CISA exam

Which of the following is an executive management concern that could be addressed by the implementation of a security metrics dashboard?A . Effectiveness of the security program B. Security incidents vs. industry benchmarks C. Total number of hours budgeted to security D. Total number of false positivesView AnswerAnswer: A

An IS auditor finds the log management system is overwhelmed with false positive alerts. The auditor's BEST recommendation would be to:A . establish criteria for reviewing alerts. B. recruit more monitoring personnel. C. reduce the firewall rules. D. fine tune the intrusion detection system (IDS).View AnswerAnswer: D

Which of the following should be an IS auditor's PRIMARY focus when developing a risk-based IS audit program?A . Portfolio management B. Business plans C. Business processes D. IT strategic plansView AnswerAnswer: D

Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?A . Write access to production program libraries B. Write access to development data libraries C. Execute access to production program libraries D. Execute access to development program librariesView AnswerAnswer:...

Which of the following is MOST important for an effective control self-assessment (CSA) program?A . Determining the scope of the assessment B. Performing detailed test procedures C. Evaluating changes to the risk environment D. Understanding the business processView AnswerAnswer: D

A proper audit trail of changes to server start-up procedures would include evidence of:A . subsystem structure. B. program execution. C. security control options. D. operator overrides.View AnswerAnswer: D

IS management has recently disabled certain referential integrity controls in the database management system (DBMS) software to provide users increased query performance. Which of the following controls will MOST effectively compensate for the lack of referential integrity?A . More frequent data backups B. Periodic table link checks C. Concurrent access...

An organization allows employees to retain confidential data on personal mobile devices. Which of the following is the BEST recommendation to mitigate the risk of data leakage from lost or stolen devices?A . Require employees to attend security awareness training. B. Password protect critical data files. C. Configure to auto-wipe...

An IS auditor is examining a front-end subledger and a main ledger. Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?A . Double-posting of a single journal entry B. Inability to support new business transactions C. Unauthorized...

When evaluating the design of controls related to network monitoring, which of the following is MOST important for an IS auditor to review?A . Incident monitoring togs B. The ISP service level agreement C. Reports of network traffic analysis D. Network topology diagramsView AnswerAnswer: D