CISA Exam Dumps | Which of the following management decisions presents the GREATEST risk associated with data leakage?

<< Prev Question Next Question >>

Question 396/746

Which of the following management decisions presents the GREATEST risk associated with data leakage?

A. Staff is allowed to work remotely.

B. Security policies have not been updates in the past year.

C. There is no requirement for desktops to be encrypted.

D. Security awareness training is not provided to staff.

Question List (746q): Question 1: During an audit, an IT finding is agreed upon by all IT team...; Question 2: An IS auditor learns that a web application within the audit...; Question 3: Which of the following is MOST critical for the effective im...; Question 4: Which of the following is BEST used for detailed testing of ...; Question 5: What is the definition of a standard as compared to a guidel...; Question 6: Which of the following is MOST helpful to a data owner when ...; Question 7: An organization's audit charter PRIMARILY:...; Question 8: Which of the following provides the BEST assurance that a ne...; Question 9: Which of the following would be the MOST useful metric for s...; Question 10: What is the BEST way to control updates to the vendor master...; Question 11: Due to system limitations, segregation of duties (SoD) canno...; Question 12: What is the purpose of the audit charter?...; Question 13: Which of the following should be the PRIMARY objective of an...; Question 14: Which of the following should be of GREATEST concern to an I...; Question 15: Which of the following incident response team activities con...; Question 16: An IS auditor has been asked to perform a post-implementatio...; Question 17: Which of the following is MOST important for an IS auditor t...; Question 18: Which of the following is a social engineering attack method...; Question 19: Which of the following should an IS auditor be MOST concerne...; Question 20: Which of the following would be of MOST concern for an IS au...; Question 21: During a security access review, an IS auditor identifies a ...; Question 22: As part of the architecture of virtualized environments, in ...; Question 23: Which of the following is the BEST indication of the complet...; Question 24: When determining whether a project in the design phase will ...; Question 25: Following a breach, what is the BEST source to determine the...; Question 26: Which of the following features of a library control softwar...; Question 27: When reviewing an organization's IT governance processes, wh...; Question 28: The performance, risks, and capabilities of an IT infrastruc...; Question 29: In reviewing the IT strategic plan, the IS auditor should co...; Question 30: An IS auditor is reviewing an artificial intelligence (AI) a...; Question 31: Which of the following is the PRIMARY purpose for external a...; Question 32: In which of the following sampling methods is the entire sam...; Question 33: Which of the following should be an IS auditor's GREATEST co...; Question 34: Which of the following is MOST important for an organization...; Question 35: An IS auditor is reviewing a bank's service level agreement ...; Question 36: A system administrator recently informed the IS auditor abou...; Question 37: Following a discussion on the results of a recent audit enga...; Question 38: Which of the following is the BEST preventive control to pro...; Question 39: An IS auditor is reviewing a sample of production incidents ...; Question 40: Which of the following is the BEST way to reduce the risk of...; Question 41: Which of the following should an IS auditor use when verifyi...; Question 42: An IS auditor discovers that an IT organization serving seve...; Question 43: Which of the following findings should be of MOST concern to...; Question 44: An organization has recently become aware of a pervasive chi...; Question 45: A bank performed minor changes to the interest calculation c...; Question 46: An IS auditor noted a recent production incident in which a ...; Question 47: What should an IS auditor do FIRST when management responses...; Question 48: When an IS auditor evaluates key performance indicators (KPI...; Question 49: An audit of environmental controls at a data center could in...; Question 50: When implementing a new IT maturity model, which of the foll...; Question 51: Compared to developing a system in-house, acquiring a softwa...; Question 52: Which of the following is the GREATEST risk associated with ...; Question 53: Which of the following is the BEST way to identify whether t...; Question 54: An IS auditor has been tasked with auditing the inventory co...; Question 55: Which of the following BEST enables an organization to contr...; Question 56: Which of the following is MOST important to verify when impl...; Question 57: An employee approaches an IS auditor and expresses concern a...; Question 58: When developing customer-facing IT applications, in which st...; Question 59: What would be the PRIMARY reason for an IS auditor to recomm...; Question 60: When protecting mobile devices, which of the following is th...; Question 61: Which of the following is the BEST methodology to use for es...; Question 62: Which of the following should be an IS auditor's GREATEST co...; Question 63: Which of the following conditions should be of GREATEST conc...; Question 64: In a review of the organization standards and guidelines for...; Question 65: Which of the following would BEST determine whether a post-i...; Question 66: During a disaster recovery audit, an IS auditor finds that a...; Question 67: Management has agreed to move the organization's data center...; Question 68: What is the PRIMARY reason to adopt a risk-based IS audit st...; Question 69: To help determine whether a controls-reliant approach to aud...; Question 70: When reviewing a business impact analysis (BIA), it is MOST ...; Question 71: The use of control totals reduces the risk of:...; Question 72: An employee loses a mobile device resulting in loss of sensi...; Question 73: An IS audit manager is reviewing workpapers for a recently c...; Question 74: When protecting the confidentiality of information assets, t...; Question 75: Which of the following is the GREATEST risk associated with ...; Question 76: What should an IS auditor verify FIRST when evaluating the i...; Question 77: A network review is being undertaken to evaluate security ri...; Question 78: Which of the following describes the relationship between co...; Question 79: An organization has shifted from a bottom-up approach to a t...; Question 80: Which of the following is the MOST appropriate role for an I...; Question 81: A security administrator is called in the middle of the nigh...; Question 82: Which of the following BEST ensures the quality and integrit...; Question 83: Which of the following will BEST ensure that archived electr...; Question 84: Which of the following should be an IS auditor's GREATEST co...; Question 85: When reviewing a project to replace multiple manual data ent...; Question 86: Which of the following would BEST protect the confidentialit...; Question 87: The BEST way to evaluate the effectiveness of a newly develo...; Question 88: Which of the following is MOST important to ensure when revi...; Question 89: Which of the following should be the MOST important consider...; Question 