CISA examtopics 301-400 Exam Questions with Verified Answers,100% CORRECT

CISA examtopics 301-400 Exam Questions with Verified Answers 301. An organization has begun using social media to communicate with current and potential clients. Which of the following should be of PRIMARY concern to the auditor? A. Using a third-party provider to host and manage content B. Lack of guidance on appropriate social media usage and monitoring C. Negative posts by customers affecting the organization's image D. Reduced productivity of stuff using social media - CORRECT ANSWER B. Lack of guidance on appropriate social media usage and monitoring 302.* An organization is developing data classification standards and has asked internal audit for advice on aligning the standards with best practices. Internal audit would MOST likely recommend the standards should be: A. based on the business requirements for confidentiality of the information. B. aligned with the organization's segregation of duties requirements. C. based on the results of an organization-wide risk assessment. D. based on the business requirements for authentication of the information. - CORRECT ANSWER C. based on the results of an organization-wide risk assessment. (examtopics + freecram + exam-answer + 50 % voted) 303. An organization considers implementing a system that uses a technology that is not in line with the organization's IT strategy. Which of the following is the BEST justification for deviating from the IT strategy? A. The system makes use of state-of-the-art technology. B. The system has a reduced cost of ownership. C. The organization has staff familiar with the technology. D. The business benefits are achieved even with extra costs. * - CORRECT ANSWER D. The business benefits are achieved even with extra costs. (freecram + examtopics) 304. An organization is running servers with critical business applications that are in an area subject to frequent but brief power outages. Knowledge of which of the following would allow the organization's management to monitor the ongoing adequacy of the uninterruptible power supply (UPS)? A. Duration and interval of the power outages B. Business impact of server downtime C. Number of servers supported by the UPS D. Mean time to recover servers after failure - CORRECT ANSWER B. Business impact of server downtime (Most Voted *5 + pupuweb) A. Duration and interval of the power outages (freecram + examtopics) Organization's management can monitor the ongoing adequacy of the uninterruptible power supply (UPS). This information helps them understand if the UPS capacity is sufficient to provide power during outages and prevent downtime. 305. An organization implemented a cybersecurity policy last year. Which of the following is the GREATEST indicator that the policy may need to be revised? A. A significant increase in authorized connections to third parties B. A significant increase in cybersecurity audit findings C. A significant increase in external attack attempts D. A significant increase in approved exceptions - CORRECT ANSWER D. A significant increase in approved exceptions (examtopics + exam-answer) in the option B, the audit finding does not always mean the policy is not sufficient and need to udpate. However, the increasing of exception approval means that the policy is not cover all aspect hence exception approval is required. Approved exceptions are deviations from the cybersecurity policy that are authorized by management. When exceptions become more frequent, it suggests that the policy is not meeting the needs of the organization, and employees are finding ways to work around it. This may indicate that the policy is too strict, difficult to follow, or not aligned with business needs. As a result, the policy needs to be revised to better align with the needs of the organization while still providing adequate protection against cyber threats. Freecram: C pupuweb: B 306. A. The current business capabilities delivered by the legacy systemAn organization's enterprise architecture (EA) department decides to change a legacy system's components while maintaining its original functionality. Which of the following is MOST important for an IS auditor to understand when reviewing this decision? A. The current business capabilities delivered by the legacy system B. The database entity relationships within the legacy system C. The proposed network topology to be used by the redesigned system D. The data flows between the components to be used by the redesigned system - CORRECT ANSWER A. The current business capabilities delivered by the legacy system This is the MOST important consideration for an IS auditor because it relates directly to the organization's overall business objectives. The auditor should evaluate whether the proposed changes align with the organization's current business capabilities, processes, and workflows. They should also consider whether the changes will affect the system's ability to deliver the intended business value. 307. A legacy application is running on an operating system that is no longer supported by the vendor. If the organization continues to use the current application, which of the following should be the IS auditor's GREATEST concern? A. Potential exploitation of zero-day vulnerabilities in the system B. Inability to update the legacy application database C. Increased cost of maintaining the system D. Inability to use the operating system due to potential license issues - CORRECT ANSWER A. Potential exploitation of zero-day vulnerabilities in the system (Most voted *6 100% + pupuweb + freecram + exampracticetests + exam-answer) A legacy application is an old software application that is no longer updated or supported by the vendor. If the organization continues to use a legacy application on an unsupported operating system, it exposes the organization to a number of risks. One of the major risks is the potential exploitation of zero-day vulnerabilities in the system. A zero-day vulnerability is a software vulnerability that is unknown to the software vendor and can be exploited by attackers before the vendor releases a patch. In the case of an unsupported operating system, there will be no patches or updates released by the vendor to address the zero-day vulnerability. 308.* A system development project is experiencing delays due to ongoing staff shortages. Which of the following strategies would provide the GREATEST assurance of system quality at implementation? A. Utilize new system development tools to improve productivity. B. Deliver only the core functionality on the initial target date. C. Implement overtime pay and bonuses for all development staff. D. Recruit IS staff to expedite system development. - CORRECT ANSWER D. Recruit IS staff to expedite system development (freecram + examtopics + GPT + 50% voted) None of the other options addresses the underlying issue of staff shortage By recruiting additional IS staff, the project team can augment its capacity and address the staff shortage. This helps in distributing the workload, improving productivity, and ensuring that the project can progress at an appropriate pace without compromising quality. The additional staff can contribute their expertise and skills, reducing the risk of errors, oversights, and rushed development practices that can negatively impact system quality. 