ISACA CISA v2022-12-29 q155
ISACA CISA v2022-12-29 q155
ISACA CISA v2022-12-29 q155
q155
NEW QUESTION: 1
When auditing the alignment of IT to the business strategy, it is MOST Important for the IS
auditor to:
A. evaluate deliverables of new IT initiatives against planned business services.
B. ensure an IT steering committee is appointed to monitor new IT projects.
C. compare the organization's strategic plan against industry best practice.
D. interview senior managers for their opinion of the IT function.
Answer: A (LEAVE A REPLY)
NEW QUESTION: 2
Which of the following is the BEST source of information for an IS auditor to use as a
baseline to assess the adequacy of an organization's privacy policy?
A. Historical privacy breaches and related root causes
B. Benchmark studies of similar organizations
C. Local privacy standards and regulations
D. Globally accepted privacy best practices
Answer: (SHOW ANSWER)
NEW QUESTION: 3
An IS auditor is reviewing an organization's information asset management process. Which
of the following would be of GREATEST concern to the auditor?
A. Identification of asset value is not included in the process.
B. Process ownership has not been established.
C. The process does not include asset review.
D. The process does not require specifying the physical locations of assets.
Answer: (SHOW ANSWER)
NEW QUESTION: 4
When testing the adequacy of tape backup procedures, which step BEST verifies that
regularly scheduled Backups are timely and run to completion?
A. Reviewing a sample of system-generated backup logs
B. Observing the execution of a daily backup run
C. Evaluating the backup policies and procedures
D. Interviewing key personnel evolved In the backup process
Answer: (SHOW ANSWER)
NEW QUESTION: 5
Which of the following is the BEST recommendation to prevent fraudulent electronic funds
transfers by accounts payable employees?
A. Periodic vendor reviews
B. Dual control
C. Engage an external security incident response expert for incident handling.
D. Independent reconciliation
E. Re-keying of monetary amounts
Answer: (SHOW ANSWER)
NEW QUESTION: 6
Which of the following should be of GREATEST concern to an |$ auditor reviewing data
conversion and migration during the implementation of a new application system?
A. The change management process was not formally documented
B. Data conversion was performed using manual processes
C. Unauthorized data modifications occurred during conversion,
D. Backups of the old system and data are not available online
Answer: (SHOW ANSWER)
NEW QUESTION: 7
Which of following is MOST important to determine when conducing a post-implementation
review?
A. Whether the solution architecture compiles with IT standards
B. Whether the project has been delivered within the approved budget
C. Whether success criteria have been achieved
D. Whether lessons teamed have been documented
Answer: (SHOW ANSWER)
NEW QUESTION: 8
Which of the following are BEST suited for continuous auditing?
A. Low-value transactions
B. Irregular transactions
C. Real-lime transactions
D. Manual transactions
Answer: (SHOW ANSWER)
NEW QUESTION: 9
An IS auditor has completed the fieldwork phase of a network security review and is
preparing the initial following findings should be ranked as the HIGHEST risk?
A. The network firewall policy has not been approved by the information security officer.
B. Network firewall rules have not been documented.
C. Network penetration tests are not performed
D. The network device inventory is incomplete.
Answer: (SHOW ANSWER)
NEW QUESTION: 10
A. The new system has resulted m layoffs of key experienced personnel.
B. Data from the legacy system is not migrated correctly to the new system.
C. The new system is not platform agnostic
D. Users have not been trained on the new system.
Answer: B (LEAVE A REPLY)
NEW QUESTION: 11
Which of the following is the MOST important activity in the data classification process?
A. Labeling the data appropriately
B. Identifying risk associated with the data
C. Determining accountability of data owners
D. Determining the adequacy of privacy controls
Answer: (SHOW ANSWER)
NEW QUESTION: 12
Which of the following is MOST important for an IS auditor to confirm when reviewing an
organization's plans to implement robotic process automation (RPA> to automate routine
business tasks?
