Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

CISAFree trial

By isaca

Verified

25Q per page

Question 251

Which of the following would BEST enable an organization to address the security risks associated with a recently implemented bring your own device (BYOD) strategy?

A: Mobile device testing program
B: Mobile device upgrade program
C: Mobile device awareness program
D: Mobile device tracking program

—

Question 252

Which of the following BEST describes the role of a document owner when implementing a data classification policy in an organization?

A: Classifies documents to correctly reflect the level of sensitivity of information they contain
B: Ensures documents are handled in accordance with the sensitivity of information they contain
C: Defines the conditions under which documents containing sensitive information may be transmitted
D: Classifies documents in accordance with industry standards and best practices

—

Question 253

The PRIMARY reason to perform internal quality assurance (QA) for an internal audit function is to ensure:

A: inherent risk in audits is minimized.
B: audit resources are used most effectively.
C: internal audit activity conforms with audit standards and methodology.
D: the audit function is adequately governed and meets performance metrics.

—

Question 254

Which of the following would be of GREATEST concern to an IS auditor conducting an audit of an organization's network security with the focus of preventing system breaches?

A: Computer names are available to the Internet.
B: The data loss prevention (DLP) system does not monitor malicious incoming traffic.
C: Help desk personnel are able to remote into other external systems.
D: The guest wireless system does not have content filtering.

—

Question 255

Which of the following presents the GREATEST risk of data leakage in the cloud environment?

A: Multi-tenancy within the same database
B: Lack of role-based access
C: Expiration of security certificate
D: Lack of data retention policy

—

Question 256

An audit program indicates that a specific number of transactions are to be sampled for testing a particular control. However, it has been determined that the control design is deficient. What should the IS auditor do in response to this information?

A: Recommend a change to the audit program to increase the sample size.
B: Recommend a change to the audit program and testing methodology used.
C: Document the observation and the testing methodology used.
D: Notify audit management and continue to use the sample size.

—

Question 257

An organization has outsourced the development of a core application. However, the organization plans to bring the support and future maintenance of the application back in-house. Which of the following findings should be the IS auditor's GREATEST concern?

A: The data model is not clearly documented.
B: The vendor development team is located overseas.
C: The cost of outsourcing is lower than in-house development.
D: A training plan for business users has not been developed.

—

Question 258

Where should photoelectric smoke detectors be installed to improve fire detection at an offsite data processing facility?

A: Entry points
B: Air vents
C: Server cages
D: Exit points

—

Question 259

Which of the following is MOST important to effectively manage risk associated with application programming interfaces (APIs) and third-party virtual environments?

A: Compliance monitoring
B: Backups of virtual environments
C: Inventory of APIs
D: API single sign-on (SSO) capability

—

Question 260

Which of the following should an IS auditor use when verifying a three-way match has occurred in an enterprise resource planning (ERP) system?

A: Goods delivery notification
B: Purchase order
C: Purchase requisition
D: Bank confirmation

—

Question 261

Which of the following is an example of inherent risk?

A: Quality assurance (QA) processes may not effectively reduce errors.
B: An approval process may not detect significant errors.
C: The organization may not comply with regulations.
D: Projects may still be delayed despite management controls.

—

Question 262

Which of the following is the MOST important consideration when establishing vulnerability scanning on critical IT infrastructure?

A: The scanning will be cost-effective.
B: The scanning will be performed during non-peak hours.
C: The scanning will be followed by penetration testing.
D: The scanning will not degrade system performance.

—

Question 263

An employee has accidentally posted confidential data to the company's social media page. Which of the following is the BEST control to prevent this from recurring?

A: Establish two-factor access control for social media accounts.
B: Implement a moderator approval process.
C: Require all updates to be made by the marketing director.
D: Perform periodic audits of social media updates.

—

Question 264

Which of the following is the MOST significant risk when an application uses individual end-user accounts to access the underlying database?

A: Users may be able to circumvent application controls.
B: Application may not capture a complete audit trail.
C: User accounts may remain active after a termination.
D: Multiple connects to the database are used and slow the process.

—

Question 265

An organization performs virtual machine (VM) replication instead of daily backups of its critical servers. Which of the following is MOST important to validate when evaluating the adequacy of recovery procedures?

A: Periodic testing of VM replication is completed.
B: Replication servers are located offsite.
C: VM load balancing is configured.
D: Internet access is restricted for VM backup administrators.

—

Question 266

An IS auditor is performing a project review and finds that scope reductions have been made without proper authorization. The IS auditor should be MOST concerned that:

A: there could be significant delays in project completion.
B: the project has not followed project management standards.
C: project costs could increase above the original project budget.
D: anticipated business functionality may not be delivered.

—

Question 267

Which of the following is MOST important to include in a contract with a software development service provider?

A: A list of key performance indicators (KPIs)
B: Service level agreement (SLA)
C: Ownership of intellectual property
D: Explicit contract termination requirements

—

Question 268

How does a continuous integration/continuous development (CI/CD) process help to reduce software failure risk?

A: Fewer manual milestones
B: Easy software version rollback
C: Automated software testing
D: Smaller incremental changes

—

Question 269

In reviewing the IT strategic plan, the IS auditor should consider whether it identifies the:

A: project management methodologies used.
B: allocation of IT staff.
C: major IT initiatives.
D: links to operational tactical plans.

—

Question 270

Which of the following would the IS auditor MOST likely review to determine whether modifications to the operating system parameters were authorized?

A: Change control log
B: Documentation of exit routines
C: Security system parameters
D: System initialization logs

—

Question 271

An organization is disposing of removable onsite media which contains sensitive information. Which of the following is the MOST effective method to prevent disclosure of sensitive data?

A: Wiping and rewriting three times
B: Software formatting
C: Encrypting and destroying keys
D: Machine shredding

—

Question 272

Which of the following is the MAIN responsibility of the IT steering committee?

A: Developing and implementing the secure system development framework
B: Implementing processes to integrate security with business objectives
C: Developing and assessing the IT security strategy
D: Reviewing and assisting with IT strategy integration efforts

—

Question 273

Which of the following is MOST important for the effective implementation of an intrusion detection system (IDS)?

A: Providing logs for monitoring and reporting
B: Configuring the security policy in line with best practice
C: Setting alarms for late night traffic
D: Auto-installing updates

—

Question 274

An IS auditors reviewing the perimeter security design of a network. Which of the following provides the GREATEST assurance that both incoming and outgoing internet traffic is controlled?

A: Load batancer
B: Security information and event management (SIEM) system
C: Intrusion detection system (IDS)
D: Statetul firewall

—

Question 275

Which type of review is MOST important to conduct when an IS auditor is informed that a recent internal exploitation of a bug has been discovered in a business application?

A: Application security testing
B: Forensic audit
C: Server security audit
D: Penetration testing

—

Page 11 of 58 • Questions 251-275 of 1449

←

9 10 11 12 13

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!