Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

CITP EXAM 1 QUESTIONS AND CORRECT ANSWERS (VERIFIED ANSWERS) PLUS RATIONALES 2026 Q&A |LATEST EXAM UPDATE 2026/2027

Rating
-
Sold
-
Pages
34
Grade
A+
Uploaded on
02-07-2026
Written in
2025/2026

CITP EXAM 1 QUESTIONS AND CORRECT ANSWERS (VERIFIED ANSWERS) PLUS RATIONALES 2026 Q&A |LATEST EXAM UPDATE 2026/2027

Institution
3x@m
Course
3x@m

Content preview

CITP EXAM 1 QUESTIONS AND CORRECT ANSWERS (VERIFIED ANSWERS) PLUS RATIONALES
2026 Q&A |LATEST EXAM UPDATE 2026/2027
Section One: Questions 1–100
Which of the following frameworks specifically focuses on IT governance and management,
providing a comprehensive set of enablers for the governance and management of enterprise IT?
A. ISO/IEC 27001
🟢 B. COBIT
C. NIST SP 800-53
D. ITIL
🔴 RATIONALE: COBIT is explicitly designed as a comprehensive framework for the governance
and management of enterprise IT, whereas ISO 27001 focuses on security management and ITIL
focuses on service management.
An organization wants to ensure data integrity during transmission over an unsecure network.
Which mechanism is most effective for this specific requirement?
🟢 A. Digital signatures using a cryptographic hash function
B. Symmetric encryption of the data payload
C. Implementing a virtual private network with split tunneling
D. Using complex alphanumeric passwords for user authentication
🔴 RATIONALE: Cryptographic hash functions combined with digital signatures ensure data
integrity and non-repudiation by verifying that the data has not been altered during transmission.
During an IT governance audit, an practitioner finds that the organization lacks an explicit IT
strategic plan. What should be the practitioner's primary recommendation?
A. Procure an automated enterprise architecture tool immediately.
B. Outsource the IT function to reduce overhead costs.
🟢 C. Align IT goals with corporate objectives through a formalized governance committee.

,D. Draft a business continuity plan for critical data centers.
🔴 RATIONALE: IT governance requires direct alignment between IT strategy and enterprise
business objectives, which is best achieved via a formal governance committee.
Which type of database control ensures that a transaction is fully completed or completely rolled
back, preventing partial data updates?
A. Referential integrity constraint
B. Deadlock prevention mechanism
🟢 C. Atomicity control
D. Two-factor authentication
🔴 RATIONALE: Atomicity (part of the ACID properties) guarantees that a database transaction is
treated as a single unit, which either succeeds completely or fails completely.
An organization is migrating sensitive financial records to a public cloud environment. Which cloud
service model places the highest level of data security management responsibility on the client?
🟢 A. Infrastructure as a Service (IaaS)
B. Platform as a Service (PaaS)
C. Software as a Service (SaaS)
D. Functions as a Service (FaaS)
🔴 RATIONALE: In IaaS, the cloud provider only secures the underlying infrastructure, leaving the
client responsible for securing the operating system, applications, and data.
A company experiences a data breach due to an unpatched vulnerability in an internet-facing
server. The vulnerability was public knowledge for six months. This represents a breakdown in
which process?
A. Change configuration baseline management
🟢 B. Vulnerability and patch management

,C. Incident response escalation procedures
D. Identity and access management validation
🔴 RATIONALE: The failure to apply known security patches within a reasonable period points
directly to a deficient vulnerability and patch management process.
Which of the following best describes the function of a demilitarized zone (DMZ) in network security
architecture?
A. To encrypt all internal corporate network traffic
🟢 B. To isolate public-facing services from the internal corporate network
C. To prevent distributed denial-of-service (DDoS) attacks completely
D. To authenticate external remote users via multi-factor tokens
🔴 RATIONALE: A DMZ acts as a buffer zone that contains public-facing systems (like web
servers), isolating them from the secure internal network to prevent lateral movement during a
breach.
Under the AICPA Code of Professional Conduct, a CITP professional performing an IT assurance
engagement discovers a significant security flaw that management refuses to fix or disclose. What
is the professional's primary ethical obligation?
A. Fix the security flaw personally without management's consent.
🟢 B. Report the matter to the audit committee or those charged with governance.
C. Inform external law enforcement immediately without consulting legal counsel.
D. Ignore the issue as long as management signs a liability waiver.
🔴 RATIONALE: If management fails to act on a material risk, the professional must escalate the
issue to those charged with governance, such as the audit committee, while maintaining
professional confidentiality standard requirements.
Which data analytics technique is most appropriate for identifying unusual or fraudulent
transactions within a massive dataset of corporate expense reports?

, A. Linear regression modeling
🟢 B. Anomaly detection using Benford's Law
C. Time-series forecasting
D. Sentiment analysis on text descriptions
🔴 RATIONALE: Anomaly detection and Benford's Law are standard techniques used in forensic
data analytics to identify statistical deviations and unusual patterns that may indicate fraud.
A system administrator accidentally grants administrative privileges to a temporary contractor.
Which control would most likely detect this unauthorized access modification in a timely manner?
A. Pre-employment background checks
B. Multi-factor authentication mechanisms
🟢 C. Periodic automated user access reviews
D. Role-based access control policy manuals
🔴 RATIONALE: Periodic user access reviews are detective controls designed to catch and
remediate unauthorized changes or privilege creep in user permissions.
What is the primary purpose of executing a parallel implementation strategy during a major core
system implementation?
🟢 A. To minimize operational risk by running the old and new systems concurrently
B. To reduce the overall cost and timeline of the system migration project
C. To test user acceptance using hypothetical dummy transactions only
D. To eliminate the need for comprehensive post-implementation reviews
🔴 RATIONALE: Parallel implementation runs both the legacy and new systems simultaneously to
verify that the new system works correctly while providing a fallback mechanism if it fails.
An organization implements a disaster recovery strategy where data is continuously replicated to a
remote site, and the remote site has identical hardware ready to assume operations within minutes.

Written for

Institution
3x@m
Course
3x@m

Document information

Uploaded on
July 2, 2026
Number of pages
34
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$25.99
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller
Seller avatar
tutorcase
1.0
(1)

Get to know the seller

Seller avatar
tutorcase For state PCS, UPSC, UGC NET
View profile
Follow You need to be logged in order to follow users or courses
Sold
2
Member since
1 month
Number of followers
0
Documents
818
Last sold
1 week ago

1.0

1 reviews

5
0
4
0
3
0
2
0
1
1

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions