which of the following provides the MOST assurance over the ...
- Question 61: An organization that operates an e-commerce website wants to...
- Question 62: Which of the following is the BEST way to ensure an organiza...
- Question 63: Which of the following management decisions presents the GRE...
- Question 64: Which of the following is MOST important when defining the I...
- Question 65: Which of the following would be of GREATEST concern to an IS...
- Question 66: Which of the following is the MOST effective way to identify...
- Question 67: An IS auditor has discovered that a software system still in...
- Question 68: Which of the following is MOST likely to be a project delive...
- Question 69: In an organization's feasibility study to acquire hardware t...
- Question 70: An IS auditor is following up on prior period items and find...
- Question 71: Which of the following is the BEST source of information to ...
- Question 72: The PRIMARY benefit lo using a dry-pipe fire-suppression sys...
- Question 73: Which of the following is an IS auditor's BEST recommendatio...
- Question 74: To reduce operational costs, IT management plans to reduce t...
- Question 75: Which of the following is the MOST appropriate control to en...
- Question 76: Which type of attack poses the GREATEST risk to an organizat...
- Question 77: Which of the following provides the MOST assurance of the in...
- Question 78: Which of the following should be of GREATEST concern to an |...
- Question 79: The PRIMARY advantage of object-oriented technology is enhan...
- Question 80: Which of the following would BEST determine whether a post-i...
- Question 81: An IS auditor noted a recent production incident in which a ...
- Question 82: An IS auditor has been asked to advise on measures to improv...
- Question 83: A web application is developed in-house by an organization. ...
- Question 84: When auditing an organization's software acquisition process...
- Question 85: An organization is concerned about duplicate vendor payments...
- Question 86: Recovery facilities providing a redundant combination of Int...
- Question 87: Which of the following would be of GREATEST concern to an IS...
- Question 88: Which of the following would be MOST useful to an IS auditor...
- Question 89: An IS auditor observes that a business-critical application ...
- Question 90: Which of the following would provide the BEST evidence of an...
- Question 91: An IS audit manager is preparing the staffing plan for an au...
- Question 92: Which of the following is the MOST important benefit of invo...
- Question 93: A core system fails a week after a scheduled update, causing...
- Question 94: A global organization's policy states that all workstations ...
- Question 95: An organization is planning to implement a work-from-home po...
- Question 96: Afire alarm system has been installed in the computer room T...
- Question 97: Which of the following BEST describes an audit risk?...
- Question 98: Who is PRIMARILY responsible for the design of IT controls t...
- Question 99: Which of the following should be the FIRST step when conduct...
- Question 100: During a security audit, an IS auditor is tasked with review...
- Question 101: Which of the following must be in place before an IS auditor...
- Question 102: The PRIMARY objective of value delivery in reference to IT g...
- Question 103: An organization has partnered with a third party to transpor...
- Question 104: Which of the following is the PRIMARY concern when negotiati...
- Question 105: Which of the following should be GREATEST concern to an IS a...
- Question 106: Which of the following is the MOST appropriate and effective...
- Question 107: Which type of control has been established when an organizat...
- Question 108: Which of the following BEST guards against the risk of attac...
- Question 109: Which of the following should be the FIRST step to successfu...
- Question 110: Which of the following is the MOST important consideration f...
- Question 111: Which of the following is MOST important with regard to an a...
- Question 112: An IS auditor discovers that validation controls in a web ap...
- Question 113: Due to limited storage capacity, an organization has decided...
- Question 114: Which of the following audit procedures would provide the BE...
- Question 115: The GREATEST benefit of using a polo typing approach in soft...
- Question 116: An IS auditor is examining a front-end subledger and a main ...
- Question 117: Which of the following is the BEST indication that there are...
- Question 118: Which of the following BEST describes the role of a document...
- Question 119: During a disaster recovery audit, an IS auditor finds that a...
- Question 120: Which of the following would be the MOST useful metric for m...
- Question 121: An organization that has suffered a cyber-attack is performi...
