Which of the following is an IS auditor's GREATEST concern when an organization does not regularly update software on individual workstations in the internal environment?
#1
Answer: D✅ Correct❌ Incorrect
Which of the following provides the BEST audit evidence that a firewall is configured in compliance with the organization's security policy?
#2
Answer: C✅ Correct❌ Incorrect
During a follow-up audit, an IS auditor finds that senior management has implemented a different remediation action plan than what was previously agreed upon. Which of the following is the auditor's BEST course of action?
#3
Answer: C✅ Correct❌ Incorrect
Which of the following is MOST important for an IS auditor to verify when reviewing a management information system (MIS)?
#4
Answer: B✅ Correct❌ Incorrect
Which of the following BEST enables an IS auditor to combine and compare access control lists from various applications and devices?
#5
Answer: D✅ Correct❌ Incorrect
Which of the following would BEST integrate multiple data warehouses while reducing the workload required for moving data between the warehouses?
#6
Answer: B✅ Correct❌ Incorrect
A confidential file was sent to a legal entity, and hashing was used on the file. Which type of control has been applied?
#7
Answer: D✅ Correct❌ Incorrect
An IS auditor is performing a follow-up audit and notes that some critical deficiencies have not been addressed. The auditor's BEST course of action is to:
#8
Answer: D✅ Correct❌ Incorrect
Which of the following is the BEST way to help ensure new IT implementations align with enterprise architecture (EA) principles and requirements?
#9
Answer: B✅ Correct❌ Incorrect
Which of the following is MOST important to confirm when evaluating an IT organization's structure?
#10
Answer: A✅ Correct❌ Incorrect
Which of the following is MOST useful for matching records of incoming and outgoing personnel to identify tailgating in physical security logs?
#11
Answer: D✅ Correct❌ Incorrect
Due to system limitations, segregation of duties (SoD) cannot be enforced in an accounts payable system. Which of the following is the IS auditor's BEST recommendation for a compensating control?
#12
Answer: A✅ Correct❌ Incorrect
An IS auditor assesses an organization's backup management practices for optimization potential. Which of the following features of a regular backup tape reorganization job BEST enables the organization to realize cost savings?
#13
Answer: B✅ Correct❌ Incorrect
Which of the following is MOST important to define within a disaster recovery plan (DRP)?
#14
Answer: C✅ Correct❌ Incorrect
Which of the following findings should be of MOST concern to an IS auditor assessing agile software development practices?
#15
Answer: A✅ Correct❌ Incorrect
A finance department has a multi-year project to upgrade the enterprise resource planning (ERP) system hosting the general ledger, and in year one, the system version upgrade will be applied. Which of the following should be the PRIMARY focus of the IS auditor reviewing the first year of the project?
#16
Answer: C✅ Correct❌ Incorrect
Which of the following provides the MOST useful information to an IS auditor when selecting projects for inclusion in an IT audit plan?
#17
Answer: B✅ Correct❌ Incorrect
Which type of device sits on the perimeter of a corporate or home network, where it obtains a public IP address and then generates private IP addresses internally?
#18
Answer: D✅ Correct❌ Incorrect
An IS auditor observes that a large number of departed employees have not been removed from the accounts payable system. Which of the following is MOST important to determine in order to assess the risk?
#19
Answer: A✅ Correct❌ Incorrect
Which of the following audit findings should be given the HIGHEST priority?
#20
Answer: C✅ Correct❌ Incorrect
When classifying information, it is MOST important to align the classification to:
#21
Answer: A✅ Correct❌ Incorrect
An organization's information security department has recently created a centralized governance model to ensure that network-related findings are remediated within the service level agreement (SLA). What should the IS auditor use to assess the maturity and capability of this governance model?
#22
Answer: D✅ Correct❌ Incorrect
The performance, risks, and capabilities of an IT infrastructure are BEST measured using a:
#23
Answer: D✅ Correct❌ Incorrect
To develop meaningful recommendations for findings, which of the following is MOST important for an IS auditor to determine and understand?
#24
Answer: D✅ Correct❌ Incorrect
An organization allows employees to use personally owned mobile devices to access customers' personal information. Which of the following is MOST important for an IS auditor to verify?
#25
Answer: D✅ Correct❌ Incorrect
Which of the following occurs during the issues management process for a system development project?
#26
Answer: D✅ Correct❌ Incorrect
An IS auditor has been asked to advise on measures to improve IT governance within the organization. Which of the following is the BEST recommendation?
#27
Answer: D✅ Correct❌ Incorrect
From an IS auditor's perspective, which of the following would be the GREATEST risk associated with an incomplete inventory of deployed software in an organization?
#28
Answer: D✅ Correct❌ Incorrect
An IS auditor finds that firewalls are outdated and not supported by vendors. Which of the following should be the auditor's NEXT course of action?
#29
Answer: B✅ Correct❌ Incorrect
A third-party consultant is managing the replacement of an accounting system. Which of the following should be the IS auditor's GREATEST concern?