CISA exam

Which of the following step of PDCA request a corrective actions on significant differences between the actual versus the planned result? A. Plan B. Do C. Check D. ActView AnswerAnswer: D Explanation: Act - Request corrective actions on significant differences between actual and planned results. Analyze the differences to determine...

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a place to introduce possible solutions such as feedback loops; alignment with process improvement; and consideration of emergent issues in system design life cycle, change control, and risk management? A. Governing B. Culture C. Enabling...

Which of the following step of PDCA study the actual result and compares it against the expected result? A. Plan B. Do C. Check D. ActView AnswerAnswer: C Explanation: Check - Study the actual results (measured and collected in "DO" above) and compare against the expected results (targets or goals...

Which of the following should be the PRIMARY objective of an information security governance framework?A . Increase the organization’s return on security investment.B . Provide a baseline for optimizing the security profile of the organization.C . Ensure that users comply with the organization’s information security policies.D . Demonstrate compliance with...

An IS auditor has been invited to join an IT project team responsible for building and deploying a new digital customer marketing platform. Which of the following is the BEST way for the auditor to support this project while maintaining independence?A . Develop selection criteria for potential digital technology vendors.B...

A shared resource matrix is a technique commonly used to locate:A . Malicious codeB . Security flawsC . Trap doorsD . Covert channelsView AnswerAnswer: D Explanation: Analyzing resources of a system is one standard for locating covert channels because the basis of a covert channel is a shared resource. The...

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things? A. Governing B. Culture C. Enabling and support D. EmergenceView AnswerAnswer: B Explanation: Culture is a pattern of behaviors, beliefs, assumptions, attitudes and...

Which of the following cloud deployment model is formed by the composition of two or more cloud deployment mode?A . Private CloudB . Community CloudC . Public CloudD . Hybrid CloudView AnswerAnswer: D Explanation: In Hybrid cloud, the cloud infrastructure is a composition of two or more distinct cloud infrastructures...

When auditing a quality assurance plan, an IS auditor should be MOST concerned if the:A . quality assurance function is separate from the programming function.B . SDLC is coupled with the quality assurance plan.C . quality assurance function is periodically reviewed by internal audit.D . scope of quality assurance activities...

An information security team has discovered that users are sharing a login account to an application with sensitive information, in violation of the access policy. Business management indicates that the practice creates operational efficiencies. The information security manager’s BEST course of action should be to:A . modify the policyB ....