ISACA.CISA.v2019-02-23.q896

Exam Code:CISA
Exam Name:Certified Information Systems Auditor
Certification Provider:ISACA
Free Question Number:896
Version:v2019-02-23
Rating:
# of views:168
# of Questions views:11784
Start Practice Test

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Other Version
464 viewsISACA.CISA.v2018-10-27.q803
340 viewsISACA.CISA.v2018-09-19.q770
366 viewsISACA.Cisa.v2018-02-25.q1069
581 viewsISACA.CISA.v2017-11-28.q1100
Exam Question List
Question 1: An IS auditor has audited a business continuity plan (BCP). ...
Question 2: An IS auditor reviewing the implementation of an intrusion d...
Question 3: During a review of a customer master file, an IS auditor dis...
Question 4: When preparing an audit report, the IS auditor should ensure...
Question 5: A structured walk-through test of a disaster recovery plan i...
Question 6: What can be implemented to provide the highest level of prot...
Question 7: An organization has a recovery time objective (RTO) equal to...
Question 8: A hard disk containing confidential data was damaged beyond ...
Question 9: What is an edit check to determine whether a field contains ...
Question 10: Integer overflow occurs primarily with:...
Question 11: Which of the following provides the BEST evidence of an orga...
Question 12: If the recovery time objective (RTO) increases:...
Question 13: When storing data archives off-site, what must be done with ...
Question 14: The IT balanced scorecard is a business governance tool inte...
Question 15: Who is accountable for maintaining appropriate security meas...
Question 16: A critical function of a firewall is to act as a:...
Question 17: During an application audit, an IS auditor finds several pro...
Question 18: A legacy payroll application is migrated to a new applicatio...
Question 19: When should systems administrators first assess the impact o...
Question 20: The GREATEST advantage of rapid application development (RAD...
Question 21: Which of the following recovery strategies is MOST appropria...
Question 22: Which of the following is MOST is critical during the busine...
Question 23: Which of the following is the PRIMARY purpose for conducting...
Question 24: Which of the following findings should an IS auditor be MOST...
Question 25: Codes from exploit programs are frequently reused in:...
Question 26: What are used as a countermeasure for potential database cor...
Question 27: The specific advantage of white box testing is that it:...
Question 28: Which of the following procedures would BEST determine wheth...
Question 29: Which of the following is the BEST way to satisfy a two-fact...
Question 30: When planning an audit of a network setup, an IS auditor sho...
Question 31: Which of the following attack is also known as Time of Check...
Question 32: Which of the following would BEST ensure continuity of a wid...
Question 33: The final decision to include a material finding in an audit...
Question 34: TEMPEST is a hardware for which of the following purposes?...
Question 35: Which of the following should be included in a feasibility s...
Question 36: Am advantage of the use of hot sites as a backup alternative...
Question 37: Which of the following uses a prototype that can be updated ...
Question 38: Before implementing controls, management should FIRST ensure...
Question 39: The GREATEST advantage of using web services for the exchang...
Question 40: Which of the following is the most fundamental step in preve...
Question 41: An IS auditor finds that not all employees are aware of the ...
Question 42: During an implementation review of a multiuser distributed a...
Question 43: Machines that operate as a closed system can NEVER be eavesd...
Question 44: When performing a computer forensic investigation, in regard...
Question 45: Which of the following method is recommended by security pro...
Question 46: What kind of protocols does the OSI Transport Layer of the T...
Question 47: Though management has stated otherwise, an IS auditor has re...
Question 48: Which of the following types of attack works by taking advan...
Question 49: Which are the two primary types of scanner used for protecti...
Question 50: What should an IS auditor do if he or she observes that proj...
Question 51: Which of the following must exist to ensure the viability of...
Question 52: Which of the following is the GREATEST risk when storage gro...
Question 53: The decisions and actions of an IS auditor are MOST likely t...
Question 54: Documentation of a business case used in an IT development p...
Question 55: When developing a risk management program, what is the FIRST...
Question 56: What is the primary security concern for EDI environments?...
Question 57: While observing a full simulation of the business continuity...
Question 58: Which of the following type of lock uses a magnetic or embed...
Question 59: An IS auditor invited to a development project meeting notes...
Question 60: In the event of a data center disaster, which of the followi...
Question 61: A clerk changed the interest rate for a loan on a master fil...
Question 62: An efficient use of public key infrastructure (PKI) should e...
Question 63: When reviewing print systems spooling, an IS auditor is MOST...
Question 64: A core tenant of an IS strategy is that it must:...
Question 65: An IS auditor is told by IS management that the organization...
Question 66: Effective IT governance requires organizational structures a...
Question 67: When conducting a penetration test of an IT system, an organ...
Question 68: The vice president of human resources has requested an audit...
Question 69: The use of a GANTT chart can:
Question 70: Which of the following types of attack makes use of common c...
Question 71: Two-factor authentication can be circumvented through which ...
Question 72: Who is primarily responsible for storing and safeguarding th...
Question 73: What is/are used to measure and ensure proper network capaci...
Question 74: A number of system failures are occurring when corrections t...
Question 75: In addition to the backup considerations for all systems, wh...
Question 76: Database snapshots can provide an excellent audit trail for ...
Question 77: When participating in a systems-development project, an IS a...
Question 78: Which of the following is MOST likely to result from a busin...
Question 79: Which of the following public key infrastructure (PKI) eleme...
Question 80: To address an organization's disaster recovery requirements,...
Question 81: Which of the following PBX feature provides the possibility ...
Question 82: After observing suspicious activities in a server, a manager...
Question 83: Which of the following is a management technique that enable...
Question 84: Which of the following measures can effectively minimize the...
Question 85: To reduce the possibility of losing data during processing, ...
Question 86: What method might an IS auditor utilize to test wireless sec...
Question 87: The use of digital signatures:
Question 88: Which of the following controls would an IS auditor look for...
Question 89: As an outcome of information security governance, strategic ...
Question 90: What kind of testing should programmers perform following an...
Question 91: What is the BEST action to prevent loss of data integrity or...
Question 92: While evaluating software development practices in an organi...
Question 93: Which of the following systems or tools can recognize that a...
Question 94: Which of the following devices extends the network and has t...
Question 95: A LAN administrator normally would be restricted from:...
Question 96: Which of the following is a risk of cross-training?...
Question 97: Which of the following PBX feature supports shared extension...
Question 98: What can be used to gather evidence of network attacks?...
Question 99: In computer forensic which of the following describe the pro...
Question 100: Which of the following is used to evaluate biometric access ...
Question 101: Regarding a disaster recovery plan, the role of an IS audito...
Question 102: Which of the following could lead to an unintentional loss o...
Question 103: An IS auditor usually places more reliance on evidence direc...
Question 104: Establishing the level of acceptable risk is the responsibil...
