Valid CISA Dumps shared by ExamDiscuss.com for Helping Passing CISA Exam! ExamDiscuss.com now offer the newest CISA exam dumps, the ExamDiscuss.com CISA exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CISA dumps with Test Engine here:
Access CISA Dumps Premium Version
(1435 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 356/597
Which of the following observations should be of GREATEST concern to an IS auditor reviewing an organization's enterprise architecture (EA) program?
Correct Answer: A
Comprehensive and Detailed Step-by-Step Explanation:
Enterprise Architecture (EA) governance requires proper oversight and separation of duties to ensure strategic alignment and risk management.
* Option A (Correct):If IT application owners have sole authority over architecture approval, there is a high risk of inadequate governance, lack of strategic alignment, and potential conflicts of interest.
Architecture decisions should involve multiple stakeholders, including business and security teams, to ensure compliance, security, and business alignment.
* Option B (Incorrect):While having the CIO chair the architecture review board might not be ideal, it is not thegreatestconcern. The CIO is a senior leader who can provide oversight and direction, even if additional governance mechanisms should be in place.
* Option C (Incorrect):Reviewing security requirements within the EA program is abest practice, as it ensures that security is embedded into enterprise architecture rather than treated as an afterthought.
* Option D (Incorrect):Enterprise architecture should ideally encompass both IT and business processes.
Governing non-IT-related projects is not inherently problematic, as EA is designed to align business strategy with IT infrastructure.
Reference:ISACA CISA Review Manual -Domain 1: Information Systems Auditing Process- Covers IT governance and EA program structure.
Enterprise Architecture (EA) governance requires proper oversight and separation of duties to ensure strategic alignment and risk management.
* Option A (Correct):If IT application owners have sole authority over architecture approval, there is a high risk of inadequate governance, lack of strategic alignment, and potential conflicts of interest.
Architecture decisions should involve multiple stakeholders, including business and security teams, to ensure compliance, security, and business alignment.
* Option B (Incorrect):While having the CIO chair the architecture review board might not be ideal, it is not thegreatestconcern. The CIO is a senior leader who can provide oversight and direction, even if additional governance mechanisms should be in place.
* Option C (Incorrect):Reviewing security requirements within the EA program is abest practice, as it ensures that security is embedded into enterprise architecture rather than treated as an afterthought.
* Option D (Incorrect):Enterprise architecture should ideally encompass both IT and business processes.
Governing non-IT-related projects is not inherently problematic, as EA is designed to align business strategy with IT infrastructure.
Reference:ISACA CISA Review Manual -Domain 1: Information Systems Auditing Process- Covers IT governance and EA program structure.
- Question List (597q)
- Question 1: Which of the following should an IS auditor be MOST concerne...
- Question 2: A new system is being developed by a vendor for a consumer s...
- Question 3: Which of the following should be of GREATEST concern for an ...
- Question 4: Which of the following should be the PRIMARY objective of co...
- Question 5: Which of the following would provide management with the MOS...
- Question 6: Users are complaining that a newly released enterprise resou...
- Question 7: Which of the following would BEST indicate the effectiveness...
- Question 8: Which of the following is the BEST indicator that a third-pa...
- Question 9: Which of the following environments is BEST used for copying...
- Question 10: Which of the following is MOST important during software lic...
- Question 11: When reviewing the disaster recovery strategy, IT management...
- Question 12: Which of the following is the PRIMARY advantage of using vis...
- Question 13: A CFO has requested an audit of IT capacity management due t...
- Question 14: Which of the following tests would provide the BEST assuranc...
- Question 15: Which of the following should be of MOST concern to an IS au...
- Question 16: Which of the following is the GREATEST advantage of vulnerab...
- Question 17: Which of the following responses to risk associated with sep...
- Question 18: The purpose of a checksum on an amount field in an electroni...
- Question 19: During an external review, an IS auditor observes an inconsi...
- Question 20: Which of the following BEST enables an organization to stand...
- Question 21: Which of the following is the BEST way to detect unauthorize...
- Question 22: Which of the following provides the BEST evidence that syste...
- Question 23: During an audit of payment services of a branch based in a f...
- Question 24: When is it MOST important for an IS auditor to apply the con...
- Question 25: An organizations audit charier PRIMARILY:...
- Question 26: Which of the following is the MOST reliable way for an IS au...
- 2 commentQuestion 27: An IS auditor has completed the fieldwork phase of a network...
- Question 28: During a routine internal software licensing review, an IS a...
- Question 29: The BEST way to provide assurance that a project is adhering...
- Question 30: Coding standards provide which of the following?...
- Question 31: In a high-volume, real-time system, the MOST effective techn...
- Question 32: Which of the following is the MOST important reason for an I...
- Question 33: Which of the following is MOST important for an IS auditor t...
- Question 34: Which of the following is the MOST important reason to imple...
- Question 35: An IS auditor has been tasked with auditing the inventory co...
- Question 36: Which of the following is MOST important for an IS auditor t...
- Question 37: An IS auditor finds that a new network connection allows com...
- Question 38: Which of the following is MOST helpful for measuring benefit...