A. A request for proposal (RFP) has been issued to qualified vendors.
B. A benchmarking exercise of industry peers who use RPA has been completed.
C. Roles and responsibilities are defined for the business processes in scope.
D. The end-to-end process is understood and documented.
Answer: (SHOW ANSWER)
NEW QUESTION: 13
The PRIMARY benefit of information asset classification is that it:
A. facilitates budgeting accuracy.
B. prevents loss of assets.
C. enables risk management decisions.
D. helps to align organizational objectives.
Answer: (SHOW ANSWER)
NEW QUESTION: 14
Which of the following is MOST effective for controlling visitor access to a data center?
A. Pre-approval of entry requests
B. Visitors sign in at the front desk upon arrival
C. Closed-circuit television (CCTV) is used to monitor the facilities
D. Visitors are escorted by an authorized employee
Answer: D (LEAVE A REPLY)
NEW QUESTION: 15
The BEST way to determine whether programmers have permission to alter data in the
production environment is by reviewing:
A. the access rights that have been granted.
B. the access control system's log settings.
C. how the latest system changes were implemented.
D. the access control system's configuration.
Answer: (SHOW ANSWER)
NEW QUESTION: 16
Which of the following is MOST important for an IS auditor to consider when performing
the risk assessment poor to an audit engagement?
A. The results of the previous audit
B. The amount of time since the previous audit
C. The design of controls
D. Industry standards and best practices
Answer: (SHOW ANSWER)
Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)
NEW QUESTION: 17
In a 24/7 processing environment, a database contains several privileged application
accounts with passwords set to never expire. Which of the following recommendations
would BEST address the risk with minimal disruption to the business?
A. Introduce database access monitoring into the environment
B. Schedule downtime to implement password changes.
C. Modify applications to no longer require direct access to the database.
D. Modify the access management policy to make allowances for application accounts.
Answer: (SHOW ANSWER)
NEW QUESTION: 18
An IS auditor is reviewing an organization's primary router access control list. Which of the
following should result in a finding?
A. There is only one rule per group with access privileges.
B. Individual permissions are overriding group permissions.
C. There are conflicting permit and deny rules for the IT group.
D. The network security group can change network address translation (NAT).
Answer: (SHOW ANSWER)
NEW QUESTION: 19
An IS auditor finds that firewalls are outdated and not supported by vendors. Which of the
following should be the auditor's NEXT course of action?
A. Determine the risk of not replacing the firewall.
B. Determine the value of the firewall.
C. Report the security posture of the organization.
D. Report the mitigating controls.
Answer: (SHOW ANSWER)
NEW QUESTION: 20
A. Whether there is explicit permission from regulators to collect personal data
B. The organization's legitimate purpose for collecting personal data
C. The encryption mechanism selected by the organization for protecting personal data
D. Whether sharing of personal information with third-party service providers is prohibited
Answer: (SHOW ANSWER)
NEW QUESTION: 21
Which of the following is the PRIMARY reason to follow a configuration management
process to maintain application?
A. To ensure proper change control
B. To optimize asset management workflows
C. To optimize system resources
D. To follow system hardening standards
Answer: (SHOW ANSWER)
NEW QUESTION: 22
Which of the following is a detective control?
A. Backup procedures
B. Programmed edit checks for data entry
C. Verification of hash totals
D. Use of pass cards to gain access to physical facilities
Answer: (SHOW ANSWER)
NEW QUESTION: 23
What is the PRIMARY benefit of an audit approach which requires reported findings to be
issued together with related action plans, owners, and target dates?
A. it establishes accountability for the action plans
B. it helps to ensure factual accuracy of findings
C. it facilitates easier audit follow-up
D. it enforces action plan consensus between auditors and auditees
Answer: A (LEAVE A REPLY)
NEW QUESTION: 24
During a follow-up audit, an IS auditor finds that some critical recommendations have the
IS auditor's BEST course of action?
A. Evaluate senior management's acceptance of the risk.
B. Adjust the annual risk assessment accordingly.
C. Update the audit program based on management's acceptance of risk.
D. Require the auditee to address the recommendations in full.
Answer: (SHOW ANSWER)
NEW QUESTION: 25
A data breach has occurred due lo malware. Which of the following should be the FIRST
course of action?