Question 105: An IS auditor should be MOST concerned with what aspect of a...
Question 106: What process is used to validate a subject's identity?...
Question 107: Which of the following should an IS auditor recommend to BES...
Question 108: An IS auditor issues an audit report pointing out the lack o...
Question 109: Involvement of senior management is MOST important in the de...
Question 110: Which of the following is the MOST critical step in planning...
Question 111: Which of the following functions is performed by a virtual p...
Question 112: A proposed transaction processing application will have many...
Question 113: To ensure authentication, confidentiality and integrity of a...
Question 114: Which of the following is a guiding best practice for implem...
Question 115: Which of the following terms generally refers to small progr...
Question 116: What process allows IS management to determine whether the a...
Question 117: Obtaining user approval of program changes is very effective...
Question 118: Which of the following provides the GREATEST assurance of me...
Question 119: Using the OSI reference model, what layer(s) is/are used to ...
Question 120: In the event of a disruption or disaster, which of the follo...
Question 121: In reviewing the IS short-range (tactical) plan, an IS audit...
Question 122: While designing the business continuity plan (BCP) for an ai...
Question 123: Which of the following is a telecommunication device that tr...
Question 124: What are often the primary safeguards for systems software a...
Question 125: The role of the certificate authority (CA) as a third party ...
Question 126: A control that detects transmission errors by appending calc...
Question 127: Which of the following is a concern when data are transmitte...
Question 128: ALL computer programming languages are vulnerable to command...
Question 129: IT control objectives are useful to IS auditors, as they pro...
Question 130: Which of the following BEST describes the role of a director...
Question 131: An IS auditor finds out-of-range data in some tables of a da...
Question 132: A hardware control that helps to detect errors when data are...
Question 133: Which of the following represents the GREATEST potential ris...
Question 134: Which of the following provides nonrepudiation services for ...
Question 135: Which of the following is of greatest concern when performin...
Question 136: An IS auditor reviewing an organization's IS disaster recove...
Question 137: Which of the following attack includes social engineering, l...
Question 138: An organization is disposing of a number of laptop computers...
Question 139: After a full operational contingency test, an IS auditor per...
Question 140: Which of the following malware technical fool's malware by a...
Question 141: Which of the following would an IS auditor consider a weakne...
Question 142: Failure in which of the following testing stages would have ...
Question 143: A comprehensive and effective e-mail policy should address t...
Question 144: Which of the following is the initial step in creating a fir...
Question 145: Which of the following BEST describes the concept of ""defen...
Question 146: When installing an intrusion detection system (IDS), which o...
Question 147: The PRIMARY purpose of implementing Redundant Array of Inexp...
Question 148: Which of the following would an IS auditor consider to be th...
Question 149: Which of the following is a prevalent risk in the developmen...
Question 150: In transport mode, the use of the Encapsulating Security Pay...
Question 151: The PRIMARY benefit of implementing a security program as pa...
Question 152: For which of the following applications would rapid recovery...
Question 153: Off-site data backup and storage should be geographically se...
Question 154: What influences decisions regarding criticality of assets?...
Question 155: To ensure that audit resources deliver the best value to the...
Question 156: Allowing application programmers to directly patch or change...
Question 157: "Nowadays, computer security comprises mainly "preventive"" ...
Question 158: The PRIMARY purpose of an IT forensic audit is:...
Question 159: The MOST effective control for addressing the risk of piggyb...
Question 160: Disaster recovery planning (DRP) for a company's computer sy...
Question 161: An IS auditor inspected a windowless room containing phone s...
Question 162: Data edits are implemented before processing and are conside...
Question 163: Structured programming is BEST described as a technique that...
Question 164: An IS auditor has been assigned to review IT structures and ...
Question 165: When developing a security architecture, which of the follow...
Question 166: When auditing the proposed acquisition of a new computer sys...
Question 167: During a review of a business continuity plan, an IS auditor...
Question 168: How do modems (modulation/demodulation) function to facilita...
Question 169: During the planning stage of an IS audit, the PRIMARY goal o...
Question 170: The MAIN purpose of a transaction audit trail is to:...
Question 171: Which of the following should be included in an organization...
Question 172: An IS auditor is reviewing a project to implement a payment ...
Question 173: ________________ (fill in the blank) should be implemented a...
Question 174: Which of the following can help detect transmission errors b...
Question 175: To protect a VoIP infrastructure against a denial-of-service...
Question 176: An IS auditor was hired to review e-business security. The I...
Question 177: Atomicity enforces data integrity by ensuring that a transac...
Question 178: What is a risk associated with attempting to control physica...
Question 179: A project manager of a project that is scheduled to take 18 ...
Question 180: From a control perspective, the key element in job descripti...
Question 181: An IS auditor evaluates the test results of a modification t...
Question 182: Which of the following is an effective method for controllin...
Question 183: The IS management of a multinational company is considering ...
Question 184: Which of the following is the GREATEST concern when an organ...
Question 185: Which of the following would be BEST prevented by a raised f...
Question 186: In a contract with a hot, warm or cold site, contractual pro...
Question 187: Who is ultimately responsible and accountable for reviewing ...
Question 188: Which of the following is the MOST important IS audit consid...
Question 189: Which of the following encryption methods uses a matching pa...
Question 190: Which of the following implementation modes would provide th...
Question 191: Which of the following is a program evaluation review techni...
Question 192: An IS auditor is performing an audit of a remotely managed s...
Question 193: Which of the following will replace system binaries and/or h...
Question 194: The traditional role of an IS auditor in a control self-asse...
Question 195: What type of fire-suppression system suppresses fire via wat...
Question 196: What type of BCP test uses actual resources to simulate a sy...
Question 197: An IS auditor conducting a review of disaster recovery plann...
Question 198: What is the BEST backup strategy for a large database with d...
Question 199: An organization currently using tape backups takes one full ...
Question 200: When performing an IS strategy audit, an IS auditor should r...
Question 201: Which of the following systems-based approaches would a fina...
Question 202: As updates to an online order entry system are processed, th...
Question 203: The purpose of a checksum on an amount field in an electroni...
Question 204: Human error is being HEAVILY relied upon on by which of the ...
Question 205: Which of the following technique is NOT used by a preacher a...
Question 206: Which of the following would have the HIGHEST priority in a ...
Question 207: Which of the following fire suppression systems is MOST appr...
Question 208: A hub is a device that connects:...
Question 209: Which of the following penetration tests would MOST effectiv...
Question 210: Which of the following is an advantage of prototyping?...
Question 211: A web server is attacked and compromised. Which of the follo...
Question 212: The success of control self-assessment (CSA) highly depends ...
Question 213: An organization's disaster recovery plan should address earl...
Question 214: In determining the acceptable time period for the resumption...
Question 215: An offsite information processing facility with electrical w...
Question 216: Which of the following is best suited for searching for addr...