90: Which of the following should an IS auditor regard as the PR...; Question 91: An organization is permanently transitioning from onsite to ...; Question 92: The objectives of business process reengineering (BPR) shoul...; Question 93: Which of the following is the MOST important responsibility ...; Question 94: Which of the following cloud capabilities BEST enables an or...; Question 95: Which of the following should be an IS auditor's PRIMARY foc...; Question 96: An IS auditor is reviewing the maturity of a large organizat...; Question 97: Which of the following should an IS auditor ensure is classi...; Question 98: An IS auditor suspects a company-owned computer may have bee...; Question 99: A bank uses a system that requires monetary amounts found on...; Question 100: Which of the following is the BEST way to ensure a vendor co...; Question 101: Which of the following should be of MOST concern to an IS au...; Question 102: Which of the following BEST enables an organization to impro...; Question 103: To address issues related to privileged users identified in ...; Question 104: In an annual audit cycle, the audit of an organization's IT ...; Question 105: Audit observations should be FIRST communicated with the aud...; Question 106: What is the BEST way to reduce the risk of inaccurate or mis...; Question 107: An organization has installed blade server technology in its...; Question 108: An organization's strategy to source certain IT functions fr...; Question 109: Which of the following is the MOST appropriate testing appro...; Question 110: During the course of fieldwork, an internal IS auditor obser...; Question 111: Halfway through an enterprise-wide project to implement busi...; Question 112: Which of the following should be of GREATEST concern to an I...; Question 113: Which type of data analytics can be used to identify invalid...; Question 114: Shortly after a system was deployed into production, it was ...; Question 115: Which of the following reports would provide the GREATEST as...; Question 116: An IS auditor has been asked to review an organization's IT ...; Question 117: Which of the following is the BEST sampling method to use wh...; Question 118: After the merger of two organizations, which of the followin...; Question 119: What is the GREATEST concern for an IS auditor reviewing con...; Question 120: Which of the following is the ULTIMATE objective of performi...; Question 121: A legacy application is running on an operating system that ...; Question 122: An IS auditor follows up on a recent security incident and f...; Question 123: Which type of testing BEST determines whether a new system m...; Question 124: When planning an audit, it is acceptable for an IS auditor t...; Question 125: During a physical security audit, an IS auditor was provided...; Question 126: Due to advancements in technology and electronic records, an...; Question 127: Which of the following is the MOST likely reason an organiza...; Question 128: An external IS auditor has been engaged to determine the org...; Question 129: Which of the following BEST helps to ensure data integrity a...; Question 130: In the review of a feasibility study for an IS acquisition, ...; Question 131: The BEST indicator of an optimized quality management system...; Question 132: Which of the following should be the FIRST step to successfu...; Question 133: Which of the following BEST addresses the availability of an...; Question 134: The PRIMARY objective of IT service level management is to:...; Question 135: Which of the following presents the GREATEST challenge to th...; Question 136: Which of the following should be the FIRST step when conduct...; Question 137: Which of the following is the BEST way to prevent social eng...; Question 138: When auditing an organization's procurement process, which o...; Question 139: Which of the following is the MOST important determining fac...; Question 140: Which of the following should be an IS auditor's PRIMARY con...; Question 141: Which of the following is the BEST justification for deferri...; Question 142: Which of the following is the PRIMARY reason for an IS audit...; Question 143: An organization considers implementing a system that uses a ...; Question 144: Which of the following would provide an organization with th...; Question 145: Which of the following BEST enables an IS auditor to objecti...; Question 146: An IS auditor has been asked to audit the proposed acquisiti...; Question 147: Which of the following is the BEST way to address segregatio...; Question 148: Which of the following is the BEST way to mitigate the risk ...; Question 149: Which of the following BEST enables a benefits realization p...; Question 150: Which of the following is MOST important for an IS auditor t...; Question 151: One benefit of return on investment (ROI) analysis in IT dec...; Question 152: A small organization is experiencing rapid growth and plans ...; Question 153: Which of the following should be of GREATEST concern to an I...; Question 154: What is the BEST method to determine if IT resource spending...; Question 155: Which of the following is the MOST important consideration f...; Question 156: Which of the following is MOST important when duties in a sm...; Question 157: After the release of an application system, an IS auditor wa...; Question 158: An IS auditor is reviewing an organization's primary router ...; Question 159: Which of the following should be the FIRST step when develop...; Question 160: When auditing IT organizational structure, which of the foll...; Question 161: An organization is modernizing its technology policy framewo...; Question 162: Which of the following would MOST effectively ensure the int...; Question 163: Which of the following is the BEST way for an IS auditor to ...; Question 164: Which of the following should be done FIRST when planning to...; Question 165: Which of the following BEST enables the effectiveness of an ...; Question 166: Failing to prevent or detect a material error would represen...; Question 167: Which of the following is the GREATEST advantage of agile de...; Question 168: An IS audit manager finds that data manipulation logic devel...; Question 169: Which of the following is an IS auditor's BEST approach when...; Question 170: Which of the following BEST supports the effectiveness of a ...; Question 171: A credit card company has decided to outsource the printing ...; Question 172: Stress testing should ideally be carried out under a:...; Question 173: Which of the following is the PRIMARY reason for using a dig...; Question 174: When assessing the quality of personnel data, an IS auditor ...; Question 175: An organization has established hiring policies and procedur...; Question 176: What is a PRIMARY benefit of using Transport Layer Security ...; Question 177: Which of the following provides the BEST assurance that vend...; Question 178: Which of the following is the GREATEST risk if two users hav...; Question 179: Which of the following should be of GREATEST concern to an I...; Question 180: Which of the following is the BEST way for an organization t...; Question 181: Which of the following should be of GREATEST concern to an I...; Question 182: During an exit meeting, an IS auditor highlights that backup...; Question 183: Which of the following is the MOST effective audit approach ...; Question 184: In the case of a disaster where the data center is no longer...; Question 185: Which of the following is MOST important to ensure when plan...; Question 186: An organization outsourced its IS functions. To meet its res...; Question 187: While reviewing the effectiveness of an incident response pr...; Question 188: A national bank recently migrated a large number of business...; Question 189: An IS auditor notes that the previous year's disaster recove...; Question 190: Which of the following would BEST prevent an arbitrary appli...; Question 191: An IS auditor is assessing the adequacy of management's reme...; Question 192: Which of the following is the BEST indicator of the effectiv...; Question 193: During an internal audit of automated controls, an IS audito...; Question 194: A vendor requires privileged access to a key business applic...; Question 195: Which of the following yields the HIGHEST level of system av...; Question 196: An IS auditor is reviewing the release management process fo...; Question 197: Which of the following provides the BEST evidence of the val...; Question 198: In a high-volume, real-time system, the MOST effective techn...; Question 199: An IS auditor is reviewing a data conversion project. Which ...; Question 200: An IS auditor should look for which of the following to ensu...; Question 201: Which of the following would be of GREATEST concern to an IS...; Question 202: An IS auditor is evaluating the risk associated with moving ...; Question 203: Which of the following BEST enables an organization to verif...; Question 204: Following the implementation of a data loss prevention (DLP)...; Question 205: An internal audit department recently established a quality ...; Question 206: Critical processes are not defined in an organization's busi...; Question 207: During an audit of identity and access management, an IS aud...; Question 208: Which of the following is MOST beneficial to executive manag...; Question 209: Which of the following is MOST important to include in a bus...; Question 210: Which of the following would be of GREATEST concern to an IS...; Question 211: Which of the following is the PRIMARY benefit of performing ...; Question 212: An IS auditor notes that several employees are spending an e...; Question 213: Which of the following should be the GREATEST concern to an ...; Question 214: Which of the following controls BEST mitigates the risk asso...; Question 215: An IS auditor notes that a mortgage origination team receive...; Question 216: Which of the following is a PRIMARY benefit of using risk as...; Question 217: Which of the following should be the GREATEST concern for an...; Question 218: An IS auditor is conducting an IT governance audit and notic...; Question 219: The record-locking option of a database management system (D...; Question 220: Cross-site scripting (XSS) attacks are BEST prevented throug...; Question 221: During preparation for an IS audit of an organization's IT s...; Question 222: Which of the following should be the GREATEST concern for an...; Question 223: Which of the following BEST demonstrates to senior managemen...; Question 224: Which of the following would be an IS auditor's GREATEST con...; Question 225: Which of the following is MOST important for an IS auditor t...; Question 226: Which of the following is MOST important for an IS auditor t...; Question 227: Which of the following will BEST ensure that a proper cutoff...; Question 228: An organization that processes credit card information emplo...; Question 229: An IS auditor is reviewing results from the testing of an or...; Question 230: An IS auditor is evaluating the IT business planning process...; Question 231: Prior to the migration of acquired software into production,...; Question 232: Which of the following would be MOST useful to an IS auditor...; Question 233: Which of the following is the GREATEST advantage of maintain...; Question 234: When auditing the security architecture of an online applica...; Question 235: When designing metrics for information security, the MOST im...; Question 236: Which of the following changes intended to improve and strea...; Question 237: Which of the following is the BEST indicator of the effectiv...; Question 238: Which of the following should be an IS auditor's GREATEST co...; Question 239: Which of the following would be a concern of the auditor tha...; Question 240: Which of the following is an analytical review procedure for...; Question 241: A finance department has a multi-year project to upgrade the...; Question 242: An IS auditor discovers that validation controls in a web ap...; Question 243: Which of the following is MOST important to ensuring the IT ...; Question 244: When responding to an ongoing denial of service (DoS) attack...; Question 245: A computer forensic audit is MOST relevant in which of the f...; Question 246: Which of the following is MOST likely to increase if an orga...; Question 247: Which of the following is the MOST important factor when an ...; Question 248: Which of the following data would be used when performing a ...; Question 249: Which of the following is a preventive control that can prot...; Question 250: An IS auditor is conducting a post-implementation review of ...; Question 251: Which of the following should be the FIRST consideration whe...; Question 252: Which of the following should be done FIRST to protect evide...; Question 253: An external attacker spoofing an internal Internet Protocol ...; Question 254: Which of the following organizational functions is MOST appr...; Question 255: Which of the following should an IS auditor verify FIRST whe...; Question 256: Which of the following should an IS auditor consider FIRST w...; Question 257: Which of the following is the PRIMARY purpose of performing ...; Question 258: During the evaluation of controls for a major application de...; Question 259: In which phase of the internal audit process is contact esta...; Question 260: A chief information officer (CIO) has asked an IS auditor to...; Question 261: During an external review, an IS auditor observes an inconsi...; Question 262: Which of the following documents should specify roles and re...; Question 263: Which of the following is the MOST effective way to evaluate...; Question 264: Which of the following roles is PRIMARILY responsible for mi...; Question 265: Which of the following should be done FIRST to develop an ef...; Question 266: Which of the following should be of GREATEST concern to an I...; Question 267: Which of the following would minimize the risk of losing tra...; Question 268: An IS auditor is providing input to an RFP to acquire a fina...; Question 269: Following an internal audit of a database, management has co...; Question 270: An IS auditor is assigned to review the IS department's qual...; Question 271: An organization wants to classify database tables according ...; Question 272: Which of the following observations should be of GREATEST co...; Question 273: An organization uses public key infrastructure (PKI) to prov...; Question 274: An application development team is also promoting changes to...; Question 275: Which of the following should be an IS auditor's GREATEST co...; Question 276: Which of the following findings would be of GREATEST concern...; Question 277: An IS auditor is evaluating an