CISA exam

Which of the following attack techniques will succeed because of an inherent security weakness in an Internet firewall?A . PhishingB . Using a dictionary attack of encrypted passwordsC . Intercepting packets and viewing passwordsD . Flooding the site with an excessive number of packetsView AnswerAnswer: D Explanation: Flooding the site...

An IS auditor is following up on prior period items and finds management did not address an audit finding. Which of the following should be the IS auditor's NEXT course of action?A . Note the exception in a new report as the item was not addressed by management.B . Recommend...

An IT balanced scorecard is the MOST effective means of monitoring:A . governance of enterprise IT.B . control effectiveness.C . return on investment (ROI).D . change management effectiveness.View AnswerAnswer: A Explanation: An IT balanced scorecard is a strategic management tool that aligns IT objectives with business goals and measures the...

An IS auditor is examining a front-end subledger and a main ledger. Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?A . Double-posting of a single journal entryB . Inability to support new business transactionsC . Unauthorized...

An IS auditor is planning an audit of an organization's accounts payable processes. Which of the following controls is MOST important to assess in the audit?A . Segregation of duties between issuing purchase orders and making payments.B . Segregation of duties between receiving invoices and setting authorization limitsC . Management...

An IS auditor discovers an option in a database that allows the administrator to directly modify any table. This option is necessary to overcome bugs in the software, but is rarely used. Changes to tables are automatically logged. The IS auditor's FIRST action should be to:A . recommend that the...

An IS auditor notes that several employees are spending an excessive amount of time using social media sites for personal reasons. Which of the following should the auditor recommend be performed FIRST?A . Implement a process to actively monitor postings on social networking sites.B . Adjust budget for network usage...

The PRIMARY advantage of object-oriented technology is enhanced:A . efficiency due to the re-use of elements of logic.B . management of sequential program execution for data access.C . grouping of objects into methods for data access.D . management of a restricted variety of data types for a data object.View AnswerAnswer:...

Which of the following is the BEST way to mitigate the impact of ransomware attacks?A . Invoking the disaster recovery plan (DRP)B . Backing up data frequentlyC . Paying the ransomD . Requiring password changes for administrative accountsView AnswerAnswer: B Explanation: Ransomware is a type of malicious software that encrypts...

During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRSTA . perform a business impact analysis (BIA).B . issue an intermediate report to management.C . evaluate the impact on current disaster recovery capability.D . conduct additional compliance...