Valid CISA Dumps shared by ExamDiscuss.com for Helping Passing CISA Exam! ExamDiscuss.com now offer the newest CISA exam dumps, the ExamDiscuss.com CISA exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CISA dumps with Test Engine here:
Access CISA Dumps Premium Version
(1435 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 423/559
An IS auditor has discovered that a software system still in regular use is years out of date and no longer supported. The auditee has stated that it will take six months until the software is running on the current version. Which of the following is the BEST way to reduce the immediate risk associated with using an unsupported version of the software?
Correct Answer: D
The best way to reduce the immediate risk associated with using an unsupported version of the software is to segregate the outdated software system from the main network. This will limit the exposure of the system to potential attacks and prevent it from compromising other systems on the network. Segregating the system will also reduce the impact of any security incidents that may occur on the system.
Monitoring network traffic attempting to reach the outdated software system (option C) is not the best way to reduce the risk, as it will not prevent or stop any attacks on the system. It will only provide visibility into the network activity and alert the auditee of any suspicious or malicious traffic.
Verifying all patches have been applied to the software system's outdated version (option A) and closing all unused ports on the outdated software system (option B) are also not the best ways to reduce the risk, as they will not address the underlying issue of using an unsupported version of the software. Patches and ports may still have vulnerabilities that are not fixed by the vendor, and attackers may exploit them to gain access to the system.
Therefore, option D is the correct answer.
References:
* Introduction (Part 1 of 7: Mitigating Risks of Unsupported Operating Systems)
* Summary (Part 7of 7: Mitigating Risks of Unsupported Operating Systems)
* Upgrade, Retire, or Replace Unsupported Software (Part 4 of 7: Mitigating Risks of Unsupported Operating Systems)
Monitoring network traffic attempting to reach the outdated software system (option C) is not the best way to reduce the risk, as it will not prevent or stop any attacks on the system. It will only provide visibility into the network activity and alert the auditee of any suspicious or malicious traffic.
Verifying all patches have been applied to the software system's outdated version (option A) and closing all unused ports on the outdated software system (option B) are also not the best ways to reduce the risk, as they will not address the underlying issue of using an unsupported version of the software. Patches and ports may still have vulnerabilities that are not fixed by the vendor, and attackers may exploit them to gain access to the system.
Therefore, option D is the correct answer.
References:
* Introduction (Part 1 of 7: Mitigating Risks of Unsupported Operating Systems)
* Summary (Part 7of 7: Mitigating Risks of Unsupported Operating Systems)
* Upgrade, Retire, or Replace Unsupported Software (Part 4 of 7: Mitigating Risks of Unsupported Operating Systems)
- Question List (559q)
- Question 1: An IS auditor finds a segregation of duties issue in an ente...
- Question 2: Which of the following is the MOST reliable way for an IS au...
- Question 3: Which of the following should be an IS auditor's GREATEST co...
- Question 4: Which of the following user actions poses the GREATEST risk ...
- Question 5: An IS auditor is assigned to perform a post-implementation r...
- Question 6: During an IS audit of a data center, it was found that progr...
- Question 7: Which of the following job scheduling schemes for operating ...
- Question 8: Which of the following would be of GREATEST concern to an IS...
- Question 9: An IS auditor is reviewing an organization's information ass...
- Question 10: An organization used robotic process automation (RPA) techno...
- Question 11: Stress testing should ideally be carried out under a:...
- Question 12: Which of the following is the MOST important consideration w...
- Question 13: Which of the following is the BEST way to detect unauthorize...
- Question 14: A small IT department has embraced DevOps, which allows memb...
- Question 15: An IS auditor is reviewing a client's outsourced payroll sys...
- Question 16: A finance department has a two-year project to upgrade the e...
- Question 17: An organization's strategy to source certain IT functions fr...
- Question 18: Which of the following would be MOST impacted if an IS audit...
- Question 19: During which stage of the penetration test cycle does the te...
- Question 20: An IS auditor has been asked to audit the proposed acquisiti...
- Question 21: If enabled within firewall rules, which of the following ser...
- Question 22: Which of the following is me GREATE ST impact as a result of...
- Question 23: An IS auditor finds that one employee has unauthorized acces...
- Question 24: An organization is modernizing its technology policy framewo...
- Question 25: An IS department is evaluated monthly on its cost-revenue ra...
- Question 26: Cross-site scripting (XSS) attacks are BEST prevented throug...
- Question 27: Which of the following BEST guards against the risk of attac...
- Question 28: Which of the following will provide the GREATEST assurance t...
- Question 29: When verifying the accuracy and completeness of migrated dat...
- Question 30: An IS auditor determines that the vendor's deliverables do n...
- Question 31: As part of an audit response, an auditee has concerns with t...
- Question 32: Which of the following weaknesses would have the GREATEST im...
