CISA exam

In which of the following cloud computing service model are applications hosted by the service provider and made available to the customers over a network?A . Software as a serviceB . Data as a serviceC . Platform as a serviceD . Infrastructure as a serviceView AnswerAnswer: A Explanation: Software as...

What is an IS auditor’s BEST course of action if informed by a business unit’s representatives that they are too busy to cooperate with a scheduled audit?A . Reschedule the audit for a time more convenient to the business unit.B . Notify the chief audit executive who can negotiate with...

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things? A. Governing B. Culture C. Enabling and support D. EmergenceView AnswerAnswer: B Explanation: Culture is a pattern of behaviors, beliefs, assumptions, attitudes and...

An IS auditor auditing the effectiveness of utilizing a hot site will MOST likely:A . review reciprocal agreements.B . review logical access controls.C . evaluate physical access controls.D . analyze system restoration procedures.View AnswerAnswer: D

An IS auditor is analyzing a sample of accesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found. Which sampling method would be appropriate?A . Discovery samplingB . Variable samplingC . Stratified samplingD . Judgmental samplingView AnswerAnswer: C

Which of the following control provides an alternative measure of control?A . DeterrentB . PreventiveC . DetectiveD . CompensatingView AnswerAnswer: D Explanation: For your exam you should know below information about different security controls Deterrent Controls Deterrent Controls are intended to discourage a potential attacker. Access controls act as a...

An IS auditor observes that the CEO has full access to the enterprise resource planning (ERP) system. The IS auditor should FIRST:A . accept the level of access provided as appropriateB . recommend that the privilege be removedC . ignore the observation as not being material to the reviewD ....

Which of the following answer specifies the correct sequence of levels within the Capability Maturity Model (CMM)?A . Initial, Managed, Defined, Quantitatively managed, optimizedB . Initial, Managed, Defined, optimized, Quantitatively managedC . Initial, Defined, Managed, Quantitatively managed, optimizedD . Initial, Managed, Quantitatively managed, Defined, optimizedView AnswerAnswer: A Explanation: Maturity model...

Which of the following control fixes a component or system after an incident has occurred?A . DeterrentB . PreventiveC . CorrectiveD . RecoveryView AnswerAnswer: C Explanation: Corrective control fixes components or systems after an incident has occurred For your exam you should know below information about different security controls Deterrent...

What would be of GREATEST concern to an IS auditor observing shared key cards being utilized to access an organization’s data center?A . The lack of a multi-factor authentication systemB . The inability to identify who has entered the data centerC . The inability to track the number of misplaced...