CISA exam

Which of the following is the MOST effective control to mitigate unintentional misuse of authorized access?A . Annual sign-off of acceptable use policyB . Regular monitoring of user access logsC . Security awareness trainingD . Formalized disciplinary actionView AnswerAnswer: C Explanation: The most effective control to mitigate unintentional misuse of...

Which of the following should be the PRIMARY basis for prioritizing follow-up audits?A . Audit cycle defined in the audit planB . Complexity of management's action plansC . Recommendation from executive managementD . Residual risk from the findings of previous auditsView AnswerAnswer: D Explanation: Residual risk from the findings of...

Which of the following is the BEST way to determine whether a test of a disaster recovery plan (DRP) was successful?A . Analyze whether predetermined test objectives were met.B . Perform testing at the backup data center.C . Evaluate participation by key personnel.D . Test offsite backup files.View AnswerAnswer: A...

Which of the following should an IS auditor be MOST concerned with during a post-implementation review?A . The system does not have a maintenance plan.B . The system contains several minor defects.C . The system deployment was delayed by three weeks.D . The system was over budget by 15%.View AnswerAnswer:...

Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:A . business impact analysis (BIA).B . threat and risk assessment.C . business continuity plan (BCP).D . disaster recovery plan (DRP).View AnswerAnswer: C Explanation: A business continuity plan (BCP) is...

Which of the following should be an IS auditor's PRIMARY focus when developing a risk-based IS audit program?A . Portfolio managementB . Business plansC . Business processesD . IT strategic plansView AnswerAnswer: C Explanation: Business processes should be the primary focus of an IS auditor when developing a risk-based IS...

Which of the following fire suppression systems needs to be combined with an automatic switch to shut down the electricity supply in the event of activation?A . Carbon dioxideB . FM-200C . Dry pipeD . HalonView AnswerAnswer: A Explanation: Carbon dioxide fire suppression systems need to be combined with an...

An incorrect version of the source code was amended by a development team. This MOST likely indicates a weakness in:A . incident management.B . quality assurance (QA).C . change management.D . project management.View AnswerAnswer: C Explanation: A weakness in change management is the most likely cause of an incorrect version...

Which of the following strategies BEST optimizes data storage without compromising data retention practices?A . Limiting the size of file attachments being sent via emailB . Automatically deleting emails older than one yearC . Moving emails to a virtual email vault after 30 daysD . Allowing employees to store large...

An IS auditor finds the log management system is overwhelmed with false positive alerts. The auditor's BEST recommendation would be to:A . establish criteria for reviewing alerts.B . recruit more monitoring personnel.C . reduce the firewall rules.D . fine tune the intrusion detection system (IDS).View AnswerAnswer: D Explanation: Fine tuning...