Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

CISAFree trial

By isaca

Verified

25Q per page

Question 126

Which of the following is the BEST method to delete sensitive information from storage media that will be reused?

A: Re-partitioning
B: Crypto-shredding
C: Reformatting
D: Multiple overwriting

—

Question 127

An IS auditor is reviewing how password resets are performed for users working remotely. Which type of documentation should be requested to understand the detailed steps required for this, activity?

A: Procedures
B: Policies
C: Standards
D: Guidelines

—

Question 128

Internal audit is evaluating an organization's IT portfolio management. Which of the following would be the BEST recommendation for prioritizing the funding of IT projects?

A: Direct funds toward projects that reduce the organization's technology risk exposure.
B: Group projects into portfolios based on their potential to increase market share and reduce costs.
C: Direct funds toward projects that increase the availability of the organization's technology infrastructure.
D: Group projects with common themes into portfolios and assess them against strategic objectives.

—

Question 129

Which of the following is MOST important for an IS auditor to validate when auditing network device management?

A: Devices cannot be accessed through service accounts.
B: Backup policies include device configuration files.
C: All devices are located within a protected network segment.
D: All devices have current security patches assessed.

—

Question 130

A programmer has made unauthorized changes to key fields in a payroll system report. Which of the following control weaknesses would have contributed MOST to this problem?

A: The programmer has access to the production programs.
B: The user requirements were not documented.
C: Payroll files were not under the control of a librarian.
D: The programmer did not involve the user in testing.

—

Question 131

information officer (CIO) has requested there be no IS audits in the upcoming year, as more time is needed to address a large number of recommendations from the previous year. Which of the following should the auditor do FIRST?

A: Notify the chief operating officer (COO) and discuss the audit plan risks.
B: Escalate to audit management to discuss the audit plan.
C: Increase the number of IS audits in the plan.
D: Exclude IS audits from the upcoming year’s plan.

—

Question 132

Which of the following is the MOST important outcome of an information security program?

A: Operating system weaknesses are more easily identified.
B: Emerging security technologies are better understood and accepted.
C: The cost to mitigate information security risk is reduced.
D: Organizational awareness of security responsibilities is improved.

—

Question 133

Which of the following concerns is MOST effectively addressed by implementing an IT framework for alignment between IT and business objectives?

A: Lack of a benchmark analysis
B: Inadequate IT portfolio management
C: Inadequate IT change management practices
D: Inaccurate business impact analysis (BIA)

—

Question 134

An organization has implemented a distributed security administration system to replace the previous centralized one. Which of the following presents the GREATEST potential concern?

A: A distributed security system is inherently a weak security system.
B: The new system will require additional resources.
C: Security procedures may be inadequate to support the change.
D: End-user acceptance of the new system may be difficult to obtain.

—

Question 135

Which of the following is the GREATEST benefit of adopting an international IT governance framework rather than establishing a new framework based on the actual situation of a specific organization?

A: Comprehensive coverage of fundamental and critical risk and control areas for IT governance
B: Fewer resources expended on trial-and-error attempts to fine-tune implementation methodologies
C: Readily available resources such as domains and risk and control methodologies
D: Wide acceptance by different business and support units with IT governance objectives

—

Question 136

Which of the following fire suppression systems needs to be combined with an automatic switch to shut down the electricity supply in the event of activation?

A: FM-200
B: Dry pipe
C: Carbon dioxide
D: Halon

—

Question 137

Which of the following would provide the BEST evidence of the effectiveness of mandated annual security awareness training?

A: Trending of social engineering test results
B: Surveys completed by randomly selected employees
C: Number of security incidents
D: Results of a third-party penetration test

—

Question 138

An organization uses public key infrastructure (PKI) to provide email security. Which of the following would be the MOST efficient method to determine whether email messages have been modified in transit?

A: The message is sent along with an encrypted hash of the message.
B: The message is sent using Transport Layer Security (TLS) protocol.
C: The message is encrypted using a symmetric algorithm.
D: The message is encrypted using the private key of the sender.

—

Question 139

An IT steering committee assists the board of directors in fulfilling IT governance duties by:

A: overseeing major projects and IT resource allocation.
B: approving IT security awareness training content.
C: assigning IT services to infrastructure components.
D: developing IT policies and procedures for project tracking.

—

Question 140

Which of the following provides the MOST comprehensive information about inherent risk within an organization?

A: Vulnerability analysis
B: Risk assessments
C: Risk-based audit findings
D: Business impact analysis (BIA)

—

Question 141

Which of the following is MOST critical to the success of an information security program?

A: User accountability for information security
B: Alignment of information security with IT objectives
C: Integration of business and information security
D: Management’s commitment to information security

—

Question 142

The MOST important measure of the effectiveness of an organization's security program is the:

A: comparison with critical incidents experienced by competitors.
B: adverse impact of incidents on critical business activities.
C: number of vulnerability alerts escalated to senior management.
D: number of new vulnerabilities reported.

—

Question 143

Which of the following is the MOST important environmental equipment that should be located above the false ceiling of a data center?

A: Air pressure sensors
B: Motion detectors
C: Smoke detectors
D: Humidity sensors

—

Question 144

Which of the following is the MOST important control for virtualized environments?

A: Hardening for the hypervisor and guest machines
B: Regular updates of policies for the operation of the virtualized environment
C: Redundancy of hardware resources and network components
D: Monitoring utilization of resources at the guest operating system level

—

Question 145

Which of the following would aid an IS auditor reviewing the integrity of program changes migrated into production?

A: Configuration management system
B: Database schema
C: Tape management system
D: Operating system log data

—

Question 146

Which of the following provides the BEST assurance of data integrity after file transfers?

A: Cheek digits
B: Monetary unit sampling
C: Reasonableness check
D: Hash values

—

Question 147

Which of the following is the PRIMARY purpose of a post-implementation review?

A: To ensure project resources were optimized
B: To ensure project deliverables were provided on time
C: To determine whether expected benefits were realized from a project
D: To calculate a project's actual cost against the projected cost

—

Question 148

Which of the following is MOST important to consider when reviewing an organization's defined data backup and restoration procedures?

A: Mean time to restore (MTTR)
B: Mean time between failures (MTBF)
C: Recovery point objective (RPO)
D: Business continuity plan (BCP)

—

Question 149

When assessing a proposed project for the two-way replication of a customer database with a remote call center, the IS auditor should ensure that:

A: end users are trained in the replication process.
B: the source database is backed up on both sites.
C: user rights are identical on both databases.
D: database conflicts are managed during replication.

—

Question 150

In which phase of the audit life cycle process are audit observations initially discussed with the client?

A: Follow-up phase
B: Planning phase
C: Execution phase
D: Reporting phase

—

Page 6 of 58 • Questions 126-150 of 1449

←

4 5 6 7 8

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!