- Question 122: Spreadsheets are used to calculate project cost estimates. T...
- Question 123: Which of the following tests is MOST likely to detect an err...
- Question 124: An IS auditor has been asked to provide support to the contr...
- Question 125: Which of the following is MOST important during software lic...
- Question 126: Which of the following observations would an IS auditor cons...
- Question 127: An external audit firm was engaged to perform a validation a...
- Question 128: Which of the following should be restricted from a network a...
- Question 129: Following the sale of a business division, employees will be...
- Question 130: Which of the following provides the BE ST method for maintai...
- Question 131: Which of the following would BEST indicate the effectiveness...
- Question 132: An IS auditor is reviewing database fields updated in real-t...
- Question 133: Stress testing should ideally be carried out under a:...
- Question 134: A manager Identifies active privileged accounts belonging to...
- Question 135: The BEST way to prevent fraudulent payments is to implement ...
- Question 136: Which of the following is the GREATEST benefit of adopting a...
- Question 137: Which of the following would be the BEST criteria for monito...
- Question 138: A data breach has occurred due lo malware. Which of the foll...
- Question 139: An organization's IT risk assessment should include the iden...
- Question 140: An IS auditor learns a server administration team regularly ...
- Question 141: What is the BEST control to address SQL injection vulnerabil...
- Question 142: An internal audit department recently established a quality ...
- Question 143: An IS auditor is evaluating an enterprise resource planning ...
- Question 144: Which of the following presents the GREATEST challenge to th...
- Question 145: A senior IS auditor suspects that a PC may have been used to...
- Question 146: During an audit of a multinational bank's disposal process, ...
- Question 147: Which of the following should be the FRST step when developi...
- Question 148: Which of the following is MOST useful when planning to audit...
- Question 149: During the planning phase of a data loss prevention (DLP) au...
- Question 150: Which of the following biometric access controls has the HIG...
- Question 151: An IS auditor is planning an audit of an organization's acco...
- Question 152: Which of the following should be an IS auditor's PRIMARY con...
- Question 153: Which of the following is the BEST indication of effective I...
- Question 154: During an ongoing audit, management requests a briefing on t...
- Question 155: Which of the following metrics would BEST measure the agilit...
- Question 156: An IS auditor should be MOST concerned if which of the follo...
- Question 157: Which of the following is the BEST way to mitigate the risk ...
- Question 158: Which of the following is MOST important to consider when re...
- Question 159: Which of the following is MOST appropriate to prevent unauth...
- Question 160: An IS auditor is reviewing processes for importing market pr...
- Question 161: An organization outsourced its IS functions to meet its resp...
- Question 162: An IS auditor who was instrumental in designing an applicati...
- Question 163: Which of the following is MOST important to include in foren...
- Question 164: Which of the following is the MOST important prerequisite fo...
- Question 165: Which of the following physical controls provides the GREATE...
- Question 166: An IS auditor is reviewing the security of a web-based custo...
- Question 167: Which of the following would BEST facilitate the successful ...
- Question 168: Management receives information indicating a high level of r...
- Question 169: Which of the following is MOST appropriate to review when de...
- Question 170: During an audit of payment services of a branch based in a f...
- Question 171: Which of the following should be of GREATEST concern to an I...
- Question 172: An organization is shifting to a remote workforce In prepara...
- Question 173: To mitigate the risk of exposing data through application pr...
- Question 174: Which of the following should be the PRIMARY role of an inte...
- Question 175: An IS auditor discovers that due to resource constraints a d...
- Question 176: An IS auditor will be testing accounts payable controls by p...
- Question 177: Several unattended laptops containing sensitive customer dat...
- Question 178: A transaction processing system interfaces with the general ...
- Question 179: An IS auditor wants to gain a better understanding of an org...
- Question 180: An IS auditor finds that capacity management for a key syste...
- Question 181: When auditing the closing stages of a system development pro...
- Question 182: An employee loses a mobile device resulting in loss of sensi...