Question 217: Which of the following would provide the highest degree of s...
Question 218: An IT steering committee should review information systems P...
Question 219: The PRIMARY objective of business continuity and disaster re...
Question 220: An example of a direct benefit to be derived from a proposed...
Question 221: Which of the following activities performed by a database ad...
Question 222: The ultimate purpose of IT governance is to:...
Question 223: Which of the following is penetration test where the penetra...
Question 224: During the audit of an acquired software package, an IS audi...
Question 225: Which of the following measures can protect systems files an...
Question 226: When should application controls be considered within the sy...
Question 227: An integrated test facility is not considered a useful audit...
Question 228: Which of the following insurance types provide for a loss ar...
Question 229: Which of the following online auditing techniques is most ef...
Question 230: In auditing a web server, an IS auditor should be concerned ...
Question 231: Which of the following is an environmental issue caused by e...
Question 232: Which of the following is the MOST important consideration w...
Question 233: An IS auditor reviewing an organization that uses cross-trai...
Question 234: Company.com has contracted with an external consulting firm ...
Question 235: You may reduce a cracker's chances of success by (choose all...
Question 236: The optimum business continuity strategy for an entity is de...
Question 237: When conducting a penetration test of an organization's inte...
Question 238: Which of the following sampling methods is MOST useful when ...
Question 239: Which of the following is the MOST important function to be ...
Question 240: Which of the following should an IS auditor use to detect du...
Question 241: Although BCP and DRP are often implemented and tested by mid...
Question 242: Talking about the different approaches to security in comput...
Question 243: What protects an application purchaser's ability to fix or c...
Question 244: Which of the following is a distinctive feature of the Secur...
Question 245: The phases and deliverables of a system development life cyc...
Question 246: Which of the following BEST characterizes a mantrap or deadm...
Question 247: Which of the following issues should be the GREATEST concern...
Question 248: To address the risk of operations staff's failure to perform...
Question 249: Which of the following is often used as a detection and dete...
Question 250: Which audit technique provides the BEST evidence of the segr...
Question 251: Whenever business processes have been re-engineered, the IS ...
Question 252: The initial step in establishing an information security pro...
Question 253: What is essential for the IS auditor to obtain a clear under...
Question 254: Which of the following internet security threats could compr...
Question 255: The BEST overall quantitative measure of the performance of ...
Question 256: A hot site should be implemented as a recovery strategy when...
Question 257: How does the process of systems auditing benefit from using ...
Question 258: An IS auditor's PRIMARY concern when application developers ...
Question 259: The cost of ongoing operations when a disaster recovery plan...
Question 260: Which of the following cryptographic systems is MOST appropr...
Question 261: Off-site data storage should be kept synchronized when prepa...
Question 262: An IS auditor selects a server for a penetration test that w...
Question 263: During a security audit of IT processes, an IS auditor found...
Question 264: An IS auditor finds that, in accordance with IS policy, IDs ...
Question 265: A medium-sized organization, whose IT disaster recovery meas...
Question 266: An IS auditor who has discovered unauthorized transactions d...
Question 267: Which of the following environmental controls is appropriate...
Question 268: An IS auditor performing detailed network assessments and ac...
Question 269: The MOST significant level of effort for business continuity...
Question 270: Which of the following statement is NOT true about Voice-Ove...
Question 271: The GREATEST risk posed by an improperly implemented intrusi...
Question 272: The MOST likely explanation for the use of applets in an Int...
Question 273: Which of the following ensures confidentiality of informatio...
Question 274: Which of the following would be MOST important for an IS aud...
Question 275: Who is responsible for providing adequate physical and logic...
Question 276: Which of the following is MOST critical for the successful i...
Question 277: Which of the following should an IS auditor review to unders...
Question 278: Function Point Analysis (FPA) provides an estimate of the si...
Question 279: Which of the following is the GREATEST risk of an inadequate...
Question 280: When reviewing an active project, an IS auditor observed tha...
Question 281: What should an organization do before providing an external ...
Question 282: An organization is implementing an enterprise resource plann...
Question 283: Normally, it would be essential to involve which of the foll...
Question 284: A manager of a project was not able to implement all audit r...
Question 285: What is a reliable technique for estimating the scope and co...
Question 286: An organization is implementing a new system to replace a le...
Question 287: Which of the following techniques would BEST help an IS audi...
Question 288: The PRIMARY purpose of a business impact analysis (BIA) is t...
Question 289: Which of the following programs would a sound information se...
Question 290: Assessing IT risks is BEST achieved by:...
Question 291: A firm is considering using biometric fingerprint identifica...
Question 292: When developing a disaster recovery plan, the criteria for d...
Question 293: Which of the following is the MOST likely reason why e-mail ...
Question 294: If senior management is not committed to strategic planning,...
Question 295: When reviewing the procedures for the disposal of computers,...
Question 296: IT governance is PRIMARILY the responsibility of the:...
Question 297: Which of the following is of greatest concern to the IS audi...
Question 298: Which of the following should be considered FIRST when imple...
Question 299: Many IT projects experience problems because the development...
Question 300: Effective IT governance will ensure that the IT plan is cons...
Question 301: In an organization, the responsibilities for IT security are...
Question 302: In computer forensics, which of the following is the process...
Question 303: At the completion of a system development project, a post pr...
Question 304: When auditing security for a data center, an IS auditor shou...
Question 305: Which of the following provide(s) near-immediate recoverabil...
Question 306: Which of the following data validation edits is effective in...
Question 307: While reviewing the business continuity plan of an organizat...
Question 308: Why does an IS auditor review an organization chart?...
Question 309: When should reviewing an audit client's business plan be per...
Question 310: Which of the following is the GREATEST risk when implementin...
Question 311: In an EDI process, the device which transmits and receives e...
Question 312: An advantage of a continuous audit approach is that it can i...
Question 313: An IS auditor who was involved in designing an organization'...
Question 314: To address a maintenance problem, a vendor needs remote acce...
Question 315: Input/output controls should be implemented for which applic...
Question 316: Which of the following attack redirects outgoing message fro...
Question 317: Identify the correct sequence which needs to be followed as ...
Question 318: Which of the following types of attack makes use of unfilter...
Question 319: Which of the following system and data conversion strategies...
Question 320: Which of the following process consist of identification and...
Question 321: Everything not explicitly permitted is forbidden has which o...
Question 322: The 'trusted systems' approach has been predominant in the d...
Question 323: Management considered two projections for its business conti...
Question 324: A manufacturing firm wants to automate its invoice payment s...
Question 325: The purpose of a deadman door controlling access to a comput...
Question 326: In a public key infrastructure, a registration authority:...
Question 327: Which of the following is the BEST information source for ma...
Question 328: An IS auditor discovers that developers have operator access...
Question 329: Which of the following is a continuity plan test that uses a...
