ISACA CISA v2022-12-29 q155

Download as pdf or txt
Download as pdf or txt
You are on page 1of 37

ISACA.CISA.v2022-12-29.

q155

Exam Code: CISA


Exam Name: Certified Information Systems Auditor
Certification Provider: ISACA
Free Question Number: 155
Version: v2022-12-29
# of views: 106
# of Questions views: 1574
https://www.freecram.net/torrent/ISACA.CISA.v2022-12-29.q155.html

NEW QUESTION: 1
When auditing the alignment of IT to the business strategy, it is MOST Important for the IS
auditor to:
A. evaluate deliverables of new IT initiatives against planned business services.
B. ensure an IT steering committee is appointed to monitor new IT projects.
C. compare the organization's strategic plan against industry best practice.
D. interview senior managers for their opinion of the IT function.
Answer: A (LEAVE A REPLY)

NEW QUESTION: 2
Which of the following is the BEST source of information for an IS auditor to use as a
baseline to assess the adequacy of an organization's privacy policy?
A. Historical privacy breaches and related root causes
B. Benchmark studies of similar organizations
C. Local privacy standards and regulations
D. Globally accepted privacy best practices
Answer: (SHOW ANSWER)

NEW QUESTION: 3
An IS auditor is reviewing an organization's information asset management process. Which
of the following would be of GREATEST concern to the auditor?
A. Identification of asset value is not included in the process.
B. Process ownership has not been established.
C. The process does not include asset review.
D. The process does not require specifying the physical locations of assets.
Answer: (SHOW ANSWER)
NEW QUESTION: 4
When testing the adequacy of tape backup procedures, which step BEST verifies that
regularly scheduled Backups are timely and run to completion?
A. Reviewing a sample of system-generated backup logs
B. Observing the execution of a daily backup run
C. Evaluating the backup policies and procedures
D. Interviewing key personnel evolved In the backup process
Answer: (SHOW ANSWER)

NEW QUESTION: 5
Which of the following is the BEST recommendation to prevent fraudulent electronic funds
transfers by accounts payable employees?
A. Periodic vendor reviews
B. Dual control
C. Engage an external security incident response expert for incident handling.
D. Independent reconciliation
E. Re-keying of monetary amounts
Answer: (SHOW ANSWER)

NEW QUESTION: 6
Which of the following should be of GREATEST concern to an |$ auditor reviewing data
conversion and migration during the implementation of a new application system?
A. The change management process was not formally documented
B. Data conversion was performed using manual processes
C. Unauthorized data modifications occurred during conversion,
D. Backups of the old system and data are not available online
Answer: (SHOW ANSWER)

NEW QUESTION: 7
Which of following is MOST important to determine when conducing a post-implementation
review?
A. Whether the solution architecture compiles with IT standards
B. Whether the project has been delivered within the approved budget
C. Whether success criteria have been achieved
D. Whether lessons teamed have been documented
Answer: (SHOW ANSWER)

NEW QUESTION: 8
Which of the following are BEST suited for continuous auditing?
A. Low-value transactions
B. Irregular transactions
C. Real-lime transactions
D. Manual transactions
Answer: (SHOW ANSWER)

NEW QUESTION: 9
An IS auditor has completed the fieldwork phase of a network security review and is
preparing the initial following findings should be ranked as the HIGHEST risk?
A. The network firewall policy has not been approved by the information security officer.
B. Network firewall rules have not been documented.
C. Network penetration tests are not performed
D. The network device inventory is incomplete.
Answer: (SHOW ANSWER)

NEW QUESTION: 10
A. The new system has resulted m layoffs of key experienced personnel.
B. Data from the legacy system is not migrated correctly to the new system.
C. The new system is not platform agnostic
D. Users have not been trained on the new system.
Answer: B (LEAVE A REPLY)

NEW QUESTION: 11
Which of the following is the MOST important activity in the data classification process?
A. Labeling the data appropriately
B. Identifying risk associated with the data
C. Determining accountability of data owners
D. Determining the adequacy of privacy controls
Answer: (SHOW ANSWER)

NEW QUESTION: 12
Which of the following is MOST important for an IS auditor to confirm when reviewing an
organization's plans to implement robotic process automation (RPA> to automate routine
business tasks?
A. A request for proposal (RFP) has been issued to qualified vendors.
B. A benchmarking exercise of industry peers who use RPA has been completed.
C. Roles and responsibilities are defined for the business processes in scope.
D. The end-to-end process is understood and documented.
Answer: (SHOW ANSWER)

NEW QUESTION: 13
The PRIMARY benefit of information asset classification is that it:
A. facilitates budgeting accuracy.
B. prevents loss of assets.
C. enables risk management decisions.
D. helps to align organizational objectives.
Answer: (SHOW ANSWER)

NEW QUESTION: 14
Which of the following is MOST effective for controlling visitor access to a data center?
A. Pre-approval of entry requests
B. Visitors sign in at the front desk upon arrival
C. Closed-circuit television (CCTV) is used to monitor the facilities
D. Visitors are escorted by an authorized employee
Answer: D (LEAVE A REPLY)

NEW QUESTION: 15
The BEST way to determine whether programmers have permission to alter data in the
production environment is by reviewing:
A. the access rights that have been granted.
B. the access control system's log settings.
C. how the latest system changes were implemented.
D. the access control system's configuration.
Answer: (SHOW ANSWER)

NEW QUESTION: 16
Which of the following is MOST important for an IS auditor to consider when performing
the risk assessment poor to an audit engagement?
A. The results of the previous audit
B. The amount of time since the previous audit
C. The design of controls
D. Industry standards and best practices
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 17
In a 24/7 processing environment, a database contains several privileged application
accounts with passwords set to never expire. Which of the following recommendations
would BEST address the risk with minimal disruption to the business?
A. Introduce database access monitoring into the environment
B. Schedule downtime to implement password changes.
C. Modify applications to no longer require direct access to the database.
D. Modify the access management policy to make allowances for application accounts.
Answer: (SHOW ANSWER)

NEW QUESTION: 18
An IS auditor is reviewing an organization's primary router access control list. Which of the
following should result in a finding?
A. There is only one rule per group with access privileges.
B. Individual permissions are overriding group permissions.
C. There are conflicting permit and deny rules for the IT group.
D. The network security group can change network address translation (NAT).
Answer: (SHOW ANSWER)

