CISA exam

Which audit technique provides the GREATEST assurance that incident management procedures are effective?A . Determining whether incidents are categorized and addressedB . Performing comprehensive vulnerability scanning and penetration testingC . Comparing incident management procedures to best practicesD . Evaluating end-user satisfaction survey resultsView AnswerAnswer: B

When following up on a data breach, an IS auditor finds a system administrator may have compromised the chain of custody. Which of the following should the system administrator have done FIRST to preserve the evidence?A . Perform forensic discoveryB . Notify key stakeholdersC . Quarantine the systemD . Notify...

Which of the following is a PRIMARY responsibility of an information security governance committee?A . Approving the purchase of information security technologiesB . Approving the information security awareness training strategyC . Reviewing the information security strategyD . Analyzing information security policy compliance reviewsView AnswerAnswer: C

An IS auditor conducting audit follow-up activities learns that some previously agreed-upon corrective actions have not been taken and that the associated risk has been accepted by senior management. If the auditor disagrees with management’s decision, what is the BEST way to address the situation?A . Repeat the audit with...

A shared resource matrix is a technique commonly used to locate:A . Malicious codeB . Security flawsC . Trap doorsD . Covert channelsView AnswerAnswer: D Explanation: Analyzing resources of a system is one standard for locating covert channels because the basis of a covert channel is a shared resource. The...

Which of the following cloud deployment model operates solely for an organization?A . Private CloudB . Community CloudC . Public CloudD . Hybrid CloudView AnswerAnswer: A Explanation: In Private cloud, the cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may...

An IS auditor is involved with a project and finds an IT project stakeholder wants to make a change that could affect both the project scope and schedule. Which of the following would be the MOST appropriate action for the project manager with respect to the change request?A . Recommend...

An IS auditor is planning on utilizing attribute sampling to determine the error rate for health care claims processed. Which of the following factors will cause the sample size to decrease?A . Population size increaseB . Expected error rate increaseC . Acceptable risk level decreaseD . Tolerate error rate increaseView...

During a review of the IT strategic plan, an IS auditor finds several IT initiatives focused on delivering new systems and technology are not aligned with the organization’s strategy. Witch of the following would be the IS auditor’s BEST recommendation?A . Reassess the return on investment for the IT initiativesB...

Which of the following is the BEST IS audit strategy?A . Perform audits based on impact and probability of error and failure.B . Cycle general control and application audits over a two-year period.C . Conduct general control audits annually and application audits in alternating years.D . Limit audits to new...