- Question 33: Which of the following is the BEST way to strengthen the sec...
- Question 34: What should an IS auditor do FIRST when management responses...
- Question 35: Which type of attack poses the GREATEST risk to an organizat...
- Question 36: An organization has recently acquired and implemented intell...
- Question 37: Which of the following is the PRIMARY role of key performanc...
- Question 38: Following a merger, a review of an international organizatio...
- Question 39: Which of the following will be the MOST effective method to ...
- Question 40: Management is concerned about sensitive information being in...
- Question 41: A job is scheduled to transfer data from a transactional sys...
- Question 42: Management has requested a post-implementation review of a n...
- Question 43: What is the MOST effective way to detect installation of una...
- Question 44: A bank performed minor changes to the interest calculation c...
- Question 45: Which of the following is MOST helpful to an IS auditor revi...
- Question 46: Which of the following concerns is MOST effectively addresse...
- Question 47: During an information security review, an IS auditor learns ...
- Question 48: Which of the following BEST mitigates the risk associated wi...
- Question 49: The PRIMARY advantage of using open-source-based solutions i...
- Question 50: Which of the following should be of GREATEST concern to an I...
- Question 51: Which of the following should be used to evaluate an IT deve...
- Question 52: Which of the following is the MAJOR advantage of automating ...
- Question 53: An IT governance body wants to determine whether IT service ...
- Question 54: The PRIMARY responsibility of a project steering committee i...
- Question 55: When planning a review of IT governance, an IS auditor is MO...
- Question 56: Which of the following is the BEST recommendation to include...
- Question 57: An IS auditor Is renewing the deployment of a new automated ...
- Question 58: In which of the following system development life cycle (SDL...
- Question 59: A steering committee established to oversee an organization'...
- Question 60: Following an IT audit, management has decided to accept the ...
- Question 61: An IS auditor should ensure that an application's audit trai...
- Question 62: Which of the following is the BEST control to help ensure th...
- Question 63: Which of the following is the MOST important advantage of pa...
- Question 64: An organization wants to classify database tables according ...
- Question 65: Which of the following is the PRIMARY advantage of using an ...
- Question 66: An IS audit team is evaluating documentation of the most rec...
- Question 67: Which of the following must be in place before an IS auditor...
- Question 68: A secure server room has a badge reader system that records ...
- Question 69: Which of the following is an example of a preventive control...
- Question 70: The PRIMARY reason for an IS auditor to use data analytics t...
- Question 71: Which of the following access rights presents the GREATEST r...
- Question 72: Which of the following is the BEST way to enforce the princi...
- Question 73: Which of the following is the PRIMARY advantage of using vir...
- Question 74: Which of the following is the BEST audit procedure to determ...
- Question 75: An IS auditor notes that several employees are spending an e...
- Question 76: An IS auditor discovers that validation controls m a web app...
- Question 77: A review of an organization's IT portfolio revealed several ...
- Question 78: During the design phase of a software development project, t...
- Question 79: Which of the following should be the GREATEST concern to an ...
- Question 80: Which of the following is the GREATEST advantage of vulnerab...
- Question 81: An organization has moved all of its infrastructure to the c...
- Question 82: As part of the architecture of virtualized environments, in ...
- Question 83: A startup organization wants to develop a data loss preventi...
- Question 84: During the implementation of an upgraded enterprise resource...
- Question 85: An organization establishes capacity utilization thresholds ...
- Question 86: Which of the following is the PRIMARY advantage of using vis...
- Question 87: An auditee disagrees with a recommendation for corrective ac...
- Question 88: Which of the following is the MOST important task of an IS a...
- Question 89: Which of the following BEST indicates to an IS auditor that ...
- Question 90: A core system fails a week after a scheduled update, causing...
- Question 91: Which of the following is the MOST effective control for pro...
- Question 92: An IS audit manager was temporarily tasked with supervising ...
- Question 93: Which of the following should be of GREATEST concern to an I...
- Question 94: When a data center is attempting to restore computing facili...
- Question 95: Which of the following would BEST ensure that a backup copy ...
- Question 96: Which of the following should be of GREATEST concern to an I...
- Question 97: Which of the following is the MOST important determining fac...
- Question 98: A telecommunications company has recently created a new frau...
- Question 99: The PRIMARY advantage of object-oriented technology is enhan...
- Question 100: What is the PRIMARY benefit of using one-time passwords?...
- Question 101: Which of the following tests would provide the BEST assuranc...
- Question 102: A data breach has occurred due lo malware. Which of the foll...
- Question 103: Which of the following backup schemes is the BEST option whe...
- Question 104: When auditing IT organizational structure, which of the foll...
- Question 105: A checksum is classified as which type of control?...
- Question 106: Which of the following is a PRIMARY responsibility of an IT ...
- Question 107: Which of the following would be an IS auditor's BEST recomme...