309.* When reviewing past results of a recurring annual audit, an IS auditor notes that findings may not have been reported and independence may not have been maintained. Which of the following IS the auditor's BEST course of action? A. Reevaluate internal controls B. Re-perform past audits to ensure independence C. Inform senior management D. Inform audit management - CORRECT ANSWER D. Inform audit management (examtopics + freecram + 2 voted) 310. An information systems security officer's PRIMARY responsibility for business process applications is to: A. create role-based rules for each business process. B. approve the organization's security policy. C. ensure access rules agree with policies. D. authorize secured emergency access. - CORRECT ANSWER C. ensure access rules agree with policies. (Most Voted *11 100% + pupuweb + exampracticetests + exam-answer) 311.* Coding standards provide which of the following? A. Access control tables B. Data flow diagrams C. Field naming conventions D. Program documentation - CORRECT ANSWER C. Field naming conventions pupuweb + examtopics 312. During which IT project phase is it MOST appropriate to conduct a benefits realization analysis? A. Post-implementation review phase B. Design review phase C. User acceptance testing (UAT) phase D. Final implementation phase - CORRECT ANSWER A. Post-implementation review phase 313. Due to a high volume of customer orders, an organization plans to implement a new application for customers to use for online ordering. Which type of testing is MOST important to ensure the security of the application prior to go-live? A. Stress testing B. User acceptance testing (UAT) C. Vulnerability testing D. Regression testing - CORRECT ANSWER C. Vulnerability testing (freecram + GPT + most voted * 5) 314. During an audit of identity and access management, an IS auditor finds that the engagement audit plan does not include the testing of controls that regulate access by third parties. Which of the following would be the auditor's BEST course of action? A. Add testing of third-party access controls to the scope of the audit. B. Plan to test these controls in another audit. C. Determine whether the risk has been identified in the planning documents. D. Escalate the deficiency to audit management. - CORRECT ANSWER D. Escalate the deficiency to audit management. (exam-answer) Escalating the deficiency to audit management is the BEST course of action because it allows the auditor to report the issue to higher management and obtain their support to address the deficiency. C. Determine whether the risk has been identified in the planning documents. (pupuweb + examtopics) 315. What is the PRIMARY reason for conducting a risk assessment when developing an annual IS audit plan? A. Identify and prioritize audit areas B. Determine the existence of controls in audit areas C. Provide assurance material items will be covered D. Decide which audit procedures and techniques to use * - CORRECT ANSWER A. Identify and prioritize audit areas 316. An employee transfers from an organization's risk management department to become the lead IS auditor. While in the risk management department, the employee helped develop the key performance indicators (KPIs) now used by the organization. Which of the following would pose the GREATEST threat to the independence of this auditor? A. Evaluating the effectiveness of IT risk management processes B. Recommending controls to address the IT risks identified by KPIs C. Developing KPIs to measure the internal audit team D. Training the IT audit team on IT risk management processes - CORRECT ANSWER C. Developing KPIs to measure the internal audit team (exam-answer + GPT + most voted) When an employee moves from one department to another, there is a potential risk that their previous role may influence their current role and create a conflict of interest. In this case, the employee helped develop the KPIs that are now being used by the organization, and these KPIs are being used to measure the effectiveness of the internal audit team. This means that the auditor may be evaluating their own work and performance, which could create a potential conflict of interest. the greatest threat to the independence of this auditor is developing KPIs to measure the internal audit team. This task creates a potential conflict of interest as the auditor may be evaluating their own work and performance. Correct Answer: B 317.* As part of an audit response, an auditee has concerns with the recommendations and is hesitant to implement them. Which of the following would be the BEST course of action for the IS auditor? A. Suggest hiring a third-party consultant to perform a current state assessment. B. Issue a final report without including the opinion of the auditee. C. Conduct further discussions with the auditee to develop a mitigation plan. D. Accept the auditee's response and perform additional testing. - CORRECT ANSWER C. Conduct further discussions with the auditee to develop a mitigation plan. (freecram + examtopics) 318. After discussing findings with an auditee, an IS auditor is required to obtain approval of the report from the CEO before issuing it to the audit committee. This requirement PRIMARILY affects the IS auditor's: A. judgment B. effectiveness C. independence D. integrity * - CORRECT ANSWER C. independence 319. During a review of IT service desk practices, an IS auditor notes that help desk personnel are spending more time fulfilling user requests for password resets than resolving critical incidents. Which of the following recommendations to IT management would BEST address this situation? A. Calculate the age of incident tickets and alert senior IT personnel when they exceed service level agreements (SLAs). B. Provide annual password management training to end users to reduce the number of instances requiring password resets. C. Incentivize service desk personnel to close incidents within agreed service levels. D. Implement a self-service solution and redirect users to access frequently requested services. - CORRECT ANSWER D. Implement a self-service solution and redirect users to access frequently requested services. 320. During which phase of a system development project should key performance indicators (KPIs) be established? A. Planning phase B. Initiation phase C. Execution phase D. Closure phase * - CORRECT ANSWER A. Planning phase 321.