السؤال #1

Responsibility for the governance of IT should rest with the:

A. IT strategy committe

B. chief information officer (CIO)

C. audit committe

D. board of director

عرض الإجابة

اجابة صحيحة: D

السؤال #2

Data edits are implemented before processing and are considered which of the following? Choose the BEST answer.

A. Deterrent integrity controls

B. Detective integrity controls

C. Corrective integrity controls

D. Preventative integrity controls

عرض الإجابة

اجابة صحيحة: A

السؤال #3

Off-site data storage should be kept synchronized when preparing for recovery of time-sensitive data such as that resulting from which of the following? Choose the BEST answer.

A. Financial reporting

B. Sales reporting

C. Inventory reporting

D. Transaction processing

عرض الإجابة

اجابة صحيحة: C

السؤال #4

Which of the following online auditing techniques is most effective for the early detection of errors or irregularities?

A. Embedded audit module

B. Integrated test facility

C. Snapshots

D. Audit hooks

عرض الإجابة

اجابة صحيحة: D

السؤال #5

The PRIMARY benefit of implementing a security program as part of a security governance framework is the:

A. alignment of the IT activities with IS audit recommendation

B. enforcement of the management of security risk

C. implementation of the chief information security officer's (CISO) recommendation

D. reduction of the cost for IT securit

عرض الإجابة

اجابة صحيحة: D

السؤال #6

After the merger of two organizations, multiple self-developed legacy applications from both companies are to be replaced by a new common platform. Which of the following would be the GREATEST risk?

A. Project management and progress reporting is combined in a project management office which is driven by external consultant

B. The replacement effort consists of several independent projects without integrating the resource allocation in a portfolio management approac

C. The resources of each of the organizations are inefficiently allocated while they are being familiarized with the other company's legacy system

D. The new platform will force the business areas of both organizations to change their work processes, which will result in extensive training need

عرض الإجابة

اجابة صحيحة: C

السؤال #7

In a public key infrastructure (PKI), the authority responsible for the identification and authentication of an applicant for a digital certificate (i.e., certificate subjects) is the:

A. registration authority (RA)

B. issuing certification authority (CA)

C. subject C

D. policy management authorit

عرض الإجابة

اجابة صحيحة: C

السؤال #8

The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to:

A. comply with regulatory requirement

B. provide a basis for drawing reasonable conclusion

C. ensure complete audit coverag

D. perform the audit according to the defined scop

عرض الإجابة

اجابة صحيحة: A

السؤال #9

Which audit technique provides the BEST evidence of the segregation of duties in an IS department?

A. Discussion with management

B. Review of the organization chart

C. Observation and interviews

D. Testing of user access rights

عرض الإجابة

اجابة صحيحة: B

السؤال #10

Which of the following is a dynamic analysis tool for the purpose of testing software modules?

A. Blackbox test

B. Desk checking

C. Structured walk-through

D. Design and code

عرض الإجابة

اجابة صحيحة: C

السؤال #11

For which of the following applications would rapid recovery be MOST crucial?

A. Point-of-sale system

B. Corporate planning

C. Regulatory reporting

D. Departmental chargeback

عرض الإجابة

اجابة صحيحة: B

السؤال #12

How can minimizing single points of failure or vulnerabilities of a common disaster best be controlled?

A. By implementing redundant systems and applications onsite

B. By geographically dispersing resources

C. By retaining onsite data backup in fireproof vaults

D. By preparing BCP and DRP documents for commonly identified disasters

عرض الإجابة

اجابة صحيحة: B

السؤال #13

Which of the following BEST restricts users to those functions needed to perform their duties?

A. Application level access control

B. Data encryption

C. Disabling floppy disk drives

D. Network monitoring device

عرض الإجابة

اجابة صحيحة: B

السؤال #14

The MAIN purpose of a transaction audit trail is to:

A. reduce the use of storage medi

B. determine accountability and responsibility for processed transaction

C. help an IS auditor trace transaction

D. provide useful information for capacity plannin

عرض الإجابة

اجابة صحيحة: B

السؤال #15

An IS auditor notes that patches for the operating system used by an organization are deployed by the IT department as advised by the vendor. The MOST significant concern an IS auditor should have with this practice is the nonconsideration bylT of:

A. the training needs for users after applying the patc

B. any beneficial impact of the patch on the operational system

C. delaying deployment until testing the impact of the patc

D. the necessity of advising end users of new patche

عرض الإجابة

اجابة صحيحة: B

السؤال #16

What process uses test data as part of a comprehensive test of program controls in a continuous online manner?