A. Shut down the affected systems.
B. Quarantine the impacted systems.
C. Notify customers of the breach.
D. Notify the cyber insurance company.
Answer: (SHOW ANSWER)
NEW QUESTION: 26
An organization has developed mature risk management practices that are followed across
all departments What is the MOST effective way for the audit team to leverage this risk
management maturity?
A. Integrating the risk register for audit planning purposes
B. Implementing risk responses on management's behalf
C. Facilitating audit risk identification and evaluation workshops
D. Providing assurances to management regarding risk
Answer: (SHOW ANSWER)
NEW QUESTION: 27
Which of the following would provide an IS auditor with the GREATEST assurance that
data disposal controls support business strategic objectives?
A. Media sanitization policy
B. Media shredding policy
C. Media recycling policy
D. Media labeling policy
Answer: (SHOW ANSWER)
NEW QUESTION: 28
Documentation of workaround processes to keep a business function operational during
recovery of IT systems is a core part of a:
A. disaster recovery plan (DRP).
B. business continuity plan (BCP).
C. business impact analysis (BIA).
D. threat and risk assessment.
Answer: B (LEAVE A REPLY)
NEW QUESTION: 29
Which of the following would be an IS auditor's GREATEST concern when reviewing the
early stages of a software development project?
A. The lack of technical documentation to support the program code
B. The lack of completion of all requirements at the end of each sprint
C. The lack of a detailed unit and system test plan
D. The lack of acceptance criteria behind user requirements.
Answer: (SHOW ANSWER)
NEW QUESTION: 30
A. The logs were monitored.
B. The domain controller was classified for high availability.
C. the patches were updated.
D. The network traffic was being monitored.
Answer: (SHOW ANSWER)
NEW QUESTION: 31
An organization is planning to implement a work-from-home policy that allows users to
work remotely as needed. Which of the following is the BEST solution for ensuring secure
remote access to corporate resources?
A. Virtual desktop
B. Additional firewall rules
C. Virtual private network (VPN)
D. Multi-factor authentication
Answer: (SHOW ANSWER)
Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)
NEW QUESTION: 32
Which of the following is the MOST effective control to mitigate unintentional misuse of
authorized access?
A. Formalized disciplinary action
B. Security awareness training
C. Regular monitoring of user access logs
D. Annual sign-off of acceptable use policy
Answer: (SHOW ANSWER)
NEW QUESTION: 33
What Is the BEST method to determine if IT resource spending is aligned with planned
project spending?
A. Gantt chart
B. Return on investment (ROI) analysis
C. Earned value analysis (EVA)
D. Critical path analysis
Answer: C (LEAVE A REPLY)
NEW QUESTION: 34
During audit framework. an IS auditor teams that employees are allowed to connect their
personal devices to company-owned computers. How can the auditor BEST validate that
appropriate security controls are in place to prevent data loss?
A. Review compliance with data loss and applicable mobile device user acceptance
policies.
B. Verify employees have received appropriate mobile device security awareness training.
C. Verify the data loss prevention (DLP) tool is properly configured by the organization.
D. Conduct a walk-through to view results of an employee plugging in a device to transfer
confidential data.
Answer: (SHOW ANSWER)
NEW QUESTION: 35
Which of the following is the MOST significant risk that IS auditors are required to consider
for each engagement?
A. Misalignment with business objectives
B. Noncompliance with organizational policies
C. Process and resource inefficiencies
D. Irregularities and illegal acts
Answer: A (LEAVE A REPLY)
NEW QUESTION: 36
An IS auditor concludes that an organization has a quality security policy. Which of the
following is MOST important to determine next? The policy must be:
A. based on industry standards.
B. well understand by all employees.
C. developed by process owners.
D. updated frequently.
Answer: (SHOW ANSWER)
NEW QUESTION: 37
Which of the following presents the GREATEST challenge to the alignment of business
and IT?
