A national bank recently migrated a large number of business-critical applications to the cloud. Which of the following is MOST important to ensuring the resiliency of the applications?
#211
Answer: B✅ Correct❌ Incorrect
Which of the following should be an IS auditor's PRIMARY consideration when evaluating the development and design of a privacy program?
#212
Answer: B✅ Correct❌ Incorrect
Which of the following should be of GREATEST concern to an IS auditor reviewing an organization’s newly established enterprise architecture (EA)?
#213
Answer: A✅ Correct❌ Incorrect
Which of the following BEST enables an organization to manage unexpected or on-request jobs?
#214
Answer: B✅ Correct❌ Incorrect
When protecting mobile devices, which of the following is the PRIMARY risk mitigated by authentication controls?
#215
Answer: C✅ Correct❌ Incorrect
During an IT governance audit, an IS auditor notes that IT policies and procedures are not regularly reviewed and updated. The GREATEST concern to the IS auditor is that policies and procedures might not:
#216
Answer: A✅ Correct❌ Incorrect
An organization is experiencing a large number of phishing attacks targeting employees and executives following a press release announcing an acquisition.
Which of the following would provide the BEST defense against these attacks?
#217
Answer: A✅ Correct❌ Incorrect
An IS auditor is reviewing an organization’s cloud access security broker (CASB) solution. Which of the following is MOST important for the auditor to verify?
#218
Answer: A✅ Correct❌ Incorrect
Which of the following is the GREATEST risk of project dashboards being set without sufficiently defined criteria?
#219
Answer: B✅ Correct❌ Incorrect
A health care organization utilizes Internet of Things (IoT) devices to improve patient outcomes through real-time patient monitoring and advanced diagnostics. Which of the following would BEST assist in isolating these devices from corporate network traffic?
#220
Answer: D✅ Correct❌ Incorrect
Which of the following is the MOST important reason for IS auditors to perform post-implementation reviews for critical IT projects?
#221
Answer: D✅ Correct❌ Incorrect
Following a recent internal data breach, an IS auditor was asked to evaluate information security practices within the organization. Which of the following findings would be MOST important to report to senior management?
#222
Answer: B✅ Correct❌ Incorrect
A business unit cannot achieve desired segregation of duties between operations and programming due to size constraints. Which of the following is MOST important for the IS auditor to identify?
#223
Answer: B✅ Correct❌ Incorrect
The BEST way to determine whether programmers have permission to alter data in the production environment is by reviewing:
#224
Answer: A✅ Correct❌ Incorrect
Several unattended laptops containing sensitive customer data were stolen from personnel offices. Which of the following would be an IS auditor's BEST recommendation to protect data in case of recurrence?
#225
Answer: D✅ Correct❌ Incorrect
Management states that a recommendation made during a prior audit has been implemented, but the IS auditor doubts the effectiveness of the actions taken. Which of the following is the auditor’s MOST appropriate course of action?
#226
Answer: C✅ Correct❌ Incorrect
Which of the following types of testing BEST ensures business requirements are met prior to software release?
#227
Answer: B✅ Correct❌ Incorrect
Which of the following methods BEST enforces data leakage prevention in a multi-tenant cloud environment?
#228
Answer: C✅ Correct❌ Incorrect
An IS auditor requests direct access to data required to perform audit procedures instead of asking management to provide the data. Which of the following is the PRIMARY advantage of this approach?
#229
Answer: B✅ Correct❌ Incorrect
An IS auditor finds a segregation of duties issue in an enterprise resource planning (ERP) system. Which of the following is the BEST way to prevent the misconfiguration from recurring?
#230
Answer: D✅ Correct❌ Incorrect
During a follow-up audit, an IS auditor finds that some critical recommendations have not been addressed as management has decided to accept the risk. Which of the following is the IS auditor's BEST course of action?
#231
Answer: C✅ Correct❌ Incorrect
Management has asked internal audit to prioritize and perform a specialized cybersecurity audit, but the IS audit team has no experience in this area. Which of the following is the BEST course of action?
#232
Answer: C✅ Correct❌ Incorrect
When implementing a new IT maturity model, which of the following should occur FIRST?
#233
Answer: A✅ Correct❌ Incorrect
Which of the following is the PRIMARY role of the IS auditor in an organization's information classification process?
#234
Answer: B✅ Correct❌ Incorrect
When reviewing an organization's information security policies, an IS auditor should verify that the policies have been defined PRIMARILY on the basis of:
#235
Answer: C✅ Correct❌ Incorrect
Invoking a business continuity plan (BCP) is demonstrating which type of control?
#236
Answer: B✅ Correct❌ Incorrect
When determining whether a project in the design phase will meet organizational objectives, what is BEST to compare against the business case?
#237
Answer: B✅ Correct❌ Incorrect
When planning an audit to assess application controls of a cloud-based system, it is MOST important for the IS auditor to understand the:
#238
Answer: B✅ Correct❌ Incorrect
The results of an IS audit indicating the need to strengthen controls has been communicated to the appropriate stakeholders. Which of the following is the BEST way for management to enforce implementation of the recommendations?
#239
Answer: C✅ Correct❌ Incorrect
Internal audit is conducting an audit of customer transaction risk. Which of the following would be the BEST reason to use data analytics?