* An organization wants to change its project methodology to address increasing costs and process changes. Which of the following is the BEST methodology to use? A. Agile application development B. Waterfall application development C. Joint application development D. Object-oriented application development - CORRECT ANSWER A. Agile application development (5 voted 100%) D. Object-oriented application development (Correct) 322. A USB device containing sensitive production data was lost by an employee, and its contents were subsequently found published online. Which of the following controls is the BEST recommendation to prevent a similar recurrence? A. Monitoring data being down loaded on USB devices B. Using a strong encryption algorithm C. Training users on USB device security D. Electronically tracking portable devices - CORRECT ANSWER C. Training users on USB device security (pupuweb + 1 voted) B. Using a strong encryption algorithm (examtopics + 1 voted) 323. During an IT operations audit, multiple unencrypted backup tapes containing sensitive credit card information cannot be found. Which of the following presents theGREATEST risk to the organization? A. Human resource cost of responding to the incident B. Business disruption if a data restore cannot be completed C. Reputational damage due to potential identity theft D. The cost of recreating the missing backup tapes - CORRECT ANSWER C. Reputational damage due to potential identity theft 324 An organization uses multiple offsite data center facilities. Which of the following is MOST important to consider when choosing related backup devices and media? A. Associated costs B. Standardization C. Backup media capacity D. Restoration speed * - CORRECT ANSWER D. Restoration speed (pupuweb + GPT + 6 voted) Correct Answer: B 325.* Which of the following is MOST important to determine when conducting a post-implementation review? A. Whether the solution architecture complies with IT standards B. Whether success criteria have been achieved C. Whether lessons learned have been documented D. Whether the project has been delivered within the approved budget * - CORRECT ANSWER B. Whether success criteria have been achieved 326.* While reviewing an organization's business continuity plan (BCP), an IS auditor observes that a recently developed application is not included. The IS auditor should: A. ensure that the criticality of the application is determined. B. include in the audit findings that the BCP is incomplete. C. recommend that the application be incorporated in the BCP. D. ignore the observation as the application is not mission critical. - CORRECT ANSWER A. ensure that the criticality of the application is determined. (examtopics + pupuweb + freecram) 327.* Data anonymization helps to prevent which types of attacks in a big data environment? A. Man-in-the-middle B. Denial of service (DoS) C. Correlation D. Spoofing - CORRECT ANSWER anonymization 匿名化 C. Correlation Correlation attacks involve analyzing multiple datasets or combining different sources of data to uncover sensitive or personally identifiable information. By anonymizing the data, the relationships between individuals, their attributes, and their activities are obfuscated, making it difficult for attackers to perform correlation attacks and gain insights into personal information. 328. During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor's NEXT step should be to: A. note the noncompliance in the audit working papers. B. determine why the procedures were not followed. C. issue an audit memorandum identifying the noncompliance. D. include the noncompliance in the audit report. - CORRECT ANSWER B. determine why the procedures were not followed. 329. The PRIMARY objective of IT service level management is to: A. improve IT cost control. B. manage computer operations activities. C. satisfy customer requirements. D. increase awareness of IT services. - CORRECT ANSWER C. satisfy customer requirements. 330. The use of which of the following would BEST enhance a process improvement program? A. Balanced scorecard B. Project management methodologies C. Capability maturity models D. Model-based design notations * - CORRECT ANSWER C. Capability maturity models (examtopics + freecram) A. Balanced scorecard (pupuweb) 331.* Reconciliations have identified data discrepancies between an enterprise data warehouse and a revenue system for key financial reports. What is the GREATEST risk to the organization in this situation? A. The key financial reports may no longer be produced. B. Financial reports may be delayed. C. Undetected fraud may occur. D. Decisions may be made based on incorrect information. * - CORRECT ANSWER discrepancies 差異 D. Decisions may be made based on incorrect information. (freecram + GPT + examtopics) C. Undetected fraud may occur. (pupuweb) 332. An organization has recently implemented a Voice-over IP (VoIP) communication system. Which of the following should be the IS auditor's PRIMARY concern? A. Voice quality degradation due to packet loss B. Lack of integration of voice and data communications C. A single point of failure for both voice and data communications D. Inability to use virtual private networks (VPNs) for internal traffic - CORRECT ANSWER C. A single point of failure for both voice and data communications 333. When evaluating the ability of a disaster recovery plan (DRP) to enable the recovery of IT processing capabilities, it is MOST important for the IS auditor to verify the plan is: A. stored at an offsite location. B. communicated to department heads. C. regularly reviewed. D. periodically tested. - CORRECT ANSWER D. periodically tested. 334.* During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST: A. conduct additional compliance testing. B. issue an intermediate report to management. C. perform a business impact analysis (BIA). D. evaluate the impact on current disaster recovery capability. - CORRECT ANSWER D. evaluate the impact on current disaster recovery capability. (freecram + dumpsgate + examtopics) 335.* During a review, an IS auditor discovers that corporate users are able to access cloud-based applications and data from any Internet-connected web browser. Which of the following is the auditor's BEST recommendation to help prevent unauthorized access? A. Utilize strong anti-malware controls on all computing devices. B. Implement an intrusion detection system (IDS). C. Update security policies and procedures. D. Implement multi-factor authentication. - CORRECT ANSWER D. Implement multi-factor authentication. (coursehero + examtopics) The best recommendation to prevent unauthorized access in this scenario is to implement multi-factor authentication (MFA). According to CRM, "MFA is a security technique that requires two or more independent credentials for user authentication. MFA can be used to provide additional security for cloud-based services and applications." Thus, implementing MFA would be an effective way to prevent unauthorized access and maintain a secure environment. MFA is a security measure that requires users to provide two or more pieces of evidence to verify their identity before accessing cloud-based applications and data123. MFA can prevent unauthorized access by making it harder for attackers to compromise user credentials or bypass password protection 336.