- Question 183: Which of the following is a method to prevent disclosure of ...
- Question 184: Which of the following BEST demonstrates to senior managemen...
- Question 185: Which of the following activities provides an IS auditor wit...
- Question 186: An IS auditor has been tasked to review the processes that p...
- Question 187: A new system development project is running late against a c...
- Question 188: Which of the following data would be used when performing a ...
- Question 189: Following a breach, what is the BEST source to determine the...
- Question 190: The PRIMARY objective of a follow-up audit is to:...
- Question 191: The BEST way to provide assurance that a project is adhering...
- Question 192: When planning a review of IT governance, an IS auditor is MO...
- Question 193: Which of the following provides the BEST assurance of data i...
- Question 194: An IS auditor finds a user account where privileged access i...
- Question 195: Due to system limitations, segregation of duties (SoD) canno...
- Question 196: Which of the following methods will BEST reduce the risk ass...
- Question 197: Which of the following provides the BEST evidence of the val...
- Question 198: Which of the following is a corrective control?...
- Question 199: Which of the following is the GREATEST risk of using a recip...
- Question 200: Which of the following tests would provide the BEST assuranc...
- Question 201: Which of the following findings should be of GREATEST concer...
- Question 202: Which of the following observations should be of GREATEST co...
- Question 203: A business has requested an audit to determine whether infor...
- Question 204: Which of the following is MOST useful to an IS auditor perfo...
- Question 205: Due to limited storage capacity, an organization has decided...
- Question 206: An IS auditor discovers from patch logs that some in-scope s...
- Question 207: An IS audit reveals an IT application is experiencing poor p...
- Question 208: Which of the following is the MOST reliable way for an IS au...
- Question 209: A new regulation requires organizations to report significan...
- Question 210: Which of the following should be of MOST concern to an IS au...
- Question 211: Which of the following is the BEST way to help ensure new IT...
- Question 212: An IS auditor is reviewing the perimeter security design of ...
- Question 213: Which of the following should be the FIRST step in the incid...
- Question 214: An organization has recently acquired and implemented intell...
- Question 215: Which of the following provides a new IS auditor with the MO...
- Question 216: Following a security breach in which a hacker exploited a we...
- Question 217: An IS auditor learns that an in-house system development lif...
- Question 218: During the implementation of a new system, an IS auditor mus...
- Question 219: A database administrator (DBA) should be prevented from havi...
- Question 220: An IS auditor wants to inspect recent events in a system to ...
- Question 221: Which of the following is the MOST effective accuracy contro...
- Question 222: An organization is ready to implement a new IT solution cons...
- Question 223: When reviewing the functionality of an intrusion detection s...
- Question 224: An organization has implemented a new data classification sc...
- Question 225: An organization allows programmers to change production syst...
- Question 226: Which of the following would be an appropriate rote of inter...
- Question 227: Which of the following is MOST important for an IS auditor t...
- Question 228: What is the PRIMARY benefit of an audit approach which requi...
- Question 229: An IS auditor finds that one employee has unauthorized acces...
- Question 230: Which of the following BEST enables the effectiveness of an ...
- Question 231: Which of the following applications has the MOST inherent ri...
- Question 232: Which of the following is the GREATEST risk of project dashb...
- Question 233: Which of the following BEST enables an IS auditor to confirm...
- Question 234: Which of the following non-audit activities may impair an IS...
- Question 235: Which of the following is the BEST way to foster continuous ...
- Question 236: Who should be the FIRST to evaluate an audit report prior to...
- Question 237: An IS auditor evaluating the change management process must ...
- Question 238: Which of the following statements appearing in an organizati...
- Question 239: Which of the following should be an IS auditor's GREATEST co...
- Question 240: Which of the following is necessary for effective risk manag...
- Question 241: Which of the following would be the BEST process for continu...
- Question 242: Which of the following BEST supports the effectiveness of a ...
- Question 243: An IS auditor is reviewing the service agreement with a tech...
- Question 244: Which of the following BEST enables alignment of IT with bus...