A. An IT steering committee chaired by the chief information officer (CIO)
B. Insufficient IT budget to execute new business projects
C. Lack of chief information officer (CIO) involvement in board meetings
D. Lack of information security involvement in business strategy development
Answer: (SHOW ANSWER)
NEW QUESTION: 38
Which of the following should be the PRIMARY basis for prioritizing follow-up audits?
A. Complexity of management's action plans
B. Audit cycle defined in the audit plan
C. Recommendation from executive management
D. Residual risk from the findings of previous audits
Answer: (SHOW ANSWER)
NEW QUESTION: 39
What should an IS auditor do FIRST when management responses
to an in-person internal control questionnaire indicate a key internal
control is no longer effective?
A. Validate the overall effectiveness of the internal control.
B. Verify the impact of the control no longer being effective.
C. Ascertain the existence of other compensating controls.
D. Determine the resources required to make the control
effective.
Answer: (SHOW ANSWER)
NEW QUESTION: 40
A. The proposed network topology to be used by the redesigned system
B. The database entity relationships within the legacy system
C. The data flows between the components to be used by the redesigned system
D. The current business capabilities delivered by the legacy system
Answer: (SHOW ANSWER)
NEW QUESTION: 41
While executing follow-up activities, an IS auditor is concerned that management has
implemented corrective actions that are different from those originally discussed and
agreed with the audit function. In order to resolve the situation, the IS auditor's BEST
course of action would be to:
A. postpone follow-up activities and escalate the alternative controls to senior audit
management.
B. schedule a follow-up audit in the next audit cycle.
C. re-prioritize the original issue as high risk and escalate to senior management.
D. determine whether the alternative controls sufficiently mitigate the risk.
Answer: (SHOW ANSWER)
NEW QUESTION: 42
An IS auditor is analyzing a sample of accesses recorded on the system log of an
application. The auditor intends to launch an intensive investigation if one exception is
found Which sampling method would be appropriate?
A. Stratified sampling
B. Variable sampling
C. Discovery sampling
D. Judgmental sampling
Answer: (SHOW ANSWER)
NEW QUESTION: 43
Which of the following is the BEST way to enforce the principle of least privilege on a
server containing data with different security classifications?
A. Limiting access to the data files based on frequency of use
B. Obtaining formal agreement by users to comply with the data classification policy
C. Using scripted access control lists to prevent unauthorized access to the server
D. Applying access controls determined by the data owner
Answer: (SHOW ANSWER)
NEW QUESTION: 44
When implementing Internet Protocol security (IPsec) architecture, the servers involved in
application delivery:
A. communicate via Transport Layer Security (TLS),
B. channel access through authentication.
C. channel access only through the public-facing firewall.
D. block authorized users from unauthorized activities.
Answer: B (LEAVE A REPLY)
NEW QUESTION: 45
An organization has virtualized its server environment without making any other changes
to the network or security infrastructure. Which of the following is the MOST significant
risk?
A. Inability of the network intrusion detection system (IDS) to monitor virtual server-lo-
server communications
B. System documentation not being updated to reflect changes in the environment
C. Vulnerability in the virtualization platform affecting multiple hosts
D. Data center environmental controls not aligning with new configuration
Answer: (SHOW ANSWER)
NEW QUESTION: 46
During a follow-up audit, an IS auditor learns that some key management personnel have
been replaced since the original audit, and current management has decided not to
implement some previously accepted recommendations. What is the auditor's BEST
course of action?
A. Retest the control.
B. Notify the chair of the audit committee.
C. Close the audit finding.
D. Notify the audit manager.
Answer: (SHOW ANSWER)
Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)
NEW QUESTION: 47
Which of the following findings should be of GREATEST concern to an IS auditor
assessing the risk associated with end-user computing (EUC) in an organization?
A. Lack of defined criteria for EUC applications
B. Insufficient processes to track ownership of each EUC application?
C. Insufficient processes to lest for version control
D. Lack of awareness training for EUC users
Answer: (SHOW ANSWER)
NEW QUESTION: 48
An audit has identified that business units have purchased cloud-based applications
without IPs support. What is the GREATEST risk associated with this situation?