* To create a digital signature in a message using asymmetric encryption, it is necessary to: A. encrypt the authentication sequence using a public key. B. first use a symmetric algorithm for the authentication sequence. C. transmit the actual digital signature in unencrypted clear text. D. encrypt the authentication sequence using a private key. - CORRECT ANSWER D. encrypt the authentication sequence using a private key. (examtopics + 3 voted + GPT) Asymmetric Encryption Sender uses a public key to encrypt the data Receiver uses the private key to decrypt the encrypted data. For Signing Sender uses private key to create the message's signature Receiver uses public key to verify the signature. A. encrypt the authentication sequence using a public key. (freecram) 337. During an audit of an access control system, an IS auditor finds that RFID card readers are not connected via the network to a central server. Which of the following is the GREATEST risk associated with this finding? A. Lost or stolen cards cannot be disabled immediately. B. Card reader firmware updates cannot be rolled out automatically. C. The system is not easily scalable to accommodate a new device. D. Incidents cannot be investigated without a centralized log file. - CORRECT ANSWER A. Lost or stolen cards cannot be disabled immediately. Invoking a business continuity plan (BCP) is demonstrating which type of control? A. Preventive B. Corrective C. Directive D. Detective - CORRECT ANSWER B. Corrective 339. When determining whether a project in the design phase will meet organizational objectives, what is BEST to compare against the business case? A. Project plan B. Requirements analysis C. Implementation plan D. Project budget provisions - CORRECT ANSWER B. Requirements analysis 340.* The results of an IS audit indicating the need to strengthen controls has been communicated to the appropriate stakeholders. Which of the following is the BEST way for management to enforce implementation of the recommendations? A. Copy senior management on communications related to the audit B. Have stakeholders develop a business case for control changes C. Assign ownership to each remediation activity D. Request auditors to design a roadmap for closure - CORRECT ANSWER C. Assign ownership to each remediation activity 341.* Internal audit is conducting an audit of customer transaction risk. Which of the following would be the BEST reason to use data analytics? A. Transactional data is contained in multiple discrete systems that have varying levels of reliability. B. Anomalies and risk trends in the data set have yet to be defined. C. The audit is being performed to comply with regulations requiring periodic random sample testing. D. The audit focus is on a small number of predefined high-risk transactions. - CORRECT ANSWER B. Anomalies and risk trends in the data set have yet to be defined. (exam-answer + 12 voted) From CRM 27th, An IS auditor can use data analytics for the following purposes: • Identification of areas where poor data quality exists • Performance of risk assessment at the planning phase of an audit Reason for data analytics: Help identify anomalies & trends in large volumes of transactional data that may not be readily apparent through traditional audit procedures. By analyzing data, internal auditors can identify patterns & outliers potential fraud, errors, or other risks. Help auditors focus their efforts on areas that pose the greatest risk to the organization, enabling them to provide more effective and efficient audit coverage. 342. Critical processes are not defined in an organization's business continuity plan (BCP). Which of the following would have MOST likely identified the gap? A. Updating the risk register B. Reviewing the business continuity strategy C. Reviewing the business impact analysis (BIA) D. Testing the incident response plan - CORRECT ANSWER C. Reviewing the business impact analysis (BIA) 343. When auditing the closing stages of a system development project, which of the following should be the MOST important consideration? A. Rollback procedures B. Control requirements C. User acceptance test (UAT) results D. Functional requirements documentation - CORRECT ANSWER C. User acceptance test (UAT) results (freecram + examtopics + GPT) 344. Following a breach, what is the BEST source to determine the maximum amount of time before customers must be notified that their personal information may have been compromised? A. Industry standards B. Information security policy C. Incident response plan D. Industry regulations - CORRECT ANSWER D. Industry regulations (6 voted + exam-answer) best source to refer to is industry regulations. Industry regulations provide specific guidelines on how quickly affected individuals must be notified after a data breach has occurred. 345. A client/server configuration will: A. optimize system performance by having a server on a front-end and clients on a host. B. enhance system performance through the separation of front-end and back-end processes. C. keep track of all the clients using the IS facilities of a service organization. D. limit the clients and servers' relationship by limiting the IS facilities to a single hardware system. - CORRECT ANSWER B. enhance system performance through the separation of front-end and back-end process (upvoted 9) Server is backend and client is front end. So answer is B not A 346. The PRIMARY benefit of information asset classification is that it: A. enables risk management decisions. B. helps to align organizational objectives. C. prevents loss of assets. D. facilitates budgeting accuracy. - CORRECT ANSWER A. enables risk management decisions. 347. The implementation of an IT governance framework requires that the board of directors of an organization: A. approve the IT strategy. B. be informed of all IT initiatives. C. have an IT strategy committee. D. address technical IT issues. - CORRECT ANSWER A. approve the IT strategy. (exam-answer + pupuweb + Most voted 80%) 348. What is the PRIMARY reason to adopt a risk-based IS audit strategy? A. To achieve synergy between audit and other risk management functions B. To reduce the time and effort needed to perform a full audit cycle C. To prioritize available resources and focus on areas with significant risk D. To identify key threats, risks, and controls for the organization - CORRECT ANSWER synergy 協同作用 C. To prioritize available resources and focus on areas with significant risk 349. An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities. Which of the following is the BEST recommendation by the IS auditor? A. Improve the change management process B. Perform a configuration review C. Establish security metrics D. Perform a penetration test - CORRECT ANSWER B. Perform a configuration review 350. When conducting a post-implementation review of a new software application, an IS auditor should be MOST concerned with an increasing number of: A. change requests approved to add new services. B. updates required for the end-user operations manual. C. operational errors impacting service delivery. D. help desk calls requesting future enhancements. * - CORRECT ANSWER C. operational errors impacting service delivery. (coursehero + freecram) 351. When an IS auditor evaluates key performance indicators (KPIs) for IT initiatives, it is MOST important that the KPIs indicate: A. IT deliverables are process driven. B. IT objectives are measured. C. IT resources are fully utilized. D. IT solutions are within budget. - CORRECT ANSWER B. IT objectives are measured. 