NEW QUESTION: 19
An IS auditor finds that firewalls are outdated and not supported by vendors. Which of the
following should be the auditor's NEXT course of action?
A. Determine the risk of not replacing the firewall.
B. Determine the value of the firewall.
C. Report the security posture of the organization.
D. Report the mitigating controls.
Answer: (SHOW ANSWER)

NEW QUESTION: 20
A. Whether there is explicit permission from regulators to collect personal data
B. The organization's legitimate purpose for collecting personal data
C. The encryption mechanism selected by the organization for protecting personal data
D. Whether sharing of personal information with third-party service providers is prohibited
Answer: (SHOW ANSWER)

NEW QUESTION: 21
Which of the following is the PRIMARY reason to follow a configuration management
process to maintain application?
A. To ensure proper change control
B. To optimize asset management workflows
C. To optimize system resources
D. To follow system hardening standards
Answer: (SHOW ANSWER)

NEW QUESTION: 22
Which of the following is a detective control?
A. Backup procedures
B. Programmed edit checks for data entry
C. Verification of hash totals
D. Use of pass cards to gain access to physical facilities
Answer: (SHOW ANSWER)

NEW QUESTION: 23
What is the PRIMARY benefit of an audit approach which requires reported findings to be
issued together with related action plans, owners, and target dates?
A. it establishes accountability for the action plans
B. it helps to ensure factual accuracy of findings
C. it facilitates easier audit follow-up
D. it enforces action plan consensus between auditors and auditees
Answer: A (LEAVE A REPLY)

NEW QUESTION: 24
During a follow-up audit, an IS auditor finds that some critical recommendations have the
IS auditor's BEST course of action?
A. Evaluate senior management's acceptance of the risk.
B. Adjust the annual risk assessment accordingly.
C. Update the audit program based on management's acceptance of risk.
D. Require the auditee to address the recommendations in full.
Answer: (SHOW ANSWER)

NEW QUESTION: 25
A data breach has occurred due lo malware. Which of the following should be the FIRST
course of action?
A. Shut down the affected systems.
B. Quarantine the impacted systems.
C. Notify customers of the breach.
D. Notify the cyber insurance company.
Answer: (SHOW ANSWER)

NEW QUESTION: 26
An organization has developed mature risk management practices that are followed across
all departments What is the MOST effective way for the audit team to leverage this risk
management maturity?
A. Integrating the risk register for audit planning purposes
B. Implementing risk responses on management's behalf
C. Facilitating audit risk identification and evaluation workshops
D. Providing assurances to management regarding risk
Answer: (SHOW ANSWER)

NEW QUESTION: 27
Which of the following would provide an IS auditor with the GREATEST assurance that
data disposal controls support business strategic objectives?
A. Media sanitization policy
B. Media shredding policy
C. Media recycling policy
D. Media labeling policy
Answer: (SHOW ANSWER)

NEW QUESTION: 28
Documentation of workaround processes to keep a business function operational during
recovery of IT systems is a core part of a:
A. disaster recovery plan (DRP).
B. business continuity plan (BCP).
C. business impact analysis (BIA).
D. threat and risk assessment.
Answer: B (LEAVE A REPLY)

NEW QUESTION: 29
Which of the following would be an IS auditor's GREATEST concern when reviewing the
early stages of a software development project?
A. The lack of technical documentation to support the program code
B. The lack of completion of all requirements at the end of each sprint
C. The lack of a detailed unit and system test plan
D. The lack of acceptance criteria behind user requirements.
Answer: (SHOW ANSWER)

NEW QUESTION: 30
A. The logs were monitored.
B. The domain controller was classified for high availability.
C. the patches were updated.
D. The network traffic was being monitored.
Answer: (SHOW ANSWER)

NEW QUESTION: 31
An organization is planning to implement a work-from-home policy that allows users to
work remotely as needed. Which of the following is the BEST solution for ensuring secure
remote access to corporate resources?
A. Virtual desktop
B. Additional firewall rules
C. Virtual private network (VPN)
D. Multi-factor authentication
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 32
Which of the following is the MOST effective control to mitigate unintentional misuse of
authorized access?
A. Formalized disciplinary action
B. Security awareness training
C. Regular monitoring of user access logs
D. Annual sign-off of acceptable use policy
Answer: (SHOW ANSWER)

NEW QUESTION: 33
What Is the BEST method to determine if IT resource spending is aligned with planned
project spending?
A. Gantt chart
B. Return on investment (ROI) analysis
C. Earned value analysis (EVA)
D. Critical path analysis
Answer: C (LEAVE A REPLY)

NEW QUESTION: 34
During audit framework. an IS auditor teams that employees are allowed to connect their
personal devices to company-owned computers. How can the auditor BEST validate that
appropriate security controls are in place to prevent data loss?
A. Review compliance with data loss and applicable mobile device user acceptance
policies.
B. Verify employees have received appropriate mobile device security awareness training.
C. Verify the data loss prevention (DLP) tool is properly configured by the organization.
D. Conduct a walk-through to view results of an employee plugging in a device to transfer
confidential data.
Answer: (SHOW ANSWER)

NEW QUESTION: 35
Which of the following is the MOST significant risk that IS auditors are required to consider
for each engagement?
A. Misalignment with business objectives
B. Noncompliance with organizational policies
C. Process and resource inefficiencies
D. Irregularities and illegal acts
Answer: A (LEAVE A REPLY)

NEW QUESTION: 36
An IS auditor concludes that an organization has a quality security policy. Which of the
following is MOST important to determine next? The policy must be:
A. based on industry standards.
B. well understand by all employees.
C. developed by process owners.
D. updated frequently.
Answer: (SHOW ANSWER)

NEW QUESTION: 37
Which of the following presents the GREATEST challenge to the alignment of business
and IT?
A. An IT steering committee chaired by the chief information officer (CIO)
B. Insufficient IT budget to execute new business projects
C. Lack of chief information officer (CIO) involvement in board meetings
D. Lack of information security involvement in business strategy development
Answer: (SHOW ANSWER)

