Escrito por estudiantes que aprobaron Inmediatamente disponible después del pago Leer en línea o como PDF ¿Documento equivocado? Cámbialo gratis 4,6 TrustPilot
logo-home
Examen

CITP EXAM 1 QUESTIONS AND CORRECT ANSWERS (VERIFIED ANSWERS) PLUS RATIONALES 2026 Q&A |LATEST EXAM UPDATE 2026/2027

Puntuación
-
Vendido
-
Páginas
34
Grado
A+
Subido en
02-07-2026
Escrito en
2025/2026

CITP EXAM 1 QUESTIONS AND CORRECT ANSWERS (VERIFIED ANSWERS) PLUS RATIONALES 2026 Q&A |LATEST EXAM UPDATE 2026/2027

Institución
3x@m
Grado
3x@m

Vista previa del contenido

CITP EXAM 1 QUESTIONS AND CORRECT ANSWERS (VERIFIED ANSWERS) PLUS RATIONALES
2026 Q&A |LATEST EXAM UPDATE 2026/2027
Section One: Questions 1–100
Which of the following frameworks specifically focuses on IT governance and management,
providing a comprehensive set of enablers for the governance and management of enterprise IT?
A. ISO/IEC 27001
🟢 B. COBIT
C. NIST SP 800-53
D. ITIL
🔴 RATIONALE: COBIT is explicitly designed as a comprehensive framework for the governance
and management of enterprise IT, whereas ISO 27001 focuses on security management and ITIL
focuses on service management.
An organization wants to ensure data integrity during transmission over an unsecure network.
Which mechanism is most effective for this specific requirement?
🟢 A. Digital signatures using a cryptographic hash function
B. Symmetric encryption of the data payload
C. Implementing a virtual private network with split tunneling
D. Using complex alphanumeric passwords for user authentication
🔴 RATIONALE: Cryptographic hash functions combined with digital signatures ensure data
integrity and non-repudiation by verifying that the data has not been altered during transmission.
During an IT governance audit, an practitioner finds that the organization lacks an explicit IT
strategic plan. What should be the practitioner's primary recommendation?
A. Procure an automated enterprise architecture tool immediately.
B. Outsource the IT function to reduce overhead costs.
🟢 C. Align IT goals with corporate objectives through a formalized governance committee.

,D. Draft a business continuity plan for critical data centers.
🔴 RATIONALE: IT governance requires direct alignment between IT strategy and enterprise
business objectives, which is best achieved via a formal governance committee.
Which type of database control ensures that a transaction is fully completed or completely rolled
back, preventing partial data updates?
A. Referential integrity constraint
B. Deadlock prevention mechanism
🟢 C. Atomicity control
D. Two-factor authentication
🔴 RATIONALE: Atomicity (part of the ACID properties) guarantees that a database transaction is
treated as a single unit, which either succeeds completely or fails completely.
An organization is migrating sensitive financial records to a public cloud environment. Which cloud
service model places the highest level of data security management responsibility on the client?
🟢 A. Infrastructure as a Service (IaaS)
B. Platform as a Service (PaaS)
C. Software as a Service (SaaS)
D. Functions as a Service (FaaS)
🔴 RATIONALE: In IaaS, the cloud provider only secures the underlying infrastructure, leaving the
client responsible for securing the operating system, applications, and data.
A company experiences a data breach due to an unpatched vulnerability in an internet-facing
server. The vulnerability was public knowledge for six months. This represents a breakdown in
which process?
A. Change configuration baseline management
🟢 B. Vulnerability and patch management