- Question 245: An IS auditor concludes that logging and monitoring mechanis...
- Question 246: Which of the following BEST enables the timely identificatio...
- Question 247: Which of the following is MOST important for an effective co...
- Question 248: Which of the following areas is MOST likely to be overlooked...
- Question 249: A system development project is experiencing delays due to o...
- Question 250: Which of the following would BEST help lo support an auditor...
- Question 251: Documentation of workaround processes to keep a business fun...
- Question 252: Which of the following BEST indicates that an incident manag...
- Question 253: Which of the following should be an IS auditor's PRIMARY foc...
- Question 254: During an IT general controls audit of a high-risk area wher...
- Question 255: Which of the following is the GREATEST concern related to an...
- Question 256: In which phase of penetration testing would host detection a...
- Question 257: Which of the following is the BEST way to address potential ...
- Question 258: Which of the following poses the GREATEST risk to an organiz...
- Question 259: An incident response team has been notified of a virus outbr...
- Question 260: Which of the following is the MOST efficient control to redu...
- Question 261: Which of the following would BEST detect that a distributed ...
- Question 262: Which of the following provides IS audit professionals with ...
- Question 263: During an audit of an organization's risk management practic...
- Question 264: Which of the following helps to ensure the integrity of data...
- Question 265: An organization has implemented a distributed security admin...
- Question 266: Which of the following is the GREATEST risk if two users hav...
- Question 267: An IS auditor notes that several employees are spending an e...
- Question 268: Which of the following provides the BEST providence that out...
- Question 269: Which of the following findings would be of GREATEST concern...
- Question 270: Which of the following is the GREATEST advantage of maintain...
- Question 271: Which of the following would provide the MOST important inpu...
- Question 272: As part of the architecture of virtualized environments, in ...
- Question 273: The PRIMARY purpose of a configuration management system is ...
- Question 274: Capacity management tools are PRIMARILY used to ensure that:...
- Question 275: What would be an IS auditor's BEST course of action when an ...
- Question 276: Which of the following is the MOST important outcome of an i...
- Question 277: In an annual audit cycle, the audit of an organization's IT ...
- Question 278: An IS audit learn is evaluating the documentation related to...
- Question 279: To develop meaningful recommendations 'or findings, which of...
- Question 280: Which of the following is the GREATEST security risk associa...
- Question 281: Which of the following should be the PRIMARY basis for prior...
- Question 282: Management is concerned about sensitive information being in...
- Question 283: Which of the following business continuity activities priori...
- Question 284: An IS auditor is reviewing a bank's service level agreement ...
- Question 285: Which of the following should be the FIRST step m managing t...
- Question 286: Which of the following is the BEST compensating control when...
- Question 287: Which of the following BEST Indicates that an incident manag...
- Question 288: An IS auditor finds that application servers had inconsisten...
- Question 289: Which of the following would provide management with the MOS...
- Question 290: An auditee disagrees with a recommendation for corrective ac...
- Question 291: Which of the following provides the MOST reliable method of ...
- Question 292: How is nonrepudiation supported within a public key infrastr...
- Question 293: A programmer has made unauthorized changes lo key fields in ...
- Question 294: Which of the following is MOST helpful for measuring benefit...
- Question 295: Which of the following is the PRIMARY reason an IS auditor s...
- Question 296: An incident response team has been notified of a virus outbr...
- Question 297: An IS auditor concludes that an organization has a quality s...
- Question 298: Which of the following is the GREATEST advantage of outsourc...
- Question 299: An IS auditor learns that an organization's business continu...
- Question 300: Which of the following should an IS auditor expect to see in...
- Question 301: An IS auditor found that a company executive is encouraging ...
- Question 302: Which of the following is the BEST control to minimize the r...
- Question 303: Which of the following is the MOST important consideration w...
- Question 304: In which phase of the internal audit process is contact esta...
- Question 305: A data center's physical access log system captures each vis...
- Question 306: Which of the following provides the MOST useful information ...