NEW QUESTION: 38
Which of the following should be the PRIMARY basis for prioritizing follow-up audits?
A. Complexity of management's action plans
B. Audit cycle defined in the audit plan
C. Recommendation from executive management
D. Residual risk from the findings of previous audits
Answer: (SHOW ANSWER)
NEW QUESTION: 39
What should an IS auditor do FIRST when management responses
to an in-person internal control questionnaire indicate a key internal
control is no longer effective?
A. Validate the overall effectiveness of the internal control.
B. Verify the impact of the control no longer being effective.
C. Ascertain the existence of other compensating controls.
D. Determine the resources required to make the control
effective.
Answer: (SHOW ANSWER)

NEW QUESTION: 40
A. The proposed network topology to be used by the redesigned system
B. The database entity relationships within the legacy system
C. The data flows between the components to be used by the redesigned system
D. The current business capabilities delivered by the legacy system
Answer: (SHOW ANSWER)

NEW QUESTION: 41
While executing follow-up activities, an IS auditor is concerned that management has
implemented corrective actions that are different from those originally discussed and
agreed with the audit function. In order to resolve the situation, the IS auditor's BEST
course of action would be to:
A. postpone follow-up activities and escalate the alternative controls to senior audit
management.
B. schedule a follow-up audit in the next audit cycle.
C. re-prioritize the original issue as high risk and escalate to senior management.
D. determine whether the alternative controls sufficiently mitigate the risk.
Answer: (SHOW ANSWER)

NEW QUESTION: 42
An IS auditor is analyzing a sample of accesses recorded on the system log of an
application. The auditor intends to launch an intensive investigation if one exception is
found Which sampling method would be appropriate?
A. Stratified sampling
B. Variable sampling
C. Discovery sampling
D. Judgmental sampling
Answer: (SHOW ANSWER)

NEW QUESTION: 43
Which of the following is the BEST way to enforce the principle of least privilege on a
server containing data with different security classifications?
A. Limiting access to the data files based on frequency of use
B. Obtaining formal agreement by users to comply with the data classification policy
C. Using scripted access control lists to prevent unauthorized access to the server
D. Applying access controls determined by the data owner
Answer: (SHOW ANSWER)

NEW QUESTION: 44
When implementing Internet Protocol security (IPsec) architecture, the servers involved in
application delivery:
A. communicate via Transport Layer Security (TLS),
B. channel access through authentication.
C. channel access only through the public-facing firewall.
D. block authorized users from unauthorized activities.
Answer: B (LEAVE A REPLY)

NEW QUESTION: 45
An organization has virtualized its server environment without making any other changes
to the network or security infrastructure. Which of the following is the MOST significant
risk?
A. Inability of the network intrusion detection system (IDS) to monitor virtual server-lo-
server communications
B. System documentation not being updated to reflect changes in the environment
C. Vulnerability in the virtualization platform affecting multiple hosts
D. Data center environmental controls not aligning with new configuration
Answer: (SHOW ANSWER)

NEW QUESTION: 46
During a follow-up audit, an IS auditor learns that some key management personnel have
been replaced since the original audit, and current management has decided not to
implement some previously accepted recommendations. What is the auditor's BEST
course of action?
A. Retest the control.
B. Notify the chair of the audit committee.
C. Close the audit finding.
D. Notify the audit manager.
Answer: (SHOW ANSWER)
Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 47
Which of the following findings should be of GREATEST concern to an IS auditor
assessing the risk associated with end-user computing (EUC) in an organization?
A. Lack of defined criteria for EUC applications
B. Insufficient processes to track ownership of each EUC application?
C. Insufficient processes to lest for version control
D. Lack of awareness training for EUC users
Answer: (SHOW ANSWER)

NEW QUESTION: 48
An audit has identified that business units have purchased cloud-based applications
without IPs support. What is the GREATEST risk associated with this situation?
A. The applications could be modified without advanced notice.
B. The application purchases did not follow procurement policy.
C. The applications are not included in business continuity plans (BCFs)
D. The applications may not reasonably protect data.
Answer: (SHOW ANSWER)

NEW QUESTION: 49
Which of the following will be the MOST effective method to verify that a service vendor
keeps control levels as required by the client?
A. Periodically review the service level agreement (SLA) with the vendor.
B. Obtain evidence of the vendor's control self-assessment (CSA).
C. Conduct an unannounced vulnerability assessment of vendor's IT systems.
D. Conduct periodic on-site assessments using agreed-upon criteria.
Answer: (SHOW ANSWER)

NEW QUESTION: 50
A. feasibility study.
B. system test.
C. application design.
D. control design.
Answer: (SHOW ANSWER)
NEW QUESTION: 51
What should an IS auditor do FIRST upon discovering that a service provider did not notify
its customers of a security breach?
A. Require the third party to notify customers.
B. Notify law enforcement of the finding.
C. The audit report with a significant finding.
D. Notify audit management of the finding.
Answer: (SHOW ANSWER)

NEW QUESTION: 52
An information systems security officer's PRIMARY responsibility for business process
applications is to:
A. create role-based rules for each business process
B. approve the organization's security policy
C. authorize secured emergency access
D. ensure access rules agree with policies
Answer: (SHOW ANSWER)

NEW QUESTION: 53
Which of the following access rights presents the GREATEST risk when granted to a new
member of the system development staff?
A. Execute access to production program libraries
B. Execute access to development program libraries
C. Write access to development data libraries
D. Write access to production program libraries
Answer: D (LEAVE A REPLY)

NEW QUESTION: 54
Which of the following should be GREATEST concern to an IS auditor reviewing data
conversion and migration during the implementation of a new application system?
A. Data conversion was performed using manual processes.
B. Backups of the old system and data are not available online.
C. Unauthorized data modifications occurred during conversion.
D. The change management process was not formally documented
Answer: (SHOW ANSWER)

NEW QUESTION: 55
Which of the following is MOST important for an effective control self-assessment (CSA)
program?
A. Understanding the business process
B. Determining the scope of the assessment
C. Performing detailed test procedures
D. Evaluating changes to the risk environment
Answer: (SHOW ANSWER)

NEW QUESTION: 56
Which of the following is the BEST control to minimize the risk of unauthorized access to
lost company-owned mobile devices?
A. Device tracking software
B. Password/PIN protection
C. Periodic backup
D. Device encryption
Answer: (SHOW ANSWER)

NEW QUESTION: 57
Which of the following is an advantage of using agile software development methodology
over the waterfall methodology?
A. Quicker deliverables
B. Less funding required overall
C. Clearly defined business expectations
D. Quicker end user acceptance
Answer: (SHOW ANSWER)

NEW QUESTION: 58
Which of the following should be an IS auditor's GREATEST concern when an
international organization intends to roll out a global data privacy policy?
A. Requirements may become unreasonable.
B. The policy may conflict with existing application requirements.
C. Local regulations may contradict the policy.
D. Local management may not accept the policy.
Answer: (SHOW ANSWER)

NEW QUESTION: 59
Which of the following is the MOST effective method of destroying sensitive data stored on
electronic media?
A. Physical destruction
B. Random character overwrite
C. Degaussing
D. Low-level formatting
Answer: (SHOW ANSWER)

NEW QUESTION: 60
A. IT is not engaged in business strategic planning.
B. The business strategy meeting minutes are not distributed.
C. There is not a defined IT security policy.
D. There is inadequate documentation of IT strategic planning.
Answer: (SHOW ANSWER)

NEW QUESTION: 61
During the evaluation of controls over a major application development project, the MOST
effective use of an IS auditor's time would be to review and evaluate:
A. project plans.
B. acceptance testing.
C. cost-benefit analysis.
D. application test cases.
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 62
Which of the following provides a new IS auditor with the MOST useful information to
evaluate overall IT performance?
A. IT balanced scorecard
B. Prior audit reports
C. Vulnerability assessment report
D. IT value analysis
Answer: (SHOW ANSWER)

NEW QUESTION: 63
The PRIMARY purpose of requiring source code escrow in a contractual agreement is to:
A. ensure the source code is available.
B. convert source code to new executable code.
C. comply with vendor management policy
D. satisfy regulatory requirements.
Answer: (SHOW ANSWER)

NEW QUESTION: 64
The use of which of the following is an inherent risk in the application container
infrastructure?
A. Host operating system
B. Shared data
C. Shared registries
D. Shared kernel
Answer: (SHOW ANSWER)

NEW QUESTION: 65
Which of the following is the BEST way to determine whether a test of a disaster recovery
plan (DRP) was successful?
A. Test offsite backup files.
B. Analyze whether predetermined test objectives were met.
C. Evaluate participation by key personnel.
D. Perform testing at the backup data center.
Answer: B (LEAVE A REPLY)

NEW QUESTION: 66
Which of the following would be a result of utilizing a top-down maturity model process?
A. Identification of processes with the most improvement opportunities
B. A means of benchmarking the effectiveness of similar processes with peers
C. A means of comparing the effectiveness of other processes within the enterprise
D. Identification of older, more established processes to ensure timely review
Answer: (SHOW ANSWER)

NEW QUESTION: 67
An auditee disagrees with a recommendation for corrective action that appears in the draft
engagement report. Which of the following is the IS auditor's BEST course of action when
preparing the final report?
A. Include the position supported by senior management in the final engagement report
B. Come to an agreement prior to issuing the final report.
C. Exclude the disputed recommendation from the final engagement report
D. Ensure the auditee's comments are included in the working papers
Answer: (SHOW ANSWER)

NEW QUESTION: 68
An IS auditor reviewing the throat assessment for a data cantor would be MOST
concerned if:
A. some of the identified threats are unlikely to occur.
B. all identified threats relate to external entities.
C. neighboring organizations' operations have been included.
D. the exercise was completed by local management.
Answer: (SHOW ANSWER)

NEW QUESTION: 69
Which of the following should be an IS auditor's GREATEST consideration when
scheduling follow-up activities for agreed-upon management responses to remediate audit
observations?
A. Availability of responsible IT personnel
B. Risk rating of original findings
C. IT budgeting constraints
D. Business interruption due to remediation
Answer: B (LEAVE A REPLY)

NEW QUESTION: 70
A. Lack of system integrity
B. Developer access 1o production
C. Outdated system documentation
D. Loss of application support
Answer: (SHOW ANSWER)

NEW QUESTION: 71
Stress testing should ideally be earned out under a:
A. production environment with production workloads.
B. production environment with test data.
C. test environment with production workloads.
D. test environment with test data.
Answer: (SHOW ANSWER)

NEW QUESTION: 72
Management has requested a post-implementation review of a newly implemented
purchasing package to determine to what extent business requirements are being met.
Which of the following is MOST likely to be assessed?
A. Purchasing guidelines and policies
B. Implementation methodology
C. Test results
D. Results of line processing
Answer: (SHOW ANSWER)

NEW QUESTION: 73
A disaster recovery plan (DRP) should include steps for:
A. obtaining replacement supplies.
B. assessing and quantifying risk.
C. negotiating contracts with disaster planning consultants.
D. identifying application control requirements.
Answer: (SHOW ANSWER)

NEW QUESTION: 74
Which of the following is the MOST appropriate and effective fire suppression method for
an unstaffed computer room?
A. Carbon dioxide (CO2)
B. Fire extinguishers
C. Dry pipe
D. Water sprinkler
Answer: (SHOW ANSWER)

NEW QUESTION: 75
An IS auditor has discovered that a software system still in regular use is years out of date
and no longer supported. The auditee has slated that it will take six months until the
software is running on the current version. Which of the following is the BEST way to
reduce the immediate risk associated with using an unsupported version of the software?
A. Close all unused ports on the outdated software system.
B. Verify all patches have been applied to the software system's outdated version.
C. Segregate the outdated software system from the main network.
D. Monitor network traffic attempting to reach the outdated software system.
Answer: (SHOW ANSWER)

NEW QUESTION: 76
Which of the following is the MOST appropriate indicator of change management
effectiveness?
A. Time lag between changes and updates of documentation materials
B. Number of system software changes
C. Time lag between changes to the configuration and the update of records
D. Number of incidents resulting from changes
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 77
Which of the following audit procedures would be MOST conclusive in evaluating the
effectiveness of an e-commerce application system's edit routine?
A. Use of test transactions
B. Review of source code
C. Review of program documentation
D. Interviews with knowledgeable users
Answer: (SHOW ANSWER)

