To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.
The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Some new sample questions:
Question:
Which of the following poses the GREATEST potential concern for an organization that decides to consolidate mission-critical applications on a large server as part of IT capacity management?
A. More applications may be negatively affected by outages on the server.
B. Continuous monitoring efforts for server capacity may be costly.
C. Network bandwidth may be degraded during peak hours.
D. Accurate server capacity forecasting may be more difficult.
Question:
An IS auditor is reviewing an organization’s risk management program. Which of the following should be the PRIMARY driver of the enterprise IT risk appetite?
A. Strategic objectives
B. Return on investment (ROI)
C. Cost of implementing controls
D. Likelihood of risk events
Question:
Which of the following security measures is MOST important for protecting Internet of Things (IoT) devices from potential cyberattacks?
A. Logging and monitoring network traffic
B. Confirming firmware compliance to current security requirements
C. Changing default passwords
D. Reviewing and updating the network diagram on a regular basis
Question:
Which of the following should be of GREATEST concern to an IS auditor reviewing project documentation for a client relationship management (CRM) system migration project?
A. The technical migration is planned for a holiday weekend and end users may not be available.
B. Five weeks prior to the target date, there are still numerous defects in the printing functionality.
C. A single implementation phase is planned and the legacy system will be immediately decommissioned.
D. Employees are concerned that data representation in the new system is completely different from the old system.
…..
Some new sample question:
Question:
Which of the following observations should be of GREATEST concern to an IS auditor reviewing an organization’s enterprise architecture (EA) program?
A. IT application owners have sole responsibility for architecture approval.
B. The architecture review board is chaired by the CIO.
C. Information security requirements are reviewed by the EA program.
D. The EA program governs projects that are not IT-related.
Question:
In which phase of the audit life cycle process should an IS auditor initially discuss observations with management?
A. Planning phase
B. Reporting phase
C. Follow-up phase
D. Fieldwork phase
Question:
Aligning IT strategy with business strategy PRIMARILY helps an organization to:
A. Increase involvement of senior management in IT.
B. Optimize investments in IT.
C. Create risk awareness across business units.
D. Monitor the effectiveness of IT.
Question:
Which of the following should be of GREATEST concern to an IS auditor reviewing system interfaces used to transfer publicly available information?
A. A system interface tracking program is not enabled.
B. The data has not been encrypted.
C. Data is intercepted while in transit between systems.
D. The data from the originating system differs from the downloaded data.
……….
Some new sample questions:
Question:
Which of the following is an example of shadow IT?
A. An employee using a cloud based order management tool without approval from IT
B. An employee using a company provided laptop to access personal banking information
C. An employee using personal email to communicate with clients without approval from IT
D. An employee using a company-provided tablet to access social media during work hours
Question:
An organization has decided to reengineer business processes to improve the performance of overall IT service delivery. Which of the following recommendations from the project team should be the GREATEST concern to the IS auditor?
A. Disable operational logging to enhance the processing speed and save storage.
B. Adopt a service delivery model based on insights from peer organizations.
C. Delegate business decisions to the chief risk officer (CRO).
D. Eliminate certain reports and key performance indicators (KPIs)
Question:
An IS auditor is reviewing the service management of an outsourced help desk. Which of the following is the BEST indicator of how effectively the service provider is performing this function?
A. Average ticket age
B. Number of calls worked
C. Customer satisfaction ratings
D. Call transcript reviews
Question:
During recent post-implementation reviews, an IS auditor has noted that several deployed applications are not being used by the business. The MOST likely cause would be the lack of:
A. IT portfolio management.
B. IT resource management.
C. system support documentation.
D. change management.
Question:
An IS auditor is reviewing an organization’s cloud access security broker (CASB) solution. Which ofthe following is MOST important for the auditor to verify?
A. Cloud services are classified.
B. Users are centrally managed.
C. Cloud processes are resilient.
D. Users are periodically recertified.
……….
Hello, the Premium file is only 170q, it says it should be 1198q
Hi,
We haved fixed link.
You can download exam now.
Thanks
Some new questions:
Q
An IS auditor finds that a new network connection allows communication between the Internet and the internal enterprise resource planning (ERP) system. Which of the following is the PRIMARY business impact to include when presenting this observation to management?
A. An increase to the threat landscape
B. A decrease in data quality in the ERP system
C. A decrease in network performance
D. An increase in potential fines from regulators
Q
During an IS audit of a data center, it was found that programmers are allowed to make emergency fixes to operational programs. Which of the following should be the IS auditor’s PRIMARY recommendation?
A. Programmers should be allowed to implement emergency fixes only after obtaining verbal agreement from the application owner.
B. Emergency program changes should be subject to program migration and testing procedures before they are applied to operational systems.
C. Bypass user ID procedures should be put in place to ensure that the changes are subject to after-the-event approval and testing.
Q
An IS auditor determines elevated administrator accounts for servers that are not properly checked out and then back in after each use. Which of the following is the MOST appropriate sampling technique to determine the scope of the problem?
A. Haphazard sampling
B. Random sampling
C. Statistical sampling
D. Stratified sampling
Q
An organization has decided to purchase a web-based email service from a third-party vendor and eliminate its own email server infrastructure. What type of cloud computing environment would BEST meet the organization’s objective?
A. Platform as a Service (PaaS)
B. Software as a Service (SaaS)
C. Database as a Service (DBaaS)
D. Infrastructure as a Service (laaS)
…….
Some new questions:
Q
An IS auditor is evaluating an enterprise resource planning (ERP) migration from local systems to the cloud. Who should be responsible for the data classification in this project?
A. Information security officer
B. Database administrator (DBA)
C. Information owner
D. Data architect
Q
What would be the PRIMARY reason an IS auditor would recommend replacing universal PIN codes with an RFID access card system at a data center?
A. To improve traceability
B. To prevent piggybacking
C. To implement multi-factor authentication
D. To reduce maintenance costs
Q
Which of the following provides the BEST evidence of the validity and integrity of logs in an organization’s security information and event management (SIEM) system?
A. Compliance testing
B. Stop-or-go sampling
C. Substantive testing
D. Variable sampling
Q
What is the FIRST step when creating a data classification program?
A. Categorize and prioritize data.
B. Develop data process maps.
C. Categorize information by owner.
D. Develop a policy.
Q
In a high-volume, real-time system, the MOST effective technique by which to continuously monitor and analyze transaction processing is:
A. integrated test facility (ITF).
B. parallel simulation.
C. transaction tagging.
D. embedded audit modules.
Q
Which of the following is the MAIN responsibility of the IT steering committee?
A. Reviewing and assisting with IT strategy integration efforts
B. Developing and assessing the IT security strategy
C. Implementing processes to integrate security with business objectives
D. Developing and implementing the secure system development framework
Q
Which of the following non-audit activities may impair an IS auditor’s independence and objectivity?
A. Evaluating a third-party customer satisfaction survey
B. Providing advice on an IT project management framework
C. Designing security controls for a new cloud-based workforce management system
D. Reviewing secure software development guidelines adopted by an organization
…..