Question 330: What is used to develop strategically important systems fast...
Question 331: An IS auditor reviewing an outsourcing contract of IT facili...
Question 332: Which of the following ensures the availability of transacti...
Question 333: Which of the following is a dynamic analysis tool for the pu...
Question 334: Who is ultimately accountable for the development of an IS s...
Question 335: What increases encryption overhead and cost the most?...
Question 336: A sender of an e-mail message applies a digital signature to...
Question 337: A local area network (LAN) administrator normally would be r...
Question 338: While copying files from a floppy disk, a user introduced a ...
Question 339: Which of the following should be the MOST important criterio...
Question 340: An IS auditor should be concerned when a telecommunication a...
Question 341: In the process of evaluating program change controls, an IS ...
Question 342: When developing a risk-based audit strategy, an IS auditor c...
Question 343: Active radio frequency ID (RFID) tags are subject to which o...
Question 344: Which of the following should be of MOST concern to an IS au...
Question 345: Why is the WAP gateway a component warranting critical conce...
Question 346: When using a digital signature, the message digest is comput...
Question 347: An IS auditor is assigned to perform a post implementation r...
Question 348: A check digit is an effective edit check to:...
Question 349: The difference between a vulnerability assessment and a pene...
Question 350: An organization is migrating from a legacy system to an ente...
Question 351: Users are issued security tokens to be used in combination w...
Question 352: Which of the following would be the BEST method for ensuring...
Question 353: An IS auditor reviewing the key roles and responsibilities o...
Question 354: Which of the following ensures a sender's authenticity and a...
Question 355: Functional acknowledgements are used:...
Question 356: Responsibility for the governance of IT should rest with the...
Question 357: What supports data transmission through split cable faciliti...
Question 358: Applying a digital signature to data traveling in a network ...
Question 359: An IS auditor notes that IDS log entries related to port sca...
Question 360: When using an integrated test facility (ITF), an IS auditor ...
Question 361: An organization has a number of branches across a wide geogr...
Question 362: Which of the following would impair the independence of a qu...
Question 363: An IS auditor conducting a review of disaster recovery plann...
Question 364: Host Based ILD&P primarily addresses the issue of:...
Question 365: Which of the following is a mechanism for mitigating risks?...
Question 366: What should IS auditors always check when auditing password ...
Question 367: A long-term IS employee with a strong technical background a...
Question 368: Which of the following is the MOST reliable form of single f...
Question 369: Information for detecting unauthorized input from a terminal...
Question 370: What must an IS auditor understand before performing an appl...
Question 371: Which of the following antispam filtering techniques would B...
Question 372: Run-to-run totals can verify data through which stage(s) of ...
Question 373: Disabling which of the following would make wireless local a...
Question 374: During an audit, an IS auditor notes that an organization's ...
Question 375: The PRIMARY objective of Secure Sockets Layer (SSL) is to en...
Question 376: A top-down approach to the development of operational polici...
Question 377: Which of the following is the MOST reliable sender authentic...
Question 378: Which of the following will BEST ensure the successful offsh...
Question 379: A lower recovery time objective (RTO) results in:...
Question 380: When reviewing IS strategies, an IS auditor can BEST assess ...
Question 381: Which of the following is a substantive test?...
Question 382: During an exit interview, in cases where there is disagreeme...
Question 383: After completing the business impact analysis (BIA), what is...
Question 384: The network of an organization has been the victim of severa...
Question 385: The human resources (HR) department has developed a system t...
Question 386: An IS auditor who is reviewing incident reports discovers th...
Question 387: What is the recommended initial step for an IS auditor to im...
Question 388: Of the following alternatives, the FIRST approach to develop...
Question 389: What is the lowest level of the IT governance maturity model...
Question 390: Back Orifice is an example of:
Question 391: The PRIMARY goal of a web site certificate is:...
Question 392: What can be very helpful to an IS auditor when determining t...
Question 393: An IS auditor finds that a system under development has 12 l...
Question 394: A disaster recovery plan for an organization's financial sys...
Question 395: An IS auditor reviewing an accounts payable system discovers...
Question 396: During a postimplementation review of an enterprise resource...
Question 397: The development of an IS security policy is ultimately the r...
Question 398: What topology provides the greatest redundancy of routes and...
Question 399: To minimize the cost of a software project, quality manageme...
Question 400: Which of the following method should be recommended by secur...
Question 401: Which of the following is the key benefit of control self-as...
Question 402: Disaster recovery planning (DRP) addresses the:...
Question 403: Which of the following aspects of symmetric key encryption i...
Question 404: Which of the following provides the best evidence of the ade...
Question 405: Any changes in systems assets, such as replacement of hardwa...
Question 406: Which of the following tasks should be performed FIRST when ...
Question 407: If an IS auditor observes that an IS department fails to use...
Question 408: Which of the following is an advantage of an integrated test...
Question 409: When reviewing a project where quality is a major concern, a...
Question 410: During an audit, an IS auditor notices that the IT departmen...
Question 411: The most common reason for the failure of information system...
Question 412: Which of the following should be the MOST important consider...
Question 413: Fourth-Generation Languages (4GLs) are most appropriate for ...
Question 414: Which of the following situations would increase the likelih...
Question 415: When reviewing an intrusion detection system (IDS), an IS au...
Question 416: An advantage in using a bottom-up vs. a top-down approach to...
Question 417: The rate of change in technology increases the importance of...
Question 418: Test and development environments should be separated. True ...
Question 419: A poor choice of passwords and transmission over unprotected...
Question 420: Which of the following would be the MOST significant audit f...
Question 421: An audit charter should:
Question 422: Above almost all other concerns, what often results in the g...
Question 423: When reviewing input controls, an IS auditor observes that, ...
Question 424: Which of the following represents the GREATEST risk created ...
Question 425: The quality of the metadata produced from a data warehouse i...
Question 426: Is it appropriate for an IS auditor from a company that is c...
Question 427: An IS auditor reviewing a proposed application software acqu...
Question 428: Which of the following is a practice that should be incorpor...
Question 429: Which of the following would help to ensure the portability ...
Question 430: Of the three major types of off-site processing facilities, ...
Question 431: Which of the following message services provides the stronge...
Question 432: The MOST effective control for reducing the risk related to ...
Question 433: When protecting an organization's IT systems, which of the f...
Question 434: Who is responsible for restricting and monitoring access of ...
Question 435: "Under the concept of ""defense in depth"", subsystems shoul...
Question 436: The MOST effective biometric control system is the one:...
Question 437: Which of the following is a benefit of using callback device...
Question 438: A substantive test to verify that tape library inventory rec...
Question 439: Which of the following would an IS auditor consider to be th...
Question 440: During the development of an application, the quality assura...
Question 441: What often results in project scope creep when functional re...
Question 442: How is the risk of improper file access affected upon implem...