NEW QUESTION: 78
In order to be useful, a key performance indicator (KPI) MUST
A. be approved by management.
B. have a target value.
C. be measurable in percentages.
D. be changed frequently to reflect organizational strategy.
Answer: (SHOW ANSWER)

NEW QUESTION: 79
An organization's security policy mandates that all new employees must receive
appropriate security awareness training. Which of the following metrics would BEST
assure compliance with this policy?
A. Number of reported incidents by new hires.
B. Percentage of new hires that have completed the training.
C. Percentage of new hires who report incidents
D. Number of new hires who have violated enterprise security policies.
Answer: (SHOW ANSWER)

NEW QUESTION: 80
A. Remote access servers
B. Secure Sockets Layers (SSLs)
C. Internet Protocol (IP) address restrictions
D. Failover services
Answer: (SHOW ANSWER)

NEW QUESTION: 81
Which of the following should be done FIRST when planning a penetration test?
A. Determine reporting requirements for vulnerabilities.
B. Define the testing scope.
C. Obtain management consent for the testing.
D. Execute nondisclosure agreements (NDAs).
Answer: (SHOW ANSWER)

NEW QUESTION: 82
Management has learned the implementation of a new IT system will not be completed on
time and has requested an audit. Which of the following audit findings should be of
GREATEST concern?
A. Tasks defined on the critical path do not have resources allocated.
B. The actual start times of some activities were later than originally scheduled.
C. The project manager lacks formal certification.
D. Milestones have not been defined for all project products.
Answer: (SHOW ANSWER)

NEW QUESTION: 83
Which of the following is the BEST source of information for assessing the effectiveness of
IT process monitoring?
A. Participative management techniques
B. Quality assurance (QA) reviews
C. Performance data
D. Real-time audit software
Answer: (SHOW ANSWER)

NEW QUESTION: 84
An IS auditor plans to review all access attempts to a video-monitored and proximity card-
controlled communications room. Which of the following would be MOST useful to the
auditor?
A. Manual sign-in and sign-out log
B. System electronic log
C. Alarm system with CCTV
D. Security incident log
Answer: (SHOW ANSWER)
https://www.slideshare.net/desmond.devendran/chap5-2007-cisa-review-course

NEW QUESTION: 85
During a security audit, an IS auditor is tasked with reviewing log entries obtained from an
enterprise intrusion prevention system (IPS). Which type of risk would be associated with
the potential for the auditor to miss a sequence of logged events that could indicate an
error in the IPS configuration?
A. Sampling risk
B. Detection risk
C. Control risk
D. Inherent risk
Answer: (SHOW ANSWER)

NEW QUESTION: 86
An IS auditor notes that IT and the business have different opinions on the availability of
their application servers. Which of the following should the IS auditor review FIRST in
order to understand the problem?
A. The alerting and measurement process on the application servers
B. The regular performance-reporting documentation
C. The exact definition of the service levels and their measurement
D. The actual availability of the servers as part of a substantive test
Answer: (SHOW ANSWER)

NEW QUESTION: 87
What is the Most critical finding when reviewing an organization's information security
management?
A. No official charier for the information security management system
B. No dedicated security officer
C. No employee awareness training and education program
D. No periodic assessments to identify threats and vulnerabilities
Answer: (SHOW ANSWER)

NEW QUESTION: 88
An organization has outsourced its data processing function to a service provider. Which of
the following would BEST determine whether the service provider continues to meet the
organization s objectives?
A. Assessment of the personnel training processes of the provider
B. Periodic audits of controls by an independent auditor
C. Adequacy of the service provider's insurance
D. Review of performance against service level agreements (SLAs)
Answer: (SHOW ANSWER)

NEW QUESTION: 89
Which of the following would be an appropriate role of internal audit in helping to establish
an organization's privacy program?
A. Defining roles within the organization related to privacy
B. Designing controls to protect personal data
C. Developing procedures to monitor the use of personal data
D. Analyzing risks posed by new regulations
Answer: (SHOW ANSWER)
NEW QUESTION: 90
A. Sell-assessment reports of IT capability and maturity
B. Current and previous internal IS audit reports
C. Recent third-party IS audit reports
D. IT performance benchmarking reports with competitors
Answer: (SHOW ANSWER)

NEW QUESTION: 91
An organization is considering allowing users to connect personal devices to the corporate
network. Which of the following should be done FIRST?
A. Implement an acceptable use policy
B. Create inventory records of personal devices
C. Conduct security awareness training.
D. Configure users on the mobile device management (MDM) solution
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 92
Which of the following is the BEST indication to an IS auditor that management's post-
implementation review was effective?
A. Lessons learned were documented and applied.
B. Business and IT stakeholders participated in the post-implementation review.
C. Internal audit follow-up was completed without any findings.
D. Post-implementation review is a formal phase in the system development life cycle
(SDLC).
Answer: (SHOW ANSWER)

NEW QUESTION: 93
Which of the following activities would allow an IS auditor to maintain independence while
facilitating a control sell-assessment (CSA)?
A. Partially completing the CSA
B. Implementing the remediation plan
C. Developing the remediation plan
D. Developing the CSA questionnaire
Answer: D (LEAVE A REPLY)

NEW QUESTION: 94
An IS auditor notes that the previous year's disaster recovery test was not completed
within the scheduled time frame due to insufficient hardware allocated by a third-party
vendor. Which of the following provides the BEST evidence that adequate resources are
now allocated to successfully recover the systems?
A. An up-to-date RACI chart
B. Vendor memo indicating problem correction
C. Service level agreement (SLA)
D. Hardware change management policy
Answer: (SHOW ANSWER)

NEW QUESTION: 95
Which of the following should be of GREATEST concern to an IS auditor reviewing an
organization's business continuity plan (BCP)?
A. The BCP has not been approved by senior management.
B. The BCP has not been tested since it was first issued.
C. The BCP's contact information needs to be updated
D. The BCP is not version controlled.
Answer: B (LEAVE A REPLY)

NEW QUESTION: 96
Which of the following is the PRIMARY advantage of using visualization technology for
corporate applications?
A. Stronger data security
B. Improved disaster recovery
C. Increased application performance
D. Better utilization of resources
Answer: (SHOW ANSWER)