352. In which phase of penetration testing would host detection and domain name system (DNS) interrogation be performed? A. Reporting B. Attacks C. Discovery D. Planning - CORRECT ANSWER DNS interrogation = DNS詢問 C. Discovery 353. Which type of control is being implemented when a biometric access device is installed at the entrance to a facility? A. Preventive B. Deterrent C. Corrective D. Detective - CORRECT ANSWER A. Preventive 354. * Which of the following would an IS auditor consider the GREATEST risk associated with a mobile workforce environment? A. Loss or damage to the organization's assets B. Lack of compliance with organizational policies C. Decrease in employee productivity and accountability D. Inability to access data remotely - CORRECT ANSWER A. Loss or damage to the organization's assets (7 voted + GPT) D. Inability to access data remotely ( examtopics + freecram) 355. Which of the following key performance indicators (KPIs) provides stakeholders with the MOST useful information about whether information security risk is being managed? A. The number of security controls implemented B. Time from identifying security threats to implementing solutions C. Time from security log capture to log analysis D. The number of entries in the security risk register - CORRECT ANSWER B. Time from identifying security threats to implementing solutions 356.* Which of the following is MOST important when implementing a data classification program? A. Planning for secure storage capacity B. Understanding the data classification levels C. Formalizing data ownership D. Developing a privacy policy - CORRECT ANSWER C. Formalizing data ownership (examtopics + passeidireto + freecram) 357. Which of the following is an IS auditor's BEST recommendation to help an organization increase the efficiency of computing resources? A. Hardware upgrades B. Real-time backups C. Virtualization D. Overclocking the central processing unit (CPU) - CORRECT ANSWER C. Virtualization (exam-answer + pupuweb + examtopics) Overclocking = 超頻 Virtualization allows multiple operating systems to run on a single physical machine simultaneously. This means that multiple virtual machines can be created on a single physical machine, which can be used to increase efficiency and maximize computing resources. which can lead to cost savings by reducing the number of physical machines needed to run its operations. 358.* Which of the following would BEST manage the risk of changes in requirements after the analysis phase of a business application development project? A. Sign-off from the IT team B. Quality assurance (QA) review C. Ongoing participation by relevant stakeholders D. Expected deliverables meeting project deadlines * - CORRECT ANSWER C. Ongoing participation by relevant stakeholders (examtopics + coursehero + freecram) 359.* Which of the following is the BEST data integrity check? A. Tracing data back to the point of origin B. Performing a sequence check C. Counting the transactions processed per day D. Preparing and running test data - CORRECT ANSWER A. Tracing data back to the point of origin. Tracing data back to the point of origin involves validating the source and ensuring that data has been accurately captured and entered into the system. This check helps identify any discrepancies or errors that may have occurred during data input or transfer processes. can verify its accuracy, completeness, and consistency throughout its journey within the system. It involves verifying whether the data matches the original source, such as documents, forms, or electronic data feeds. B. Performing a sequence check: A sequence check involves ensuring that data records or transactions are processed or recorded in the correct order or sequence. While this check can be helpful in certain situations, it does not provide a complete assessment of data integrity on its own. 360. Which of the following BEST ensures the quality and integrity of test procedures used in audit analytics? A. Developing and communicating test procedure best practices to audit teams B. Centralizing procedures and implementing change control C. Developing and implementing an audit data repository D. Decentralizing procedures and implementing periodic peer review * - CORRECT ANSWER B. Centralizing procedures and implementing change control (upvoted 10 times + pupuweb + freecram) Centralizing procedures and implementing change control provide effective mechanisms for ensuring the quality and integrity of test procedures used in audit analytics A. Developing and communicating ....(exam-answer) Option A is the best choice because it emphasizes the importance of developing and communicating test procedure best practices to audit teams. This approach helps to standardize procedures, improve the consistency of testing, and reduce the risk of errors or omissions. The best practices should cover all aspects of test procedures, such as data preparation, analysis techniques, quality control, and documentation. 361. Which of the following features of a library control software package would protect against unauthorized updating of source code? A. Access controls for source libraries B. Date and time stamping of source and object code C. Required approvals at each life cycle step D. Release-to- release comparison of source code * - CORRECT ANSWER A. Access controls for source libraries 362.* Which of the following security testing techniques is MOST effective in discovering unknown malicious attacks? A. Penetration testing B. Sandboxing C. Vulnerability testing D. Reverse engineering - CORRECT ANSWER A. Penetration testing(exampracticetests + pupuweb + GPT) MOST effective in discovering unknown malicious attacks than Vulnerability testing B. Sandboxing (freecram) Sandboxing is a security technique that isolates an application or process from the rest of the system, preventing it from accessing or modifying other resources. It is not a type of security testing, but rather a security mechanism that can be used to protect a system from potentially malicious code or inputs. Sandboxing can be useful for testing applications in a safe environment, but it does not discover unknown malicious attacks by itself. 363. Which of the following should be the PRIMARY objective of conducting an audit follow-up of management action plans? A. To verify that risks listed in the audit report have been properly mitigated B. To ensure senior management is aware of the audit findings C. To identify new risks and controls for the organization D. To align the management action plans with business requirements - CORRECT ANSWER A. To verify that risks listed in the audit report have been properly mitigated 364.