CISA exam

An IS auditor has found that an organization is unable to add new servers on demand in a cost-efficient manner. Which of the following is the auditor's BEST recommendation?A . Increase the capacity of existing systems. B. Upgrade hardware to newer technology. C. Hire temporary contract workers for the IT...

Which of the following should be done FIRST when planning a penetration test?A . Execute nondisclosure agreements (NDAs). B. Determine reporting requirements for vulnerabilities. C. Define the testing scope. D. Obtain management consent for the testing.View AnswerAnswer: D

Which of the following fire suppression systems needs to be combined with an automatic switch to shut down the electricity supply in the event of activation?A . Carbon dioxide B. FM-200 C. Dry pipe D. HalonView AnswerAnswer: C

To confirm integrity for a hashed message, the receiver should use:A . the same hashing algorithm as the sender's to create a binary image of the file. B. a different hashing algorithm from the sender's to create a binary image of the file. C. the same hashing algorithm as the...

An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?A . Data masking B. Data tokenization C. Data...

When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:A . the Internet. B. the demilitarized zone (DMZ). C. the organization's web server. D. the organization's network.View...

Which of the following is the BEST source of information for assessing the effectiveness of IT process monitoring?A . Real-time audit software B. Performance data C. Quality assurance (QA) reviews D. Participative management techniquesView AnswerAnswer: A

In a small IT web development company where developers must have write access to production, the BEST recommendation of an IS auditor would be to:A . hire another person to perform migration to production. B. implement continuous monitoring controls. C. remove production access from the developers. D. perform a user...

During the design phase of a software development project, the PRIMARY responsibility of an IS auditor is to evaluate the:A . Future compatibility of the application. B. Proposed functionality of the application. C. Controls incorporated into the system specifications. D. Development methodology employed.View AnswerAnswer: C

Which of the following demonstrates the use of data analytics for a loan origination process?A . Evaluating whether loan records are included in the batch file and are validated by the servicing system B. Comparing a population of loans input in the origination system to loans booked on the servicing...