A. The applications could be modified without advanced notice.
B. The application purchases did not follow procurement policy.
C. The applications are not included in business continuity plans (BCFs)
D. The applications may not reasonably protect data.
Answer: (SHOW ANSWER)
NEW QUESTION: 49
Which of the following will be the MOST effective method to verify that a service vendor
keeps control levels as required by the client?
A. Periodically review the service level agreement (SLA) with the vendor.
B. Obtain evidence of the vendor's control self-assessment (CSA).
C. Conduct an unannounced vulnerability assessment of vendor's IT systems.
D. Conduct periodic on-site assessments using agreed-upon criteria.
Answer: (SHOW ANSWER)
NEW QUESTION: 50
A. feasibility study.
B. system test.
C. application design.
D. control design.
Answer: (SHOW ANSWER)
NEW QUESTION: 51
What should an IS auditor do FIRST upon discovering that a service provider did not notify
its customers of a security breach?
A. Require the third party to notify customers.
B. Notify law enforcement of the finding.
C. The audit report with a significant finding.
D. Notify audit management of the finding.
Answer: (SHOW ANSWER)
NEW QUESTION: 52
An information systems security officer's PRIMARY responsibility for business process
applications is to:
A. create role-based rules for each business process
B. approve the organization's security policy
C. authorize secured emergency access
D. ensure access rules agree with policies
Answer: (SHOW ANSWER)
NEW QUESTION: 53
Which of the following access rights presents the GREATEST risk when granted to a new
member of the system development staff?
A. Execute access to production program libraries
B. Execute access to development program libraries
C. Write access to development data libraries
D. Write access to production program libraries
Answer: D (LEAVE A REPLY)
NEW QUESTION: 54
Which of the following should be GREATEST concern to an IS auditor reviewing data
conversion and migration during the implementation of a new application system?
A. Data conversion was performed using manual processes.
B. Backups of the old system and data are not available online.
C. Unauthorized data modifications occurred during conversion.
D. The change management process was not formally documented
Answer: (SHOW ANSWER)
NEW QUESTION: 55
Which of the following is MOST important for an effective control self-assessment (CSA)
program?
A. Understanding the business process
B. Determining the scope of the assessment
C. Performing detailed test procedures
D. Evaluating changes to the risk environment
Answer: (SHOW ANSWER)
NEW QUESTION: 56
Which of the following is the BEST control to minimize the risk of unauthorized access to
lost company-owned mobile devices?
A. Device tracking software
B. Password/PIN protection
C. Periodic backup
D. Device encryption
Answer: (SHOW ANSWER)
NEW QUESTION: 57
Which of the following is an advantage of using agile software development methodology
over the waterfall methodology?
A. Quicker deliverables
B. Less funding required overall
C. Clearly defined business expectations
D. Quicker end user acceptance
Answer: (SHOW ANSWER)
NEW QUESTION: 58
Which of the following should be an IS auditor's GREATEST concern when an
international organization intends to roll out a global data privacy policy?
A. Requirements may become unreasonable.
B. The policy may conflict with existing application requirements.
C. Local regulations may contradict the policy.
D. Local management may not accept the policy.
Answer: (SHOW ANSWER)
NEW QUESTION: 59
Which of the following is the MOST effective method of destroying sensitive data stored on
electronic media?
A. Physical destruction
B. Random character overwrite
C. Degaussing
D. Low-level formatting
Answer: (SHOW ANSWER)
NEW QUESTION: 60
A. IT is not engaged in business strategic planning.
B. The business strategy meeting minutes are not distributed.
C. There is not a defined IT security policy.
D. There is inadequate documentation of IT strategic planning.
Answer: (SHOW ANSWER)
NEW QUESTION: 61
During the evaluation of controls over a major application development project, the MOST
effective use of an IS auditor's time would be to review and evaluate:
A. project plans.
B. acceptance testing.
C. cost-benefit analysis.
D. application test cases.
Answer: (SHOW ANSWER)
Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)
NEW QUESTION: 62
Which of the following provides a new IS auditor with the MOST useful information to
evaluate overall IT performance?