* Which of the following is the BEST use of a balanced scorecard when evaluating IT performance? A. Determining compliance with relevant regulatory requirements B. Monitoring alignment of IT with the rest of the organization C. Evaluating implementation of the business strategy D. Monitoring alignment of the IT project portfolio to budget * - CORRECT ANSWER C. Evaluating implementation of the business strategy BSC is strategic performance measurement framework that helps organizations assess the extent to which their activities align with the overall business strategy. By using BSC, IT performance can be evaluated based on how well it contributes to and aligns with the organization's business strategy. Why Not B: BSC provides a more comprehensive framework that encompasses strategic alignment as one of the dimensions. (alignment of IT ) Why not D: d) is a more specific aspect of financial performance management rather than a comprehensive evaluation of IT performance. 365. Which of the following is the MOST appropriate role for an IS auditor assigned as a team member for a software development project? A. Implementing controls within the software B. Developing user acceptance testing (UAT) scripts C. Performing a mid-term evaluation of the project management process D. Monitoring assessed risk for the project - CORRECT ANSWER D. Monitoring assessed risk for the project (Most Voted *8 + freecram + GPT) 366.* Which of the following should be of GREATEST concern for an IS auditor reviewing an organization's bring your own device (BYOD) policy? A. Not all devices are approved for BYOD. B. The policy does not include the right to audit BYOD devices. C. A mobile device management (MDM) solution is not implemented. D. The policy is not updated annually. * - CORRECT ANSWER C. A mobile device management (MDM) solution is not implemented. (examtopics + freecram) Mobile device management solution is critical in a BYOD environment as it allows the organization to enforce security policies, manage and monitor devices, and protect sensitive data. Without an MDM solution in place, the organization would have limited control and visibility over the devices connected to their network, increasing the risk of unauthorized access, data breaches, and other security incidents. 367.* Which of the following statements appearing in an organization's acceptable use policy BEST demonstrates alignment with data classification standards related to the protection of information assets? A. Information assets should only be accessed by persons with a justified need. B. All information assets must be encrypted when stored on the organization's systems. C. Any information assets transmitted over a public network must be approved by executive management. D. All information assets will be assigned a clearly defined level to facilitate proper employee handling. - CORRECT ANSWER D. All information assets will be assigned a clearly defined level to facilitate proper employee handling. (pupuweb + examtopics) 368. Which of the following information security requirements BEST enables the tracking of organizational data in a bring your own device (BYOD) environment? A. Employees must immediately report lost or stolen mobile devices containing organizational data. B. Employees must use auto-lock features and complex passwords on personal devices. C. Employees must sign acknowledgment of the organization's mobile device acceptable use policy. D. Employees must enroll their personal devices in the organization's mobile device management program. - CORRECT ANSWER D. Employees must enroll their personal devices in the organization's mobile device management program. 369.* Which of the following is MOST important for an IS auditor to verify when evaluating an organization's firewall? A. Logs are being collected in a separate protected host. B. Access to configuration files is restricted. C. Automated alerts are being sent when a risk is detected. D. Insider attacks are being controlled - CORRECT ANSWER B. Access to configuration files is restricted. B). critical factor to ensure the effectiveness and security of a firewall. Firewall configuration files contain the rules and settings that determine how the firewall filters and controls network traffic. If unauthorized individuals gain access to these files, they can potentially manipulate the firewall settings, bypass security measures, or introduce vulnerabilities. 370. Which of the following would be of GREATEST concern to an IS auditor reviewing backup and recovery controls? A. Backup procedures are not documented. B. Weekly and monthly backups are stored onsite. C. Backups are stored in an external hard drive. D. Restores from backups are not periodically tested. * - CORRECT ANSWER D. Restores from backups are not periodically tested. 371.(R) Which of the following should be an IS auditor's GREATEST concern when reviewing an organization's security controls for policy compliance? A. Security policies are not applicable across all business units. B. End users are not required to acknowledge security policy training. C. The security policy has not been reviewed within the past year. D. Security policy documents are available on a public domain website. * - CORRECT ANSWER A. Security policies are not applicable across all business units. 372. Which of the following should be the PRIMARY basis for prioritizing follow-up audits? A. Audit cycle defined in the audit plan B. Recommendation from executive management C. Residual risk from the findings of previous audits D. Complexity of management's action plans - CORRECT ANSWER C. Residual risk from the findings of previous audits (exampracticetests + pupuweb + examtopics) 373. Which of the following should be an IS auditor's GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations? A. IT budgeting constraints B. Availability of responsible IT personnel C. Risk rating of original findings D. Business interruption due to remediation - CORRECT ANSWER C. Risk rating of original findings 374.* Which of the following is the MOST useful information for an IS auditor to review when formulating an audit plan for the organization's outsourced service provider? A. Service level agreement (SLA) reports B. The service provider's control self-assessment (CSA) C. The organization's procurement policy D. Independent audit reports - CORRECT ANSWER D. Independent audit reports (coursehero + examtopics + freecram) Independent audit reports provide an objective assessment of the outsourced service provider's controls, processes, and compliance with relevant standards or regulations. These reports are typically conducted by external auditors or third-party firms and offer an unbiased evaluation of the service provider's operations. Reviewing independent audit reports allows the IS auditor to: 1. Evaluate control effectiveness 2. Identify control deficiencies 3. Validate compliance 375. Which of the following should be the MOST important consideration when prioritizing the funding for competing IT projects? A. Skills and capabilities within the project management team B. Quality and accuracy of the IT project inventory C. Criteria used to determine the benefits of projects D. Senior management preferences - CORRECT ANSWER C. Criteria used to determine the benefits of projects 376.* Which of the following is the MOST important consideration when investigating a security breach of an e-commerce application? A. Skill set of the response team B. Chain of custody C. Notifications to law enforcement D. Procedures to analyze evidence - CORRECT ANSWER D. Procedures to analyze evidence The analysis of evidence helps determine the nature and scope of the breach, identify the vulnerabilities exploited, and gather insights into the attacker's methods and motives. It aids in understanding the impact of the breach and formulating an appropriate response. Why procedures to analyze evidence are of utmost importance: 1. Root cause identification 2. Scope assessment 3. Forensic investigation B. Chain of custody: The chain of custody is crucial for maintaining the integrity of the evidence, but it is a component of evidence handling and does not directly determine the investigation's success or the breach's understanding. 377. Which of the following indicates that an internal audit organization is structured to support the independence and clarity of the reporting process? A. The internal audit manager has a reporting line to the audit committee. B. The internal audit manager reports functionally to a senior management official. C. Auditors are responsible for assessing and operating a system of internal controls. D. Auditors are responsible for performing operational duties or activities. - CORRECT ANSWER clarity 明晰 A. The internal audit manager has a reporting line to the audit committee. 378.* Which of the following would BEST protect the confidentiality of sensitive data in transit between multiple offices? A. Digital signatures B. Public key infrastructure (PKI) C. Hash algorithms D. Kerberos - CORRECT ANSWER B. Public key infrastructure (PKI) PKI is a comprehensive system that uses asymmetric encryption & digital certificates to secure communications and ensure the confidentiality, integrity, and authenticity of data. why PKI is the best choice for this scenario: 1. Encryption: PKI employs asymmetric encryption 2. Digital certificates: PKI uses digital certificates to verify the identities of participants in the communication. 3. Trust hierarchy: PKI establishes a trust hierarchy with root CAs at the top, followed by intermediate CAs and end-entity certificates. A. Digital signatures Used for data integrity and authentication purposes, ensuring that the data has not been tampered (被竄改) with and verifying the identity of the sender. While they provide important security features, they do not directly protect the confidentiality of data during transit. 379. Which of the following is MOST likely to ensure that an organization's systems development meets its business objectives? A. Business owner involvement B. A project plan with clearly identified requirements C. A focus on strategic projects D. Segregation of systems development and testing * - CORRECT ANSWER A. Business owner involvement 380. Which of the following is MOST important to review when planning for an IS audit of an organization's cross-border data transfers? A. Previous external audit reports B. Applicable regulatory requirements C. Offshore supplier risk assessments D. Long-term IS strategy * - CORRECT ANSWER B. Applicable regulatory requirements 381. Which of the following is MOST likely to be a project deliverable of an agile software development methodology? A. Automated software programming routines B. Rapidly created working prototypes C. Extensive project documentation D. Strictly managed software requirements baselines - CORRECT ANSWER B. Rapidly created working prototypes 382.* Which of the following is the BEST way to mitigate the risk associated with malicious changes to binary code during the software development life cycle (SDLC)? A. Parity check B. Digital envelope C. Cryptographic hash D. Segregation of duties - CORRECT ANSWER C. Cryptographic hash They will develop hash for every version so if source code is changed the hash will be no longer valid 383. Which of the following application input controls would MOST likely detect data input errors in the customer account number field during the processing of an accounts receivable transaction? A. Limit check B. Reasonableness check C. Validity check D. Parity check * - CORRECT ANSWER C. Validity check 384. Which of the following types of environmental equipment will MOST likely be deployed below the floor tiles of a data center? A. Temperature sensors B. Humidity sensors C. Water sensors D. Air pressure sensors - CORRECT ANSWER C. Water sensors (pupuweb + freecram) Water and Smoke Detectors In the computer room, water detectors should be placed under raised floors and near drain holes, even if the computer room is on a high floor (because of possible water leaks). Any unattended equipment storage facilities should also have water detectors. 385. Which of the following is the BEST justification for deferring remediation testing until the next audit? A. The auditor who conducted the audit and agreed with the timeline has left the organization. B. Management's planned actions are sufficient given the relative importance of the observations. C. Auditee management has accepted all observations reported by the auditor. D. The audit environment has changed significantly. * - CORRECT ANSWER B. Management's planned actions are sufficient given the relative importance of the observations. (exam-answer + freecram + examtopics) This means that management has taken sufficient actions to address the identified weaknesses or non-compliance issues, and the auditor believes that the planned actions will be effective in resolving the issues. 386. Which of the following would BEST help to ensure the availability of data stored with a cloud provider? A. Confirming the cloud provider has a disaster recovery site B. Requiring the provider to conduct daily backups C. Defining service level agreements (SLAs) in the contract D. Defining the reporting process and format - CORRECT ANSWER C. Defining service level agreements (SLAs) in the contract (freecram + examtopics) 387.