Â
Â
40. Which of the following is MOST important to consider when selecting an automated fire suppression system for an unmanned data center?
A.      Onsite support by the vendor
B.      Maintenance costs
C.      Likelihood of fires at the data center
D.     Potential damage to equipment
Â
Â
Answer: D
Â
41. Which of the following is the MOST efficient method for an organization with strong configuration and release management to prepare a new system?
A.      A fresh configuration based on the manufacturer default configuration
B.      An existing system configuration consisting of recorded baselines
C.      A new configuration built from the ground up according to approved standards
D.     A configuration imported from a successfully implemented production system
Â
Answer: B
Â
Â
42. An IS auditor is reviewing the security of a banking system that uses hardware-based encryption. Which of the following is the PRIMARY objective for the adoption of this type of encryption?
A.      To simplify the key management process
B.      To improve encryption algorithm efficiency
C.      To increase encryption key length
D.     To provide secure key management
Â
Â
Answer: D
Â
Â
43. Which of the following should be of GREATEST concern to an IS auditor when reviewing public key infrastructure (PKI)?
A.      There is more than one certificate authority (CA).
B.      The organization’s private key is backed up at the certificate authority (CA).
C.      The certificate authority (CA) delegates the verification process to the registration authority.
D.     The organization’s public key has been shared without authorization by business partners.
Â
Answer: B
Â
Â
44. An IS auditor is reviewing a bank’s service level agreement (SLA) with a third-party provider that hosts the bank’s secondary data center. Which of the following findings should be of GREATEST concern to the auditor?
A.      The recovery point objective (RPO) has a shorter duration than documented in the disaster recovery plan (DRP).
B.      Backup data is hosted online only.
C.      The SLA has not been in reviewed in more than a year.
D.     The recovery time objective (RTO) has a longer duration than documented in the disaster recovery plan (DRP).
Â
Answer: D
Â
Â
45. Which of the following should be of MOST concern to an IS auditor reviewing an organization’s IT policies?
A.      The policies are not mapped to industry best practices.
B.      The policies are primarily targeted toward IT staff.
C.      The policies are reviewed and approved by an organizational IT committee.
D.     The policies are not regularly reviewed and updated.
Â
Answer: D
Â
Â
46. Which of the following methods would MOST effectively provide positive authentication for physical access?
A.      Retina scan
B.      Numeric keypads and surveillance camera
C.      A smart card and a security guard
D.     Proximity card
Â
Answer: A
Â
Â
47. Which of the following would be the MOST likely basis for determining a data retention period for audit trail purposes?
A.      Regulatory requirements
B.      Generally accepted audit standards
C.      Computer forensic principles
D.     Control risks
Â
Answer: A

Â
48 An IS auditor finds that some employees are using public cloud-based Al tools. Which of the following presents the GREATEST concern?
A.      Data reliability
B.      Data leakage
C.      Copyright infringements
D.     Cost overruns
Â
Answer: B
Â
49. An IS auditor is reviewing an organization’s continuous integration development logs over a period of 12 months. Which of the following sampling methods is BEST suited for compliance testing?
A.      Judgmental sampling
B.      Variable sampling
C.      Attribute sampling
D.     Random sampling
Â
Answer: C
Â
Â
50. In the context of audit algorithms, which of the following is a characteristic of a supervised learning model?
A.      The audit algorithm learns by itself without any monitoring by an auditor.
B.      The audit algorithm needs to be constantly monitored by an auditor.
C.      The audit algorithm learns from labeled data where the outcome is known.
D.     The audit algorithm does not require any data to make predictions.
Â
Answer: C
Â
Â
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.