- Question 108: Which of the following security risks can be reduced by a pr...
- Question 109: During an external review, an IS auditor observes an inconsi...
- Question 110: Email required for business purposes is being stored on empl...
- Question 111: Which of the following would be an appropriate role of inter...
- Question 112: Which type of threat can utilize a large group of automated ...
- Question 113: A network analyst is monitoring the network after hours and ...
- Question 114: Which of the following should be the PRIMARY objective of co...
- Question 115: In a RAO model, which of the following roles must be assigne...
- Question 116: Which of the following provides an IS auditor assurance that...
- Question 117: Which of the following tasks would cause the GREATEST segreg...
- Question 118: Which of the following is the BEST method to delete sensitiv...
- Question 119: Which of the following is the MOST efficient solution for a ...
- Question 120: With regard to resilience, which of the following is the GRE...
- Question 121: In which of the following sampling methods is the entire sam...
- Question 122: Which of the following is the GREATEST risk associated with ...
- Question 123: Which of the following is the BEST way for management to ens...
- Question 124: A warehouse employee of a retail company has been able to co...
- Question 125: An IS auditor has been tasked with analyzing an organization...
- Question 126: Which of the following is an example of a preventative contr...
- Question 127: Which of the following IT service management activities is M...
- Question 128: Which of the following BEST enables an IS auditor to priorit...
- Question 129: Which of the following conditions would be of MOST concern t...
- Question 130: When reviewing a project to replace multiple manual data ent...
- Question 131: Which of the following is an IS auditor's BEST recommendatio...
- Question 132: Which of the following provides a new IS auditor with the MO...
- Question 133: An IS auditor Is reviewing a recent security incident and is...
- Question 134: Which of the following is MOST important during software lic...
- Question 135: An organization is planning to implement a work-from-home po...
- Question 136: Which of the following would lead an IS auditor to conclude ...
- Question 137: During an exit meeting, an IS auditor highlights that backup...
- Question 138: Which of the following is MOST important to consider when as...
- Question 139: An IS auditor is concerned that unauthorized access to a hig...
- Question 140: During a disaster recovery audit, an IS auditor finds that a...
- Question 141: An IS auditor finds that firewalls are outdated and not supp...
- Question 142: An organization relies on an external vendor that uses a clo...
- Question 143: An organization has introduced a capability maturity model t...
- Question 144: A system administrator recently informed the IS auditor abou...
- Question 145: Which of the following would minimize the risk of losing tra...
- Question 146: The BEST way to evaluate the effectiveness of a newly develo...
- Question 147: In the development of a new financial application, the IS au...
- Question 148: Which of the following is a social engineering attack method...
- Question 149: The PRIMARY role of a control self-assessment (CSA) facilita...
- Question 150: Which of the following is the MOST efficient way to identify...
- Question 151: Which of the following concerns is BEST addressed by securin...
- Question 152: Which of the following BEST minimizes performance degradatio...
- Question 153: Which of the following BEST enables an organization to impro...
- Question 154: Which of the following is the MOST effective way for an orga...
- Question 155: Which of the following is the PRIMARY benefit of effective i...
- Question 156: A transaction processing system interfaces with the general ...
- Question 157: Which of the following BEST demonstrates to senior managemen...
- Question 158: Which of the following issues identified during a formal rev...
- Question 159: When building or upgrading enterprise cryptographic infrastr...
- Question 160: Which of the following BEST indicates that the effectiveness...
- Question 161: An IS auditor finds that a number of key patches have not be...
- Question 162: IT governance should be driven by:...
- Question 163: Which of the following types of firewalls provides the GREAT...
- Question 164: Which of the following technology trends can lead to more ro...
- Question 165: A business application's database is copied to a replication...
- Question 166: During the planning phase of a data loss prevention (DLP) au...
- Question 167: Which of the following should be of MOST concern to an IS au...
- Question 168: Afire alarm system has been installed in the computer room T...
- Question 169: Which of the following approaches BEST enables an IS auditor...
- Question 170: Which of the following tests is MOST likely to detect an err...
- Question 171: Which of the following should be of GREATEST concern to an I...
- Question 172: An IS auditor is reviewing desktop software profiles and not...
- Question 173: What is MOST important to verify during an external assessme...
- Question 174: An IS auditor is conducting an IT governance audit and notic...
- Question 175: Which of the following is the MOST important consideration f...
- Question 176: An organization allows employees to retain confidential data...
- Question 177: During a follow-up engagement, an IS auditor confirms eviden...
- Question 178: Which of the following is the BEST approach to help organiza...
- Question 179: An IS auditor has completed the fieldwork phase of a network...
- Question 180: Which of the following provides the MOST useful information ...
- Question 181: Which of the following is MOST important with regard to an a...
- Question 182: in a post-implantation Nation review of a recently purchased...
- Question 183: Which of the following should be the PRIMARY consideration w...