- Question 39: During a pre-implementation review, an IS auditor notes that...
- Question 40: Which of the following is the MOST appropriate indicator of ...
- Question 41: Which of the following is MOST important to ensure when deve...
- Question 42: Which of the following would be MOST important to include in...
- Question 43: Which of the following is the MOST appropriate control to en...
- Question 44: Which of the following is the BEST way to ensure an organiza...
- Question 45: An IS auditor discovers that due to resource constraints a d...
- Question 46: An employee loses a mobile device resulting in loss of sensi...
- Question 47: Which of the following provides the MOST useful information ...
- Question 48: Stress testing should ideally be earned out under a:...
- Question 49: Which of the following is MOST effective for controlling vis...
- Question 50: During an exit meeting, an IS auditor highlights that backup...
- Question 51: Which of the following would BEST facilitate the successful ...
- Question 52: A new regulation requires organizations to report significan...
- Question 53: Which of the following should be the FIRST step when plannin...
- Question 54: Which of the following is the PRIMARY benefit of effective i...
- Question 55: Which of the following should be of GREATEST concern to an I...
- Question 56: A project team has decided to switch to an agile approach to...
- Question 57: Which of the following provides an IS auditor the BEST evide...
- Question 58: An IS auditor is assigned to review the IS department s qual...
- Question 59: An organization's security team created a simulated producti...
- Question 60: Which of the following is an executive management concern th...
- Question 61: Which of the following findings related to segregation of du...
- Question 62: Upon completion of audit work, an IS auditor should:...
- Question 63: To confirm integrity for a hashed message, the receiver shou...
- Question 64: An IS auditor finds that a recently deployed application has...
- Question 65: An IS auditor finds that the process for removing access for...
- Question 66: Which of the following should be given GREATEST consideratio...
- Question 67: Effective separation of duties in an online environment can ...
- Question 68: Which of the following is the BEST metric to measure the ali...
- Question 69: A telecommunications company has recently created a new frau...
- Question 70: Which of the following would an IS auditor find to be the GR...
- Question 71: An IS auditor is reviewing a contract for the outsourcing of...
- Question 72: A web application is developed in-house by an organization. ...
- Question 73: Which of the following methods would BEST help detect unauth...
- Question 74: An IS auditor is reviewing an organization's incident manage...
- Question 75: Which of the following is MOST important to determine during...
- Question 76: An IS auditor discovers that validation controls m a web app...
- Question 77: Which of the following technologies is BEST suited to fulfil...
- Question 78: While auditing a small organization's data classification pr...
- Question 79: An IS auditor wants to gain a better understanding of an org...
- Question 80: An IS auditor finds that an organization's data loss prevent...
- Question 81: Which of the following is the GREATEST risk associated with ...
- Question 82: An IS auditor is supporting a forensic investigation. An ima...
- Question 83: Which of the following is the MOST effective way to ensure a...
- Question 84: An IS auditor is reviewing how password resets are performed...
- Question 85: An audit has identified that business units have purchased c...
- Question 86: In an online application, which of the following would provi...
- Question 87: During a follow-up audit, it was found that a complex securi...
- Question 88: Which of the following activities provides an IS auditor wit...
- Question 89: Which of the following is the MOST important consideration w...
- Question 90: In an IT organization where many responsibilities are shared...
- Question 91: Which of the following BEST addresses the availability of an...
- Question 92: The process of applying a hash function to a message and obt...
- Question 93: An IS auditor reviewing incident response management process...
- Question 94: Which of the following is the PRIMARY reason for an IS audit...
- Question 95: An IS auditor Is renewing the deployment of a new automated ...
- Question 96: An IS auditor has been asked to audit the proposed acquisiti...
- Question 97: An IS auditor is reviewing a network diagram. Which of the f...
- Question 98: Which type of control has been established when an organizat...
- Question 99: An IS auditor is conducting a review of a data center. Which...
- Question 100: Which of the following documents would be MOST useful in det...
- Question 101: Which of the following is the BEST way to verify the effecti...
- Question 102: Which of the following should be the GREATEST concern to an ...
- Question 103: Which of following is MOST important to determine when condu...
- Question 104: Which of the following should an IS auditor expect to see in...
- Question 105: Which of the following user actions poses the GREATEST risk ...
- Question 106: An IS auditor is reviewing enterprise governance and finds t...
- Question 107: A manager Identifies active privileged accounts belonging to...
- Question 108: Which of the following observations should be of GREATEST co...
- Question 109: Which of the following is the BEST source of information for...
- Question 110: Which of the following should be an IS auditor's PRIMARY foc...
- Question 111: Which of the following would BEST prevent an arbitrary appli...
- Question 112: Which of the following is MOST helpful for understanding an ...
- Question 113: When designing metrics for information security, the MOST im...
- Question 114: Which of the following issues identified during a formal rev...
- Question 115: Stress testing should ideally be carried out under a:...
- Question 116: During recent post-implementation reviews, an IS auditor has...
- Question 117: An organization is enhancing the security of a client-facing...
- Question 118: Which of the following is the MOST effective way to detect a...
- Question 119: Which of the following should be of GREATEST concern to an I...