,C. Incident response escalation procedures
D. Identity and access management validation
🔴 RATIONALE: The failure to apply known security patches within a reasonable period points
directly to a deficient vulnerability and patch management process.
Which of the following best describes the function of a demilitarized zone (DMZ) in network security
architecture?
A. To encrypt all internal corporate network traffic
🟢 B. To isolate public-facing services from the internal corporate network
C. To prevent distributed denial-of-service (DDoS) attacks completely
D. To authenticate external remote users via multi-factor tokens
🔴 RATIONALE: A DMZ acts as a buffer zone that contains public-facing systems (like web
servers), isolating them from the secure internal network to prevent lateral movement during a
breach.
Under the AICPA Code of Professional Conduct, a CITP professional performing an IT assurance
engagement discovers a significant security flaw that management refuses to fix or disclose. What
is the professional's primary ethical obligation?
A. Fix the security flaw personally without management's consent.
🟢 B. Report the matter to the audit committee or those charged with governance.
C. Inform external law enforcement immediately without consulting legal counsel.
D. Ignore the issue as long as management signs a liability waiver.
🔴 RATIONALE: If management fails to act on a material risk, the professional must escalate the
issue to those charged with governance, such as the audit committee, while maintaining
professional confidentiality standard requirements.
Which data analytics technique is most appropriate for identifying unusual or fraudulent
transactions within a massive dataset of corporate expense reports?

, A. Linear regression modeling
🟢 B. Anomaly detection using Benford's Law
C. Time-series forecasting
D. Sentiment analysis on text descriptions
🔴 RATIONALE: Anomaly detection and Benford's Law are standard techniques used in forensic
data analytics to identify statistical deviations and unusual patterns that may indicate fraud.
A system administrator accidentally grants administrative privileges to a temporary contractor.
Which control would most likely detect this unauthorized access modification in a timely manner?
A. Pre-employment background checks
B. Multi-factor authentication mechanisms
🟢 C. Periodic automated user access reviews
D. Role-based access control policy manuals
🔴 RATIONALE: Periodic user access reviews are detective controls designed to catch and
remediate unauthorized changes or privilege creep in user permissions.
What is the primary purpose of executing a parallel implementation strategy during a major core
system implementation?
🟢 A. To minimize operational risk by running the old and new systems concurrently
B. To reduce the overall cost and timeline of the system migration project
C. To test user acceptance using hypothetical dummy transactions only
D. To eliminate the need for comprehensive post-implementation reviews
🔴 RATIONALE: Parallel implementation runs both the legacy and new systems simultaneously to
verify that the new system works correctly while providing a fallback mechanism if it fails.
An organization implements a disaster recovery strategy where data is continuously replicated to a
remote site, and the remote site has identical hardware ready to assume operations within minutes.

Escuela, estudio y materia

Institución
3x@m
Grado
3x@m

Información del documento

Subido en
2 de julio de 2026
Número de páginas
34
Escrito en
2025/2026
Tipo
Examen
Contiene
Preguntas y respuestas

Temas

$25.99
Accede al documento completo:

¿Documento equivocado? Cámbialo gratis Dentro de los 14 días posteriores a la compra y antes de descargarlo, puedes elegir otro documento. Puedes gastar el importe de nuevo.
Escrito por estudiantes que aprobaron
Inmediatamente disponible después del pago
Leer en línea o como PDF

Conoce al vendedor
Seller avatar
tutorcase
1.0
(1)

Conoce al vendedor

Seller avatar
tutorcase For state PCS, UPSC, UGC NET
Ver perfil
Seguir Necesitas iniciar sesión para seguir a otros usuarios o asignaturas
Vendido
2
Miembro desde
1 mes
Número de seguidores
0
Documentos
818
Última venta
1 semana hace

1.0

1 reseñas

5
0
4
0
3
0
2
0
1
1

Recientemente visto por ti

Por qué los estudiantes eligen Stuvia

Creado por compañeros estudiantes, verificado por reseñas

Calidad en la que puedes confiar: escrito por estudiantes que aprobaron y evaluado por otros que han usado estos resúmenes.

¿No estás satisfecho? Elige otro documento

¡No te preocupes! Puedes elegir directamente otro documento que se ajuste mejor a lo que buscas.

Paga como quieras, empieza a estudiar al instante

Sin suscripción, sin compromisos. Paga como estés acostumbrado con tarjeta de crédito y descarga tu documento PDF inmediatamente.

Student with book image

“Comprado, descargado y aprobado. Así de fácil puede ser.”

Alisha Student

Preguntas frecuentes