NEW QUESTION: 97
Which of the following should be the FRST step when developing a data toes prevention
(DIP) solution for a large organization?
A. Conduct a data inventory and classification exercise
B. Conduct a threat analysis against sensitive data usage.
C. Create the DLP pcJc.es and templates
D. Identify approved data workflows across the enterprise.
Answer: (SHOW ANSWER)
NEW QUESTION: 98
Which of the following is the BEST data integrity check?
A. Tracing data back to the point of origin
B. Performing a sequence check
C. Counting the transactions processed per day
D. Preparing and running test data
Answer: (SHOW ANSWER)

NEW QUESTION: 99
Which of the following is the BEST source of information to determine the required level of
data protection on a file server?
A. Previous data breach incident reports
B. Data classification policy and procedures
C. Acceptable use policy and privacy statements
D. Access rights of similar file servers
Answer: (SHOW ANSWER)

NEW QUESTION: 100


A. Add comments about the action taken by IT management in the report.
B. Re-perform the audit before changing the conclusion.
C. Explain to IT management that the new control will be evaluated during follow-up
D. Change the conclusion based on evidence provided by IT management.
Answer: (SHOW ANSWER)

NEW QUESTION: 101


During an audit of a financial application, it was determined that many terminated users'
accounts were not disabled. Which of the following should be the IS auditor's NEXT step?
A. Conclude that IT general controls ate ineffective.
B. Perform substantive testing of terminated users' access rights.
C. Communicate risks to the application owner.
D. Perform a review of terminated users' account activity
Answer: (SHOW ANSWER)

NEW QUESTION: 102


An IS auditor is evaluating the risk associated with moving from one database
management system (DBMS) to another. Which of the following would be MOST helpful to
ensure the integrity of the system throughout the change?
A. Preserving the same data inputs
B. Preserving the same data interfaces
C. Preserving the same data structure
D. Preserving the same data classifications
Answer: (SHOW ANSWER)

NEW QUESTION: 103


Which of the following documents should specify roles and responsibilities within an IT
audit organization?
A. Annual audit plan
B. Engagement letter
C. Audit charier
D. Organizational chart
Answer: (SHOW ANSWER)

NEW QUESTION: 104


Which of the following is necessary for effective risk management in IT governance?
A. IT risk management is separate from corporate risk management.
B. Local managers are solely responsible for risk evaluation.
C. Risk evaluation is embedded in management processes.
D. Risk management strategy is approved by the audit committee.
Answer: (SHOW ANSWER)

NEW QUESTION: 105


During an incident management audit, an IS auditor finds that several similar incidents
were logged during the audit period. Which of the following is the auditor's MOST
important course of action?
A. Confirm the resolution time of the incidents.
B. Document the finding and present it to management.
C. Determine if a root cause analysis was conducted.
D. Validate whether all incidents have been actioned.
Answer: (SHOW ANSWER)

NEW QUESTION: 106


Which of the following is the BEST compensating control when segregation of duties is
lacking in a small IS department?
A. Transaction log review
B. Background checks
C. Mandatory holidays
D. User awareness training
Answer: (SHOW ANSWER)
Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 107


Which of the following attack techniques will succeed because of an inherent security
weakness in an Internet firewall?
A. Using a dictionary attack of encrypted passwords
B. Flooding the site with an excessive number of packets
C. Intercepting packets and viewing passwords
D. Phishing
Answer: (SHOW ANSWER)

NEW QUESTION: 108


Which of the following is a PRIMARY responsibility of an IT steering committee?
A. Prioritizing IT projects in accordance with business requirements
B. Establishing IT budgets for the business
C. Reviewing periodic IT risk assessments
D. Validating and monitoring the skill sets of IT department staff
Answer: A (LEAVE A REPLY)

NEW QUESTION: 109


Which of the following is MOST important for an IS auditor to review when evaluating the
accuracy of a spreadsheet that contains several macros?
A. Version history
B. Formulas within macros
C. Encryption of the spreadsheet
D. Reconciliation of key calculations
Answer: (SHOW ANSWER)

NEW QUESTION: 110


A. Assuring the physical security of devices
B. Determining tools to be used
C. Maintaining chain of custody
D. Preserving data integrity
Answer: (SHOW ANSWER)

NEW QUESTION: 111


An organizations audit charier PRIMARILY:
A. describes the auditors' authority to conduct audits.
B. documents the audit process and reporting standards.
C. defines the auditors' code of conduct.
D. formally records the annual and quarterly audit plans.
Answer: (SHOW ANSWER)

NEW QUESTION: 112


After the merger of two organizations, which of the following is the MOST important task
for an IS auditor to perform?
A. Updating the security policy
B. Verifying that access privileges have been reviewed
C. investigating access rights for expiration dates
D. Updating the continuity plan for critical resources
Answer: (SHOW ANSWER)

NEW QUESTION: 113


Which of the following is the BEST indicator of the effectiveness of signature-based
intrusion detection systems (lDS)?
A. An increase in the number of internally reported critical incidents
B. An increase in the number of detected Incidents not previously identified
C. An increase in the number of unfamiliar sources of intruders
D. An increase in the number of identified false positives
Answer: (SHOW ANSWER)

NEW QUESTION: 114


Which of the following should be the FIRST step to successfully implement a corporate
data classification program?
A. Confirm that adequate resources are available for the project.
B. Approve a data classification policy.
C. Select a data loss prevention (DLP) product.
D. Check for the required regulatory requirements.
Answer: (SHOW ANSWER)

NEW QUESTION: 115


Which of the following is MOST important to determine during the planning phase of a
cloud-based messaging and collaboration platform acquisition?
A. Types of data that can be uploaded to the platform
B. Processes for on-boarding and off-boarding users to the platform
C. Role-based access control policies
D. Processes for reviewing administrator activity
Answer: (SHOW ANSWER)

NEW QUESTION: 116


An incorrect version of source code was amended by a development team. This MOST
likely indicates a weakness in:
A. project management.
B. quality assurance (QA).
C. incident management.
D. change management.
Answer: (SHOW ANSWER)

NEW QUESTION: 117


In which phase of the internal audit process is contact established with the individuals
responsible for the business processes in scope for review?
A. Follow-up phase
B. Planning phase
C. Selection phase
D. Execution phase
Answer: (SHOW ANSWER)