organization's IT strategy an...; Question 278: In order for a firewall to effectively protect a network aga...; Question 279: Which of the following is the BEST way for an IS auditor to ...; Question 280: For an organization that has plans to implement web-based tr...; Question 281: Which of the following should an IS auditor review FIRST whe...; Question 282: An organization is developing data classification standards ...; Question 283: Which of the following demonstrates the use of data analytic...; Question 284: A review of IT interface controls finds an organization does...; Question 285: During a vendor management database audit, an IS auditor ide...; Question 286: During an audit, the IS auditor finds that in many cases exc...; Question 287: An IS auditor is testing the accuracy of transactions in a s...; Question 288: Which of the following is a deterrent security control that ...; Question 289: Which of the following is the MOST important reason for IS a...; Question 290: Which of the following provides the BEST assurance that an o...; Question 291: Which of the following BEST enables system resiliency for an...; Question 292: An IS auditor finds that communication closets requiring ele...; Question 293: Which of the following is the MOST important consideration w...; Question 294: An organization plans to centrally decommission end-of-life ...; Question 295: An IS auditor observes that each department follows a differ...; Question 296: Which of the following is the GREATEST risk when relying on ...; Question 297: The use of which of the following would BEST enhance a proce...; Question 298: Which of the following should an IS auditor expect to see as...; Question 299: An IS auditor notes that not all security tests were complet...; Question 300: An organization recently implemented a cloud document storag...; Question 301: Which of the following should be the FIRST step in managing ...; Question 302: Which of the following findings should be of GREATEST concer...; Question 303: During an emergency change management audit, an IS auditor n...; Question 304: Which of the following is a PRIMARY benefit of a maturity mo...; Question 305: Which type of framework is BEST suited to illustrate the tra...; Question 306: Which of the following should an IS auditor expect to see in...; Question 307: An IS auditor observes that exceptions have been approved fo...; Question 308: Which of the following is the PRIMARY reason that asset clas...; Question 309: Using swipe cards to limit employee access to restricted are...; Question 310: An IS auditor observes that a bank's web page address is pre...; Question 311: A new regulation in one country of a global organization has...; Question 312: Which of the following is MOST important for an IS auditor t...; Question 313: An employee performs computer operations and, when the situa...; Question 314: Which of the following is critical to the successful establi...; Question 315: Which of the following would BEST detect that a distributed ...; Question 316: Which of the following is the MOST important prerequisite fo...; Question 317: An IS auditor reviewing the physical access section of a sec...; Question 318: Which of the following would be an auditor's GREATEST concer...; Question 319: Which of the following would provide the MOST important inpu...; Question 320: Which of the following would be MOST useful to an organizati...; Question 321: IT management has not implemented action plans for a previou...; Question 322: An IT governance body wants to determine whether IT service ...; Question 323: In a small IT web development company where developers must ...; Question 324: What are the three competing demands to be addressed by proj...; Question 325: What should be an IS auditor's MOST important consideration ...; Question 326: After discussing findings with an auditee, an IS auditor is ...; Question 327: Which of the following would provide the BEST evidence of th...; Question 328: Data from a system of sensors located outside of a network i...; Question 329: Which of the following is a detective control?...; Question 330: Which of the following is MOST likely to increase non-sampli...; Question 331: An organization's IT risk assessment should include the iden...; Question 332: An IS auditor reviewing the IS strategic planning process sh...; Question 333: Evaluating application development projects against a define...; Question 334: During an annual payroll audit, an IS auditor identifies iss...; Question 335: Which of the following should be the PRIMARY role of an inte...; Question 336: An IS auditor is following up on prior period items and find...; Question 337: Which of the following findings should be of GREATEST concer...; Question 338: Which of the following BEST minimizes performance degradatio...; Question 339: What is the BEST way to evaluate a control environment where...; Question 340: To ensure confidentiality through the use of asymmetric encr...; Question 341: During an IT governance audit, an IS auditor notes that IT p...; Question 342: An IS auditor detects that event logging has been disabled o...; Question 343: Which of the following is MOST important for an IS auditor t...; Question 344: During the discussion of a draft audit report, IT management...; Question 345: An organization's enterprise architecture (EA) department de...; Question 346: Which of the following user actions poses the GREATEST risk ...; Question 347: Which of the following is MOST important to effectively mana...; Question 348: The MOST important measure of the effectiveness of an organi...; Question 349: During the implementation of a new system, an IS auditor mus...; Question 350: Which of the following is the BEST source of information for...; Question 351: Which of the following should be the role of internal audit ...; Question 352: An IS auditor finds that a new network connection allows com...; Question 353: An organization has recently implemented a Voice-over IP (Vo...; Question 354: Which of the following would be the BEST criteria for monito...; Question 355: Management states that a recommendation made during a prior ...; Question 356: Which of the following should be of GREATEST concern to an I...; Question 357: Which of the following provides the BEST evidence that all e...; Question 358: Which of the following helps to ensure the integrity of data...; Question 359: An organization has both an IT strategy committee and an IT ...; Question 360: An IS auditor performing a review of a newly purchased softw...; Question 361: A transaction processing system interfaces with the general ...; Question 362: During a review of system access, an IS auditor notes that a...; Question 363: When reviewing a data classification scheme, it is MOST impo...; Question 364: Which of the following is the BEST way to address potential ...; Question 365: Which of the following is MOST important for an organization...; Question 366: Which of the following should an IS auditor recommend as a P...; Question 367: Which of the following is the MOST effective control for pro...; Question 368: An IS auditor is evaluating the log management system for an...; Question 369: Which of the following BEST ensures that effective change ma...; Question 370: An IS auditor is reviewing processes for importing market pr...; Question 371: An IS auditor observes