CISA exam

An IS auditor is assessing risk associated with peer-to-peer file sharing within an organization. Which of the following should be of GREATEST concern?A . File-sharing policies have not been reviewed since last yearB . Only some employees are required to attend security awareness trainingC . Not all devices are running...

Which of the following security control is intended to bring environment back to regular operation?A . DeterrentB . PreventiveC . CorrectiveD . RecoveryView AnswerAnswer: D Explanation: Recovery controls are intended to bring the environment back to regular operations For your exam you should know below information about different security controls...

During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?A...

An IS auditor discovers that validation controls in a web application have been moved from the server side into the browser to boost performance. This would MOST likely increase the risk of a successful attack by:A . phishingB . structured query language (SQL) injectionC . denial of service (DoS)D ....

What are the different types of Audits?A . Compliance, financial, operational, forensic and integratedB . Compliance, financial, operational, G9 and integratedC . Compliance, financial, SA1, forensic and integratedD . Compliance, financial, operational, forensic and capabilityView AnswerAnswer: A Explanation: Compliance, financial, operational, forensic and integrated are different types of audit. For...

A shared resource matrix is a technique commonly used to locate:A . Malicious codeB . Security flawsC . Trap doorsD . Covert channelsView AnswerAnswer: D Explanation: Analyzing resources of a system is one standard for locating covert channels because the basis of a covert channel is a shared resource. The...

A shared resource matrix is a technique commonly used to locate:A . Malicious codeB . Security flawsC . Trap doorsD . Covert channelsView AnswerAnswer: D Explanation: Analyzing resources of a system is one standard for locating covert channels because the basis of a covert channel is a shared resource. The...

A company requires that all program change requests (PCRs) be approved and all modifications be automatically logged. Which of the following IS audit procedures will BEST determine whether unauthorized changes have been made to production programs?A . Review a sample of PCRs for proper approval throughout the program change process.B...

An IS auditor considering the risks associated with spooling sensitive reports for off-line printing will be the MOST concerned that:A . data can easily be read by operatorsB . data can more easily be amended by unauthorized personsC . unauthorized copies of reports can be printedD . output will be...

Management disagrees with a finding in a draft audit report and provides supporting documentation. Which of the following should be the IS auditor’s NEXT course of action?A . Document management’s disagreement in the final reportB . Evaluate the supporting documentationC . Escalate the issue with supporting documentation to senior managementD...