Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

CISAFree trial

By isaca

Verified

25Q per page

Question 51

Which of the following would BEST integrate multiple data warehouses while reducing the workload required for moving data between the warehouses?

A: Extract, transform, and load
B: Data virtualization
C: Real-time data mirroring
D: Streaming data integration

—

Question 52

A confidential file was sent to a legal entity, and hashing was used on the file. Which type of control has been applied?

A: Detective
B: Compensating
C: Corrective
D: Preventive

—

Question 53

An IS auditor is performing a follow-up audit and notes that some critical deficiencies have not been addressed. The auditor's BEST course of action is to:

A: document management's reasons for not addressing deficiencies.
B: postpone the audit until the deficiencies are addressed.
C: provide new recommendations.
D: assess the impact of not addressing deficiencies.

—

Question 54

Which of the following is the BEST way to help ensure new IT implementations align with enterprise architecture (EA) principles and requirements?

A: Consider stakeholder concerns when defining the EA.
B: Conduct EA reviews as part of the change advisory board.
C: Perform mandatory post-implementation reviews of IT implementations.
D: Document the security view as part of the EA.

—

Question 55

Which of the following is MOST important to confirm when evaluating an IT organization's structure?

A: Clear reporting and lines of authority
B: Documented provisions for interdepartmental cross-training
C: Comprehensive system architecture documentation
D: Policies and procedures that define requirements for periodic job rotation

—

Question 56

Which feature associated with an Infrastructure as a Service (IaaS) cloud service provider allows for the provisioning of new servers as demand changes?

A: Measured service
B: Resource pooling
C: Rapid elasticity
D: Load balancing

—

Question 57

Which of the following provides the BEST evidence that all elements of a business continuity plan (BCP) are operating effectively?

A: Walk-through test results
B: Full operational test results
C: Simulation test results
D: Tabletop test results

—

Question 58

Spreadsheets are used to calculate project cost estimates. Totals for each cost category are then keyed into the job-costing system. What is the BEST control to ensure that data is accurately entered into the system?

A: Display back of project detail after entry
B: Reconciliation of total amounts by project
C: Reasonableness checks for each cost type
D: Validity checks, preventing entry of character data

—

Question 59

Email required for business purposes is being stored on employees’ personal devices. Which of the following is an IS auditor's BEST recommendation?

A: Prohibit employees from storing company email on personal devices.
B: Implement an email containerization solution on personal devices.
C: Require employees to utilize passwords on personal devices.
D: Ensure antivirus protection is installed on personal devices.

—

Question 60

Which of the following steps of data conversion requires users to define the flow and relationship between the source and target objects on a field-by-field basis?

A: Transformation
B: Extraction
C: Load
D: Validation

—

Question 61

An application development team is also promoting changes to production for a critical financial application. Which of the following is the BEST control to reduce the associated risk?

A: Performing periodic audits
B: Implementing a change management code review
C: Performing regression tests
D: Exporting change logs to a secure server

—

Question 62

A vendor requires privileged access to a key business application. Which of the following is the BEST recommendation to reduce the risk of data leakage?

A: Perform a review of privileged roles and responsibilities.
B: Implement real-time activity monitoring for privileged roles.
C: Require the vendor to implement job rotation for privileged roles.
D: Include the right-to-audit in the vendor contract.

—

Question 63

An IS auditor is reviewing a bank’s service level agreement (SLA) with a third-party provider that hosts the bank's secondary data center. Which of the following findings should be of GREATEST concern to the auditor?

A: The SLA has not been reviewed in more than a year.
B: The recovery time objective (RTO) has a longer duration than documented in the disaster recovery plan (DRP).
C: The recovery point objective (RPO) has a shorter duration than documented in the disaster recovery plan (DRP).
D: Backup data is hosted online only.

—

Question 64

An IS auditor may be justified in using a SMALLER sample size under which of the following circumstances?

A: Lower confidence coefficient
B: Higher expected error rate
C: Higher reliability factor
D: Lower precision amount

—

Question 65

An IS auditor is reviewing the service management of an outsourced help desk. Which of the following is the BEST indicator of how effectively the service provider is performing this function?

A: Number of calls worked
B: Call transcript reviews
C: Customer satisfaction ratings
D: Average ticket age

—

Question 66

Which of the following is the BEST preventive control to protect the confidentiality of data on a corporate smartphone in the event it is lost?

A: Encryption of the data stored on the device
B: Remote data wipe program
C: Password for device authentication
D: Biometric authentication for the device

—

Question 67

Which of the following would be MOST important to include in an IS audit report?

A: Observations not reported as findings due to inadequate evidence
B: The roadmap for addressing the various risk areas
C: Specific technology solutions for each audit observation
D: The level of unmitigated risk along with business impact

—

Question 68

Which of the following should be an IS auditor's PRIMARY focus when evaluating the response process for cyber crimes?

A: Communication with law enforcement
B: Notification to regulators
C: Evidence collection
D: Root cause analysis

—

Question 69

An organization plans to receive an automated data feed into its enterprise data warehouse from a third-party service provider. Which of the following would be the
BEST way to prevent accepting bad data?

A: Purchase data cleansing tools from a reputable vendor.
B: Appoint data quality champions across the organization.
C: Obtain error codes indicating failed data feeds.
D: Implement business rules to reject invalid data.

—

Question 70

Which of the following audit procedures would provide the BEST assurance that an application program is functioning as designed?

A: Interviewing business management
B: Using a continuous auditing module
C: Confirming accounts
D: Reviewing program documentation

—

Question 71

To mitigate the risk of exposing data through application programming interface (API) queries, which of the following design considerations is MOST important?

A: Data quality
B: Data integrity
C: Data minimization
D: Data retention

—

Question 72

One advantage of monetary unit sampling is the fact that

A: large-value population items are segregated and audited separately.
B: it can easily be applied manually when computer resources are not available.
C: it increases the likelihood of selecting material items from the population.
D: results are stated in terms of the frequency of items in error.

—

Question 73

Backup procedures for an organization's critical data are considered to be which type of control?

A: Compensating
B: Directive
C: Corrective
D: Detective

—

Question 74

An IS auditor is reviewing the system development practices of an organization that is about to move from a waterfall to an agile approach. Which of the following is MOST important for the auditor to focus on as a result of this move?

A: Capacity planning
B: Code versioning
C: Secure code review
D: Release management

—

Question 75

Which of the following is the PRIMARY objective of implementing privacy-related controls within an organization?

A: To comply with legal and regulatory requirements
B: To prevent confidential data loss
C: To provide options to individuals regarding use of their data
D: To identify data at rest and data in transit for encryption

—

Page 3 of 58 • Questions 51-75 of 1449

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!