Question 443: Which of the following is the PRIMARY objective of an IT per...
Question 444: A sequence of bits appended to a digital document that is us...
Question 445: The majority of software vulnerabilities result from a few k...
Question 446: When is regression testing used to determine whether new app...
Question 447: An IS auditor is evaluating a corporate network for a possib...
Question 448: During the requirements definition phase of a software devel...
Question 449: Which of the following is an object-oriented technology char...
Question 450: Which of the following is the MOST secure and economical met...
Question 451: Who should be responsible for network security operations?...
Question 452: Which of the following is BEST characterized by unauthorized...
Question 453: Which of the following would an IS auditor use to determine ...
Question 454: What is an initial step in creating a proper firewall policy...
Question 455: An IS auditor interviewing a payroll clerk finds that the an...
Question 456: During an audit of an enterprise that is dedicated to e-comm...
Question 457: The MOST important reason for an IS auditor to obtain suffic...
Question 458: What is the key distinction between encryption and hashing a...
Question 459: What are trojan horse programs?...
Question 460: What is a primary high-level goal for an auditor who is revi...
Question 461: A decision support system (DSS):...
Question 462: In an organization where an IT security baseline has been de...
Question 463: Which of the following would BEST support 24/7 availability?...
Question 464: The reason for establishing a stop or freezing point on the ...
Question 465: Which of the following types of testing would determine whet...
Question 466: What is often the most difficult part of initial efforts in ...
Question 467: The MOST likely explanation for a successful social engineer...
Question 468: Which of the following tests is an IS auditor performing whe...
Question 469: An IS auditor is assigned to audit a software development pr...
Question 470: Why is a clause for requiring source code escrow in an appli...
Question 471: In an IS audit of several critical servers, the IS auditor w...
Question 472: The PRIMARY purpose for meeting with auditees prior to forma...
Question 473: An IS auditor is reviewing access to an application to deter...
Question 474: When developing a formal enterprise security program, the MO...
Question 475: Which of the following types of data validation editing chec...
Question 476: Distributed denial-of-service (DDOS) attacks on Internet sit...
Question 477: Which of the following provides the BEST single-factor authe...
Question 478: Which of the following is BEST suited for secure communicati...
Question 479: Which of the following biometrics has the highest reliabilit...
Question 480: To gain an understanding of the effectiveness of an organiza...
Question 481: Who is ultimately responsible for providing requirement spec...
Question 482: An organization has just completed their annual risk assessm...
Question 483: How is the time required for transaction processing review u...
Question 484: When reviewing a digital certificate verification process, w...
Question 485: Proper segregation of duties normally does not prohibit a LA...
Question 486: While conducting an audit of a service provider, an IS audit...
Question 487: An IS auditor identifies that reports on product profitabili...
Question 488: A primary benefit derived from an organization employing con...
Question 489: Who assumes ownership of a systems-development project and t...
Question 490: What would an IS auditor expect to find in the console log?...
Question 491: As a driver of IT governance, transparency of IT's cost, val...
Question 492: Integrating business continuity planning (BCP) into an IT pr...
Question 493: An organization's IS audit charter should specify the:...
Question 494: When implementing an IT governance framework in an organizat...
Question 495: The MAJOR advantage of the risk assessment approach over the...
Question 496: What process uses test data as part of a comprehensive test ...
Question 497: To provide protection for media backup stored at an offsite ...
Question 498: Which of the following provides the MOST relevant informatio...
Question 499: Which of the following is the MOST critical and contributes ...
Question 500: An intentional or unintentional disclosure of a password is ...
Question 501: Online banking transactions are being posted to the database...
Question 502: Proper segregation of duties prohibits a system analyst from...
Question 503: A company uses a bank to process its weekly payroll. Time sh...
Question 504: A virtual private network (VPN) provides data confidentialit...
Question 505: An organization has contracted with a vendor for a turnkey s...
Question 506: When identifying an earlier project completion time, which i...
Question 507: Which of the following exploit vulnerabilities to cause loss...
Question 508: A call-back system requires that a user with an id and passw...
Question 509: A disaster recovery plan for an organization should:...
Question 510: When performing a review of the structure of an electronic f...
Question 511: Which of the following would MOST effectively control the us...
Question 512: The PRIMARY objective of testing a business continuity plan ...
Question 513: At the end of the testing phase of software development, an ...
Question 514: A company has implemented a new client-server enterprise res...
Question 515: While reviewing sensitive electronic work papers, the IS aud...
Question 516: Proper segregation of duties prevents a computer operator (u...
Question 517: An IS auditor recommends that an initial validation control ...
Question 518: Which of the following would effectively verify the originat...
Question 519: During an audit of a business continuity plan (BCP), an IS a...
Question 520: What is the MOST prevalent security risk when an organizatio...
Question 521: Which of the following would be the BEST population to take ...
Question 522: What is often assured through table link verification and re...
Question 523: In planning an audit, the MOST critical step is the identifi...
Question 524: Which of the following does a lack of adequate security cont...
Question 525: The reason a certification and accreditation process is perf...
Question 526: Which of the following is MOST critical when creating data f...
Question 527: Organizations should use off-site storage facilities to main...
Question 528: When an employee is terminated from service, the MOST import...
Question 529: A live test of a mutual agreement for IT system recovery has...
Question 530: An offsite information processing facility having electrical...
Question 531: To minimize costs and improve service levels an outsourcer s...
Question 532: During which of the following phases in system development w...
Question 533: What control detects transmission errors by appending calcul...
Question 534: When a new system is to be implemented within a short time f...
Question 535: In the context of effective information security governance,...
Question 536: When selecting audit procedures, an IS auditor should use pr...
Question 537: The output of the risk management process is an input for ma...
Question 538: During an IS audit, one of your auditor has observed that so...
Question 539: Use of asymmetric encryption in an internet e-commerce site,...
Question 540: During Involuntary termination of an employee, which of the ...
Question 541: Why does the IS auditor often review the system logs?...
Question 542: Which of the following physical access controls effectively ...
Question 543: When evaluating the collective effect of preventive, detecti...
Question 544: Which of the following are effective in detecting fraud beca...
Question 545: Once an organization has finished the business process reeng...
Question 546: Which of the following would an IS auditor consider the MOST...
Question 547: A malicious code that changes itself with each file it infec...
Question 548: An advantage of using sanitized live transactions in test da...
Question 549: What is the most common purpose of a virtual private network...
Question 550: Change control for business application systems being develo...
Question 551: What are intrusion-detection systems (IDS) primarily used fo...
Question 552: Facilitating telecommunications continuity by providing redu...
Question 553: An organization having a number of offices across a wide geo...
Question 554: Proper segregation of duties does not prohibit a quality con...
Question 555: Which of the following can degrade network performance?...
Question 556: Which of the following methods of encryption has been proven...