- Question 120: Which of the following is the BEST indication of effective I...
- Question 121: During the forensic investigation of a cyberattack involving...
- Question 122: An organization is implementing a new data loss prevention (...
- Question 123: An organization is permanently transitioning from onsite to ...
- Question 124: An organization has made a strategic decision to split into ...
- Question 125: An IS auditor discovers a box of hard drives in a secured lo...
- Question 126: During the planning stage of a compliance audit, an IS audit...
- Question 127: An organization has established hiring policies and procedur...
- Question 128: An IS auditor finds that periodic reviews of read-only users...
- Question 129: Which of the following should be of GREATEST concern for an ...
- Question 130: Which of the following BEST protects an organization's propr...
- Question 131: An organization allows its employees lo use personal mobile ...
- Question 132: Which of the following would be the BEST criteria for monito...
- Question 133: An IS auditor has found that a vendor has gone out of busine...
- Question 134: When building or upgrading enterprise cryptographic infrastr...
- Question 135: A now regulation requires organizations to report significan...
- Question 136: While evaluating the data classification process of an organ...
- Question 137: Which of the following is the MOST effective control to miti...
- Question 138: Which of the following should be the IS auditor's PRIMARY fo...
- Question 139: Which of the following is the BEST metric to measure the qua...
- Question 140: Which of the following is the BEST source of information for...
- Question 141: Which of the following components of a risk assessment is MO...
- Question 142: Which of the following is the GREATEST risk of using a recip...
- Question 143: Which of the following is the BEST way to identify whether t...
- Question 144: When reviewing a business case for a proposed implementation...
- Question 145: A disaster recovery plan (DRP) should include steps for:...
- Question 146: Which of the following key performance indicators (KPIs) pro...
- Question 147: An organization conducted an exercise to test the security a...
- Question 148: Which of the following would be the GREATEST concern for an ...
- Question 149: Which of the following is the MOST effective accuracy contro...
- Question 150: Which of the following is the BEST control to minimize the r...
- Question 151: An IS auditor is asked to review an organization's technolog...
- Question 152: An IS audit team is evaluating documentation of the most rec...
- Question 153: In an environment that automatically reports all program cha...
- Question 154: Audit frameworks cart assist the IS audit function by:...
- Question 155: Which of the following would be an appropriate rote of inter...
- Question 156: One advantage of managing an entire collection of projects a...
- Question 157: When a data center is attempting to restore computing facili...
- Question 158: An IS auditor is preparing for a review of controls associat...
- Question 159: An IS auditor has been asked to review an event log aggregat...
- Question 160: Which of the following would MOST likely impair the independ...
- Question 161: Management is concerned about sensitive information being in...
- Question 162: A global organization's policy states that all workstations ...
- Question 163: The business case for an information system investment shoul...
- Question 164: During a review of a production schedule, an IS auditor obse...
- Question 165: A steering committee established to oversee an organization'...
- Question 166: The use of which of the following is an inherent risk in the...
- Question 167: An IS auditor is assessing the adequacy of management's reme...
- Question 168: Which of the following is the PRIMARY reason to follow a con...
- Question 169: When auditing the closing stages of a system development pro...
- Question 170: Which of the following BEST enables the timely identificatio...
- Question 171: Which of the following is the MOST effective way for an orga...
- Question 172: Which of the following findings would be of GREATEST concern...
- Question 173: Which of the following is MOST helpful for an IS auditor to ...
- Question 174: Which of the following is the BEST indicator of the effectiv...
- Question 175: Which of the following system redundancy configurations BEST...
- Question 176: Which of the following is the MOST appropriate and effective...
- Question 177: Which of the following metrics would BEST measure the agilit...
- Question 178: Which of the following protocols should be used when transfe...
- Question 179: Which of following areas is MOST important for an IS auditor...
- Question 180: An organization's security policy mandates that all new empl...
- Question 181: which of the following is a core functionality of a configur...
- Question 182: Audit frameworks can assist the IS audit function by:...
- Question 183: An organization has both an IT strategy committee and an IT ...
- Question 184: At the end of each business day, a business-critical applica...
- Question 185: An organization's senior management thinks current security ...
- Question 186: Which of the following BEST enables a benefits realization p...
- Question 187: To mitigate the risk of exposing data through application pr...
- Question 188: Which of the following is MOST important for an effective co...
- Question 189: Malicious program code was found in an application and corre...
- Question 190: Which of the following is MOST important for an IS auditor t...
- Question 191: An IS auditor notes the transaction processing times in an o...
- Question 192: Which of the following is the MOST important benefit of invo...
- Question 193: Which of the following BEST enables an organization to impro...
- Question 194: The PRIMARY benefit lo using a dry-pipe fire-suppression sys...
- Question 195: Which of the following security risks can be reduced by a pr...
- Question 196: An IS auditor who was instrumental in designing an applicati...
- Question 197: Email required for business purposes is being stored on empl...
- Question 198: Which of the following is MOST helpful for evaluating benefi...
- Question 199: An IS auditor assessing the controls within a newly implemen...
- Question 200: The use of control totals reduces the risk of:...
- Question 201: The PRIMARY objective of a control self-assessment (CSA) is ...