- Question 184: Which of the following is MOST important to determine when c...
- Question 185: While executing follow-up activities, an IS auditor is conce...
- Question 186: An IS auditor has been asked to assess the security of a rec...
- Question 187: During an operational audit on the procurement department, t...
- Question 188: Which of the following is the MOST important course of actio...
- Question 189: During which phase of the software development life cycle is...
- Question 190: An IS auditor has been asked to review the integrity of data...
- Question 191: An IS auditor is asked to review an organization's technolog...
- Question 192: When reviewing an organization's information security polici...
- Question 193: A global bank plans to use a cloud provider for backup of cu...
- Question 194: When evaluating information security governance within an or...
- Question 195: An organization has assigned two new IS auditors to audit a ...
- Question 196: Which of the following should be the PRIMARY basis for prior...
- Question 197: Which of the following will BEST ensure that archived electr...
- Question 198: An organization plans to replace its nightly batch processin...
- Question 199: Which of the following would be of GREATEST concern to an IS...
- Question 200: Which of the following should be an IS auditor's GREATEST co...
- Question 201: Which of the following would present the GREATEST concern du...
- Question 202: Which of the following is MOST important to consider when re...
- Question 203: Which of the following would be an IS auditor's GREATEST con...
- Question 204: Which of the following is an effective way to ensure the int...
- Question 205: An organization is planning to implement a control self-asse...
- Question 206: An organization is permanently transitioning from onsite to ...
- Question 207: Control self-assessments (CSAs) can be used to:...
- Question 208: What is the MAIN reason to use incremental backups?...
- Question 209: Which of the following should be of GREATEST concern for an ...
- Question 210: Which of the following is the MOST efficient control to redu...
- Question 211: Providing security certification for a new system should inc...
- Question 212: Which of the following is the BEST indicator for measuring p...
- Question 213: Which of the following should be an IS auditor's GREATEST co...
- Question 214: Which of the following is the MOST important control for vir...
- Question 215: Which of the following would be the BEST criteria for monito...
- Question 216: The use of control totals satisfies which of the following c...
- Question 217: The MOST important measure of the effectiveness of an organi...
- Question 218: Effective separation of duties in an online environment can ...
- Question 219: Users are complaining that a newly released enterprise resou...
- Question 220: Which of the following is the MOST efficient way to identify...
- Question 221: Having knowledge in which of the following areas is MOST rel...
- Question 222: Who is responsible for defining data access permissions?...
- Question 223: One advantage of managing an entire collection of projects a...
- Question 224: Which of the following applications has the MOST inherent ri...
- Question 225: Which of the following would MOST effectively ensure the int...
- Question 226: Coding standards provide which of the following?...
- Question 227: When planning an audit, it is acceptable for an IS auditor t...
- Question 228: Which of the following indicates that an internal audit orga...
- Question 229: A white box testing method is applicable with which of the f...
- Question 230: Which of the following provides re BEST evidence that outsou...
- Question 231: An IS auditor has been asked to advise on measures to improv...
- Question 232: When designing a data analytics process, which of the follow...
- Question 233: An organization that has decided to approve the use of end-u...
- Question 234: Which of the following would be of GREATEST concern when rev...
- Question 235: Which of the following BEST enables an organization to impro...
- Question 236: An IS auditor is reviewing the perimeter security design of ...
- Question 237: Which of the following would MOST likely jeopardize the inde...
- Question 238: An incident response team has been notified of a virus outbr...
- Question 239: Which of the following is the GREATEST risk associated with ...
- Question 240: The process of applying a hash function to a message and obt...
- Question 241: The IS auditor has recommended that management test a new sy...
- Question 242: Which of the following would BEST indicate the effectiveness...
- Question 243: In order to be useful, a key performance indicator (KPI) MUS...
- Question 244: An IS auditor has discovered that a software system still in...
- Question 245: To reduce operational costs, IT management plans to reduce t...
- Question 246: Spreadsheets are used to calculate project cost estimates. T...
- Question 247: An IS auditor reviewing the throat assessment for a data can...
- Question 248: Which of the following is the BEST method to safeguard data ...
- Question 249: Which of the following is the GREATEST risk if two users hav...
- Question 250: An IS auditor is reviewing database fields updated in real-t...
- Question 251: Which of the following is the BEST indication to an IS audit...
- Question 252: Which of the following provides the MOST protection against ...
- Question 253: A programmer has made unauthorized changes lo key fields in ...
- Question 254: Which of the following should be performed FIRST before key ...
- Question 255: Which of the following is an IS auditor's BEST recommendatio...
- Question 256: What type of control has been implemented when secure code r...
- Question 257: Which of the following technologies is BEST suited to fulfil...
- Question 258: Which of the following should be the IS auditor's PRIMARY fo...
- Question 259: Which of the following would BEST facilitate the successful ...
- Question 260: Which of the following would be MOST useful to an IS auditor...
- Question 261: Which of the following presents the GREATEST risk to an orga...
- Question 262: Which of the following should be an IS auditor's PRIMARY foc...
- Question 263: An IS auditor is reviewing an organization's primary router ...
- Question 264: An IS auditor reviewing the database controls for a new e-co...
- Question 265: Which of the following BEST enables the timely identificatio...
- Question 266: While auditing a small organization's data classification pr...
- Question 267: Retention periods and conditions for the destruction of pers...
- Question 268: Which of the following is the BEST metric to measure the ali...
- Question 269: An IS auditor finds a user account where privileged access i...
- Question 270: During the walk-through procedures for an upcoming audit, an...
- Question 271: Which of the following is the BEST metric to measure the qua...
- Question 272: Which of the following backup methods is MOST appropriate wh...
- Question 273: What is the BEST control to address SQL injection vulnerabil...
- Question 274: The PRIMARY objective of a follow-up audit is to:...
- Question 275: In a large organization, IT deadlines on important projects ...
- Question 276: Which of the following BEST describes the role of the IS aud...
- Question 277: Which of the following is PRIMARILY used in blockchain techn...
- Question 278: An IS auditor discovers a box of hard drives in a secured lo...
- Question 279: The PRIMARY objective of a control self-assessment (CSA) is ...
- Question 280: Which of the following should be the GREATEST concern for an...
- Question 281: Which of the following is the GREATEST concern associated wi...
- Question 282: Which of the following is the BEST way to address segregatio...
- Question 283: An IS auditor is reviewing a medical device that is attached...
- Question 284: An IS auditor has been asked to review an event log aggregat...
- Question 285: An IS auditor is reviewing a machine learning model that pre...
- Question 286: Which of the following presents the GREATEST challenge to th...
- Question 287: Which of the following would be MOST helpful to an IS audito...
- Question 288: Which of the following is the PRIMARY reason to involve IS a...
- Question 289: During an external review, an IS auditor observes an inconsi...
- Question 290: Which of the following threats is mitigated by a firewall?...
- Question 291: An organization has both an IT strategy committee and an IT ...
- Question 292: Which of the following should be used as the PRIMARY basis f...
- Question 293: Which of the following is the MOST important consideration w...
- Question 294: In a 24/7 processing environment, a database contains severa...
- Question 295: Which of the following findings from a database security aud...
- Question 296: Which of the following is the GREATEST risk associated with ...
- Question 297: During a pre-implementation review, an IS auditor notes that...
- Question 298: Demonstrated support from which of the following roles in an...
- Question 299: A credit card company has decided to outsource the printing ...
- Question 300: During recent post-implementation reviews, an IS auditor has...
- Question 301: Which of the following responsibilities associated with a di...
- Question 302: Which of the following is MOST helpful to an IS auditor when...
- Question 303: Which of the following controls helps to ensure that data ex...
- Question 304: The FIRST step in auditing a data communication system is to...
- Question 305: Which of the following is the BEST reason for an organizatio...
- Question 306: Which of the following is the MOST reliable way for an IS au...
- Question 307: Due to limited storage capacity, an organization has decided...
- Question 308: Which of the following is the PRIMARY objective of enterpris...
- Question 309: Which of the following is the MOST effective way to maintain...
- Question 310: An IS auditor is reviewing an organizations release manageme...
- Question 311: The business case for an information system investment shoul...
- Question 312: When reviewing hard disk utilization reports, an IS auditor ...
- Question 313: In a small IT web development company where developers must ...
- Question 314: An IS auditor observes that a business-critical application ...
- Question 315: Which of the following types of environmental equipment will...
- Question 316: An organization has outsourced its data processing function ...
- Question 317: A source code repository should be designed to:...
- Question 318: An IS audit manager is preparing the staffing plan for an au...
- Question 319: Which of the following should be of GREATEST concern to an I...
- Question 320: An IS auditor can BEST evaluate the business impact of syste...
- Question 321: Which of the following BEST indicates that an incident manag...
- Question 322: Which of the following is the BEST way to verify the effecti...
- Question 323: Which of the following is the GREATEST benefit of adopting a...
- Question 324: An IS auditor should be MOST concerned if which of the follo...
- Question 325: An internal audit team is deciding whether to use an audit m...
- Question 326: What should be the PRIMARY basis for selecting which IS audi...
- Question 327: In response to an audit finding regarding a payroll applicat...
- Question 328: An organization is establishing a steering committee for the...
- Question 329: Which of the following is the BEST evidence that an organiza...
- Question 330: Which of the following application input controls would MOST...
- Question 331: Which of the following is MOST appropriate to review when de...
- Question 332: A review of IT interface controls finds an organization does...
- Question 333: Which of the following is MOST helpful in identifying system...
