CISA exam

During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period. Which of the following is the auditor's MOST important course of action?A . Document the finding and present it to management. B. Determine if a root cause analysis was conducted. C....

The PRIMARY advantage of object-oriented technology is enhanced:A . efficiency due to the re-use of elements of logic. B. management of sequential program execution for data access. C. grouping of objects into methods for data access. D. management of a restricted variety of data types for a data object.View AnswerAnswer:...

Which of the following is the BEST control to prevent the transfer of files to external parties through instant messaging (IM) applications?A . File level encryption B. File Transfer Protocol (FTP) C. Instant messaging policy D. Application level firewallsView AnswerAnswer: D

Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?A . Assignment of responsibility for each project to an IT team member B. Adherence to best practice and industry approved methodologies C. Controls to minimize risk and maximize value for the IT...

An IS auditor has found that an organization is unable to add new servers on demand in a cost-efficient manner. Which of the following is the auditor's BEST recommendation?A . Increase the capacity of existing systems. B. Upgrade hardware to newer technology. C. Hire temporary contract workers for the IT...

During the design phase of a software development project, the PRIMARY responsibility of an IS auditor is to evaluate the:A . Future compatibility of the application. B. Proposed functionality of the application. C. Controls incorporated into the system specifications. D. Development methodology employed.View AnswerAnswer: C

Which of the following is an audit reviewer's PRIMARY role with regard to evidence?A . Ensuring unauthorized individuals do not tamper with evidence after it has been captured B. Ensuring evidence is sufficient to support audit conclusions C. Ensuring appropriate statistical sampling methods were used D. Ensuring evidence is labeled...

Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?A . The IS auditor provided consulting advice concerning application system best practices. B. The IS auditor participated as a member of the application system project team, but...

An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?A . Data masking B. Data tokenization C. Data...

What is MOST important to verify during an external assessment of network vulnerability?A . Update of security information event management (SIEM) rules B. Regular review of the network security policy C. Completeness of network asset inventory D. Location of intrusion detection systems (IDS)View AnswerAnswer: C