CISA exam

Which of the following would BEST facilitate the successful implementation of an IT-related framework?A . Aligning the framework to industry best practices B. Establishing committees to support and oversee framework activities C. Involving appropriate business representation within the framework D. Documenting IT-related policies and proceduresView AnswerAnswer: C

Which of the following is the BEST detective control for a job scheduling process involving data transmission?A . Metrics denoting the volume of monthly job failures are reported and reviewed by senior management. B. Jobs are scheduled to be completed daily and data is transmitted using a Secure File Transfer...

During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be MOST concerned with the:A . allocation of resources during an emergency. B. frequency of system testing. C. differences in IS policies and procedures. D. maintenance of hardware and software compatibility.View AnswerAnswer: D

Which of the following is the BEST way to address segregation of duties issues in an organization with budget constraints?A . Rotate job duties periodically. B. Perform an independent audit. C. Hire temporary staff. D. Implement compensating controls.View AnswerAnswer: D

An IS auditor who was instrumental in designing an application is called upon to review the application. The auditor should:A . refuse the assignment to avoid conflict of interest. B. use the knowledge of the application to carry out the audit. C. inform audit management of the earlier involvement. D....

During the discussion of a draft audit report. IT management provided suitable evidence fiat a process has been implemented for a control that had been concluded by the IS auditor as Ineffective. Which of the following is the auditor's BEST action?A . Explain to IT management that the new control...

When auditing the security architecture of an online application, an IS auditor should FIRST review the:A . firewall standards. B. configuration of the firewall C. firmware version of the firewall D. location of the firewall within the networkView AnswerAnswer: D

Which of the following attack techniques will succeed because of an inherent security weakness in an Internet firewall?A . Phishing B. Using a dictionary attack of encrypted passwords C. Intercepting packets and viewing passwords D. Flooding the site with an excessive number of packetsView AnswerAnswer: D

Which of the following is MOST important for an IS auditor to examine when reviewing an organization's privacy policy?A . Whether there is explicit permission from regulators to collect personal data B. The organization's legitimate purpose for collecting personal data C. Whether sharing of personal information with third-party service providers...

Which of the following tests would provide the BEST assurance that a health care organization is handling patient data appropriately?A . Compliance with action plans resulting from recent audits B. Compliance with local laws and regulations C. Compliance with industry standards and best practice D. Compliance with the organization's policies...