CISA exam

Which of the following is the BEST way to address segregation of duties issues in an organization with budget constraints?A . Rotate job duties periodically.B . Perform an independent audit.C . Hire temporary staff.D . Implement compensating controls.View AnswerAnswer: D Explanation: The best way to address segregation of duties issues...

During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period. Which of the following is the auditor's MOST important course of action?A . Document the finding and present it to management.B . Determine if a root cause analysis was conducted.C ....

The decision to accept an IT control risk related to data quality should be the responsibility of the:A . information security team.B . IS audit manager.C . chief information officer (CIO).D . business owner.View AnswerAnswer: D Explanation: The decision to accept an IT control risk related to data quality should...

An organization's enterprise architecture (EA) department decides to change a legacy system's components while maintaining its original functionality. Which of the following is MOST important for an IS auditor to understand when reviewing this decision?A . The current business capabilities delivered by the legacy systemB . The proposed network topology...

Which of the following is the MOST important prerequisite for the protection of physical information assets in a data center?A . Segregation of duties between staff ordering and staff receiving information assetsB . Complete and accurate list of information assets that have been deployedC . Availability and testing of onsite...

Which of the following is the PRIMARY advantage of parallel processing for a new system implementation?A . Assurance that the new system meets functional requirementsB . More time for users to complete training for the new systemC . Significant cost savings over other system implemental or approachesD . Assurance that...

Which of the following is the BEST control to prevent the transfer of files to external parties through instant messaging (IM) applications?A . File level encryptionB . File Transfer Protocol (FTP)C . Instant messaging policyD . Application-level firewallsView AnswerAnswer: D Explanation: Application level firewalls are the best control to prevent...

Which of the following is the BEST control to mitigate the malware risk associated with an instant messaging (IM) system?A . Blocking attachments in IMB . Blocking external IM trafficC . Allowing only corporate IM solutionsD . Encrypting IM trafficView AnswerAnswer: C Explanation: Allowing only corporate IM solutions is the...

An IS auditor finds that a key Internet-facing system is vulnerable to attack and that patches are not available. What should the auditor recommend be done FIRST?A . Implement a new system that can be patched.B . Implement additional firewalls to protect the system.C . Decommission the server.D . Evaluate...

One benefit of return on investment (ROI) analysts in IT decision making is that it provides the:A . basis for allocating indirect costs.B . cost of replacing equipment.C . estimated cost of ownership.D . basis for allocating financial resources.View AnswerAnswer: D Explanation: One benefit of return on investment (ROI) analysis...