Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

CISAFree trial

By isaca

Verified

25Q per page

Question 201

A request for proposal (RFP) for the acquisition of computer hardware should include:

A: support and maintenance requirements.
B: detailed specification of the current hardware infrastructure.
C: the requirement that the supplier allow a right of audit.
D: maximum cost restriction

—

Question 202

The PRIMARY focus of audit follow-up reports should be to:

A: assess if new risks have developed.
B: determine if audit recommendations have been implemented.
C: determine if past findings are still relevant.
D: verify the completion date of the implementation.

—

Question 203

Which of the following BEST protects evidence in a forensic investigation?

A: Protecting the hardware of the affected system
B: Powering down the affected system
C: Imaging the affected system
D: Rebooting the affected system

—

Question 204

What is the BEST way to reduce the risk of inaccurate or misleading data proliferating through business intelligence systems?

A: Develop a metadata repository to store and access metadata.
B: Implement data entry controls for new and existing applications.
C: Implement a consistent database indexing strategy.
D: Establish rules for converting data from one format to another.

—

Question 205

As part of the architecture of virtualized environments, in a bare metal or native virtualization the hypervisor runs without:

A: any applications on the guest operating system.
B: a guest operating system.
C: any applications on the host operating system.
D: a host operating system.

—

Question 206

An e-commerce company wants to ensure customers can update payment information securely through their phones. On which servers should Transport Layer Security (TLS) certificates be installed?

A: Proxy servers
B: Web servers
C: Database servers
D: Application servers

—

Question 207

Which of the following is the BEST indication that a software development project is on track to meet its completion deadline?

A: Issues identified during user acceptance testing (UAT) have been addressed prior to the original implementation date.
B: Technical specifications and development requirements have been agreed upon and formally recorded.
C: Project plan due dates have been documented for each phase of the software development life cycle.
D: The planned software go-live date has been communicated in advance to end users and stakeholders.

—

Question 208

An IS auditor has identified potential fraud activity perpetrated by the network administrator.

What should the auditor do FIRST?

A: Review the audit finding with the audit committee prior to any other discussions.
B: Share the potential audit finding with the security administrator.
C: Perform more detailed tests prior to disclosing the audit results.
D: Notify the audit committee to ensure a timely resolution.

—

Question 209

Which of the following is the MOST effective accuracy control for entry of a valid numeric part number?

A: Comparison to historical order pattern
B: Hash totals
C: Online review of description
D: Self-checking digit

—

Question 210

Which of the following is MOST important to ensuring the IT governance function can fulfill its responsibilities?

A: IT governance has created a roadmap for realizing business gains.
B: IT governance takes leadership on control cost reduction.
C: IT governance ensures that IT strategies are openly shared across the organization.
D: IT governance remains independent from production processes.

—

Question 211

Which of the following would be an auditor's GREATEST concern when reviewing data inputs from spreadsheets into the core finance system?

A: Spreadsheets are accessible by all members of the finance department.
B: Undocumented code formats data and transmits directly to the database.
C: There is not a complete inventory of spreadsheets, and file naming is inconsistent.
D: The department data protection policy has not been reviewed or updated for two years.

—

Question 212

Which of the following is the BEST way to mitigate the risk associated with technology obsolescence?

A: Create tactical and strategic IS plans.
B: Make provisions in the budgets for potential upgrades.
C: Invest in current technology.
D: Create a technology watch team that evaluates emerging trends.

—

Question 213

An IT strategic plan that BEST leverages IT in achieving organizational goals will include:

A: enterprise architecture (EA) impacts.
B: a risk-based ranking of projects.
C: IT budgets linked to the organization's budget.
D: a comparison of future needs against current capabilities.

—

Question 214

An organization's security team created a simulated production environment with multiple vulnerable applications. What would be the PRIMARY purpose of creating such an environment?

A: To collect digital evidence of cyberattacks
B: To provide training to security managers
C: To attract attackers in order to study their behavior
D: To test the intrusion detection system (IDS)

—

Question 215

Which of the following will provide the GREATEST assurance to IT management that a quality management system (QMS) is effective?

A: A high percentage of IT employees attending quality training
B: A high percentage of incidents being quickly resolved
C: A high percentage of stakeholders satisfied with the quality of IT
D: A high percentage of IT processes reviewed by quality assurance (QA)

—

Question 216

An organization has just created a new data classification scheme and needs to define how it will operate within the organization. What should be the NEXT step?

A: Create a list of all data owners and custodians.
B: Create a set of standards and procedures.
C: Hire a specialized auditor to assess the implementation.
D: Conduct workshops for each business unit.

—

Question 217

An IS auditor is providing input to an RFP to acquire a financial application system. Which of the following is MOST important for the auditor to recommend?

A: The application should meet the organization's requirements.
B: Vendor employee background checks should be conducted regularly.
C: Audit trails should be included in the design.
D: Potential suppliers should have experience in the relevant area.

—

Question 218

An employee loses a mobile device resulting in loss of sensitive corporate data. Which of the following would have BEST prevented data leakage?

A: Data encryption on the mobile device
B: The triggering of remote data wipe capabilities
C: Awareness training for mobile device users
D: Complex password policy for mobile devices

—

Question 219

Which of the following is MOST important to ensure when reviewing a global organization's controls to protect data held on its IT infrastructure across all of its locations?

A: The capacity of underlying communications infrastructure in the host locations is sufficient.
B: The threat of natural disasters in each location hosting infrastructure has been accounted for.
C: Relevant data protection legislation and regulations for each location are adhered to.
D: Technical capabilities exist in each location to manage the data and recovery operations.

—

Question 220

Which of the following BEST ensures that effective change management is in place in an IS environment?

A: Adequate testing was carried out by the development team.
B: User-prepared detailed test criteria for acceptance testing of the software.
C: User authorization procedures for application access are well established.
D: Access to production source and object programs is well controlled.

—

Question 221

What is the PRIMARY reason for an organization to classify the data stored on its internal networks?

A: To comply with the organization's data policies
B: To follow industry best practices
C: To implement data protection requirements
D: To determine data retention policy

—

Question 222

Effective separation of duties in an online environment can BEST be achieved by utilizing:

A: appropriate supervision.
B: access authorization tables.
C: transaction logging.
D: written procedure manuals.

—

Question 223

Which of the following provides the GREATEST assurance that a middleware application compiling data from multiple sales transaction databases for forecasting is operating effectively?

A: Automated reconciliations
B: Exception reporting
C: Manual checks
D: Continuous auditing

—

Question 224

A financial institution suspects that a manager has been crediting customer accounts without authorization. Which of the following is the MOST effective method to validate this concern?

A: Variable sampling
B: Discovery sampling
C: Stop-or-go sampling
D: Haphazard sampling

—

Question 225

An IS auditor reviewing the physical access section of a security plan for a data center should expect to find that:

A: entry points requiring different rules of access have been identified.
B: access to environmental controls is well labeled.
C: the data center has mantraps on entrances and exits.
D: the access devices are connected to a remote management system.

—

Page 9 of 58 • Questions 201-225 of 1449

←

7 8 9 10 11

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!