A. IT balanced scorecard
B. Prior audit reports
C. Vulnerability assessment report
D. IT value analysis
Answer: (SHOW ANSWER)
NEW QUESTION: 63
The PRIMARY purpose of requiring source code escrow in a contractual agreement is to:
A. ensure the source code is available.
B. convert source code to new executable code.
C. comply with vendor management policy
D. satisfy regulatory requirements.
Answer: (SHOW ANSWER)
NEW QUESTION: 64
The use of which of the following is an inherent risk in the application container
infrastructure?
A. Host operating system
B. Shared data
C. Shared registries
D. Shared kernel
Answer: (SHOW ANSWER)
NEW QUESTION: 65
Which of the following is the BEST way to determine whether a test of a disaster recovery
plan (DRP) was successful?
A. Test offsite backup files.
B. Analyze whether predetermined test objectives were met.
C. Evaluate participation by key personnel.
D. Perform testing at the backup data center.
Answer: B (LEAVE A REPLY)
NEW QUESTION: 66
Which of the following would be a result of utilizing a top-down maturity model process?
A. Identification of processes with the most improvement opportunities
B. A means of benchmarking the effectiveness of similar processes with peers
C. A means of comparing the effectiveness of other processes within the enterprise
D. Identification of older, more established processes to ensure timely review
Answer: (SHOW ANSWER)
NEW QUESTION: 67
An auditee disagrees with a recommendation for corrective action that appears in the draft
engagement report. Which of the following is the IS auditor's BEST course of action when
preparing the final report?
A. Include the position supported by senior management in the final engagement report
B. Come to an agreement prior to issuing the final report.
C. Exclude the disputed recommendation from the final engagement report
D. Ensure the auditee's comments are included in the working papers
Answer: (SHOW ANSWER)
NEW QUESTION: 68
An IS auditor reviewing the throat assessment for a data cantor would be MOST
concerned if:
A. some of the identified threats are unlikely to occur.
B. all identified threats relate to external entities.
C. neighboring organizations' operations have been included.
D. the exercise was completed by local management.
Answer: (SHOW ANSWER)
NEW QUESTION: 69
Which of the following should be an IS auditor's GREATEST consideration when
scheduling follow-up activities for agreed-upon management responses to remediate audit
observations?
A. Availability of responsible IT personnel
B. Risk rating of original findings
C. IT budgeting constraints
D. Business interruption due to remediation
Answer: B (LEAVE A REPLY)
NEW QUESTION: 70
A. Lack of system integrity
B. Developer access 1o production
C. Outdated system documentation
D. Loss of application support
Answer: (SHOW ANSWER)
NEW QUESTION: 71
Stress testing should ideally be earned out under a:
A. production environment with production workloads.
B. production environment with test data.
C. test environment with production workloads.
D. test environment with test data.
Answer: (SHOW ANSWER)
NEW QUESTION: 72
Management has requested a post-implementation review of a newly implemented
purchasing package to determine to what extent business requirements are being met.
Which of the following is MOST likely to be assessed?
A. Purchasing guidelines and policies
B. Implementation methodology
C. Test results
D. Results of line processing
Answer: (SHOW ANSWER)
NEW QUESTION: 73
A disaster recovery plan (DRP) should include steps for:
A. obtaining replacement supplies.
B. assessing and quantifying risk.
C. negotiating contracts with disaster planning consultants.
D. identifying application control requirements.
Answer: (SHOW ANSWER)
NEW QUESTION: 74
Which of the following is the MOST appropriate and effective fire suppression method for
an unstaffed computer room?
A. Carbon dioxide (CO2)
B. Fire extinguishers
C. Dry pipe
D. Water sprinkler
Answer: (SHOW ANSWER)
NEW QUESTION: 75
An IS auditor has discovered that a software system still in regular use is years out of date
and no longer supported. The auditee has slated that it will take six months until the
software is running on the current version. Which of the following is the BEST way to
reduce the immediate risk associated with using an unsupported version of the software?
A. Close all unused ports on the outdated software system.
B. Verify all patches have been applied to the software system's outdated version.
C. Segregate the outdated software system from the main network.
D. Monitor network traffic attempting to reach the outdated software system.
Answer: (SHOW ANSWER)
NEW QUESTION: 76
Which of the following is the MOST appropriate indicator of change management
effectiveness?
A. Time lag between changes and updates of documentation materials
B. Number of system software changes
C. Time lag between changes to the configuration and the update of records
D. Number of incidents resulting from changes
Answer: (SHOW ANSWER)
Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)
NEW QUESTION: 77
Which of the following audit procedures would be MOST conclusive in evaluating the
effectiveness of an e-commerce application system's edit routine?
A. Use of test transactions
B. Review of source code
C. Review of program documentation
D. Interviews with knowledgeable users
Answer: (SHOW ANSWER)
NEW QUESTION: 78
In order to be useful, a key performance indicator (KPI) MUST
A. be approved by management.
B. have a target value.
C. be measurable in percentages.
D. be changed frequently to reflect organizational strategy.
Answer: (SHOW ANSWER)
NEW QUESTION: 79
An organization's security policy mandates that all new employees must receive
appropriate security awareness training. Which of the following metrics would BEST
assure compliance with this policy?
A. Number of reported incidents by new hires.
B. Percentage of new hires that have completed the training.
C. Percentage of new hires who report incidents
D. Number of new hires who have violated enterprise security policies.
Answer: (SHOW ANSWER)
NEW QUESTION: 80
A. Remote access servers
B. Secure Sockets Layers (SSLs)
C. Internet Protocol (IP) address restrictions
D. Failover services
Answer: (SHOW ANSWER)
NEW QUESTION: 81
Which of the following should be done FIRST when planning a penetration test?
A. Determine reporting requirements for vulnerabilities.
B. Define the testing scope.
C. Obtain management consent for the testing.
D. Execute nondisclosure agreements (NDAs).
Answer: (SHOW ANSWER)
NEW QUESTION: 82
Management has learned the implementation of a new IT system will not be completed on
time and has requested an audit. Which of the following audit findings should be of
GREATEST concern?
A. Tasks defined on the critical path do not have resources allocated.
B. The actual start times of some activities were later than originally scheduled.
C. The project manager lacks formal certification.
D. Milestones have not been defined for all project products.
Answer: (SHOW ANSWER)
NEW QUESTION: 83
Which of the following is the BEST source of information for assessing the effectiveness of
IT process monitoring?
A. Participative management techniques
B. Quality assurance (QA) reviews
C. Performance data
D. Real-time audit software
Answer: (SHOW ANSWER)
NEW QUESTION: 84
An IS auditor plans to review all access attempts to a video-monitored and proximity card-
controlled communications room. Which of the following would be MOST useful to the
auditor?
A. Manual sign-in and sign-out log
B. System electronic log
C. Alarm system with CCTV
D. Security incident log
Answer: (SHOW ANSWER)
https://www.slideshare.net/desmond.devendran/chap5-2007-cisa-review-course
NEW QUESTION: 85
During a security audit, an IS auditor is tasked with reviewing log entries obtained from an
enterprise intrusion prevention system (IPS). Which type of risk would be associated with
the potential for the auditor to miss a sequence of logged events that could indicate an
error in the IPS configuration?
A. Sampling risk
B. Detection risk
C. Control risk
D. Inherent risk
Answer: (SHOW ANSWER)
NEW QUESTION: 86
An IS auditor notes that IT and the business have different opinions on the availability of
their application servers. Which of the following should the IS auditor review FIRST in
order to understand the problem?
A. The alerting and measurement process on the application servers
B. The regular performance-reporting documentation
C. The exact definition of the service levels and their measurement
D. The actual availability of the servers as part of a substantive test
Answer: (SHOW ANSWER)
NEW QUESTION: 87
What is the Most critical finding when reviewing an organization's information security
management?