- Question 202: An IS auditor reviewing the threat assessment tor a data cen...
- Question 203: Which of the following methods will BEST reduce the risk ass...
- Question 204: Which of the following is a PRIMARY benefit of using risk as...
- Question 205: Which of the following is the PRIMARY benefit of a tabletop ...
- Question 206: During an information security review, an IS auditor learns ...
- Question 207: Which of the following should be the PRIMARY basis for prior...
- Question 208: Which of the following is the MOST important course of actio...
- Question 209: As part of business continuity planning, which of the follow...
- Question 210: Which task should an IS auditor complete FIRST during the pr...
- Question 211: In which phase of the internal audit process is contact esta...
- Question 212: Which of the following presents the GREATEST risk of data le...
- Question 213: Which of the following is MOST important for an IS auditor t...
- Question 214: Which type of device sits on the perimeter of a corporate of...
- Question 215: A post-implementation review was conducted by issuing a surv...
- Question 216: Which of the following is the STRONGEST indication of a matu...
- Question 217: Which of the following is the BEST control lo mitigate attac...
- Question 218: An organization recently implemented a cloud document storag...
- Question 219: An IS auditor finds a high-risk vulnerability in a public-fa...
- Question 220: Which of the following is the BEST source of information for...
- Question 221: Which of the following BEST indicates that an incident manag...
- Question 222: An organization produces control reports with a desktop appl...
- Question 223: Which of the following is the BEST reason to implement a dat...
- Question 224: Which of the following is the MOST likely root cause of shad...
- Question 225: Which of the following would BEST help to ensure that an inc...
- Question 226: The due date of an audit project is approaching, and the aud...
- Question 227: Which of the following is the BEST way to ensure email confi...
- Question 228: Which of the following is the PRIMARY advantage of using an ...
- Question 229: Which of the following is the BEST sampling method to use wh...
- Question 230: Which of the following is the BEST testing approach to facil...
- Question 231: What is the PRIMARY benefit of an audit approach which requi...
- Question 232: Who should be the FIRST to evaluate an audit report prior to...
- Question 233: Providing security certification for a new system should inc...
- Question 234: Which of the following is MOST useful when planning to audit...
- Question 235: An IS auditor evaluating the change management process must ...
- Question 236: An IS auditor is reviewing security controls related to coll...
- Question 237: An IS auditor reviewing the system development life cycle (S...
- Question 238: During an operational audit on the procurement department, t...
- Question 239: What should be the PRIMARY basis for selecting which IS audi...
- Question 240: Which type of attack poses the GREATEST risk to an organizat...
- Question 241: During a follow-up audit, an IS auditor learns that some key...
- Question 242: Which of the following is necessary for effective risk manag...
- Question 243: Which of the following should be of GREATEST concern to an I...
- Question 244: Which of the following BEST mitigates the risk of SQL inject...
- Question 245: Which of the following poses the GREATEST risk to an organiz...
- Question 246: Which of the following are BEST suited for continuous auditi...
- Question 247: An IS auditor is conducting a physical security audit of a h...
- Question 248: Which of the following is the BEST way to mitigate the risk ...
- Question 249: Which of the following is the BEST preventive control to pro...
- Question 250: Which of the following is the GREATEST advantage of maintain...
- Question 251: Which of the following security testing techniques is MOST e...
- Question 252: Which of the following should be done FIRST to minimize the ...
- Question 253: While reviewing the effectiveness of an incident response pr...
- Question 254: An IS auditor is reviewing a decision to consolidate process...
- Question 255: An organization has outsourced the development of a core app...
- Question 256: Which of the following should be the PRIMARY focus when comm...
- Question 257: An organization wants to use virtual desktops to deliver cor...
- Question 258: An IS auditor is reviewing processes for importing market pr...
- Question 259: Which of the following should be the GREATEST concern to an ...
- Question 260: Which of the following should be the GREATEST concern for an...
- Question 261: An organization uses public key infrastructure (PKI) to prov...
- Question 262: An organization has assigned two new IS auditors to audit a ...
- Question 263: An IS auditor is conducting a post-implementation review of ...
- Question 264: Which of the following is an IS auditor's BEST recommendatio...
- Question 265: Of the following who should be responsible for cataloging an...
- Question 266: During an audit of a reciprocal disaster recovery agreement ...
- Question 267: An IS auditor reviewing an information processing environmen...
- Question 268: A system administrator recently informed the IS auditor abou...
- Question 269: Which of the following should be an IS auditor's GREATEST co...
- Question 270: An IS auditor should ensure that an application's audit trai...
- Question 271: Which of the following should an IS auditor consider the MOS...
- Question 272: A post-implementation audit has been completed for the deplo...
- Question 273: What should be an IS auditor's PRIMARY focus when reviewing ...
- Question 274: Which of the following BEST facilitates the legal process in...
- Question 275: A white box testing method is applicable with which of the f...
- Question 276: Which of the following is the BEST security control to valid...
- Question 277: Which of the following would be an IS auditor's GREATEST con...
- Question 278: A business application's database is copied to a replication...
- Question 279: Using swipe cards to limit employee access to restricted are...
- Question 280: Which of the following is the BEST detective control for a j...
- Question 281: Which of the following would be of GREATEST concern to an IS...
- Question 282: Which of the following is the BEST compensating control agai...
- Question 283: An IS auditor is reviewing the installation of a new server....
- Question 284: Which of the following presents the GREATEST challenge to th...
- Question 285: The PRIMARY advantage of object-oriented technology is enhan...
- Question 286: Which of the following practices associated with capacity pl...
- Question 287: Which of the following is MOST important to define within a ...
- Question 288: An IS auditor will be testing accounts payable controls by p...
- Question 289: A warehouse employee of a retail company has been able to co...
- Question 290: An IS auditor concludes that an organization has a quality s...
- Question 291: An IS auditor wants to verify alignment of the organization'...
- Question 292: The BEST way to prevent fraudulent payments is to implement ...
- Question 293: During a security audit, an IS auditor is tasked with review...
- Question 294: Which of the following is MOST important when creating a for...
- Question 295: Which of the following BEST reflects a mature strategic plan...
- Question 296: Spreadsheets are used to calculate project cost estimates. T...
- Question 297: During which IT project phase is it MOST appropriate to cond...
- Question 298: Which of the following is a threat to IS auditor independenc...
- Question 299: Which of the following will be the MOST effective method to ...
- Question 300: Which of the following is MOST important to consider when as...
- Question 301: An IS auditor suspects an organization's computer may have b...
- Question 302: Which of the following is the GREATEST risk if two users hav...
- Question 303: Data from a system of sensors located outside of a network i...
- Question 304: Which of the following should be the GREATEST concern for an...
- Question 305: An IS auditor is conducting an IT governance audit and notic...
- Question 306: An organization is planning to implement a work-from-home po...
- Question 307: Which of the following should be an IS auditor's PRIMARY con...
- Question 308: An auditee disagrees with a recommendation for corrective ac...
- Question 309: Which of the following provides the MOST assurance of the in...
- Question 310: Which of the following is the MOST effective control when gr...
- Question 311: Which of the following is an effective way to ensure the int...
- Question 312: A review of Internet security disclosed that users have indi...
- Question 313: Due to limited storage capacity, an organization has decided...
- Question 314: Capacity management enables organizations to:...
- Question 315: Which of the following is an IS auditor's BEST recommendatio...
- Question 316: Which of the following findings would be of GREATEST concern...
- Question 317: Which of the following is the MOST significant risk when an ...
- Question 318: Retention periods and conditions for the destruction of pers...
- Question 319: Which of the following is the GREATEST concern associated wi...
- Question 320: A startup organization wants to develop a data loss preventi...
- Question 321: During an audit of a multinational bank's disposal process, ...
- Question 322: Which of the following BEST supports the effectiveness of a ...
- Question 323: If a source code is not recompiled when program changes are ...
- Question 324: Which of the following BEST enables alignment of IT with bus...
- Question 325: Which of the following is the BEST way to sanitize a hard di...
- Question 326: Which of the following should be an IS auditor's GREATEST co...
- Question 327: Which of the following is the BEST control to help ensure th...
- Question 328: During the audit of an enterprise resource planning (ERP) sy...
- Question 329: Which of the following is the MOST effective control to miti...
- Question 330: During audit framework. an IS auditor teams that employees a...
- Question 331: Which of the following is the GREATEST benefit of adopting a...
- Question 332: During an external review, an IS auditor observes an inconsi...
- Question 333: Which of the following is MOST important to ensure when plan...
- Question 334: During which process is regression testing MOST commonly use...
- Question 335: Which of the following is found in an audit charter?...
- Question 336: Which of the following is the MOST reliable way for an IS au...
- Question 337: What should an IS auditor do FIRST when management responses...
- Question 338: Which type of attack targets security vulnerabilities in web...
- Question 339: During an IT governance audit, an IS auditor notes that IT p...
- Question 340: Which of the following is the GREATEST advantage of outsourc...
- Question 341: How does a continuous integration/continuous development (CI...
- Question 342: During the discussion of a draft audit report IT management ...
- Question 343: An organization has decided to purchase a web-based email se...
- Question 344: An IS auditor is reviewing the release management process fo...
- Question 345: In an organization's feasibility study to acquire hardware t...
- Question 346: Which of the following BEST indicates a need to review an or...
- Question 347: During an IS audit of a data center, it was found that progr...
- Question 348: An organization is implementing a data loss prevention (DLP)...
- Question 349: Which of the following would BEST demonstrate that an effect...
- Question 350: Which of the following management decisions presents the GRE...
- Question 351: Which of the following should an IS auditor recommend be don...
- Question 352: When reviewing hard disk utilization reports, an IS auditor ...
- Question 353: Which of the following provides the MOST reliable method of ...
- Question 354: The IS quality assurance (OA) group is responsible for:...
- Question 355: The BEST way for an IS auditor to validate that separation o...
- Question 356: Which of the following observations should be of GREATEST co...
- Question 357: An organization is establishing a steering committee for the...
- Question 358: Recovery facilities providing a redundant combination of Int...