NEW QUESTION: 118


Which of the following is MOST important when planning a network audit?
A. Isolation of rogue access points
B. Determination of IP range in use
C. Identification of existing nodes
D. Analysis of traffic content
Answer: (SHOW ANSWER)

NEW QUESTION: 119


When verifying the accuracy and completeness of migrated data for a new application
system replacing a legacy system. It is MOST effective for an IS auditor to review;
A. rollback plans
B. acceptance lasting results
C. audit trails
D. data analytics findings.
Answer: (SHOW ANSWER)

NEW QUESTION: 120


A. Involving appropriate business representation within the framework
B. Establishing committees to support and oversee framework activities
C. Documenting IT-related policies and procedures
D. Aligning the framework to industry best practices
Answer: (SHOW ANSWER)

NEW QUESTION: 121


Which of the following is MOST important for an IS auditor to determine during the detailed
design phase of a system development project?
A. The design has been approved by senior management.
B. Program coding standards have been followed
C. Data conversion procedures have been establish.
D. Acceptance test criteria have been developed
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 122


What is MOST important to verify during an external assessment of network vulnerability?
A. Location of intrusion detection systems (IDS)
B. Completeness of network asset inventory
C. Regular review of the network security policy
D. Update of security information event management (SIEM) rules
Answer: (SHOW ANSWER)

NEW QUESTION: 123


Which of the following is an audit reviewer's PRIMARY role with regard to evidence?
A. Ensuring appropriate statistical sampling methods were used
B. Ensuring unauthorized individuals do not tamper with evidence after it has been
captured
C. Ensuring evidence is sufficient to support audit conclusions
D. Ensuring evidence is labeled to show it was obtained from an approved source
Answer: (SHOW ANSWER)

NEW QUESTION: 124


A post-implementation review was conducted by issuing a survey to users. Which of the
following should be of GREATEST concern to an IS auditor?
A. The survey results were not presented in detail lo management.
B. The survey was issued to employees a month after implementation.
C. The survey questions did not address the scope of the business case.
D. The survey form template did not allow additional feedback to be provided.
Answer: (SHOW ANSWER)

NEW QUESTION: 125


A new regulation in one country of a global organization has recently prohibited cross-
border transfer of personal dat a. An IS auditor has been asked to determine the
organization's level of exposure In the affected country. Which of the following would be
MOST helpful in making this assessment?
A. Identifying business processes associated with personal data exchange with the
affected jurisdiction
B. Reviewing data classification procedures associated with the affected jurisdiction
C. Identifying data security threats in the affected jurisdiction
D. Developing an inventory of all business entities that exchange personal data with the
affected jurisdiction
Answer: (SHOW ANSWER)

NEW QUESTION: 126


Which of the following is the MOST effective way to maintain network integrity when using
mobile devices?
A. Implement outbound firewall rules.
B. Implement network access control.
C. Perform network reviews.
D. Review access control lists.
Answer: B (LEAVE A REPLY)

NEW QUESTION: 127


Which of the following BEST guards against the risk of attack by hackers?
A. Firewalls
B. Message validation
C. Encryption
D. Tunneling
Answer: C (LEAVE A REPLY)

NEW QUESTION: 128


Which of the following should be the FIRST step when conducting an IT risk assessment?
A. Identify assets to be protected.
B. Identify potential threats.
C. Assess vulnerabilities.
D. Evaluate controls in place.
Answer: (SHOW ANSWER)

NEW QUESTION: 129


A company has implemented an IT segregation of duties policy. In a role-based
environment, which of the following roles may be assigned to an application developer?
A. Emergency support
B. IT operator
C. Database administration
D. System administration
Answer: (SHOW ANSWER)

NEW QUESTION: 130


A. Monitor network traffic attempting to reach the outdated software system.
B. Segregate the outdated software system from the main network.
C. Verify all patches have been applied to the software system's outdated version
D. Close all unused ports on the outdated software system.
Answer: (SHOW ANSWER)

NEW QUESTION: 131


During a review of a production schedule, an IS auditor observes that a staff member is not
complying with mandatory operational procedures. The auditor's NEXT step should be to:
A. determine why the procedures were not followed.
B. include the noncompliance in the audit report.
C. note the noncompliance in the audit working papers.
D. issue an audit memorandum identifying the noncompliance.
Answer: (SHOW ANSWER)

NEW QUESTION: 132


Which of the following is the PRIMARY role of the IS auditor m an organization's
information classification process?
A. Defining classification levels for information assets within the organization
B. Validating that assets are protected according to assigned classification
C. Securing information assets in accordance with the classification assigned
D. Ensuring classification levels align with regulatory guidelines
Answer: (SHOW ANSWER)

NEW QUESTION: 133


An externally facing system containing sensitive data is configured such that users have
either read-only or administrator rights. Most users of the system have administrator
access. Which of the following is the GREATEST risk associated with this situation?
A. Users can export application logs.
B. Users can view sensitive data.
C. Users can make unauthorized changes.
D. Users can install open-licensed software.
Answer: (SHOW ANSWER)

NEW QUESTION: 134


Which of the following should an IS auditor consider FIRST when evaluating firewall rules?
A. The number of remote nodes
B. The physical location of the firewalls
C. The firewalls' default settings
D. The organization's security policy
Answer: (SHOW ANSWER)

NEW QUESTION: 135


An IS auditor discovers that validation controls m a web application have been moved from
the server side into the browser to boost performance This would MOST likely increase the
risk of a successful attack by.
A. denial of service (DoS)
B. structured query language (SQL) injection
C. buffer overflow
D. phishing.
Answer: (SHOW ANSWER)

NEW QUESTION: 136


Which of the following must be in place before an IS auditor initiates audit follow-up
activities?
A. Available resources for the activities included in the action plan
B. A heal map with the gaps and recommendations displayed in terms of risk
C. Supporting evidence for the gaps and recommendations mentioned in the audit report
D. A management response in the final report with a committed implementation date
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 137


A warehouse employee of a retail company has been able to conceal the theft of inventory
items by entering adjustments of either damaged or lost stock items lo the inventory
system. Which control would have BEST prevented this type of fraud in a retail
environment?
A. An edit check for the validity of the inventory transaction
B. Statistical sampling of adjustment transactions
C. Separate authorization for input of transactions
D. Unscheduled audits of lost stock lines
Answer: (SHOW ANSWER)