Question 557: An off-site processing facility should be easily identifiabl...
Question 558: The use of statistical sampling procedures helps minimize:...
Question 559: The MAJOR advantage of a component-based development approac...
Question 560: The management of an organization has decided to establish a...
Question 561: Which of the following IT governance best practices improves...
Question 562: Which of the following translates e-mail formats from one ne...
Question 563: Whenever an application is modified, what should be tested t...
Question 564: When segregation of duties concerns exists between IT suppor...
Question 565: Which of the following attacks targets the Secure Sockets La...
Question 566: The most common problem in the operation of an intrusion det...
Question 567: The editing/validation of data entered at a remote site woul...
Question 568: An auditor needs to be aware of technical controls which are...
Question 569: The potential for unauthorized system access by way of termi...
Question 570: During a business continuity audit an IS auditor found that ...
Question 571: During the design of a business continuity plan, the busines...
Question 572: A retail outlet has introduced radio frequency identificatio...
Question 573: Which of the following attack is MOSTLY performed by an atta...
Question 574: During the review of a biometrics system operation, an IS au...
Question 575: An IS auditor is performing an audit of a network operating ...
Question 576: Which of the following potentially blocks hacking attempts?...
Question 577: Parity bits are a control used to validate:...
Question 578: Which of the following refers to an anomalous condition wher...
Question 579: The Secure Sockets Layer (SSL) protocol addresses the confid...
Question 580: How can minimizing single points of failure or vulnerabiliti...
Question 581: The FIRST step in a successful attack to a system would be:...
Question 582: Who is responsible for authorizing access level of a data us...
Question 583: When auditing a disaster recovery plan for a critical busine...
Question 584: When implementing an application software package, which of ...
Question 585: A transaction journal provides the information necessary for...
Question 586: The PRIMARY purpose of audit trails is to:...
Question 587: What is a data validation edit control that matches input da...
Question 588: An IS auditor is reviewing the physical security measures of...
Question 589: The MOST likely effect of the lack of senior management comm...
Question 590: What is the BEST approach to mitigate the risk of a phishing...
Question 591: Which of the following would contribute MOST to an effective...
Question 592: An IS auditor finds that conference rooms have active networ...
Question 593: Which of the following would be the MOST cost-effective reco...
Question 594: When reviewing an organization's strategic IT plan an IS aud...
Question 595: Security should ALWAYS be an all or nothing issue....
Question 596: During the review of a web-based software development projec...
Question 597: Key verification is one of the best controls for ensuring th...
Question 598: An IS auditor is reviewing a project that is using an Agile ...
Question 599: Authentication techniques for sending and receiving data bet...
Question 600: A database administrator is responsible for:...
Question 601: After identifying potential security vulnerabilities, what s...
Question 602: An IS auditor should expect which of the following items to ...
Question 603: Which of the following audit techniques would BEST aid an au...
Question 604: To affix a digital signature to a message, the sender must f...
Question 605: Which of the following disaster recovery/continuity plan com...
Question 606: Validated digital signatures in an e-mail software applicati...
Question 607: To optimize an organization's business contingency plan (BCP...
Question 608: In an online transaction processing system, data integrity i...
Question 609: During a change control audit of a production system, an IS ...
Question 610: Data flow diagrams are used by IS auditors to:...
Question 611: The advantage of a bottom-up approach to the development of ...
Question 612: When developing a business continuity plan (BCP), which of t...
Question 613: A PRIMARY benefit derived from an organization employing con...
Question 614: The use of residual biometric information to gain unauthoriz...
Question 615: During the collection of forensic evidence, which of the fol...
Question 616: Which of the following would be the GREATEST cause for conce...
Question 617: What can ISPs use to implement inbound traffic filtering as ...
Question 618: To prevent IP spoofing attacks, a firewall should be configu...
Question 619: Which of the following is an advantage of the top-down appro...
Question 620: Who is responsible for the overall direction, costs, and tim...
Question 621: A computer system is no more secure than the human systems r...
Question 622: To detect attack attempts that the firewall is unable to rec...
Question 623: Which of the following statement correctly describes the dif...
Question 624: The PRIMARY objective of an audit of IT security policies is...
Question 625: Which of the following is normally a responsibility of the c...
Question 626: A company has recently upgraded its purchase system to incor...
Question 627: The responsibilities of a disaster recovery relocation team ...
Question 628: What type of risk is associated with authorized program exit...
Question 629: When auditing third-party service providers, an IS auditor s...
Question 630: A company has decided to implement an electronic signature s...
Question 631: As part of the business continuity planning process, which o...
Question 632: An IS auditor performing a review of the backup processing f...
Question 633: An IS auditor should use statistical sampling and not judgme...
Question 634: Which of the following encryption techniques will BEST prote...
Question 635: E-mail traffic from the Internet is routed via firewall-1 to...
Question 636: Which of the following types of attack almost always require...
Question 637: To aid management in achieving IT and business alignment, an...
Question 638: Due to changes in IT, the disaster recovery plan of a large ...
Question 639: An organization has a mix of access points that cannot be up...
Question 640: How is risk affected if users have direct access to a databa...
Question 641: Which of the following is an appropriate test method to appl...
Question 642: An IS auditor is reviewing an IT security risk management pr...
Question 643: Which of the following statement INCORRECTLY describes anti-...
Question 644: Which of the following is the BEST way to handle obsolete ma...
Question 645: The IS auditor learns that when equipment was brought into t...
Question 646: The extent to which data will be collected during an IS audi...
Question 647: A data administrator is responsible for:...
Question 648: Which of the following is the PRIMARY advantage of using com...
Question 649: A financial services organization is developing and document...
Question 650: When an organization is outsourcing their information securi...
Question 651: An IS auditor finds that user acceptance testing of a new sy...
Question 652: During a disaster recovery test, an IS auditor observes that...
Question 653: What can be used to help identify and investigate unauthoriz...
Question 654: An IS auditor can verify that an organization's business con...
Question 655: An IS auditor reviewing access controls for a client-server ...
Question 656: Following best practices, formal plans for implementation of...
Question 657: Which of the following methods of suppressing a fire in a da...
Question 658: Buffer overflow aims primarily at corrupting:...
Question 659: Which of the following would normally be the MOST reliable e...
Question 660: A company undertakes a business process reengineering (BPR) ...
Question 661: An IS auditor attempting to determine whether access to prog...
Question 662: Rather than simply reviewing the adequacy of access control,...
Question 663: In a public key infrastructure (PKI), the authority responsi...
Question 664: An IS auditor reviewing an organization's IT strategic plan ...
Question 665: Processing controls ensure that data is accurate and complet...
Question 666: An IS auditor is evaluating management's risk assessment of ...
Question 667: Which of the following fire-suppression methods is considere...
Question 668: The waterfall life cycle model of software development is mo...