- Question 359: During a follow-up audit, an IS auditor finds that senior ma...
- Question 360: An IS auditor is analyzing a sample of accounts payable tran...
- Question 361: Aligning IT strategy with business strategy PRIMARILY helps ...
- Question 362: In order to be useful, a key performance indicator (KPI) MUS...
- Question 363: An IS auditor is providing input to an RFP to acquire a fina...
- Question 364: During a project audit, an IS auditor notes that project rep...
- Question 365: Which of the following would be the BEST process for continu...
- Question 366: Which of the following should be the GREATEST concern to an ...
- Question 367: When determining whether a project in the design phase will ...
- Question 368: Which of the following is the BEST approach for determining ...
- Question 369: Which of the following security measures is MOST important f...
- Question 370: Which of the following should be of MOST concern to an IS au...
- Question 371: Due to limited storage capacity, an organization has decided...
- Question 372: Which of the following can only be provided by asymmetric en...
- Question 373: A vendor requires privileged access to a key business applic...
- Question 374: A small IT department has embraced DevOps, which allows memb...
- Question 375: Which of the following is the BEST indication to an IS audit...
- Question 376: What is the Most critical finding when reviewing an organiza...
- Question 377: A third-party consultant is managing the replacement of an a...
- Question 378: During an audit, the IS auditor finds that in many cases exc...
- Question 379: During the review of a system disruption incident, an IS aud...
- Question 380: Which of the following parameters reflects the risk threshol...
- Question 381: A contract for outsourcing IS functions should always includ...
- Question 382: Which of the following is the MOST important task of an IS a...
- Question 383: To enable the alignment of IT staff development plans with I...
- Question 384: Which of the following business continuity activities priori...
- Question 385: When an intrusion into an organization's network is detected...
- Question 386: Which of the following is the BEST way to ensure that busine...
- Question 387: Which of the following is MOST important for an IS auditor t...
- Question 388: Which of the following analytical methods would be MOST usef...
- Question 389: Which of the following should an IS auditor review FIRST whe...
- Question 390: Which of the following should be of GREATEST concern to an I...
- Question 391: Which of the following should be used to evaluate an IT deve...
- Question 392: Which of the following will BEST ensure that archived electr...
- Question 393: An IS auditor finds a segregation of duties issue in an ente...
- Question 394: A bank performed minor changes to the interest calculation c...
- Question 395: Which of the following would BEST help lo support an auditor...
- Question 396: Which of the following would be MOST useful to an IS auditor...
- Question 397: An IS auditor has been asked to review the quality of data i...
- Question 398: Which of the following is the MOST important area of focus f...
- Question 399: Which of the following poses the GREATEST risk to the use of...
- Question 400: During which stage of the penetration test cycle does the te...
- Question 401: Which of the following is an analytical review procedure for...
- Question 402: Which of the following should be of MOST concern to an IS au...
- Question 403: An IS auditor reviewing security incident processes realizes...
- Question 404: An IS auditor is reviewing an artificial intelligence (Al) a...
- Question 405: When verifying the accuracy and completeness of migrated dat...
- Question 406: In a data center audit, an IS auditor finds that the humidit...
- Question 407: Which of the following poses the GREATEST potential concern ...
- Question 408: When reviewing the functionality of an intrusion detection s...
- Question 409: Which of the following poses the GREATEST risk to an organiz...
- Question 410: An IS auditor is evaluating the risk associated with moving ...
- Question 411: In a RAO model, which of the following roles must be assigne...
- Question 412: Which of the following technologies has the SMALLEST maximum...
- Question 413: Which of the following is the MAIN purpose of an information...
- Question 414: An external audit firm was engaged to perform a validation a...
- Question 415: Which of the following would BEST help to ensure that potent...
- Question 416: The PRIMARY role of an IS auditor in the remediation of prob...
- Question 417: Which of the following should be the FIRST step in a data mi...
- Question 418: When developing customer-facing IT applications, in which st...
- Question 419: Which of the following constitutes an effective detective co...
- Question 420: Which of the following system attack methods is executed by ...
- Question 421: An organization has implemented a new data classification sc...
- Question 422: Which of the following is the PRIMARY purpose of obtaining a...
- Question 423: What is the PRIMARY reason to adopt a risk-based IS audit st...
- Question 424: Which of the following statements appearing in an organizati...
- Question 425: Which of the following is the BEST way to address potential ...
- Question 426: Which of the following should an IS auditor use when verifyi...
- Question 427: During the discussion of a draft audit report. IT management...
- Question 428: What would be an IS auditor's BEST recommendation upon findi...
- Question 429: Which of the following is the PRIMARY objective of enterpris...
- Question 430: Which of the following would be of GREATEST concern to an IS...
- Question 431: When auditing an organization's software acquisition process...
- Question 432: An IS auditor notes that IT and the business have different ...
- Question 433: An IS auditor has been asked to provide support to the contr...
- Question 434: Which of the following would BEST determine whether a post-i...
- Question 435: Which of the following is MOST important to the effectivenes...
- Question 436: Which of the following should be done FIRST when creating a ...
- Question 437: Which of the following should be an IS auditor's PRIMARY foc...