- Question 307: Which of the following is the PRIMARY advantage of using an ...
- Question 308: In a small IT web development company where developers must ...
- Question 309: Backup procedures for an organization's critical data are co...
- Question 310: Which of the following information security requirements BE ...
- Question 311: An IS auditor finds that a recently deployed application has...
- Question 312: An organization is considering allowing users to connect per...
- Question 313: Which of the following would provide the BEST evidence that ...
- Question 314: During the planning phase of a data loss prevention (DLP) au...
- Question 315: Which of the following is MOST important to the effectivenes...
- Question 316: An IS auditor reviewing the throat assessment for a data can...
- Question 317: Which of the following should an organization do to anticipa...
- Question 318: Which of the following should be used as the PRIMARY basis f...
- Question 319: Which of the following IT service management activities is M...
- Question 320: Which of the following is the BEST compensating control agai...
- Question 321: Which of the following is the MOST important consideration w...
- Question 322: Which of the following BEST enables a benefits realization p...
- Question 323: Stress testing should ideally be earned out under a:...
- Question 324: Which of the following types of firewalls provide the GREATE...
- Question 325: Which of the following should an IS auditor ensure is classi...
- Question 326: When classifying information, it is MOST important to align ...
- Question 327: Which of the following is a PRIMARY responsibility of an IT ...
- Question 328: The business case for an information system investment shoul...
- Question 329: An IS auditor finds that a number of key patches have not be...
- Question 330: When evaluating information security governance within an or...
- Question 331: Which of the following measures BEST mitigates the risk of d...
- Question 332: Which of the following findings would be of GREATEST concern...
- Question 333: Which of the following is the MOST effective way to evaluate...
- Question 334: A senior IS auditor suspects that a PC may have been used to...
- Question 335: During an external review, an IS auditor observes an inconsi...
- Question 336: An organization implemented a cybersecurity policy last year...
- Question 337: Which of the following will provide the GREATEST assurance t...
- Question 338: Which of the following access rights presents the GREATEST r...
- Question 339: A now regulation requires organizations to report significan...
- Question 340: The due date of an audit project is approaching, and the aud...
- Question 341: During a follow-up audit, an IS auditor finds that some crit...
- Question 342: An IS auditor is reviewing security controls related to coll...
- Question 343: In an online application which of the following would provid...
- Question 344: Which of the following should be of GREATEST concern to an I...
- Question 345: An IS auditor is reviewing the backup procedures in an organ...
- Question 346: An IS auditor is reviewing an organization's primary router ...
- Question 347: During which phase of the software development life cycle sh...
- Question 348: If a recent release of a program has to be backed out of pro...
- Question 349: An IS auditor conducts a review of a third-party vendor's re...
- Question 350: Which of the following BEST describes a digital signature?...
- Question 351: Following a breach, what is the BEST source to determine the...
- Question 352: Which of the following is the BEST metric to measure the ali...
- Question 353: An IS auditor is assessing the adequacy of management's reme...
- Question 354: Which of the following would be of GREATEST concern when rev...
- Question 355: Which audit approach is MOST helpful in optimizing the use o...
- Question 356: Which of the following will MOST likely compromise the contr...
- Question 357: Which of the following is the BEST way to address segregatio...
- Question 358: An IS auditor is tasked to review an organization's plan-do-...
- Question 359: During a closing meeting, the IT manager disagrees with a va...
- Question 360: Which of the following features of a library control softwar...
- Question 361: An organization has recently implemented a Voice-over IP (Vo...
- Question 362: Which of the following BEST ensures that effective change ma...
- Question 363: A firewall between internal network segments improves securi...
- Question 364: Following an IT audit, management has decided to accept the ...
- Question 365: An organization uses public key infrastructure (PKI) to prov...
- Question 366: In a high-volume, real-time system, the MOST effective techn...
- Question 367: What is the FIRST step when creating a data classification p...
- Question 368: One benefit of return on investment (ROI) analysts in IT dec...