Question 669: Which of the following type of lock uses a numeric keypad or...
Question 670: IS management recently replaced its existing wired local are...
Question 671: When should an application-level edit check to verify that a...
Question 672: When should plans for testing for user acceptance be prepare...
Question 673: Which of the following are effective controls for detecting ...
Question 674: After implementation of a disaster recovery plan, pre-disast...
Question 675: Which of the following statement is NOT true about smoke det...
Question 676: Which of the following is a data validation edit and control...
Question 677: Ideally, stress testing should be carried out in a:...
Question 678: What is the PRIMARY purpose of audit trails?...
Question 679: An organization with extremely high security requirements is...
Question 680: Which of the following is the MOST important element for the...
Question 681: Which of the following is the MOST robust method for disposi...
Question 682: Which of the following are designed to detect network attack...
Question 683: Which of the following reduces the potential impact of socia...
Question 684: The frequent updating of which of the following is key to th...
Question 685: Depending on the complexity of an organization's business co...
Question 686: The PRIMARY advantage of a continuous audit approach is that...
Question 687: To properly evaluate the collective effect of preventative, ...
Question 688: An IS auditor conducting a review of software usage and lice...
Question 689: What are used as the framework for developing logical access...
Question 690: What type of risk results when an IS auditor uses an inadequ...
Question 691: While conducting an audit, an IS auditor detects the presenc...
Question 692: Which of the following intrusion detection systems (IDSs) wi...
Question 693: An investment advisor e-mails periodic newsletters to client...
Question 694: If a programmer has update access to a live system, IS audit...
Question 695: To support an organization's goals, an IS department should ...
Question 696: Which of the following is the BEST performance criterion for...
Question 697: Default permit is only a good approach in an environment whe...
Question 698: What type of approach to the development of organizational p...
Question 699: In which of the following situations is it MOST appropriate ...
Question 700: Of the three major types of off-site processing facilities, ...
Question 701: Which of the following protocol is developed jointly by VISA...
Question 702: An IS auditor should carefully review the functional require...
Question 703: Which of the following is a characteristic of timebox manage...
Question 704: The BEST method for assessing the effectiveness of a busines...
Question 705: At a hospital, medical personal carry handheld computers whi...
Question 706: The MAIN purpose for periodically testing offsite facilities...
Question 707: What does PKI use to provide some of the strongest overall c...
Question 708: Batch control reconciliation is a _____________________ (fil...
Question 709: An organization has an integrated development environment (I...
Question 710: The GREATEST benefit in implementing an expert system is the...
Question 711: In wireless communication, which of the following controls a...
Question 712: When transmitting a payment instruction, which of the follow...
Question 713: Which of the following should be a concern to an IS auditor ...
Question 714: After the merger of two organizations, multiple self-develop...
Question 715: An IS auditor reviewing the risk assessment process of an or...
Question 716: There are several types of penetration tests depending upon ...
Question 717: In the course of performing a risk analysis, an IS auditor h...
Question 718: When are benchmarking partners identified within the benchma...
Question 719: Establishing data ownership is an important first step for w...
Question 720: A financial institution that processes millions of transacti...
Question 721: During the system testing phase of an application developmen...
Question 722: An offsite information processing facility:...
Question 723: What is an effective control for granting temporary access t...
Question 724: What determines the strength of a secret key within a symmet...
Question 725: When assessing the design of network monitoring controls, an...
Question 726: Sending a message and a message hash encrypted by the sender...
Question 727: With the objective of mitigating the risk and impact of a ma...
Question 728: An IS auditor has imported data from the client's database. ...
Question 729: What is used as a control to detect loss, corruption, or dup...
Question 730: Which of the following option INCORRECTLY describes PBX feat...
Question 731: An organization can ensure that the recipients of e-mails fr...
Question 732: Which of the following is the dominating objective of BCP an...
Question 733: Which testing approach is MOST appropriate to ensure that in...
Question 734: To assist an organization in planning for IT investments, an...
Question 735: The risks associated with electronic evidence gathering woul...
Question 736: IS management has decided to install a level 1 Redundant Arr...
Question 737: E-mail message authenticity and confidentiality is BEST achi...
Question 738: Which of the following encrypt/decrypt steps provides the GR...
Question 739: Attack amplifier is often being HEAVILY relied upon on by wh...
Question 740: The PRIMARY reason an IS auditor performs a functional walkt...
Question 741: Which of the following is a benefit of a risk-based approach...
Question 742: What is an effective countermeasure for the vulnerability of...
Question 743: Which of the following is by far the most common prevention ...
Question 744: Many organizations require an employee to take a mandatory v...
Question 745: Which of the following would BEST provide assurance of the i...
Question 746: ________ (fill in the blank) is/are ultimately accountable f...
Question 747: The MAJOR consideration for an IS auditor reviewing an organ...
Question 748: Which of the following should an IS auditor review to determ...
Question 749: Overall business risk for a particular threat can be express...
Question 750: With respect to business continuity strategies, an IS audito...
Question 751: Which of the following is the MOST important objective of da...
Question 752: After initial investigation, an IS auditor has reasons to be...
Question 753: Mitigating the risk and impact of a disaster or business int...
Question 754: Responsibility and reporting lines cannot always be establis...
Question 755: When two or more systems are integrated, input/output contro...
Question 756: Which of the following provides the strongest authentication...
Question 757: Which of the following BEST describes the necessary document...
Question 758: What type(s) of firewalls provide(s) the greatest degree of ...
Question 759: The purpose of business continuity planning and disaster-rec...
Question 760: To develop a successful business continuity plan, end user i...
Question 761: While evaluating logical access control the IS auditor shoul...
Question 762: An IS auditor evaluating logical access controls should FIRS...
Question 763: The use of object-oriented design and development techniques...
Question 764: The BEST method of proving the accuracy of a system tax calc...
Question 765: What is an acceptable mechanism for extremely time-sensitive...
Question 766: What is the first step in a business process re-engineering ...
Question 767: An IS auditor has been asked to participate in project initi...
Question 768: An organization is using symmetric encryption. Which of the ...
Question 769: Which of the following kinds of function are particularly vu...
Question 770: If inadequate, which of the following would be the MOST like...
Question 771: Which of the following risks could result from inadequate so...
Question 772: Which of the following is the BEST method for determining th...
Question 773: Which of the following is a passive attack to a network?...
Question 774: What uses questionnaires to lead the user through a series o...
Question 775: Ensuring that security and control policies support business...
Question 776: In an audit of an inventory application, which approach woul...
Question 777: The PRIMARY objective of implementing corporate governance b...
Question 778: What is a callback system?
Question 779: The BEST filter rule for protecting a network from being use...
Question 780: A benefit of open system architecture is that it:...
Question 781: Which of the following goals would you expect to find in an ...
Question 782: Functionality is a characteristic associated with evaluating...
