CISA exam

An IS auditor is evaluating an organization's IT strategy and plans. Which of the following would be of GREATEST concern?A . There is not a defined IT security policy.B . The business strategy meeting minutes are not distributed.C . IT is not engaged in business strategic planning.D . There is...

Which audit approach is MOST helpful in optimizing the use of IS audit resources?A . Agile auditingB . Continuous auditingC . Outsourced auditingD . Risk-based auditingView AnswerAnswer: D Explanation: Risk-based auditing is an audit approach that focuses on the analysis and management of risk within an organization. Risk-based auditing helps...

Which of the following is MOST useful for determining whether the goals of IT are aligned with the organization's goals?A . Balanced scorecardB . Enterprise dashboardC . Enterprise architecture (EA)D . Key performance indicators (KPIs)View AnswerAnswer: A Explanation: The most useful tool for determining whether the goals of IT are...

During an external review, an IS auditor observes an inconsistent approach in classifying system criticality within the organization. Which of the following should be recommended as the PRIMARY factor to determine system criticality?A . Key performance indicators (KPIs)B . Maximum allowable downtime (MAD)C . Recovery point objective (RPO)D . Mean...

Which of the following would BEST facilitate the successful implementation of an IT-related framework?A . Aligning the framework to industry best practicesB . Establishing committees to support and oversee framework activitiesC . Involving appropriate business representation within the frameworkD . Documenting IT-related policies and proceduresView AnswerAnswer: C

Which of the following should be done FIRST when planning a penetration test?A . Execute nondisclosure agreements (NDAs).B . Determine reporting requirements for vulnerabilities.C . Define the testing scope.D . Obtain management consent for the testing.View AnswerAnswer: D Explanation: The first step when planning a penetration test is to obtain...

During the evaluation of controls over a major application development project, the MOST effective use of an IS auditor's time would be to review and evaluate:A . application test cases.B . acceptance testing.C . cost-benefit analysis.D . project plans.View AnswerAnswer: A Explanation: Reviewing and evaluating application test cases is the...

An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?A . Requiring policy acknowledgment and nondisclosure agreements (NDAs) signed by employeesB . Establishing strong access controls...

To confirm integrity for a hashed message, the receiver should use:A . the same hashing algorithm as the sender's to create a binary image of the file.B . a different hashing algorithm from the sender's to create a binary image of the file.C . the same hashing algorithm as the...

Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?A . The IS auditor provided consulting advice concerning application system best practices.B . The IS auditor participated as a member of the application system project team, but...