CISA exam

An IS auditor finds a number of system accounts that do not have documented approvals. Which of the following should be performed FIRST by the auditor?A . Have the accounts removed immediatelyB . Obtain sign-off on the accounts from the application ownerC . Document a finding and report an ineffective...

Which of the following testing procedure is used by an auditor to check whether a firm is following the rules and regulations applicable to an activity or practice?A . Compliance testingB . Sanity testingC . Recovery testingD . Substantive testingView AnswerAnswer: A Explanation: Audit undertaken to confirm whether a firm...

A core business unit relies on an effective legacy system that does not meet the current security standards and threatens the enterprise network. Which of the following is the BEST course of action to address the situation?A . Require that new systems that can meet the standards be implemented.B ....

Which of the following should be the PRIMARY reason to establish a social media policy for all employees?A . To publish acceptable messages to be used by employees when postingB . To raise awareness and provide guidance about social media risksC . To restrict access to social media during business...

An IS auditor is evaluating the security of an organization’s data backup process, which includes the transmission of daily incremental backups to a dedicated offsite server. Which of the following findings poses the GREATEST risk to the organization?A . Backup transmissions are not encryptedB . Backup transmissions occasionally failC ....

When auditing the effectiveness of a biometric system, which of the following indicators would be MOST important to review?A . False negativesB . False acceptance rateC . Failure to enroll rateD . System response timeView AnswerAnswer: B

Which of the following should an IS auditor review FIRST when planning a customer data privacy audit?A . Legal and compliance requirementsB . Customer agreementsC . Organizational policies and proceduresD . Data classificationView AnswerAnswer: A

The effectiveness of an information security governance framework will BEST be enhanced if:A . consultants review the information security governance frameworkB . a culture of legal and regulatory compliance is promoted by managementC . IS auditors are empowered to evaluate governance activitiesD . risk management is built into operational and...

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a place to introduce possible solutions such as feedback loops; alignment with process improvement; and consideration of emergent issues in system design life cycle, change control, and risk management? A. Governing B. Culture C. Enabling...

Which of the following should be of MOST concern to an IS auditor reviewing the public key infrastructure (PKI) for enterprise e-mail?A . The private key certificate has not been updated.B . The certificate revocation list has not been updated.C . The certificate practice statement has not been published.D ....