CISA exam

Which of the following is MOST important to ensure when planning a black box penetration test?A . The management of the client organization is aware of the testing.B . The test results will be documented and communicated to management.C . The environment and penetration test scope have been determined.D ....

When determining whether a project in the design phase will meet organizational objectives, what is BEST to compare against the business case?A . Implementation planB . Project budget provisionsC . Requirements analysisD . Project planView AnswerAnswer: C Explanation: Requirements analysis should be the best thing to compare against the business...

Which of the following provides the MOST reliable audit evidence on the validity of transactions in a financial application?A . Walk-through reviewsB . Substantive testingC . Compliance testingD . Design documentation reviewsView AnswerAnswer: B Explanation: Substantive testing provides the most reliable audit evidence on the validity of transactions in a...

Which of the following demonstrates the use of data analytics for a loan origination process?A . Evaluating whether loan records are included in the batch file and are validated by the servicing systemB . Comparing a population of loans input in the origination system to loans booked on the servicing...

Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organization's information security policy?A . Alignment with the IT tactical planB . IT steering committee minutesC . Compliance with industry best practiceD . Business objectivesView AnswerAnswer: D Explanation: The most important...

Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?A . Write access to production program librariesB . Write access to development data librariesC . Execute access to production program librariesD . Execute access to development program librariesView AnswerAnswer:...

Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following is the IS auditor's BEST recommendation?A . Ensure corrected program code is compiled in a dedicated server.B . Ensure change management reports are...

Spreadsheets are used to calculate project cost estimates. Totals for each cost category are then keyed into the job-costing system. What is the BEST control to ensure that data is accurately entered into the system?A . Reconciliation of total amounts by projectB . Validity checks, preventing entry of character dataC...

Which of the following is the BEST method to safeguard data on an organization's laptop computers?A . Disabled USB portsB . Full disk encryptionC . Biometric access controlD . Two-factor authenticationView AnswerAnswer: B Explanation: The best method to safeguard data on an organization’s laptop computers is full disk encryption. Full...

Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?A . Assignment of responsibility for each project to an IT team memberB . Adherence to best practice and industry approved methodologiesC . Controls to minimize risk and maximize value for the IT...