Which of the following is the MOST appropriate control to have in place after data migration?
#31
Answer: A✅ Correct❌ Incorrect
Due to technical limitations, an organization is not able to implement encryption of credit card details in the customer database. Which of the following would provide the BEST assurance of data confidentiality?
#32
Answer: A✅ Correct❌ Incorrect
Which of the following issues identified during a formal review of an organization's information security policies presents the GREATEST potential risk to the organization?
#33
Answer: C✅ Correct❌ Incorrect
The objectives of business process reengineering (BPR) should PRIMARILY include:
#34
Answer: D✅ Correct❌ Incorrect
Which of the following should be the GREATEST concern for an IS auditor reviewing the implementation of a security information and event management (SIEM) system?
#35
Answer: B✅ Correct❌ Incorrect
An organization that has suffered a cyberattack is performing a forensic analysis of the affected users' computers. Which of the following should be of GREATEST concern for the IS auditor reviewing this process?
#36
Answer: A✅ Correct❌ Incorrect
The members of an emergency incident response team should be:
#37
Answer: D✅ Correct❌ Incorrect
Which of the following is the BEST indicator that an application system's agreed-upon level of service has been met?
#38
Answer: A✅ Correct❌ Incorrect
The PRIMARY benefit to using a dry-pipe fire-suppression system rather than a wet-pipe system is that a dry-pipe system:
#39
Answer: B✅ Correct❌ Incorrect
After the merger of two organizations, which of the following is the MOST important task for an IS auditor to perform?
#40
Answer: C✅ Correct❌ Incorrect
Which of the following is MOST important for an organization to consider when planning to outsource data storage to a third-party provider?
#41
Answer: B✅ Correct❌ Incorrect
An IS auditor has been tasked with analyzing an organization's capital expenditures against its repair and maintenance costs. Which of the following is the BEST reason to use a data analytics tool for this purpose?
#42
Answer: D✅ Correct❌ Incorrect
Which of the following presents the GREATEST risk associated with end-user computing (EUC) applications over financial reporting?
#43
Answer: B✅ Correct❌ Incorrect
An IS auditor should look for which of the following to ensure the risk associated with scope creep has been mitigated during software development?
#44
Answer: B✅ Correct❌ Incorrect
Which of the following is MOST important to consider when defining disaster recovery strategies?
#45
Answer: C✅ Correct❌ Incorrect
A help desk has been contacted regarding a lost business mobile device. The FIRST course of action should be to:
#46
Answer: B✅ Correct❌ Incorrect
When conducting a requirements analysis for a project, the BEST approach would be to:
#47
Answer: D✅ Correct❌ Incorrect
When evaluating information security governance within an organization, which of the following findings should be of MOST concern to an IS auditor?
#48
Answer: C✅ Correct❌ Incorrect
During a post-implementation review, an IS auditor learns that while benefits were realized according to the business case, complications during implementation added to the cost of the solution. Which of the following is the auditor's BEST course of action?
#49
Answer: B✅ Correct❌ Incorrect
When reviewing an organization's IT governance processes, which of the following provides the BEST indication that information security expectations are being met at all levels?
#50
Answer: A✅ Correct❌ Incorrect
Which of the following should be the role of internal audit in an organization’s move to the cloud?
#51
Answer: A✅ Correct❌ Incorrect
Which of the following should be the role of internal audit in an organization’s move to the cloud?
#52
Answer: B✅ Correct❌ Incorrect
How does a switched network reduce the risk of network sniffing?
#53
Answer: B✅ Correct❌ Incorrect
Which of the following is the MOST effective way for internal audit management to ensure the quality of IS audits is maintained?
#54
Answer: A✅ Correct❌ Incorrect
During a review of an organization's network threat response process, the IS auditor noticed that the majority of alerts were closed without resolution.
Management responded that those alerts were unworkable due to lack of actionable intelligence, and therefore the support team is allowed to close them. What is the BEST way for the auditor to address this situation?
#55
Answer: A✅ Correct❌ Incorrect
When assessing whether an organization's IT performance measures are comparable to other organizations in the same industry, which of the following would be
MOST helpful to review?
#56
Answer: C✅ Correct❌ Incorrect
An employee approaches an IS auditor and expresses concern about a critical security issue in a newly installed application. Which of the following would be the
MOST appropriate action for the auditor to take?
#57
Answer: A✅ Correct❌ Incorrect
An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization's objectives?
#58
Answer: D✅ Correct❌ Incorrect
The PRIMARY objective of value delivery in reference to IT governance is to:
#59
Answer: B✅ Correct❌ Incorrect
What is the MAIN purpose of an organization's internal IS audit function?