- Question 438: Which of the following BEST indicates that the effectiveness...
- Question 439: A security administrator is called in the middle of the nigh...
- Question 440: Which of the following will BEST ensure that a proper cutoff...
- Question 441: As part of an audit response, an auditee has concerns with t...
- Question 442: An internal audit team is deciding whether to use an audit m...
- Question 443: Which of the following BEST ensures that effective change ma...
- Question 444: Which of the following is the MOST important consideration w...
- Question 445: Which of the following concerns is BEST addressed by securin...
- Question 446: in a post-implantation Nation review of a recently purchased...
- Question 447: Which of the following is the BEST reason to implement a dat...
- Question 448: In a review of the organization standards and guidelines for...
- Question 449: Which of the following would be a result of utilizing a top-...
- Question 450: Which of the following is the MAJOR advantage of automating ...
- Question 451: Which of the following should be of GREATEST concern to an I...
- Question 452: When testing the adequacy of tape backup procedures, which s...
- Question 453: Which of the following is the BEST approach to validate whet...
- Question 454: Which of the following is the MOST important responsibility ...
- Question 455: Which of the following network communication protocols is us...
- Question 456: Which of the following should be used as the PRIMARY basis f...
- Question 457: A small organization is experiencing rapid growth and plans ...
- Question 458: How is nonrepudiation supported within a public key infrastr...
- Question 459: Which of the following would be of GREATEST concern to an IS...
- Question 460: In reviewing the IT strategic plan, the IS auditor should co...
- Question 461: An IS auditor should look for which of the following to ensu...
- Question 462: Which of the following network topologies will provide the G...
- Question 463: A company requires that all program change requests (PCRs) b...
- Question 464: An IS auditor is planning a review of an organizations cyber...
- Question 465: A finance department has a two-year project to upgrade the e...
- Question 466: What should be the PRIMARY focus during a review of a busine...
- Question 467: An IS auditor is reviewing an industrial control system (ICS...
- Question 468: Which of the following BEST demonstrates that IT strategy Is...
- Question 469: Which of the following would lead an IS auditor to conclude ...
- Question 470: Following a merger, a review of an international organizatio...
- Question 471: An IS auditor is reviewing the service agreement with a tech...
- Question 472: Which of the following would MOST likely jeopardize the inde...
- Question 473: Which of the following is the BEST way to address segregatio...
- Question 474: Which of the following is an example of a preventive control...
- Question 475: Which of the following would present the GREATEST risk withi...
- Question 476: An IS auditor is reviewing an organization's business contin...
- Question 477: An IS auditor finds that capacity management for a key syste...
- Question 478: Which of the following will provide the GREATEST assurance t...
- Question 479: Which of the following will MOST likely compromise the contr...
- Question 480: An IS auditor found that a company executive is encouraging ...
- Question 481: An IS auditor has been asked to advise on measures to improv...
- Question 482: A review of IT interface controls finds an organization does...
- Question 483: An IS auditor is evaluating the progress of a web-based cust...
- Question 484: Which of the following is MOST important to include in secur...
- Question 485: Which of the following controls is BEST implemented through ...
- Question 486: During an external review, an IS auditor observes an inconsi...
- Question 487: Which of the following is MOST important for an IS auditor t...
- Question 488: Which of the following BEST describes a digital signature?...
- Question 489: Which of the following should be of GREATEST concern to an I...
- Question 490: A mission-critical application utilizes a one-node database ...
- Question 491: Which of the following is an example of shadow IT?...
- Question 492: An organization is shifting to a remote workforce In prepara...
- Question 493: Several unattended laptops containing sensitive customer dat...
- Question 494: Which of the following is the MOST important success factor ...
- Question 495: The PRIMARY advantage of using open-source-based solutions i...
- Question 496: Management has learned the implementation of a new IT system...
- Question 497: Which of the following is the BEST recommendation to include...
- Question 498: One advantage of monetary unit sampling is the fact that...
- Question 499: Management is concerned about sensitive information being in...
- Question 500: An IS auditor has found that an organization is unable to ad...
- Question 501: Which of the following is the BEST way to determine whether ...
- Question 502: In which phase of the audit life cycle process should an IS ...
- Question 503: A configuration management audit identified that predefined ...
- Question 504: Management has requested a post-implementation review of a n...
- Question 505: During a new system implementation, an IS auditor has been a...
- Question 506: Cross-site scripting (XSS) attacks are BEST prevented throug...
- Question 507: An IS auditor is reviewing an organization's information ass...
- Question 508: Which of the following is the MOST important outcome of an i...
- Question 509: Which of the following is the BEST approach to help organiza...
- Question 510: Which of the following BEST minimizes performance degradatio...
- Question 511: The PRIMARY goal of capacity management is to:...
- Question 512: Which of the following is the GREATEST risk when relying on ...
- Question 513: Which of the following measures BEST mitigates the risk of d...
- Question 514: Which of the following is the MOST appropriate testing appro...
- Question 515: An IS auditor discovers an option in a database that allows ...
- Question 516: A hearth care organization utilizes Internet of Things (loT)...
- Question 517: Which of the following BEST demonstrates to senior managemen...
