CISA exam

A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization. Which of the following is MOST effective in detecting such an intrusion?A . Periodically reviewing log files B. Configuring the router as a firewall C. Using smart cards with one-time...

During the implementation of an upgraded enterprise resource planning (ERP) system, which of the following is the MOST important consideration for a go-live decision?A . Rollback strategy B. Test cases C. Post-implementation review objectives D. Business caseView AnswerAnswer: D

An IS auditor discovers an option in a database that allows the administrator to directly modify any table. This option is necessary to overcome bugs in the software, but is rarely used. Changes to tables are automatically logged. The IS auditor's FIRST action should be to:A . recommend that the...

While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed with the audit function. In order to resolve the situation, the IS auditor's BEST course of action would be to:A . re-prioritize the original issue as...

Which of the following is the BEST way to mitigate the impact of ransomware attacks?A . Invoking the disaster recovery plan (DRP) B. Backing up data frequently C. Paying the ransom D. Requiring password changes for administrative accountsView AnswerAnswer: B

When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:A . the Internet. B. the demilitarized zone (DMZ). C. the organization's web server. D. the organization's network.View...

During the discussion of a draft audit report. IT management provided suitable evidence fiat a process has been implemented for a control that had been concluded by the IS auditor as Ineffective. Which of the following is the auditor's BEST action?A . Explain to IT management that the new control...

When determining whether a project in the design phase will meet organizational objectives, what is BEST to compare against the business case?A . Implementation plan B. Project budget provisions C. Requirements analysis D. Project planView AnswerAnswer: C

Which of the following strategies BEST optimizes data storage without compromising data retention practices?A . Limiting the size of file attachments being sent via email B. Automatically deleting emails older than one year C. Moving emails to a virtual email vault after 30 days D. Allowing employees to store large...

Which of the following is the BEST recommendation to prevent fraudulent electronic funds transfers by accounts payable employees?A . Periodic vendor reviews B. Dual control C. Independent reconciliation D. Re-keying of monetary amounts E. Engage an external security incident response expert for incident handling.View AnswerAnswer: B