A. Test data/deck

B. Base-case system evaluation

C. Integrated test facility (ITF)

D. Parallel simulation

عرض الإجابة

اجابة صحيحة: B

السؤال #17

At the end of the testing phase of software development, an IS auditor observes that an intermittent software error has not been corrected. No action has been taken to resolve the error. The IS auditor should:

A. report the error as a finding and leave further exploration to the auditee's discretio

B. attempt to resolve the erro

C. recommend that problem resolution be escalate

D. ignore the error, as it is not possible to get objective evidence for the software erro

عرض الإجابة

اجابة صحيحة: A

السؤال #18

An example of a direct benefit to be derived from a proposed IT-related business investment is:

A. enhanced reputatio

B. enhanced staff moral

C. the use of new technolog

D. increased market penetratio

عرض الإجابة

اجابة صحيحة: D

السؤال #19

Which of the following should an IS auditor use to detect duplicate invoice records within an invoice master file?

A. Attribute sampling

B. Generalized audit software (GAS)

C. Test data

D. Integrated test facility (ITF)

عرض الإجابة

اجابة صحيحة: A

السؤال #20

What kind of protocols does the OSI Transport Layer of the TCP/IP protocol suite provide to ensure reliable communication?

A. Nonconnection-oriented protocols

B. Connection-oriented protocols

C. Session-oriented protocols

D. Nonsession-oriented protocols

عرض الإجابة

اجابة صحيحة: A

السؤال #21

An audit charter should:

A. be dynamic and change often to coincide with the changing nature of technology and the audit professio

B. clearly state audit objectives for, and the delegation of, authority to the maintenance and review of internal control

C. document the audit procedures designed to achieve the planned audit objective

D. outline the overall authority, scope and responsibilities of the audit functio

عرض الإجابة

اجابة صحيحة: A

السؤال #22

A company undertakes a business process reengineering (BPR) project in support of a new and direct marketing approach to its customers. Which of the following would be an IS auditor's main concern about the new process?

A. Whether key controls are in place to protect assets and information resources

B. If the system addresses corporate customer requirements

C. Whether the system can meet the performance goals (time and resources)

D. Whether owners have been identified who will be responsible for the process

عرض الإجابة

اجابة صحيحة: C

السؤال #23

When are benchmarking partners identified within the benchmarking process?

A. In the design stage

B. In the testing stage

C. In the research stage

D. In the development stage

عرض الإجابة

اجابة صحيحة: B

السؤال #24

Mitigating the risk and impact of a disaster or business interruption usually takes priority over transference of risk to a third party such as an insurer. True or false?

A. True

B. False

عرض الإجابة

اجابة صحيحة: D

السؤال #25

An IS auditor should use statistical sampling and not judgment (nonstatistical) sampling, when:

A. the probability of error must be objectively quantifie

B. the auditor wishes to avoid sampling ris

C. generalized audit software is unavailabl

D. the tolerable error rate cannot be determine

عرض الإجابة

اجابة صحيحة: A

السؤال #26

Which of the following will help detect changes made by an intruder to the system log of a server?

A. Mirroring the system log on another server

B. Simultaneously duplicating the system log on a write-once disk

C. Write-protecting the directory containing the system log

D. Storing the backup of the system log offsite

عرض الإجابة

اجابة صحيحة: A

السؤال #27

IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. True or false?

A. True

B. False

عرض الإجابة

اجابة صحيحة: A

السؤال #28

In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend?

A. Automated logging of changes to development libraries

B. Additional staff to provide separation of duties

C. Procedures that verify that only approved program changes are implemented

D. Access controls to prevent the operator from making program modifications

عرض الإجابة

اجابة صحيحة: A

السؤال #29

The IS auditor learns that when equipment was brought into the data center by a vendor, the emergency power shutoff switch was accidentally pressed and the UPS was engaged. Which of the following audit recommendations should the IS auditor suggest?

A. Relocate the shut off switc

B. Install protective cover

C. Escort visitor

D. Log environmental failure

عرض الإجابة

اجابة صحيحة: A

السؤال #30

When evaluating the collective effect of preventive, detective or corrective controls within a process, an IS auditor should be aware of which of the following?

A. The point at which controls are exercised as data flow through the system

B. Only preventive and detective controls are relevant

C. Corrective controls can only be regarded as compensating

D. Classification allows an IS auditor to determine which controls are missing

عرض الإجابة

اجابة صحيحة: D

السؤال #31

If senior management is not committed to strategic planning, how likely is it that a company's implementation of IT will be successful?

A. IT cannot be implemented if senior management is not committed to strategic plannin

B. More likel

C. Less likel

D. Strategic planning does not affect the success of a company's implementation of I

عرض الإجابة

اجابة صحيحة: B

السؤال #32

Which of the following is the PRIMARY advantage of using computer forensic software for investigations?

A. The preservation of the chain of custody for electronic evidence

B. Time and cost savings

C. Efficiency and effectiveness

D. Ability to search for violations of intellectual property rights

عرض الإجابة

اجابة صحيحة: C

السؤال #33

The implementation of access controls FIRST requires:

A. a classification of IS resource

B. the labeling of IS resource

C. the creation of an access control lis

D. an inventory of IS resource

عرض الإجابة

اجابة صحيحة: A

السؤال #34

From a risk management point of view, the BEST approach when implementing a large and complex IT infrastructure is:

A. a big bang deployment after proof of concep

B. prototyping and a one-phase deploymen

C. a deployment plan based on sequenced phase

D. to simulate the new infrastructure before deploymen

عرض الإجابة

اجابة صحيحة: A

السؤال #35

Which of the following processes should an IS auditor recommend to assist in the recording of baselines for software releases?

A. Change management

B. Backup and recovery

C. incident management

D. Configuration management

عرض الإجابة

اجابة صحيحة: B

السؤال #36

Which of the following controls would an IS auditor look for in an environment where duties cannot be appropriately segregated?

A. Overlapping controls

B. Boundary controls

C. Access controls

D. Compensating controls

عرض الإجابة

اجابة صحيحة: C

السؤال #37

Proper segregation of duties prohibits a system analyst from performing quality-assurance functions. True or false?

A. True

B. False

عرض الإجابة

اجابة صحيحة: A

السؤال #38

A LAN administrator normally would be restricted from:

A. having end-user responsibilitie

B. reporting to the end-user manage

C. having programming responsibilitie

D. being responsible for LAN security administratio

عرض الإجابة

اجابة صحيحة: A

السؤال #39

In reviewing the IS short-range (tactical) plan, an IS auditor should determine whether:

A. there is an integration of IS and business staffs within project

B. there is a clear definition of the IS mission and visio

C. a strategic information technology planning methodology is in plac

D. the plan correlates business objectives to IS goals and objective

عرض الإجابة

اجابة صحيحة: A

السؤال #40

Which type of major BCP test only requires representatives from each operational area to meet to review the plan?

A. Parallel

B. Preparedness

C. Walk-thorough

D. Paper

عرض الإجابة

اجابة صحيحة: D

السؤال #41

To support an organization's goals, an IS department should have:

A. a low-cost philosoph

B. long- and short-range plan

C. leading-edge technolog

D. plans to acquire new hardware and softwar

عرض الإجابة

اجابة صحيحة: B

السؤال #42

The decisions and actions of an IS auditor are MOST likely to affect which of the following risks?

A. Inherent

B. Detection

C. Control

D. Business

عرض الإجابة

اجابة صحيحة: B

السؤال #43

________________ (fill in the blank) should be implemented as early as data preparation to support data integrity at the earliest point possible.

A. Control totals

B. Authentication controls

C. Parity bits

D. Authorization controls

عرض الإجابة

اجابة صحيحة: D

السؤال #44

Which of the following processes are performed during the design phase of the systemsdevelopment life cycle (SDLC) model?

A. Develop test plan

B. Baseline procedures to prevent scope cree

C. Define the need that requires resolution, and map to the major requirements of the solutio

D. Program and test the new syste

E. The tests verify and validate what has been develope

عرض الإجابة

اجابة صحيحة: A

السؤال #45

Which of the following is MOST is critical during the business impact assessment phase of business continuity planning?

A. End-user involvement

B. Senior management involvement

C. Security administration involvement

D. IS auditing involvement

عرض الإجابة

اجابة صحيحة: A

السؤال #46

A critical function of a firewall is to act as a:

A. special router that connects the Internet to a LA

B. device for preventing authorized users from accessing the LA

C. server used to connect authorized users to private trusted network resource

D. proxy server to increase the speed of access to authorized user

عرض الإجابة

اجابة صحيحة: B

السؤال #47

Which of the following types of transmission media provide the BEST security against unauthorized access?

A. Copper wire

B. Twisted pair

C. Fiberoptic cables

D. Coaxial cables

عرض الإجابة

اجابة صحيحة: C

السؤال #48

What influences decisions regarding criticality of assets?

A. The business criticality of the data to be protected

B. Internal corporate politics

C. The business criticality of the data to be protected, and the scope of the impact upon the organization as a whole

D. The business impact analysis

عرض الإجابة

اجابة صحيحة: B

السؤال #49

When developing a formal enterprise security program, the MOST critical success factor (CSF) would be the:

A. establishment of a review boar

B. creation of a security uni

C. effective support of an executive sponso

D. selection of a security process owne

عرض الإجابة

اجابة صحيحة: A

السؤال #50

Which of the following would an IS auditor consider the MOST relevant to short-term planning for an IS department?

A. Allocating resources

B. Keeping current with technology advances

C. Conducting control self-assessment

D. Evaluating hardware needs

عرض الإجابة

اجابة صحيحة: A

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان

عرض الإجابات بعد التقديم

لا تريد أن تفوت شيئا؟

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع! احصل الان

عرض الإجابات بعد التقديم

اجتياز اختبار الممارسة Cisco وPMP وCISA وCISM وAWS بنسبة 100% للبيع!
احصل الان