CISA exam

Which of the following control helps to identify an incident’s activities and potentially an intruder?A . DeterrentB . PreventiveC . DetectiveD . CompensatingView AnswerAnswer: C Explanation: Detective control helps identify an incident’s activities and potentially an intruder For your exam you should know below information about different security controls Deterrent...

During an IS audit, it is discovered that security configurations differ across the organization’s virtual server farm. Which of the following is the IS auditor’s BEST recommendation for improving the control environment?A . Conduct an independent review of each server’s security configurationB . Implement a security configuration baseline for virtual...

Which of the following conditions would be of MOST concern to an IS auditor assessing the risk of a successful brute force attack encrypted data at rest?A . Use of symmetric encryptionB . Use of asymmetric encryptionC . Random key generationD . Short key lengthView AnswerAnswer: D

An internal control audit has revealed a control deficiency related to a legacy system where the compensating controls no longer appear to be effective. Which of the following would BEST help the information security manager determine the security requirements to resolve the control deficiency?A . Cost-benefit analysisB . Gap analysisC...

Which of the following is the MOST appropriate responsibility of an IS auditor involved in a data center renovation project?A . Performing independent reviews of responsible parties engaged in the projectB . Ensuring the project progresses as scheduled and milestones are achievedC . Performing day-to-day activities to ensure the successful...

If concurrent update transactions to an account are not processed properly, which of the following will be affected?A . IntegrityB . ConfidentialityC . AvailabilityD . AccountabilityView AnswerAnswer: A

An IS auditor has completed an audit of an organization’s accounts payable system. Which of the following should be rated as the HIGHEST risk in the audit report and requires immediate remediation?A . Lack of segregation of duty controls for reconciliation of payment transactionsB . Lack of segregation of duty...

Which of the following should an IS auditor determine FIRST when evaluating additional hardware required to support the acquisition of a new accounting system?A . A training program has been developed to support the new accounting system.B . The supplier has experience supporting accounting systems.C . The hardware specified will...

An IS auditor is planning on utilizing attribute sampling to determine the error rate for health care claims processed. Which of the following factors will cause the sample size to decrease?A . Population size increaseB . Expected error rate increaseC . Acceptable risk level decreaseD . Tolerate error rate increaseView...

Which of the following control fixes a component or system after an incident has occurred?A . DeterrentB . PreventiveC . CorrectiveD . RecoveryView AnswerAnswer: C   Explanation: Corrective control fixes components or systems after an incident has occurred For your exam you should know below information about different security controls...