- Question 369: During the walk-through procedures for an upcoming audit, an...
- Question 370: What should be the PRIMARY focus during a review of a busine...
- Question 371: Which of the following is MOST important when planning a net...
- Question 372: Which of the following provides the MOST protection against ...
- Question 373: Which of the following would be of GREATEST concern to an IS...
- Question 374: With regard to resilience, which of the following is the GRE...
- Question 375: Which of the following is the GREATEST risk associated with ...
- Question 376: What should an IS auditor recommend to management as the MOS...
- Question 377: An IS auditor discovers that an IT organization serving seve...
- Question 378: A security administrator is called in the middle of the nigh...
- Question 379: Which of the following should be of GREATEST concern to an I...
- Question 380: To enable the alignment of IT staff development plans with I...
- Question 381: An IS auditor discovers an option in a database that allows ...
- Question 382: Which of the following is the BEST control to prevent the tr...
- Question 383: Which of the following will provide the GREATEST assurance t...
- Question 384: When protecting the confidentiality of information assets, t...
- Question 385: Which of the following should be the PRIMARY focus when comm...
- Question 386: An IS auditor is reviewing an organization that performs bac...
- Question 387: Which of the following is the BEST source of information tor...
- Question 388: An organization's information security policies should be de...
- Question 389: An organization requires the use of a key card to enter its ...
- Question 390: An audit has identified that business units have purchased c...
- Question 391: Which of the following would be of GREATEST concern to an IS...
- Question 392: A financial group recently implemented new technologies and ...
- Question 393: An IS auditor notes that not all security tests were complet...
- Question 394: Which of the following cloud capabilities BEST enables an or...
- Question 395: Which of the following BEST demonstrates that IT strategy Is...
- Question 396: Which of the following is the BEST method to prevent wire tr...
- Question 397: When developing customer-facing IT applications, in which st...
- Question 398: An organization has developed mature risk management practic...
- Question 399: Which of the following approaches would utilize data analyti...
- Question 400: Which of the following is the GREATEST concern associated wi...
- Question 401: A review of Internet security disclosed that users have indi...
- Question 402: Which type of attack targets security vulnerabilities in web...
- Question 403: A web proxy server for corporate connections to external res...
- Question 404: Which of the following is the MOST important consideration f...
- Question 405: An organization's enterprise architecture (EA) department de...
- Question 406: An IS auditor is evaluating an organization's IT strategy an...
- Question 407: Which of the following types of firewalls provides the GREAT...
- Question 408: An IS auditor determines that the vendor's deliverables do n...
- Question 409: An IS auditor should look for which of the following to ensu...
- Question 410: If a source code is not recompiled when program changes are ...
- Question 411: Which of the following BEST enables an IS auditor to combine...
- Question 412: Which of the following would BEST prevent an arbitrary appli...
- Question 413: Prior to a follow-up engagement, an IS auditor learns that m...
- Question 414: The IS quality assurance (OA) group is responsible for:...
- Question 415: An IS auditor plans to review all access attempts to a video...
- Question 416: Which of the following should be of GREATEST concern to an I...
- Question 417: Which of the following BEST reflects a mature strategic plan...
- Question 418: Which of the following is an example of a preventative contr...
- Question 419: Which of the following is the MOST efficient solution for a ...
- Question 420: An IS auditor discovers that backups of critical systems are...
- Question 421: An IS auditor notes that the previous year's disaster recove...
- Question 422: An organization is planning an acquisition and has engaged a...
- Question 423: An organization has engaged a third party to implement an ap...
- Question 424: During which process is regression testing MOST commonly use...
- Question 425: Which of the following is the BEST way to determine whether ...
- Question 426: Which of the following should be an IS auditor's GREATEST co...
- Question 427: A bank has a combination of corporate customer accounts (hig...
- Question 428: When verifying the accuracy and completeness of migrated dat...
- Question 429: During audit framework. an IS auditor teams that employees a...
- Question 430: The PRIMARY reason for an IS auditor to use data analytics t...