NEW QUESTION: 138


The PRIMARY benefit of automating application testing is to:
A. provide more flexibility.
B. provide test consistency.
C. reduce the time to review code.
D. replace all manual test processes.
Answer: (SHOW ANSWER)

NEW QUESTION: 139


An organization has recently acquired and implemented intelligent-agent software for
granting loans to customers. During the post-implementation review, which of the following
is the MOST important procedure for the IS auditor to perform?
A. Review input and output control reports to verify the accuracy of the system decisions.
B. Review system documentation to ensure completeness.
C. Review signed approvals to ensure responsibilities for decisions of the system are well
defined.
D. Review system and error logs to verify transaction accuracy.
Answer: (SHOW ANSWER)

NEW QUESTION: 140


A. increase efficiency.
B. optimize investments.
C. promote best practices
D. ensure compliance.
Answer: (SHOW ANSWER)

NEW QUESTION: 141


Which of the following is the MOST important determining factor when establishing
appropriate timeframes for follow-up activities related to audit findings?
A. Remediation dates included in management responses
B. Availability of IS audit resources
C. Peak activity periods for the business
D. Complexity of business processes identified in the audit
Answer: C (LEAVE A REPLY)

NEW QUESTION: 142


A review of an organization's IT portfolio revealed several applications that are not in use.
The BEST way to prevent this situation from recurring would be to implement.
A. Business case development procedures
B. Asset life cycle management.
C. A formal request for proposal (RFP) process
D. An information asset acquisition policy
Answer: (SHOW ANSWER)

NEW QUESTION: 143


Which of the following BEST Indicates that an incident management process is effective?
A. Decreased number of calls lo the help desk
B. Increased number of incidents reviewed by IT management
C. Increased number of reported critical incidents
D. Decreased time for incident resolution
Answer: (SHOW ANSWER)

NEW QUESTION: 144


An organization has outsourced the development of a core application. However, the
organization plans to bring the support and future maintenance of the application back in-
house. Which of the following findings should be the IS auditor's GREATEST concern?
A. The vendor development team is located overseas.
B. The cost of outsourcing is lower than in-house development.
C. A training plan for business users has not been developed.
D. The data model is not clearly documented.
Answer: (SHOW ANSWER)

NEW QUESTION: 145


Which of the following is the BEST justification for deferring remediation testing until the
next audit?
A. Auditee management has accepted all observations reported by the auditor.
B. The auditor who conducted the audit and agreed with the timeline has left the
organization.
C. Management's planned actions are sufficient given the relative importance of the
observations.
D. The audit environment has changed significantly.
Answer: (SHOW ANSWER)
NEW QUESTION: 146
An organization is disposing of a system containing sensitive data and has deleted all files
from the hard disk. An IS auditor should be concerned because:
A. deleting all files separately is not as efficient as formatting the hard disk.
B. deleting the files logically does not overwrite the files' physical data.
C. deleted data cannot easily be retrieved.
D. backup copies of files were not deleted as well.
Answer: (SHOW ANSWER)

NEW QUESTION: 147


Which of the following is the BEST way to mitigate the impact of ransomware attacks?
A. Backing up data frequently
B. Requiring password changes for administrative accounts
C. Paying the ransom
D. Invoking the disaster recovery plan (DRP)
Answer: (SHOW ANSWER)

NEW QUESTION: 148


Which of the following is me GREATE ST impact as a result of the ongoing deterioration of
a detective control?
A. Decreased effectiveness of roof cause analysis
B. Increased number of false negatives in security logs
C. Decreased overall recovery time
D. Increased demand for storage space for logs
Answer: (SHOW ANSWER)

NEW QUESTION: 149


An IS auditor has been asked to assess the security of a recently migrated database
system that contains personal and financial data for a bank's customers. Which of the
following controls is MOST important for the auditor to confirm is in place?
A. The default administration account is used after changing the account password.
B. All tables in the database are normalized.
C. The service port used by the database server has been changed.
D. The default configurations have been changed.
Answer: (SHOW ANSWER)

NEW QUESTION: 150


A. The chief information officer (CIO) is involved In approving the organizational strategies
B. Business stakeholders are Involved In approving the IT strategy.
C. IT strategies are communicated to all Business stakeholders
D. Organizational strategies are communicated to the chief information officer (CIO).
Answer: (SHOW ANSWER)

NEW QUESTION: 151


Which of the following BEST enables an organization to improve the visibility of end-user
computing (EUC) applications that support regulatory reporting?
A. EUC access control matrix
B. EUC inventory
C. EUC availability controls
D. EUC tests of operational effectiveness
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 152


Which of the following should be the MOST important consideration when conducting a
review of IT portfolio management?
A. Adherence to best practice and industry approved methodologies
B. Assignment of responsibility for each project to an IT team member
C. Controls to minimize risk and maximize value for the IT portfolio
D. Frequency of meetings where the business discusses the IT portfolio
Answer: (SHOW ANSWER)

NEW QUESTION: 153


An IS auditor is examining a front-end subledger and a main ledger. Which of the following
would be the GREATEST concern if there are flaws in the mapping of accounts between
the two systems?
A. Double-posting of a single journal entry
B. Inability to support new business transactions
C. Inaccuracy of financial reporting
D. Unauthorized alteration of account attributes
Answer: C (LEAVE A REPLY)

NEW QUESTION: 154


What is the PRIMARY purpose of documenting audit objectives when preparing for an
engagement?
A. To identify areas with relatively high probability of material problems
B. To address the overall risk associated with the activity under review
C. To help prioritize and schedule auditee meetings
D. To help ensure maximum use of audit resources during the engagement
Answer: (SHOW ANSWER)

NEW QUESTION: 155


An IS auditor Is reviewing a recent security incident and is seeking information about me
approval of a recent modification to a database system's security settings Where would the
auditor MOST likely find this information?
A. Database log
B. Security incident and event management (SIEM) report
C. Change log
D. System event correlation report
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
premium-file.html (500 Q&As Dumps, 30%OFF Special Discount: freecram)

You might also like