Professional Documents
Culture Documents
2024 Becker CPA Information Systems & Controls (ISC) Mock Exam Questions
2024 Becker CPA Information Systems & Controls (ISC) Mock Exam Questions
The production and fixed asset cycles interface with which of the following transaction
cycles to submit purchase orders and invoices?
D. Treasury cycles
QUESTION 2
Shoe-ify Inc. is a new platform that lets companies design shoes based on their customers'
foot shapes and running pronation patterns. The platform serves as an online
marketplace that allows companies' customers to design shoes, which the company then
builds and sells to the customer. Shoe-ify also provides other turn-key functions such as
built-in direct marketing services, payment processing, and logistics services. This is an
example of what type of cloud service provider?
A. Platform-as-a-Service
B. Software-as-a-Service
C. Infrastructure-as-a-Service
D. Business-Process-as-a-Service
QUESTION 3
Which of the following framework functions in the Privacy Framework Core best describes
the function that would include categories such as risk management strategy, awareness
and training, and monitoring review?
A. Identify
B. Control
C. Protect
D. Govern
QUESTION 4
Retailer Alex Co. recently purchased a new point-of-sale (POS) system to replace its
legacy system for transaction processing and is evaluating different approaches to
integrate the new software. Alex decided to take a parallel implementation approach as it
wants to be able to switch back to the legacy system if it encounters complications.
Which of the following change management controls does this reflect?
A. Separation of duties
C. Post-implementation testing
D. Reversion access
QUESTION 5
Which of the following best describes the overview of CIS Control 04: Secure
Configuration of Enterprise Assets and Software?
A. Use processes and tools to create, assign, manage, and revoke access
credentials and privileges for enterprise assets and software.
B. Establish and maintain the secure configuration of both software and assets
within the enterprise.
D. Improve protections and detections of digital threats such as email and web
vectors.
QUESTION 6
Which of the following best describes the analytics and usage stage of the data life
cycle?
A. The stage that focuses on the determination of whether the data is complete,
clean, current, encrypted, and user-friendly
B. The stage that focuses on the data being useful internally to the organization
rather than being shared with external users and stakeholders
C. The stage that focuses on sharing the information with external users so the
organization no longer has sole control of how the data will be used
D. The stage that focuses on moving data sets from active systems to passive
systems in part to reduce security risks
QUESTION 7
A regional managed services provider (MSP) provides IT services to clients of various sizes
and budgets. One of its smaller customers is on a restricted budget and has very little
incremental data generated daily that requires a backup. However, the client's
applications heavily rely on this stored data, and the company is willing to pay more per
backup but perform them less frequently so the data can be restored quickly using a
single file in the event of a system failure. Which of the following forms of backup should
the client implement?
A. Incremental backup
B. Differential backup
C. Full backup
A. Budget planning.
B. Capacity planning.
C. Strategy planning.
D. Continuity planning.
QUESTION 9
Which CIS Control best describes the recommendation to establish and maintain a
program designed to influence behavior among the workforce to be security conscious
and properly skilled to reduce cybersecurity risks to the enterprise?
A. Recover
B. Protect
C. Identify
D. Detect
QUESTION 11
Which of the following is a common document found in the revenue cycle?
A. Packing slip
B. Bank statement
C. Bill of materials
D. Voucher
QUESTION 12
Which of the following components of the NIST CSF Framework Core describes the
function that outlines how a company should notify all affected parties while containing a
cybersecurity event?
A. Recover
B. Detect
C. Protect
D. Respond
QUESTION 13
What should a company do when seeking competitive advantages in planning for the
implementation of a new software system?
II. A firewall is a network node used to improve network traffic and to set up a
boundary that prevents traffic from one network segment from crossing over to
another.
III. A firewall can serve as a physical barrier that separates one part of a data center
from another.
D. Cost of lost revenue from former customers no longer using the organization's
services due to the breach
QUESTION 18
The targeted time it should take to restore a company's operations to a target state after
a system failure and the actual time it takes to restore operations to that target state refer
to which of the following concepts?
A. Vendor contract for alternate processing site, names of persons on the disaster
recovery team, off-site storage procedures.
A. Feasible
B. Measurable
C. Align
D. Focus
QUESTION 22
A system that transforms economic events into journal entries and disseminates
information that supports daily operations is:
A. System testing
B. Unit testing
C. Acceptance testing
D. Integration testing
QUESTION 26
Which of the following is least likely to be an example of an administrative safeguard
required for an organization considered a covered entity under HIPAA guidance in
relation to its administrative functions?
C. Contingency plans
B. Mirroring
D. Replication
QUESTION 28
Organizations seeking cloud service providers (CSP) that are compliant with varying
industry regulations, such as HIPAA or consumer privacy laws, may inquire if the CSP has
adopted standards specifically focused on operating in the cloud set by which of the
following entities?
A. Reduced costs
B. Quality control
D. IT expertise
QUESTION 30
Algexo Corporation is establishing a data dictionary to help its database administrators
maintain the database and help ensure that its analysts can identify the data needed.
Which of the following best describes a scenario where Algexo Corporation's data
dictionary is not functioning appropriately to accomplish the organization's goals?
A. The "Amount" attribute within the database provides information related to the
dollar figure in U.S. currency of the specified transaction from the customer.
B. The "Invoice Date" attribute within the database provides information related to
the date that payment was received by the corporation from the customer.
D. The "Last Name" attribute within the database provides information related to
the surname of the customer for the specific transaction.
QUESTION 31
When conducting an audit of a service organization's network infrastructure, a service
auditor finds a device that acts as the network's central hub and is therefore a potential
single point of failure if it quits working. Which topology is least likely to result in a
potential single point of failure?
A. Ring topology
B. Bus topology
C. Mesh topology
D. Star topology
QUESTION 32
Brown Co, a pharmaceutical company, is evaluating cloud service providers (CSPs) for
hosting several of its custom-built applications virtually. It should consider all of the
following risks, except:
B. Organizational structures
C. Process
D. Information
QUESTION 37
Kelsey is a senior specialist in the IT department of a remote work organization and is
looking to view and extract specific data for use in the analysis of internal organization
personnel. Kelsey's goal in her analysis is to get a confirmation of the physical locations of
each employee within the organization to better plan a budget around shipping logistics
for sending new laptops to organization employees. Which of the following SQL queries
would most likely give Kelsey a complete list of relevant data to begin her analysis?
A. Preparation
B. Synthesis
C. Publication
D. Definition
QUESTION 40
The AICPA issued guidance regarding patch management in a SOC 2® audit that states
service auditors should:
C. Continuously monitor patch releases for a limited period after the audit.