* Which of the following security assessment techniques attempts to exploit a system's open ports? A. Vulnerability scanning B. Penetration testing C. Network scanning D. Password cracking - CORRECT ANSWER B. Penetration testing (freecram + 6 voted + GPT) It is c as network scanning is one phase of penetration testing "Network scanning" is not the technique that attempts to exploit a system's open ports. The technique that attempts to exploit a system's open ports is "Penetration testing". network scanning can identify open ports, it does not involve exploiting them. 388. Which of the following provides the MOST assurance that new information systems are ready for migration to the production environment? A. Approval by the change advisory board B. Results of end user acceptance testing (UAT) C. Results of penetration testing performed by the development team D. System quality assurance (QA) performed by an in-house team * - CORRECT ANSWER B. Results of end user acceptance testing (UAT) 389. Which of the following controls BEST ensures appropriate segregation of duties within an accounts payable department? A. Including the creator's user ID as a field in every transaction record created B. Ensuring that audit trails exist for transactions C. Restricting access to update programs to accounts payable staff only D. Restricting program functionality according to user security profiles * - CORRECT ANSWER D. Restricting program functionality according to user security profiles. (pupuweb + freecram + examtopics) 390. Which of the following reports would provide the GREATEST assurance to an IS auditor about the controls of a third party that processes critical data for the organization? A. Independent control assessment B. Black box penetration test report C. The third party's control self-assessment (CSA) D. Vulnerability scan report * - CORRECT ANSWER A. Independent control assessment 391. * Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (IDSs)? A. An increase in the number of internally reported critical incidents B. An increase in the number of unfamiliar sources of intruders C. An increase in the number of identified false positives D. An increase in the number of detected incidents not previously identified - CORRECT ANSWER D. An increase in the number of detected incidents not previously identified (examtopics + pupuweb + GPT) Signature-based IDSs - Comparing network traffic or system activity against a database of known attack signatures - Goal is to detect & identify known threats based on these signatures - Increase in number of detected incidents that were not previously identified = Effectiveness of signature-based IDS. A. = 內部報告的嚴重事件數量增加, does not specifically address the effectiveness of the IDS itself. 392. * Which of the following should be done by an IS auditor during a post-implementation review of a critical application that has been operational for six months? A. Test program system interfaces. B. Verify the accuracy of data conversions. C. Assess project management risk reports. D. Examine project change request logs. - CORRECT ANSWER D. Examine project change request logs. (freecram + examtopics + voted *3) Allows auditor to review any changes made to application after go live. Examining change request logs helps assess whether changes were properly authorized, documented & tested, and whether they have had any unexpected impacts on the system's performance or security. Provides insights into the change management process, which is a crucial aspect of maintaining the application's stability and integrity. B. Verify the accuracy of data conversions. (Most voted *4 + GPT) This involves assessing whether data from the previous system was accurately converted and transferred to the new system without any errors or discrepancies. It helps ensure the integrity & reliability of the data within the critical application. 393. Which of the following types of testing would BEST mitigate the risk of a newly implemented system adversely impacting existing systems? A. User acceptance testing (UAT) B. Functionality testing C. Sociability testing D. Unit testing - CORRECT ANSWER C. Sociability testing 394.* Which of the following would be of GREATEST concern to an IS auditor reviewing an organization's security incident handling procedures? A. Annual tabletop exercises are performed instead of functional incident response exercises. B. Roles for computer emergency response team (CERT) members have not been formally documented. C. Guidelines for prioritizing incidents have not been identified. D. Workstation antivirus software alerts are not regularly reviewed. - CORRECT ANSWER C. Guidelines for prioritizing incidents have not been identified. KW: security incident handling procedures (freecram + examtopics + Most voted) emphasis is on "incident handling procedures", what does it has to do with antivirus not been reviewed on regular basis. when testing incidents auditors are more concerned that they are critical incidents monitored and resolved. 395.* Which of the following is the MOST important consideration for an organization when strategizing to comply with privacy regulations? A. Ensuring up-to-date knowledge of where customer personal data is saved. B. Ensuring there are staff members with in-depth knowledge of the regulations. C. Ensuring regular access recertification to information systems. D. Ensuring contracts with third parties that process customer data are regularly updated. - CORRECT ANSWER when strategizing to comply with privacy regulations? (當制定遵守隱私法規的策略？) A. Ensuring up-to-date knowledge of where customer personal data is saved. (examtopics + GPT) B. Ensuring there are staff members with in-depth knowledge of the regulations. (exam-answer) 396. Which of the following should an IS auditor review FIRST during the audit of an organization's business continuity plan (BCP)? A. System recovery time objectives (RTOs) B. List of critical business processes C. System recovery manuals and documentation D. Frequency of business database replication - CORRECT ANSWER B. List of critical business processes 397. Which of the following BEST ensures the confidentiality of sensitive data during transmission? A. Password protecting data over virtual local area networks (VLAN) B. Sending data through proxy servers C. Sending data over public networks using Transport Layer Security (TLS) D. Restricting the recipient through destination IP addresses * - CORRECT ANSWER C. Sending data over public networks using Transport Layer Security (TLS) 'tls' is same that 'ssl' is perfect pki method 398.* Which of the following is the BEST detective control for a job scheduling process involving data transmission? A. Metrics denoting the volume of monthly job failures are reported and reviewed by senior management. B. Jobs are scheduled to be completed daily and data is transmitted using a Secure File Transfer Protocol (SFTP). C. Job failure alerts are automatically generated and routed to support personnel. D. Jobs are scheduled and a log of this activity is retained for subsequent review. - CORRECT ANSWER denoting (表示) C. Job failure alerts are automatically generated and routed to support personnel. (examtopics + GPT + pupuweb) 399. Which of the following is MOST important when creating a forensic image of a hard drive? A. Generating a content hash of the hard drive B. Choosing an industry-leading forensics software tool C. Requiring an independent third-party be present w hi le imaging D. Securing a backup copy of the hard drive - CORRECT ANSWER A. Generating a content hash of the hard drive 400.* Which of the following is the GREATEST concern associated with a high number of IT policy exceptions approved by management? A. The exceptions are likely to continue indefinitely. B. The exceptions may negatively impact process efficiency. C. The exceptions may elevate the level of operational risk. D. The exceptions may result in noncompliance. - CORRECT ANSWER D. The exceptions may result in noncompliance. (passquestion + pupuweb + GPT)