CISA exam

Which of the following control is intended to discourage a potential attacker?A . DeterrentB . PreventiveC . CorrectiveD . RecoveryView AnswerAnswer: A Explanation: Deterrent Control are intended to discourage a potential attacker For your exam you should know below information about different security controls Deterrent Controls Deterrent Controls are intended...

Which of the following is the MOST important requirement for the successful implementation of security governance?A . Aligning to an international security frameworkB . Mapping to organizational strategiesC . Implementing a security balanced scorecardD . Performing an enterprise-wide risk assessmentView AnswerAnswer: B

An auditor is creating an audit program in which the objective is to establish the adequacy of personal data privacy controls in a payroll process. Which of the following would be MOST important to include?A . Approval of data changesB . Audit logging of administrative user activityC . Segregation of...

Which of the following statement INCORRECTLY describes the Control self-assessment (CSA) approach? A. CSA is policy or rule driven B. CSA Empowered/accountable employees C. CSA focuses on continuous improvement/learning curve D. In CSA, Staffs at all level, in all functions, are the primary control analyst.View AnswerAnswer: A The word INCORRECTLY...

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a place to introduce possible solutions such as feedback loops; alignment with process improvement; and consideration of emergent issues in system design life cycle, change control, and risk management? A. Governing B. Culture C. Enabling...

Which of the following is NOT an example of preventive control?A . Physical access control like locks and doorB . User login screen which allows only authorize user to access websiteC . Encrypt the data so that only authorize user can view the sameD . Duplicate checking of a calculationsView...

An IS auditor has obtained a large data set containing multiple fields and non-numeric data for analysis. Which of the following activities will MOST improve the quality of conclusions derived from the use of a data analytics tool for this audit?A . Data anonymizationB . Data classificationC . Data stratificationD...

Audit management has just completed the annual audit plan for the upcoming year, which consists entirely of high-risk processes. However, it is determined that there are insufficient resources to execute the plan. What should be done NEXT?A . Remove audits from the annual plan to better match the number of...

Which of the following is the PRIMARY benefit of using an integrated audit approach?A . Higher acceptance of the findings from the audited business areasB . The avoidance of duplicated work and redundant recommendationsC . Enhanced allocation of resources and reduced audit costsD . A holistic perspective of overall risk...

Which of the following is MOST important for an IS auditor to review when evaluating the effectiveness of an organization’s incident response process?A . Past incident response actionsB . Incident response staff experience and qualificationsC . Results from management testing of incident response proceduresD . Incident response roles and responsibilitiesView...