that a business-critical application ...; Question 372: Which of the following is the PRIMARY risk when business uni...; Question 373: An incident response team has been notified of a virus outbr...; Question 374: An IS auditor may be justified in using a SMALLER sample siz...; Question 375: Which of the following should be an IS auditor's GREATEST co...; Question 376: Which type of review is MOST important to conduct when an IS...; Question 377: Which of the following audit findings should be given the HI...; Question 378: An IS audit reveals that an organization is not proactively ...; Question 379: A review of an organization's IT portfolio revealed several ...; Question 380: Which of the following should an organization do to anticipa...; Question 381: An IS auditor identifies that an accounts payable clerk has ...; Question 382: Which of the following is the GREATEST advantage of vulnerab...; Question 383: An IS auditor is reviewing a recent security incident and is...; Question 384: Which of the following is MOST important when implementing a...; Question 385: Following a merger, a review of an international organizatio...; Question 386: Management has requested a post-implementation review of a n...; Question 387: The IS quality assurance (QA) group is responsible for:...; Question 388: Which of the following is an audit reviewer's PRIMARY role w...; Question 389: When auditing the closing stages of a system development pro...; Question 390: Which of the following observations noted during a review of...; Question 391: Which of the following is MOST important to consider when de...; Question 392: What would be an IS auditor's GREATEST concern when conducti...; Question 393: When conducting a requirements analysis for a project, the B...; Question 394: Which of the following is the BEST way to mitigate the risk ...; Question 395: An organization is establishing a steering committee for the...; Question 396: Which of the following management decisions presents the GRE...; Question 397: Which of the following BEST enables an organization to manag...; Question 398: An IS auditor has been tasked with analyzing an organization...; Question 399: An IS auditor has discovered that a cloud-based application ...; Question 400: Which of the following is the BEST way to verify the effecti...; Question 401: Which of the following should an IS auditor do FIRST when as...; Question 402: Which of the following is the BEST evidence that an organiza...; Question 403: When removing a financial application system from production...; Question 404: When is the MOST appropriate time to establish metrics for a...; Question 405: Which of the following is MOST important when defining the I...; Question 406: Which of the following should be the GREATEST concern for an...; Question 407: Which of the following metrics is the BEST indicator of the ...; Question 408: An IS auditor finds that an online retailer is experiencing ...; Question 409: Transaction records from a business database were inadverten...; Question 410: Which of the following is the PRIMARY purpose of conducting ...; Question 411: Which of the following is the BEST approach for determining ...; Question 412: Which of the following should be of GREATEST concern to an I...; Question 413: A small business unit is implementing a control self-assessm...; Question 414: An IT strategic plan that BEST leverages IT in achieving org...; Question 415: Which of the following should be of GREATEST concern to an I...; Question 416: Which of the following is the MOST important prerequisite fo...; Question 417: When reviewing an IT strategic plan, the GREATEST concern wo...; Question 418: Which of the following is MOST important to have in place to...; Question 419: Which of the following is the BEST way for senior audit lead...; Question 420: During the implementation of an upgraded enterprise resource...; Question 421: An organization has implemented a distributed security admin...; Question 422: Which of the following is the BEST reason to implement a dat...; Question 423: Which of the following MOST effectively minimizes downtime d...; Question 424: A white box testing method is applicable with which of the f...; Question 425: An IS auditor concludes that an organization has a quality s...; Question 426: Which of the following is the MOST important element of qual...; Question 427: Which of the following should be the PRIMARY basis for proce...; Question 428: A company converted its payroll system from an external serv...; Question 429: During a follow-up audit, an IS auditor finds that some crit...; Question 430: The PRIMARY benefit of information asset classification is t...; Question 431: Which of the following would be an IS auditor's GREATEST con...; Question 432: Which of the following is MOST important to determine when c...; Question 433: An IT steering committee assists the board of directors in f...; Question 434: Which of the following should be the FIRST step when plannin...; Question 435: When evaluating information security governance within an or...; Question 436: Audits are intended be conducted in accordance with which of...; Question 437: Which of the following is the GREATEST concern when consolid...; Question 438: When classifying information, it is MOST important to align ...; Question 439: One advantage of monetary unit sampling is the fact that...; Question 440: During audit fieldwork, an IS auditor learns that employees ...; Question 441: Which of the following is the BEST method to validate that a...; Question 442: Which of the following BEST enables an organization to balan...; Question 443: A senior auditor is reviewing work papers prepared by a juni...; Question 444: While reviewing an organization's business continuity plan (...; Question 445: In a post-implementation review of a recently purchased syst...; Question 446: An audit has identified that business units have purchased c...; Question 447: Which of the following analytical methods would be MOST usef...; Question 448: Which of the following should be the PRIMARY objective of co...; Question 449: An organization has an acceptable use policy in place, but u...; Question 450: Which of the following is the BEST way to reduce the chance ...; Question 451: Which of the following is the MOST effective way to identify...; Question 452: Which of the following fire suppression systems needs to be ...; Question 453: During an organization's implementation of a data loss preve...; Question 454: An IS auditor is reviewing a client's outsourced payroll sys...; Question 455: Which of the following is the MOST effective control over vi...; Question 456: What should be the PRIMARY basis for selecting which IS audi...; Question 457: The PRIMARY focus of a post-implementation review is to veri...; Question 458: During a follow-up audit, an IS auditor learns that some key...; Question 459: Which of the following is a concern associated with virtuali...; Question 460: An IS auditor finds that one employee has unauthorized acces...; Question 461: Which of the following governance functions is responsible f...; Question 462: Which of the following is MOST important to review when audi...; Question 463: During a follow-up audit, an IS auditor finds that senior ma...; Question 464: Which of the following observations would an IS auditor cons...; Question 465: Which