- Question 334: Which of the following is the GREATEST advantage of maintain...
- Question 335: An IS auditor is performing a follow-up audit for findings i...
- Question 336: Which of the following would BEST guide an IS auditor when d...
- Question 337: An organizations audit charier PRIMARILY:...
- Question 338: Which of the following are BEST suited for continuous auditi...
- Question 339: Which of the following should be the GREATEST concern for an...
- Question 340: An IS auditor is tasked to review an organization's plan-do-...
- Question 341: During a routine internal software licensing review, an IS a...
- Question 342: During a follow-up audit, an IS auditor finds that some crit...
- Question 343: An IS auditor is reviewing the security of a web-based custo...
- Question 344: Which of the following is an example of shadow IT?...
- Question 345: An IS auditor learns that an organization's business continu...
- Question 346: Which of the following features would BEST address risk asso...
- Question 347: Which of the following controls helps to reduce fraud risk a...
- Question 348: If concurrent update transactions to an account are not proc...
- Question 349: IT disaster recovery time objectives (RTOs) should be based ...
- Question 350: Which of the following is the BEST approach for determining ...
- Question 351: Which of the following features of a library control softwar...
- Question 352: An IS auditor is assessing backup performance and observes t...
- Question 353: A financial group recently implemented new technologies and ...
- Question 354: Which of the following is MOST important to determine during...
- Question 355: Which of the following would be MOST useful when analyzing c...
- Question 356: An organization has replaced all of the storage devices at i...
- Question 357: Upon completion of audit work, an IS auditor should:...
- Question 358: In an annual audit cycle, the audit of an organization's IT ...
- Question 359: Which of the following is the BEST detective control for a j...
- Question 360: Which of the following occurs during the issues management p...
- Question 361: Backup procedures for an organization's critical data are co...
- Question 362: An IS auditor is reviewing a contract for the outsourcing of...
- Question 363: Management receives information indicating a high level of r...
- Question 364: To confirm integrity for a hashed message, the receiver shou...
- Question 365: Which of the following is MOST useful for determining the st...
- Question 366: Which of the following is the BEST recommendation by an IS a...
- Question 367: Which of the following control measures is the MOST effectiv...
- Question 368: Which of the following is the BEST source of information for...
- Question 369: An IS auditor who was instrumental in designing an applicati...
- Question 370: Who is PRIMARILY responsible for the design of IT controls t...
- Question 371: Which of the following should be the PRIMARY role of an inte...
- Question 372: Which of the following poses the GREATEST risk to the use of...
- Question 373: Which of the following provides the BEST evidence of the val...
- Question 374: Which of the following is a method to prevent disclosure of ...
- Question 375: What should an IS auditor recommend to management as the MOS...
- Question 376: An IS auditor conducts a review of a third-party vendor's re...
- Question 377: Which of the following is the PRIMARY reason for using a dig...
- Question 378: Which of the following audit procedures would be MOST conclu...
- Question 379: During the discussion of a draft audit report. IT management...
- Question 380: Which of the following BEST facilitates the legal process in...
- Question 381: When reviewing an organization's enterprise architecture (EA...
- Question 382: In an IT organization where many responsibilities are shared...
- Question 383: An IS auditor is planning a review of an organizations cyber...
- Question 384: Which of the following is the GREATEST risk of project dashb...
- Question 385: An IS auditor is reviewing logical access controls for an or...
- Question 386: Which of the following findings should be of GREATEST concer...
- Question 387: Which of the following is the BEST methodology to use for es...
- Question 388: Which of the following should be an IS auditor's PRIMARY con...
- Question 389: A contract for outsourcing IS functions should always includ...
- Question 390: Which of the following is the MOST appropriate testing appro...
- Question 391: The PRIMARY role of an IS auditor in the remediation of prob...
- Question 392: Which of the following is the MOST important factor when an ...
- Question 393: Which of the following is the BEST method to maintain an aud...
- Question 394: Which of the following is the BEST compensating control agai...
- Question 395: In an area susceptible to unexpected increases in electrical...
- Question 396: Which of the following network communication protocols is us...
- Question 397: In the case of a disaster where the data center is no longer...
- Question 398: Which of the following BEST enables an IS auditor to combine...
- Question 399: Which of the following is the BEST control to help ensure th...
- Question 400: Which of the following BEST enables an organization to deter...
- Question 401: An IS auditor is reviewing the installation of a new server....
- Question 402: An organization's sensitive data is stored in a cloud comput...
- Question 403: Which of the following would an IS auditor recommend as the ...
- Question 404: Which of the following would BEST help to ensure that an inc...
- Question 405: An IS auditor discovers an option in a database that allows ...
- Question 406: During a follow-up audit, an IS auditor finds that some crit...
- Question 407: Which of the following would be of GREATEST concern to an IS...
- Question 408: An IS auditor is reviewing processes for importing market pr...