- Question 431: An organization has outsourced the development of a core app...
- Question 432: Which of the following is the BEST performance indicator for...
- Question 433: When assessing whether an organization's IT performance meas...
- Question 434: Which of the following is the MOST significant impact to an ...
- Question 435: Which of the following would be of MOST concern for an IS au...
- Question 436: Which of the following should be the GREATEST concern to an ...
- Question 437: When testing the accuracy of transaction data, which of the ...
- Question 438: Which of the following is MOST important to determine when c...
- Question 439: Which of the following is an IS auditor's BEST recommendatio...
- Question 440: An organization plans to replace its nightly batch processin...
- Question 441: Which of the following is the BEST way for management to ens...
- Question 442: Which of the following should be of GREATEST concern to an I...
- Question 443: An IS auditor is reviewing the installation of a new server....
- Question 444: An IS auditor is assigned to perform a post-implementation r...
- Question 445: During a physical security audit, an IS auditor was provided...
- Question 446: An organization's security policy mandates that all new empl...
- Question 447: A senior IS auditor suspects that a PC may have been used to...
- Question 448: Which of the following can BEST reduce the impact of a long-...
- Question 449: An IS auditor is reviewing logical access controls for an or...
- Question 450: Which of the following is the PRIMARY advantage of parallel ...
- Question 451: An IS auditor is reviewing enterprise governance and finds t...
- Question 452: The record-locking option of a database management system (D...
- Question 453: Which of the following is the GREATEST impact as a result of...
- Question 454: A characteristic of a digital signature is that it...
- Question 455: Which of the following is the BEST detective control for a j...
- Question 456: Which of the following BEST describes the role of the IS aud...
- Question 457: Which of the following components of a risk assessment is MO...
- Question 458: Which of the following is MOST important to ensure that elec...
- Question 459: Which of the following is the MAIN responsibility of the IT ...
- Question 460: Which of the following will be the MOST effective method to ...
- Question 461: What is the BEST way to reduce the risk of inaccurate or mis...
- Question 462: Which of the following presents the GREATEST risk of data le...
- Question 463: Which of the following should be done FIRST when planning a ...
- Question 464: Which of the following are used in a firewall to protect the...
- Question 465: A secure server room has a badge reader system that records ...
- Question 466: Who is PRIMARILY responsible for the design of IT controls t...
- Question 467: When assessing the overall effectiveness of an organization'...
- Question 468: Which of the following methods BEST enforces data leakage pr...
- Question 469: Which of the following is the BEST method to safeguard data ...
- Question 470: Data from a system of sensors located outside of a network i...
- Question 471: A project team has decided to switch to an agile approach to...
- Question 472: Which of the following is the MAJOR advantage of automating ...
- Question 473: Which of the following methods would BEST help detect unauth...
- Question 474: Which of the following would be an IS auditor's BEST recomme...
- Question 475: Which of the following environments is BEST used for copying...
- Question 476: Which of the following is the PRIMARY reason an IS auditor w...
- Question 477: An IS audit team is evaluating documentation of the most rec...
- Question 478: Which of the following is MOST important to define within a ...
- Question 479: Which of the following would BEST guide an IS auditor when d...
- Question 480: An organization conducted an exercise to test the security a...
- Question 481: A review of IT interface controls finds an organization does...
- Question 482: Which of the following is the MOST effective control for pro...
- Question 483: A steering committee established to oversee an organization'...
- Question 484: IT disaster recovery time objectives (RTOs) should be based ...
- Question 485: An IS auditor finds the log management system is overwhelmed...
- Question 486: Which of the following is the BEST way to ensure that an app...
- Question 487: Which of the following is the GREATEST risk if two users hav...
- Question 488: A proper audit trail of changes to server start-up procedure...
- Question 489: Which of the following would be an appropriate role of inter...
- Question 490: An organization has replaced all of the storage devices at i...
- Question 491: Which of the following should be the PRIMARY consideration w...
- Question 492: When auditing the security architecture of an online applica...