of the following is the MOST effective control to miti...; Question 466: What is the BEST way for an IS auditor to assess the adequac...; Question 467: An organization uses multiple offsite data center facilities...; Question 468: Which of the following is the BEST way to ensure an organiza...; Question 469: End users with read access to a central database can extract...; Question 470: Which of the following should be given GREATEST consideratio...; Question 471: Which of the following is an IS auditor's BEST recommendatio...; Question 472: Due to limited storage capacity, an organization has decided...; Question 473: Which of the following is the MOST important feature of acce...; Question 474: Which of the following security testing techniques is MOST e...; Question 475: Which of the following is the MAIN responsibility of the IT ...; Question 476: Which of the following is the PRIMARY reason to perform a ri...; Question 477: Which of the following would BEST enhance the capability of ...; Question 478: When auditing the alignment of IT to the business strategy, ...; Question 479: Which of the following is the MOST important consideration w...; Question 480: Which of the following controls associated with software dev...; Question 481: A bank has a combination of corporate customer accounts (hig...; Question 482: Which of the following should an IS auditor do FIRST upon fi...; Question 483: Which of the following is an example of inherent risk?...; Question 484: While auditing a small organization's data classification pr...; Question 485: Which of the following findings should be of MOST concern to...; Question 486: Which of the following is the BEST indication that an IT ser...; Question 487: Which of the following should be an IS auditor's PRIMARY foc...; Question 488: Which of the following processes is MOST important to define...; Question 489: An organization has replaced all of the storage devices at i...; Question 490: Which of the following presents the GREATEST concern for an ...; Question 491: As part of business continuity planning, which of the follow...; Question 492: Which of the following is MOST useful for matching records o...; Question 493: Which of the following ensures components of an IT system ar...; Question 494: The concept of due care is best defined as which of the foll...; Question 495: Who is responsible for authorizing data access for users?...; Question 496: Which of the following is MOST important to ensure that elec...; Question 497: Which of the following BEST indicates that an organization's...; Question 498: Which of the following BEST indicates a need to review an or...; Question 499: Which of the following is MOST important to review when eval...; Question 500: Which of the following is the GREATEST impact as a result of...; Question 501: Which of the following observations should be of GREATEST co...; Question 502: A help desk has been contacted regarding a lost business mob...; Question 503: An IS auditor finds that irregularities have occurred and th...; Question 504: Which of the following is the GREATEST risk associated with ...; Question 505: Which of the following is the BEST way for an organization t...; Question 506: Which of the following audit procedures would provide the BE...; Question 507: The use of which of the following is an inherent risk in the...; Question 508: For the implementation of a program change in a production e...; Question 509: Which of the following methods BEST enforces data leakage pr...; Question 510: During a follow-up audit, an IS auditor learns that manageme...; Question 511: A business has requested an audit to determine whether infor...; Question 512: Which of the following is the BEST way to sanitize a hard di...; Question 513: Which of the following best describes the early stages of an...; Question 514: A bank's web-hosting provider has just completed an internal...; Question 515: During the walk-through procedures for an upcoming audit, an...; Question 516: Which of the following access rights presents the GREATEST r...; Question 517: Which of the following is MOST important to ensure when deve...; Question 518: An organization has implemented a policy to require minimum ...; Question 519: Which of the following is the PRIMARY role of the IS auditor...; Question 520: During which IT project phase is it MOST appropriate to cond...; Question 521: The MOST critical security weakness of a packet level firewa...; Question 522: Which of the following security measures will reduce the ris...; Question 523: Which of the following findings should be of GREATEST concer...; Question 524: Which of the following indicates that an internal audit orga...; Question 525: Which of the following BEST enables the timely identificatio...; Question 526: An IS auditor conducts a review of a third-party vendor's re...; Question 527: Which of the following should an IS auditor be MOST concerne...; Question 528: Which of the following is the MOST reliable way for an IS au...; Question 529: Which of the following is the BEST indicator to measure serv...; Question 530: Which of the following is the BEST method to delete sensitiv...; Question 531: During the implementation of an enterprise resource planning...; Question 532: An organization that has suffered a cyberattack is performin...; Question 533: A large organization has a centralized infrastructure team a...; Question 534: When implementing Internet Protocol security (IPsec) archite...; Question 535: An IS audit team is evaluating documentation of the most rec...; Question 536: Which of the following would present the GREATEST concern du...; Question 537: An IS auditor notes the transaction processing times in an o...; Question 538: Which of the following is acceptable to be left out of a fin...; Question 539: An IS auditor wants to determine who has oversight of staff ...; Question 540: An IS auditor has been tasked to review the processes that p...; Question 541: Which of the following should be of GREATEST concern to an I...; Question 542: An online retailer is receiving customer complaints about re...; Question 543: An IS auditor should be MOST concerned with the placement of...; Question 544: Which of the following would be the MOST useful metric for m...; Question 545: Which of the following would BEST demonstrate that an effect...; Question 546: During an operational audit on the procurement department, t...; Question 547: Which of the following is a challenge in developing a servic...; Question 548: The PRIMARY reason for an IS auditor to use data analytics t...; Question 549: Which of the following is the BEST way to determine whether ...; Question 550: Which of the following is the BEST control to help detect in...; Question 551: Which of the following would be of GREATEST concern to an IS...; Question 552: An IS auditor can BEST evaluate the business impact of syste...; Question 553: Which of the following is the MOST effective control to miti...; Question 554: Which of the following is the MOST appropriate control to en...; Question 555: What is the BEST method for securing credit card numbers sto...; Question 556: Which of the following is the BEST use of a maturity model i...; Question 557: Code changes are compiled and placed in a change folder by t...; Question 558: An information systems security officer's PRIMARY responsibi...; Question 