- Question 409: Which of the following statements appearing in an organizati...
- Question 410: Which of the following should be the FIRST consideration whe...
- Question 411: Which of the following is the MOST important task of an IS a...
- Question 412: An IS auditor evaluating the change management process must ...
- Question 413: Which of the following is MOST likely to be reduced when imp...
- Question 414: Which of the following is the BEST indicator of the effectiv...
- Question 415: Which of the following BEST addresses the availability of an...
- Question 416: An IS auditor is assigned to review the IS department s qual...
- Question 417: During an external review, an IS auditor observes an inconsi...
- Question 418: Recovery facilities providing a redundant combination of Int...
- Question 419: Which type of control has been established when an organizat...
- Question 420: Which of the following is an IS auditor's BEST approach when...
- Question 421: Which of the following findings from an IT governance review...
- Question 422: Which of the following documents would be MOST useful in det...
- Question 423: An IS auditor has discovered that a software system still in...
- Question 424: Which of the following is a PRIMARY benefit of using risk as...
- Question 425: The PRIMARY benefit of automating application testing is to:...
- Question 426: Which of the following is MOST important to define within a ...
- Question 427: Which of the following is the PRIMARY benefit of monitoring ...
- Question 428: Which of the following should be of GREATEST concern to an I...
- Question 429: When determining whether a project in the design phase will ...
- Question 430: Which of the following BEST enables an IS auditor to confirm...
- Question 431: Which of the following presents the GREATEST risk associated...
- Question 432: Which of the following would BEST determine whether a post-i...
- Question 433: Which of the following should be of GREATEST concern to an I...
- Question 434: Which of the following is a threat to IS auditor independenc...
- Question 435: An organization has recently implemented a Voice-over IP (Vo...
- Question 436: Which of the following is an IS auditor's BEST recommendatio...
- Question 437: Which of the following is an IS auditor's BEST course of act...
- Question 438: Which of the following is the MOST important reason to imple...
- Question 439: Which of the following would be MOST effective to protect in...
- Question 440: Which of the following findings related to segregation of du...
- Question 441: An IS auditor discovers that a developer has used the same k...
- Question 442: Which of the following is the PRIMARY purpose of a rollback ...
- Question 443: An organization recently migrated Us data warehouse from a l...
- Question 444: A system development project is experiencing delays due to o...
- Question 445: During an incident management audit, an IS auditor finds tha...
- Question 446: Which of the following provides the MOST reliable method of ...
- Question 447: Which of the following BEST protects evidence in a forensic ...
- Question 448: Which of the following would BEST protect the confidentialit...
- Question 449: Which of the following should be of GREATEST concern to an I...
- Question 450: Which of the following is the BEST reason for an IS auditor ...
- Question 451: Which of the following constitutes an effective detective co...
- Question 452: Which of the following should be of GREATEST concern to an I...
- Question 453: Which of the following controls is MOST important for ensuri...
- Question 454: An organization plans to receive an automated data feed into...
- Question 455: Which of the following is the MOST effective way to identify...
- Question 456: Documentation of workaround processes to keep a business fun...
- Question 457: Which of the following would protect the confidentiality of ...
- Question 458: Which of the following is the GREATEST risk related to the u...
- Question 459: An IS auditor has been tasked with auditing the inventory co...
- Question 460: Which of the following strategies BEST optimizes data storag...
- Question 461: Which of the following should be the GREATEST concern for an...
- Question 462: Which of the following is an audit reviewer's PRIMARY role w...
- Question 463: What is the purpose of hashing a document?...
- Question 464: An IS auditor learns that an in-house system development lif...
- Question 465: Which of the following is the MOST important responsibility ...
- Question 466: During the review of a system disruption incident, an IS aud...
- Question 467: An IS auditor is planning an audit of an organization's risk...
- Question 468: Which of the following BEST indicates a need to review an or...
- Question 469: Which of the following is an IS auditor's BEST approach when...
- Question 470: Which of the following provides the BEST evidence that all e...
- Question 471: Which of the following is the PRIMARY objective of cyber res...
- Question 472: An external audit firm was engaged to perform a validation a...
- Question 473: Which of the following findings should be of GREATEST concer...
- Question 474: Audit frameworks can assist the IS audit function by:...
- Question 475: When auditing the closing stages of a system development pro...
- Question 476: During a project audit, an IS auditor notes that project rep...
- Question 477: Which of the following should be considered when examining f...
- Question 478: A web proxy server for corporate connections to external res...
- Question 479: When reviewing a business case for a proposed implementation...
- Question 480: An audit has identified that business units have purchased c...
- Question 481: An IS auditor is reviewing processes for importing market pr...
- Question 482: Which of the following system attack methods is executed by ...
- Question 483: Which of the following is the BEST source of information to ...
- Question 484: Which of the following findings would be of GREATEST concern...