Question 783: How does the SSL network protocol provide confidentiality?...
Question 784: In a public key infrastructure (PKI), which of the following...
Question 785: By evaluating application development projects against the c...
Question 786: An organization has outsourced its wide area network (WAN) t...
Question 787: There are several methods of providing telecommunications co...
Question 788: After an IS auditor has identified threats and potential imp...
Question 789: Which of the following would MOST likely indicate that a cus...
Question 790: Which of the following is the MOST important action in recov...
Question 791: Which of the following refers to the proving of mathematical...
Question 792: Which of the following processes are performed during the de...
Question 793: To ensure an organization is complying with privacy requirem...
Question 794: The sender of a public key would be authenticated by a:...
Question 795: What is used to provide authentication of the website and ca...
Question 796: Which of the following attack involves sending forged ICMP E...
Question 797: What should regression testing use to obtain accurate conclu...
Question 798: Business units are concerned about the performance of a newl...
Question 799: An IS steering committee should:...
Question 800: A team conducting a risk analysis is having difficulty proje...
Question 801: A data center has a badge-entry system. Which of the followi...
Question 802: A penetration test performed as part of evaluating network s...
Question 803: Which of the following best characterizes "worms"?...
Question 804: Library control software restricts source code to:...
Question 805: An IS auditor is using a statistical sample to inventory the...
Question 806: Which of the following would be the MOST effective audit tec...
Question 807: An organization is considering connecting a critical PC-base...
Question 808: Which of the following is an implementation risk within the ...
Question 809: Which of the following backup techniques is the MOST appropr...
Question 810: An IS auditor performing a review of an application's contro...
Question 811: The knowledge base of an expert system that uses questionnai...
Question 812: If an IS auditor observes that individual modules of a syste...
Question 813: Which of the following would prevent accountability for an a...
Question 814: Which of the following attack occurs when a malicious action...
Question 815: An integrated test facility is considered a useful audit too...
Question 816: A firewall is being deployed at a new location. Which of the...
Question 817: An IS auditor is reviewing a software-based configuration. W...
Question 818: Which of the following attack is against computer network an...
Question 819: Which of the following controls would be the MOST comprehens...
Question 820: Which of the following PBX feature allows a PBX to be config...
Question 821: Which of the following term describes a failure of an electr...
Question 822: Who is responsible for implementing cost-effective controls ...
Question 823: Which of the following activities should the business contin...
Question 824: As compared to understanding an organization's IT process fr...
Question 825: Which of the following is MOST likely to result from a busin...
Question 826: Which of the following should an IS auditor review to gain a...
Question 827: An IS auditor noted that an organization had adequate busine...
Question 828: When reviewing the IT strategic planning process, an IS audi...
Question 829: Business process re-engineering often results in ___________...
Question 830: An appropriate control for ensuring the authenticity of orde...
Question 831: Upon receipt of the initial signed digital certificate the u...
Question 832: From a risk management point of view, the BEST approach when...
Question 833: Network ILD&P are typically installed:...
Question 834: A large chain of shops with electronic funds transfer (EFT) ...
Question 835: If a database is restored from information backed up before ...
Question 836: An organization has outsourced its help desk activities. An ...
Question 837: Which of the following protocol is PRIMARILY used to provide...
Question 838: Which of the following is the GREATEST risk to the effective...
Question 839: The activation of an enterprise's business continuity plan s...
Question 840: An accuracy measure for a biometric system is:...
Question 841: IS management is considering a Voice-over Internet Protocol ...
Question 842: Which of the following is a function of an IS steering commi...
Question 843: Which of the following is the MOST effective control over vi...
Question 844: Which of the following is an attribute of the control self-a...
Question 845: A perpetrator looking to gain access to and gather informati...
Question 846: What is a common vulnerability, allowing denial-of-service a...
Question 847: Which of the following is the MOST important criterion when ...
Question 848: Which of the following is a passive attack method used by in...
Question 849: Which of the following is the most important element in the ...
Question 850: Which of the following network configuration options contain...
Question 851: Which of the following is the MOST reasonable option for rec...
Question 852: The directory system of a database-management system describ...
Question 853: With respect to the outsourcing of IT services, which of the...
Question 854: An IS auditor reviewing wireless network security determines...
Question 855: An organization is planning to replace its wired networks wi...
Question 856: If an IS auditor finds evidence of risk involved in not impl...
Question 857: Which of the following attack could be avoided by creating m...
Question 858: Which of the following is a sophisticated computer based swi...
Question 859: Digital signatures require the sender to "sign" the data by ...
Question 860: COBIT 5 separates information goals into three sub-dimension...
Question 861: Which of the following hardware devices relieves the central...
Question 862: Which of the following help(s) prevent an organization's sys...
Question 863: An organization has implemented a disaster recovery plan. Wh...
Question 864: Which of the following terms refers to systems designed to d...
Question 865: Which type of major BCP test only requires representatives f...
Question 866: Which of the following would provide the BEST protection aga...
Question 867: What type of cryptosystem is characterized by data being enc...
Question 868: isk analysis is not always possible because the IS auditor i...
Question 869: Why is one-time pad not always preferable for encryption (ch...
Question 870: In order to properly protect against unauthorized disclosure...
Question 871: An IS auditor reviews an organizational chart PRIMARILY for:...
Question 872: Which of the following do digital signatures provide?...
Question 873: Corrective action has been taken by an auditee immediately a...
Question 874: Which of the following typically focuses on making alternati...
Question 875: What benefit does using capacity-monitoring software to moni...
Question 876: Confidentiality of the data transmitted in a wireless LAN is...
Question 877: What is the most common reason for information systems to fa...
Question 878: Which of the following is a good control for protecting conf...
Question 879: During an IS audit, auditor has observed that authentication...
Question 880: Before implementing an IT balanced scorecard, an organizatio...
Question 881: Which of the following should be of MOST concern to an IS au...
Question 882: Network Data Management Protocol (NDMP) technology should be...
Question 883: Network environments often add to the complexity of program-...
Question 884: While planning an audit, an assessment of risk should be mad...
Question 885: IS auditors are MOST likely to perform compliance tests of i...
Question 886: If a database is restored using before-image dumps, where sh...
Question 887: Which of the following BEST supports the prioritization of n...
Question 888: Which of the following Confidentiality, Integrity, Availabil...
Question 889: When planning to add personnel to tasks imposing time constr...
Question 890: Which of the following forms of evidence for the auditor wou...
Question 891: IS management has decided to rewrite a legacy customer relat...
Question 892: Private Branch Exchange(PBX) environment involves many secur...
Question 893: Which of the following biometrics methods provides the HIGHE...
Question 894: What is the primary objective of a control self-assessment (...
Question 895: Over the long term, which of the following has the greatest ...
Question 896: Regarding digital signature implementation, which of the fol...