CISA exam

An IS auditor has been asked to assess the security of a recently migrated database system that contains personal and financial data for a bank’s customers. Which of the following controls is MOST important for the auditor to confirm it in place?A . The default configurations have been changed.B ....

Which of the following should an IS auditor be MOST concerned with during a post-implementation review?A . The system does not have a maintenance planB . The system contains several minor defectsC . The system was over budget by 15%D . The system deployment was delayed by three weeksView AnswerAnswer:...

Which of the following cloud computing service model provides a way to rent operating systems, storage and network capacity over the Internet?A . Software as a serviceB . Data as a serviceC . Platform as a serviceD . Infrastructure as a serviceView AnswerAnswer: C Explanation: Platform as a Service (Peas)...

An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities. Which of the following is the BEST recommendation by the IS auditor?A . Improve the change management processB . Perform a configuration reviewC . Establish security metricsD . Perform a penetration testView AnswerAnswer: B

An IS auditor is evaluating a virtual server environment and learns that the production server, development server, and management console are housed in the same physical host. What should be the auditor’s PRIMARY concern?A . The physical host is a single point of failureB . The management console is a...

Which of the following audit combines financial and operational audit steps?A . Compliance AuditB . Financial AuditC . Integrated AuditD . Forensic auditView AnswerAnswer: C An integrated audit combines financial and operational audit steps. An integrated audit is also performed to assess overall objectives within an organization, related to financial...

While reviewing a hot site, the IS auditor discovers that one type of hardware platform is not installed. The IS auditor should FIRST:A . recommend the purchase and installation of hardware at the hot site.B . report the finding immediately to senior IS management.C . determine the business impact of...

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things? A. Governing B. Culture C. Enabling and support D. EmergenceView AnswerAnswer: B Explanation: Culture is a pattern of behaviors, beliefs, assumptions, attitudes and...

Which of the following is the MOST appropriate responsibility of an IS auditor involved in a data center renovation project?A . Performing independent reviews of responsible parties engaged in the projectB . Ensuring the project progresses as scheduled and milestones are achievedC . Performing day-to-day activities to ensure the successful...

A business has requested an IS audit to determine whether information stored in an application system is adequately protected. Which of the following is the MOST important action before the audit work begins?A . Establish control objectivesB . Conduct a vulnerability analysisC . Perform penetration testingD . Review remediation reportsView...