- Question 485: Which of the following should an IS auditor use when verifyi...
- Question 486: Which of the following is the BEST reason for software devel...
- Question 487: Which of the following security testing techniques is MOST e...
- Question 488: Which of the following provides the BEST evidence that syste...
- Question 489: Which of the following provides the MOST assurance over the ...
- Question 490: During a project assessment, an IS auditor finds that busine...
- Question 491: An IS auditor reviewing a job scheduling tool notices perfor...
- Question 492: An IS auditor finds a high-risk vulnerability in a public-fa...
- Question 493: Which of the following is a detective control?...
- Question 494: An IS auditor wants to determine who has oversight of staff ...
- Question 495: An external attacker spoofing an internal Internet Protocol ...
- Question 496: An organization that has suffered a cyber-attack is performi...
- Question 497: The PRIMARY reason to assign data ownership for protection o...
- Question 498: An IS auditor is verifying the adequacy of an organization's...
- Question 499: If a source code is not recompiled when program changes are ...
- Question 500: An IS auditor is reviewing a network diagram. Which of the f...
- Question 501: Which of the following fire suppression systems needs to be ...
- Question 502: Who is accountable for an organization's enterprise risk man...
- Question 503: Which of the following would be the BEST process for continu...
- Question 504: Which of the following should be an IS auditor's PRIMARY foc...
- Question 505: A new system development project is running late against a c...
- Question 506: An IS auditor finds that a key Internet-facing system is vul...
- Question 507: An IS auditor is reviewing an organization's cloud access se...
- Question 508: The FIRST step in an incident response plan is to:...
- Question 509: A senior auditor is reviewing work papers prepared by a juni...
- Question 510: Following a breach, what is the BEST source to determine the...
- Question 511: Which of the following should be an IS auditor's GREATEST co...
- Question 512: Which of the following is the MOST important prerequisite fo...
- Question 513: Which of the following should be the FIRST step when conduct...
- Question 514: An organization wants to use virtual desktops to deliver cor...
- Question 515: What would be an IS auditor's BEST recommendation upon findi...
- Question 516: A national bank recently migrated a large number of business...
- Question 517: An IS auditor is reviewing security controls related to coll...
- Question 518: Which of the following is the BEST recommendation to drive a...
- Question 519: Which of the following is MOST important to the effectivenes...
- Question 520: Which of the following provides the MOST useful information ...
- Question 521: Which of the following security measures is MOST important f...
- Question 522: Which of the following is MOST critical to the success of an...
- Question 523: During an audit of a reciprocal disaster recovery agreement ...
- Question 524: Which of the following demonstrates the use of data analytic...
- Question 525: The use of access control lists (ACLs) is the MOST effective...
- Question 526: Which of the following is MOST important for an IS auditor t...
- Question 527: Which of the following is a concern associated with virtuali...
- Question 528: Which of the following is the GREATEST risk associated with ...
- Question 529: An IS auditor discovers that due to resource constraints a d...
- Question 530: Due to limited storage capacity, an organization has decided...
- Question 531: Which of the following is the GREATEST concern related to an...
- Question 532: Which of the following would provide an IS auditor with the ...
- Question 533: An organization is considering allowing users to connect per...
- Question 534: Which of the following approaches would utilize data analyti...
- Question 535: Which of the following is the GREATEST risk when relying on ...
- Question 536: Which of the following provides an IS auditor the BEST evide...
- Question 537: Which of the following is the GREATEST advantage of outsourc...
- Question 538: During an audit of a multinational bank's disposal process, ...
- Question 539: A CFO has requested an audit of IT capacity management due t...
- Question 540: Which of the following would provide the BEST evidence of an...
- Question 541: Which of the following controls BEST ensures appropriate seg...
- Question 542: Which of the following BEST describes a digital signature?...
- Question 543: Which of the following is the MOST important area of focus f...
- Question 544: During the evaluation of controls over a major application d...
- Question 545: Which of the following BEST ensures the quality and integrit...
- Question 546: During a review, an IS auditor discovers that corporate user...
- Question 547: An organization has developed mature risk management practic...
- Question 548: Which of the following BEST describes an audit risk?...
- Question 549: Management has decided to accept a risk in response to a dra...
- Question 550: An organization was recently notified by its regulatory body...
- Question 551: An IS auditor suspects an organization's computer may have b...
- Question 552: In which phase of the audit life cycle process should an IS ...
- Question 553: An organization recently implemented a cloud document storag...
- Question 554: Which of the following documents should define roles and res...
- Question 555: The PRIMARY focus of a post-implementation review is to veri...
- Question 556: When is it MOST important for an IS auditor to apply the con...
- Question 557: Which of the following should be given GREATEST consideratio...
- Question 558: When protecting the confidentiality of information assets, t...
- Question 559: What is the Most critical finding when reviewing an organiza...