A. No official charier for the information security management system
B. No dedicated security officer
C. No employee awareness training and education program
D. No periodic assessments to identify threats and vulnerabilities
Answer: (SHOW ANSWER)
NEW QUESTION: 88
An organization has outsourced its data processing function to a service provider. Which of
the following would BEST determine whether the service provider continues to meet the
organization s objectives?
A. Assessment of the personnel training processes of the provider
B. Periodic audits of controls by an independent auditor
C. Adequacy of the service provider's insurance
D. Review of performance against service level agreements (SLAs)
Answer: (SHOW ANSWER)
NEW QUESTION: 89
Which of the following would be an appropriate role of internal audit in helping to establish
an organization's privacy program?
A. Defining roles within the organization related to privacy
B. Designing controls to protect personal data
C. Developing procedures to monitor the use of personal data
D. Analyzing risks posed by new regulations
Answer: (SHOW ANSWER)
NEW QUESTION: 90
A. Sell-assessment reports of IT capability and maturity
B. Current and previous internal IS audit reports
C. Recent third-party IS audit reports
D. IT performance benchmarking reports with competitors
Answer: (SHOW ANSWER)
NEW QUESTION: 91
An organization is considering allowing users to connect personal devices to the corporate
network. Which of the following should be done FIRST?
A. Implement an acceptable use policy
B. Create inventory records of personal devices
C. Conduct security awareness training.
D. Configure users on the mobile device management (MDM) solution
Answer: (SHOW ANSWER)
Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)
NEW QUESTION: 92
Which of the following is the BEST indication to an IS auditor that management's post-
implementation review was effective?
A. Lessons learned were documented and applied.
B. Business and IT stakeholders participated in the post-implementation review.
C. Internal audit follow-up was completed without any findings.
D. Post-implementation review is a formal phase in the system development life cycle
(SDLC).
Answer: (SHOW ANSWER)
NEW QUESTION: 93
Which of the following activities would allow an IS auditor to maintain independence while
facilitating a control sell-assessment (CSA)?
A. Partially completing the CSA
B. Implementing the remediation plan
C. Developing the remediation plan
D. Developing the CSA questionnaire
Answer: D (LEAVE A REPLY)
NEW QUESTION: 94
An IS auditor notes that the previous year's disaster recovery test was not completed
within the scheduled time frame due to insufficient hardware allocated by a third-party
vendor. Which of the following provides the BEST evidence that adequate resources are
now allocated to successfully recover the systems?
A. An up-to-date RACI chart
B. Vendor memo indicating problem correction
C. Service level agreement (SLA)
D. Hardware change management policy
Answer: (SHOW ANSWER)
NEW QUESTION: 95
Which of the following should be of GREATEST concern to an IS auditor reviewing an
organization's business continuity plan (BCP)?
A. The BCP has not been approved by senior management.
B. The BCP has not been tested since it was first issued.
C. The BCP's contact information needs to be updated
D. The BCP is not version controlled.
Answer: B (LEAVE A REPLY)
NEW QUESTION: 96
Which of the following is the PRIMARY advantage of using visualization technology for
corporate applications?
A. Stronger data security
B. Improved disaster recovery
C. Increased application performance
D. Better utilization of resources
Answer: (SHOW ANSWER)
NEW QUESTION: 97
Which of the following should be the FRST step when developing a data toes prevention
(DIP) solution for a large organization?
A. Conduct a data inventory and classification exercise
B. Conduct a threat analysis against sensitive data usage.
C. Create the DLP pcJc.es and templates
D. Identify approved data workflows across the enterprise.
Answer: (SHOW ANSWER)
NEW QUESTION: 98
Which of the following is the BEST data integrity check?
A. Tracing data back to the point of origin
B. Performing a sequence check
C. Counting the transactions processed per day
D. Preparing and running test data
Answer: (SHOW ANSWER)
NEW QUESTION: 99
Which of the following is the BEST source of information to determine the required level of
data protection on a file server?
A. Previous data breach incident reports
B. Data classification policy and procedures
C. Acceptable use policy and privacy statements
D. Access rights of similar file servers
Answer: (SHOW ANSWER)
Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)
Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)
Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)
Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)