CISA exam

Which of the following is MOST important for an effective control self-assessment (CSA) program?A . Determining the scope of the assessment B. Performing detailed test procedures C. Evaluating changes to the risk environment D. Understanding the business processView AnswerAnswer: D

Which of the following is a social engineering attack method?A . An unauthorized person attempts to gam access to secure premises by following an authonzed person through a secure door. B. An employee is induced to reveal confidential IP addresses and passwords by answering questions over the phone. C. A...

A proper audit trail of changes to server start-up procedures would include evidence of:A . subsystem structure. B. program execution. C. security control options. D. operator overrides.View AnswerAnswer: D

While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed with the audit function. In order to resolve the situation, the IS auditor's BEST course of action would be to:A . re-prioritize the original issue as...

The PRIMARY benefit lo using a dry-pipe fire-suppression system rather than a wet-pipe system is that a dry-pipe system:A . is more effective at suppressing flames. B. allows more time to abort release of the suppressant. C. has a decreased risk of leakage. D. disperses dry chemical suppressants exclusively.View AnswerAnswer:...

An IS auditor will be testing accounts payable controls by performing data analytics on the entire population of transactions. Which of the following is MOST important for the auditor to confirm when sourcing the population data?A . The data is taken directly from the system. B. There is no privacy...

Which of the following is MOST useful for determining whether the goals of IT are aligned with the organization's goals?A . Balanced scorecard B. Enterprise dashboard C. Enterprise architecture (EA) D. Key performance indicators (KPIs)View AnswerAnswer: A

Which of the following should be an IS auditor's GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?A . Business interruption due to remediation B. IT budgeting constraints C. Availability of responsible IT personnel D. Risk rating of original findingsView AnswerAnswer: D

The PRIMARY advantage of object-oriented technology is enhanced:A . efficiency due to the re-use of elements of logic. B. management of sequential program execution for data access. C. grouping of objects into methods for data access. D. management of a restricted variety of data types for a data object.View AnswerAnswer:...

Which of the following data would be used when performing a business impact analysis (BIA)?A . Projected impact of current business on future business B. Cost-benefit analysis of running the current business C. Cost of regulatory compliance D. Expected costs for recovering the businessView AnswerAnswer: A