559: Which of the following is the GREATEST security concern spec...; Question 560: An organization is running servers with critical business ap...; Question 561: Which of the following is a concern when an organization's d...; Question 562: Which of the following is MOST important for an IS auditor t...; Question 563: Which of the following network topologies will provide the G...; Question 564: When a data center is attempting to restore computing facili...; Question 565: Internal audit is evaluating an organization's IT portfolio ...; Question 566: Which of the following is the MOST important outcome of the ...; Question 567: In which of the following system development life cycle (SDL...; Question 568: A source code repository should be designed to:...; Question 569: Which of the following security risks can be reduced by a pr...; Question 570: Which of the following provides a new IS auditor with the MO...; Question 571: A configuration management audit identified that predefined ...; Question 572: An IS auditor has found that an organization is unable to ad...; Question 573: Which of the following is the MOST appropriate control to ha...; Question 574: An organization performs virtual machine (VM) replication in...; Question 575: Which of the following should be done FIRST when auditing an...; Question 576: Which of the following is the MOST effective method of destr...; Question 577: Which of the following is MOST important when creating a for...; Question 578: Which of the following is MOST important for an IS auditor t...; Question 579: Which of the following indicates an effective change control...; Question 580: Which of the following is the BEST recommendation to mitigat...; Question 581: Which of the following is a core functionality of a configur...; Question 582: In which phase of penetration testing would host detection a...; Question 583: An organization has developed mature risk management practic...; Question 584: Which of the following BEST enables an organization to ident...; Question 585: Which of the following is the BEST indication of effective g...; Question 586: Which of the following is the PRIMARY reason an IS auditor w...; Question 587: The PRIMARY benefit of automating application testing is to:...; Question 588: Which of the following would be a result of utilizing a top-...; Question 589: When performing an audit of a third-party provider, it is MO...; Question 590: Many departments of an organization have not implemented aud...; Question 591: Which of the following would be of MOST concern when determi...; Question 592: When evaluating the design of controls related to network mo...; Question 593: Which of the following is the BEST use of a balanced scoreca...; Question 594: An IS auditor is reviewing documentation from a change that ...; Question 595: Which of the following is the PRIMARY advantage of parallel ...; Question 596: What is the PRIMARY reason for an organization to classify t...; Question 597: A bank's transactional services are exclusively conducted on...; Question 598: Which of the following is the BEST security control to valid...; Question 599: Effective separation of duties in an online environment can ...; Question 600: Which of the following should be of GREATEST concern to an I...; Question 601: Which of the following is the BEST way to evaluate customer ...; Question 602: Which of the following is an example of a corrective control...; Question 603: Which of the following tasks would cause the GREATEST segreg...; Question 604: An IS auditor has discovered that a software system still in...; Question 605: Which of the following audit procedures would be MOST conclu...; Question 606: Which of the following should an IS auditor consider the MOS...; Question 607: Which of the following control measures is the MOST effectiv...; Question 608: What is the purpose of the audit committee?...; Question 609: A financial institution suspects that a manager has been cre...; Question 610: When building or upgrading enterprise cryptographic infrastr...; Question 611: In an area susceptible to unexpected increases in electrical...; Question 612: Which of the following provides the BEST evidence that IT po...; Question 613: Which of the following BEST demonstrates that IT strategy is...; Question 614: Which of the following BEST indicates that an incident manag...; Question 615: Which of the following is the BEST way to mitigate the risk ...; Question 616: During an IT operations audit, multiple unencrypted backup t...; Question 617: Which of the following would be of MOST concern during an au...; Question 618: Which of the following is the GREATEST concern associated wi...; Question 619: Which of the following is the MOST important privacy conside...; Question 620: An IS audit manager was temporarily tasked with supervising ...; Question 621: Which of the following cloud deployment models would BEST me...; Question 622: In the development of a new financial application, the IS au...; Question 623: To create a digital signature in a message using asymmetric ...; Question 624: Which of the following is the MOST critical factor for the s...; Question 625: Which of the following procedures for testing a disaster rec...; Question 626: Which of the following is the BEST control to minimize the r...; Question 627: How does a continuous integration/continuous development (CI...; Question 628: Which of the following is the FIRST step when determining th...; Question 629: What should be an IS auditor's PRIMARY focus when reviewing ...; Question 630: An IS auditor finds that capacity management for a key syste...; Question 631: Which of the following BEST ensures the confidentiality of s...; Question 632: Which of the following BEST enables an IS auditor to priorit...; Question 633: When planning a follow-up, the IS auditor is informed by ope...; Question 634: An organization recently decided to send the backup of its c...; Question 635: Which of the following is the BEST audit procedure to determ...; Question 636: Which of the following is the PRIMARY objective of implement...; Question 637: An IS auditor is auditing the operating effectiveness of wee...; Question 638: An IS auditor is evaluating the progress of a web-based cust...; Question 639: Which of the following presents the GREATEST threat to an or...; Question 640: A database administrator (DBA) should be prevented from:...; Question 641: Which of the following is the MOST useful information for an...; Question 642: When is it MOST important for an IS auditor to apply the con...; Question 643: Which of the following biometric access controls has the HIG...; Question 644: An IS auditor is reviewing an organization's overall inciden...; Question 645: The PRIMARY reason to assign data ownership for protection o...; Question 646: An organization implemented a cybersecurity policy last year...; Question 647: Which task should an IS auditor complete FIRST during the pr...; Question 648: Which of the following areas is MOST likely to be overlooked...; Question 649: A company has implemented an IT segregation of duties policy...; Question 650: An IS auditor is performing an integrated audit covering pay...; Question 651: Which of the following is the PRIMARY advantage of using an ...; Question 652: Which of the following is the BEST indicator that a third-pa...; Question 