CISA exam

A senior auditor is reviewing work papers prepared by a junior auditor indicating that a finding was removed after the auditee said they corrected the problem. Which of the following would be the MOST appropriate course of action for the senior auditor?A . Approve the work papers as writtenB ....

Which of the following is MOST important for an IS auditor to ensure is included in a global organization’s online data privacy notification to customers?A . Consequences to the organization for mishandling the dataB . Consent terms including the purpose of data collectionC . Contact information for reporting violations of...

Which of the following should be reviewed FIRST when planning an IS audit?A . Recent financial informationB . Annual business unit budgetC . IS audit standardsD . The business environmentView AnswerAnswer: D

Which of the following is the MOST important aspect relating to employee termination?A . The details of employee have been removed from active payroll files.B . Company property provided to the employee has been returned.C . User ID and passwords of the employee have been deleted.D . The appropriate company...

Which of the following would be the MOST efficient audit approach, given that a compliance-based approach was adopted in the previous year?A . Validate all applications using test data.B . Interview systems personnel to evaluate all automated controls.C . Evaluate the controls surrounding changes to programs.D . Perform a review...

An internal control audit has revealed a control deficiency related to a legacy system where the compensating controls no longer appear to be effective. Which of the following would BEST help the information security manager determine the security requirements to resolve the control deficiency?A . Cost-benefit analysisB . Gap analysisC...

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things? A. Governing B. Culture C. Enabling and support D. EmergenceView AnswerAnswer: B Explanation: Culture is a pattern of behaviors, beliefs, assumptions, attitudes and...

An IS auditor is reviewing the upgrading of an operating system. Which of the following would be the GREATEST audit concern?A . The lack of release notesB . The lack of change controlC . The lack of malware protectionD . The lack of activity loggingView AnswerAnswer: B

Implementing a strong password policy is part of an organization’s information security strategy for the year. A business unit believes the strategy may adversely affect a client’s adoption of a recently developed mobile application and has decided not to implement the policy. Which of the following would be the information...

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a place to introduce possible solutions such as feedback loops; alignment with process improvement; and consideration of emergent issues in system design life cycle, change control, and risk management? A. Governing B. Culture C. Enabling...