- Question 518: Which of the following findings would be of GREATEST concern...
- Question 519: Which of the following should be an IS auditor's GREATEST co...
- Question 520: An organization implemented a cybersecurity policy last year...
- Question 521: Following a security breach in which a hacker exploited a we...
- Question 522: During an audit of a financial application, it was determine...
- Question 523: Which of the following is MOST appropriate to prevent unauth...
- Question 524: Which of the following metrics is the BEST indicator of the ...
- Question 525: An incident response team has been notified of a virus outbr...
- Question 526: Which of the following is the MOST efficient control to redu...
- Question 527: Which of the following should be the PRIMARY role of an inte...
- Question 528: Which of the following is the BEST indicator for measuring p...
- Question 529: During the design phase of a software development project, t...
- Question 530: Which of the following applications has the MOST inherent ri...
- Question 531: An IS auditor finds that the cost of developing an applicati...
- Question 532: An organization has developed mature risk management practic...
- Question 533: An organization is disposing of a system containing sensitiv...
- Question 534: An organization is planning to implement a control self-asse...
- Question 535: Which of the following security measures will reduce the ris...
- Question 536: An IS department is evaluated monthly on its cost-revenue ra...
- Question 537: Which of the following is the BEST way to prevent social eng...
- Question 538: During a follow-up audit, an IS auditor finds that some crit...
- Question 539: Which of the following is MOST useful for determining the st...
- Question 540: Which of the following provides the BEST evidence that a thi...
- Question 541: The PRIMARY purpose of requiring source code escrow in a con...
- Question 542: Which of the following indicates that an internal audit orga...
- Question 543: During an audit which of the following would be MOST helpful...
- Question 544: What is the PRIMARY benefit of using one-time passwords?...
- Question 545: During a pre-deployment assessment, what is the BEST indicat...
- Question 546: When planning an audit to assess application controls of a c...
- Question 547: An IS auditor notes that the previous year's disaster recove...
- Question 548: Which of the following is MOST critical to the success of an...
- Question 549: Which of the following is MOST important for an IS auditor t...
- Question 550: A transaction processing system interfaces with the general ...
- Question 551: An IT strategic plan that BEST leverages IT in achieving org...
- Question 552: Following a breach, what is the BEST source to determine the...
- Question 553: The implementation of an IT governance framework requires th...
- Question 554: A firewall between internal network segments improves securi...
- Question 555: Which of the following is an IS auditor's BEST course of act...
- Question 556: The GREATEST concern for an IS auditor reviewing vulnerabili...
- Question 557: Which of the following controls is MOST effective at prevent...
- Question 558: Which of the following should be the PRIMARY concern for the...
- Question 559: Who is PRIMARILY responsible for the design of IT controls t...
- Question 560: Which of the following activities would allow an IS auditor ...
- Question 561: A new system development project is running late against a c...
- Question 562: What should an IS auditor do FIRST upon discovering that a s...
- Question 563: Who is responsible for defining data access permissions?...
- Question 564: An IT balanced scorecard is PRIMARILY used for:...
- Question 565: In order for a firewall to effectively protect a network aga...
- Question 566: An IS auditor is evaluating the log management system for an...
- Question 567: Which of the following is the MOST important privacy conside...
- Question 568: Which of the following should be the FIRST consideration whe...
- Question 569: Which of the following areas of responsibility would cause t...
- Question 570: The PRIMARY benefit of information asset classification is t...
- Question 571: Which of the following is a detective control?...
- Question 572: What is the PRIMARY purpose of documenting audit objectives ...
- Question 573: An IS auditor can BEST evaluate the business impact of syste...
- Question 574: An IS auditor would MOST likely recommend that IT management...
- Question 575: Which of the following is the MOST significant impact to an ...
- Question 576: Which of the following would BEST enable an organization to ...
- Question 577: An organization is modernizing its technology policy framewo...
- Question 578: Which of the following is the BEST way to enforce the princi...
- Question 579: Which of the following is an example of a preventative contr...
- Question 580: An IS auditor observes that a business-critical application ...
- Question 581: Which of the following issues associated with a data center'...
- Question 582: When auditing the security architecture of an online applica...
- Question 583: Which of the following is MOST important to define within a ...
- Question 584: Which of the following should be of MOST concern to an IS au...
- Question 585: Which of the following would be MOST effective in detecting ...
- Question 586: Which of the following should be of GREATEST concern to an I...
- Question 587: Which of the following is the BEST recommendation to prevent...
- Question 588: The GREATEST benefit of using a polo typing approach in soft...
- Question 589: The PRIMARY reason for an IS auditor to use data analytics t...
- Question 590: Which of the following is the MAIN risk associated with addi...
- Question 591: In a public key cryptographic system, which of the following...
- Question 592: During which phase of the software development life cycle is...
- Question 593: During the course of fieldwork, an internal IS auditor obser...
- Question 594: Which of the following would be the GREATEST concern during ...
- Question 595: Which of the following responses to risk associated with seg...
- Question 596: One benefit of return on investment (ROI) analysts in IT dec...
- Question 597: Which of the following BEST describes the role of the IS aud...