653: Which of the following is the BEST way to help ensure new IT...; Question 654: An organization has developed processes to recover critical ...; Question 655: Which of the following should be the FIRST step in a data mi...; Question 656: A staff accountant regularly uploads spreadsheets with inven...; Question 657: Which of the following IT processes should be correlated to ...; Question 658: An IS auditor is reviewing an organization's plan to migrate...; Question 659: Which of the following is the GREATEST benefit related to di...; Question 660: Which of the following application input controls would MOST...; Question 661: What is the MOST difficult aspect of access control in a mul...; Question 662: Which of the following is the GREATEST advantage of outsourc...; Question 663: Which of the following is the PRIMARY objective of implement...; Question 664: During an ongoing audit, management requests a briefing on t...; Question 665: Which of the following should be reviewed FIRST when assessi...; Question 666: An organization requires any travel and entertainment expens...; Question 667: Which of the following BEST protects private health informat...; Question 668: Which of the following indicators would BEST demonstrate the...; Question 669: An IS auditor assessing the controls within a newly implemen...; Question 670: What should be the PRIMARY objective of performing a risk as...; Question 671: An IS auditor has scanned an organization's wireless network...; Question 672: Capacity management enables organizations to:...; Question 673: The application systems quality assurance (QA) function shou...; Question 674: Which of the following is false concerning a control self-as...; Question 675: Management has decided to accept a risk in response to a dra...; Question 676: During an audit of a data center with updated technology, th...; Question 677: The decision to accept an IT control risk related to data qu...; Question 678: When an intrusion into an organization's network is detected...; Question 679: Which of the following can BEST reduce the impact of a long-...; Question 680: An IS auditor finds an emergency change request where an IT ...; Question 681: Which of the following is the MOST appropriate indicator of ...; Question 682: Which of the following provides the MOST useful information ...; Question 683: Which of the following methods would BEST ensure that IT str...; Question 684: An organization's business continuity plan (BCP) should be:...; Question 685: Which of the following should be an IS auditor's GREATEST co...; Question 686: An emergency power-off switch should:...; Question 687: Which of the following applications has the MOST inherent ri...; Question 688: Which of the following should be of MOST concern to an IS au...; Question 689: Which of the following should an IS auditor do FIRST when de...; Question 690: If a recent release of a program has to be backed out of pro...; Question 691: Which of the following issues identified during a formal rev...; Question 692: Which of the following techniques provides the BEST assuranc...; Question 693: IT governance should be driven by:...; Question 694: Which of the following provides the MOST useful information ...; Question 695: The two types of tests are referred to as _________ and ____...; Question 696: An organization is planning to hire a third party to develop...; Question 697: Which of the following provides the MOST comprehensive infor...; Question 698: Which of the following would be MOST important to include in...; Question 699: In an environment that automatically reports all program cha...; Question 700: Which of the following is the MOST important advantage of pa...; Question 701: Which of the following is MOST appropriate to prevent unauth...; Question 702: An IS audit reveals an organization has decided not to imple...; Question 703: Which of the following is the GREATEST benefit of an effecti...; Question 704: Which of the following is the MOST important action to ensur...; Question 705: Which of the following should be defined in an audit charter...; Question 706: When planning an audit to assess application controls of a c...; Question 707: An IS auditor assesses an organization's backup management p...; Question 708: In an IT organization where many responsibilities are shared...; Question 709: Which of the following should be done FIRST when a computer ...; Question 710: A bank wants to outsource a system to a cloud provider resid...; Question 711: Which of the following should be an IS auditor's PRIMARY con...; Question 712: Which of the following should be of MOST concern to an IS au...; Question 713: Which of the following is the MOST effective way for an IS a...; Question 714: Which of the following should be of GREATEST concern to an I...; Question 715: A manager identifies active privileged accounts belonging to...; Question 716: Which of the following is MOST important to verify when dete...; Question 717: Which of the following is the MOST appropriate and effective...; Question 718: Which of the following should be identified FIRST during the...; Question 719: During a follow-up, an IS auditor learns the auditee has not...; Question 720: An organization is migrating its HR application to an Infras...; Question 721: An organization needs to comply with data privacy regulation...; Question 722: A new regulation requires organizations to report significan...; Question 723: An IS auditor is observing transaction processing and notes ...; Question 724: The PRIMARY purpose of a configuration management system is ...; Question 725: Which of the following is MOST important for an IS auditor t...; Question 726: Which of the following provides the MOST useful information ...; Question 727: Which of the following is the MOST effective approach in ass...; Question 728: Which of the following is the PRIMARY reason an IS auditor s...; Question 729: An advantage of object-oriented system development is that i...; Question 730: During audit planning, the IS audit manager is considering w...; Question 731: The PRIMARY purpose of running a new system in parallel is t...; Question 732: In data warehouse (DW) management, what is the BEST way to p...; Question 733: An employee approaches an IS auditor and expresses concern a...; Question 734: Which of the following would BEST integrate multiple data wa...; Question 735: Which of the following would aid an IS auditor reviewing the...; Question 736: A client reviewing a preliminary version of the audit report...; Question 737: An organization's security policy mandates that all new empl...; Question 738: Which of the following is the MOST appropriate procedure for...; Question 739: Data anonymization helps to prevent which types of attacks i...; Question 740: Following a recent internal data breach, an IS auditor was a...; Question 741: An internal audit team is deciding whether to use an audit m...; Question 742: IS audit management reviewed the audit work done for a syste...; Question 743: Which of the following would provide the BEST evidence of an...; Question 744: During a review of an organization's network threat response...; Question 745: Which of the following is an effective way to ensure the int...; Question 746: An IS auditor is determining the scope for an upcoming audit...

Question 396/746

LEAVE A REPLY

Download PDF File