CISA exam

Which audit technique provides the GREATEST assurance that incident management procedures are effective?A . Determining whether incidents are categorized and addressedB . Performing comprehensive vulnerability scanning and penetration testingC . Comparing incident management procedures to best practicesD . Evaluating end-user satisfaction survey resultsView AnswerAnswer: B

The IS auditor has identified a potential fraud perpetrated by the network administrator. The IS auditor should:A . issue a report to ensure a timely resolutionB . review the audit finding with the audit committee prior to any other discussionsC . perform more detailed tests prior to disclosing the audit...

A business has requested an IS audit to determine whether information stored in an application system is adequately protected. Which of the following is the MOST important action before the audit work begins?A . Establish control objectivesB . Conduct a vulnerability analysisC . Perform penetration testingD . Review remediation reportsView...

Which of the following control provides an alternative measure of control?A . DeterrentB . PreventiveC . DetectiveD . CompensatingView AnswerAnswer: D Explanation: For your exam you should know below information about different security controls Deterrent Controls Deterrent Controls are intended to discourage a potential attacker. Access controls act as a...

You are part of a security staff at a highly profitable bank and each day, all traffic on the network is logged for later review. Every Friday when major deposits are made you're seeing a series of bits placed in the "Urgent Pointer" field of a TCP packet. This is...

Which of the following audit techniques is MOST appropriate for verifying application program controls?A . Statistical samplingB . Code reviewC . Confirmation of accountsD . Use of test dataView AnswerAnswer: D

An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities. Which of the following is the BEST recommendation by the IS auditor?A . Improve the change management processB . Perform a configuration reviewC . Establish security metricsD . Perform a penetration testView AnswerAnswer: B

Assessments of critical information systems are based on a cyclical audit plan that has not been updated for several years. Which of the following should the IS auditor recommend to BEST address this situation?A . Use a revolving set of audit plans to cover all systemsB . Update the audit...

Which of the following should be established FIRST when initiating a control self-assessment program in a small organization?A . Control baselinesB . Client questionnairesC . External consultantsD . Facilitated workshopsView AnswerAnswer: B

An IS auditor is reviewing an organization’s incident management processes and procedures. Which of the following observations should be the auditor’s GREATEST concern?A . Ineffective incident classificationB . Ineffective incident prioritizationC . Ineffective incident detectionD . Ineffective post-incident reviewView AnswerAnswer: C