CISA exam

Which of the following demonstrates the use of data analytics for a loan origination process?A . Evaluating whether loan records are included in the batch file and are validated by the servicing system B. Comparing a population of loans input in the origination system to loans booked on the servicing...

Which of the following is the BEST control to mitigate the malware risk associated with an instant messaging (IM) system?A . Blocking attachments in IM B. Blocking external IM traffic C. Allowing only corporate IM solutions D. Encrypting IM trafficView AnswerAnswer: C

Which of the following BEST minimizes performance degradation of servers used to authenticate users of an e-commerce website?A . Configure a single server as a primary authentication server and a second server as a secondary authentication server. B. Configure each authentication server as belonging to a cluster of authentication servers....

When reviewing an organization's information security policies, an IS auditor should verify that the policies have been defined PRIMARILY on the basis of:A . a risk management process. B. an information security framework. C. past information security incidents. D. industry best practices.View AnswerAnswer: B

Which of the following is the MOST important reason to implement version control for an end-user computing (EUC) application?A . To ensure that older versions are availability for reference B. To ensure that only the latest approved version of the application is used C. To ensure compatibility different versions of...

During a new system implementation, an IS auditor has been assigned to review risk management at each milestone. The auditor finds that several risks to project benefits have not been addressed. Who should be accountable for managing these risks?A . Enterprise risk manager B. Project sponsor C. Information security officer...

An IS auditor is following up on prior period items and finds management did not address an audit finding. Which of the following should be the IS auditor's NEXT course of action?A . Note the exception in a new report as the item was not addressed by management. B. Recommend...

Which of the following would BEST determine whether a post-implementation review (PIR) performed by the project management office (PMO) was effective?A . Lessons learned were implemented. B. Management approved the PIR report. C. The review was performed by an external provider. D. Project outcomes have been realized.View AnswerAnswer: D

An IS auditor will be testing accounts payable controls by performing data analytics on the entire population of transactions. Which of the following is MOST important for the auditor to confirm when sourcing the population data?A . The data is taken directly from the system. B. There is no privacy...

An IS auditor is conducting a post-implementation review of an enterprise resource planning (ERP) system. End users indicated concerns with the accuracy of critical automatic calculations made by the system. The auditor's FIRST course of action should be to:A . review recent changes to the system. B. verify completeness of...