Question No : 1
Which of the following BEST Indicates that an incident management process is effective?

• A.Decreased time for incident resolution
• B.Increased number of incidents reviewed by IT management
• C.Decreased number of calls lo the help desk
• D.Increased number of reported critical incidents

Show Answers

Answer:

Question No : 2
Which of the following would BEST enable an organization to address the security risks associated with a recently implemented bring your own device (BYOD) strategy?

• A.Mobile device tracking program
• B.Mobile device upgrade program
• C.Mobile device testing program
• D.Mobile device awareness program

Show Answers

Answer:

Question No : 3
Which of the following is the GREATEST concern associated with a high number of IT policy exceptions approved by management?

• A.The exceptions are likely to continue indefinitely.
• B.The exceptions may result in noncompliance.
• C.The exceptions may elevate the level of operational risk.
• D.The exceptions may negatively impact process efficiency.

Show Answers

Answer:

Question No : 4
An online retailer is receiving customer complaints about receiving different items from what they ordered on the organization's website. The root cause has been traced to poor data quality. Despite efforts to clean erroneous data from the system, multiple data quality issues continue to occur.
Which of the following recommendations would be the BEST way to reduce the likelihood of future occurrences?

• A.Assign responsibility for improving data quality.
• B.Invest in additional employee training for data entry.
• C.Outsource data cleansing activities to reliable third parties.
• D.Implement business rules to validate employee data entry.

Show Answers

Answer:

Question No : 5
While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed with the audit function.
In order to resolve the situation, the IS auditor's BEST course of action would be to:

• A.re-prioritize the original issue as high risk and escalate to senior management.
• B.schedule a follow-up audit in the next audit cycle.
• C.postpone follow-up activities and escalate the alternative controls to senior audit management.
• D.determine whether the alternative controls sufficiently mitigate the risk.

Show Answers

Answer:

Question No : 6
A financial group recently implemented new technologies and processes.
Which type of IS audit would provide the GREATEST level of assurance that the department's objectives have been met?

• A.Performance audit
• B.Integrated audit
• C.Cyber audit
• D.Financial audit

Show Answers

Answer:

Question No : 7
Which of the following is the MOST important responsibility of user departments associated with program changes?

• A.Providing unit test data
• B.Analyzing change requests
• C.Updating documentation lo reflect latest changes
• D.Approving changes before implementation

Show Answers

Answer:

Question No : 8
CORRECT TEXT
Which of the following findings should be of GREATEST concern for an IS auditor when auditing the effectiveness of a phishing simulation test administered for staff members?

• A.Staff members who failed the test did not receive follow-up education
• B.Test results were not communicated to staff members.
• C.Staff members were not notified about the test beforehand.
• D.Security awareness training was not provided prior to the test.

Show Answers

Answer:

Question No : 9
In a small IT web development company where developers must have write access to production, the BEST recommendation of an IS auditor would be to:

• A.hire another person to perform migration to production.
• B.implement continuous monitoring controls.
• C.remove production access from the developers.
• D.perform a user access review for the development team

Show Answers

Answer:

Question No : 10
An externally facing system containing sensitive data is configured such that users have either read-only or administrator rights. Most users of the system have administrator access.
Which of the following is the GREATEST risk associated with this situation?

• A.Users can export application logs.
• B.Users can view sensitive data.
• C.Users can make unauthorized changes.
• D.Users can install open-licensed software.

Show Answers

Answer: