Online Practice Questions Flashcards

1
Q

Which of the following is the BEST performance indicator for the effectiveness of an incident management program?

A. Incident alert meantime
B. Number of incidents reported
C. Average time between incidents
D. Incident resolution meantime

A

D. Incident resolution meantime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Backups will MOST effectively minimize a disruptive incident’s impact on a business if they are:

A. taken according to RPOs
B. scheduled according to the service delivery objectives
C. performed by automated backup software
D. stored on write-once read-many media

A

B. scheduled according to the service delivery objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An IS audit reveals that an organization is not proactively addressing known vulnerabilities. Which of the following should the IS auditor recommend the organization do FIRST?

A. Ensure the intrusion prevention system (IPS) is effective.
B. Verify the disaster recovery plan (DRP) has been tested.
C. Assess the security risks to the business.
D. Confirm the incident response team understands the issue.

A

C. Assess the security risks to the business.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An IS auditor has completed the fieldwork phase of a network security review and is preparing the initial draft of the audit report. Which of the following findings should be ranked as the HIGHEST risk?

A. Network penetration tests are not performed.
B. The network firewall policy has not been approved by the information security officer.
C. Network firewall rules have not been documented.
D. The network device inventory is incomplete.

A

D. The network device inventory is incomplete.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is the PRIMARY advantage of parallel processing for a new system implementation?

A. Assurance that the new system meets functional requirements
B. Significant cost savings over other system implementation approaches
C. More time for users to complete training for the new system
D. Assurance that the new system meets performance requirements

A

A. Assurance that the new system meets functional requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

During an internal audit of automated controls, an IS auditor identifies that the integrity of data transfer between systems has not been tested since successful implementation two years ago. Which of the following should the auditor do NEXT?

A. Review previous system interface testing records.
B. Document the finding in the audit report.
C. Review relevant system changes.
D. Review IT testing policies and procedures.

A

C. Review relevant system changes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The MAIN benefit of using an integrated test facility (ITF) as an online auditing technique is that it enables:

A. the integration of financial and audit tests.
B. auditors to test without impacting production data.
C. a cost-effective approach to application controls audit.
D. auditors to investigate fraudulent transactions.

A

B. auditors to test without impacting production data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?

A. Adherence to best practice and industry approved methodologies
B. Frequency of meetings where the business discusses the IT portfolio
C. Assignment of responsibility for each project to an IT team member
D. Controls to minimize risk and maximize value for the IT portfolio

A

D. Controls to minimize risk and maximize value for the IT portfolio

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following would BEST facilitate the successful implementation of an IT-related framework?

A. Establishing committees to support and oversee framework activities
B. Documenting IT-related policies and procedures
C. Aligning the framework to industry best practices
D. Involving appropriate business representation within the framework

A

D. Involving appropriate business representation within the framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the MAIN reason to use incremental backups?

A. To increase backup resiliency and redundancy
B. To reduce costs associates with backups
C. To improve key availability metrics
D. To minimize the backup time and resources

A

D. To minimize the backup time and resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An organization is planning an acquisition and has engaged an IS auditor to evaluate the IT governance framework of the target company. Which of the following would be MOST helpful in determining the effectiveness of the framework?

A. Recent third-party IS audit reports
B. Current and previous internal IS audit reports
C. IT performance benchmarking reports with competitors
D. Self-assessment reports of IT capability and maturity

A

A. Recent third-party IS audit reports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

When auditing the security architecture of an online application, an IS auditor should FIRST review the:

A. location of the firewall within the network.
B. firewall standards.
C. firmware version of the firewall.
D. configuration of the firewall.

A

D. configuration of the firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Due to limited storage capacity, an organization has decided to reduce the actual retention period for media containing completed low-value transactions. Which of the following is MOST important for the organization to ensure?

A. The policy includes a strong risk-based approach.
B. The retention period complies with data owner responsibilities.
C. The retention period allows for review during the year-end audit.
D. The total transaction amount has no impact on financial reporting.

A

A. The policy includes a strong risk-based approach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following should an IS auditor be MOST concerned with during a post-implementation review?

A. The system does not have a maintenance plan.
B. The system contains several minor defects.
C. The system deployment was delayed by three weeks.
D. The system was over budget by 15%.

A

B. The system contains several minor defects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is the PRIMARY basis on which audit objectives are established?

A. Audit risk
B. Consideration of risks
C. Assessment of prior audits
D. Business strategy

A

B. Consideration of risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly