CISA exam

Which of the following is the PRIMARY advantage of having an established information security governance framework in place when an organization is adopting emerging technologies?A . An emerging technologies strategy would be in placeB . A cost-benefit analysis process would be easier to performC . An effective security risk management...

Which of the following step of PDCA implement the plan, execute the process and make product? A. Plan B. Do C. Check D. ActView AnswerAnswer: B Explanation: Do - Implement the plan, execute the process, make the product. Collect data for charting and analysis in the following "CHECK" and "ACT"...

Multiple invoices are usually received for individual purchase orders, since purchase orders require staggered delivery dates. Which of the following is the BEST audit technique to test for duplicate payments?A . Run the data on the software programs used to process supplier payments.B . Use generalized audit software on the...

In a data center audit, an IS auditor finds that the humidity level is very low. The IS auditor would be MOST concerned because of an expected increase in:A . employee discomfortB . risk of fireC . static electricity problemsD . backup tape failuresView AnswerAnswer: C

Which of the following would BEST enable effective decision-making?A . Annualized loss estimates determined from past security events.B . A universally applied list of generic threats impacts, and vulnerabilitiesC . Formalized acceptance of risk analysis by business managementD . A consistent process to analyze new and historical information riskView AnswerAnswer:...

An IS auditor will be testing accounts payable controls by performing data analytics on the entire population transactions. Which of the following is MOST important for the auditor to confirm when sourcing the population data?A . There is no privacy information in the data.B . The data analysis tools have...

Which of the following should be established FIRST when initiating a control self-assessment program in a small organization?A . Control baselinesB . Client questionnairesC . External consultantsD . Facilitated workshopsView AnswerAnswer: B

Which of the following observations would an IS auditor consider the GREATEST risk when conducting an audit of a virtual server farm for potential software vulnerabilities?A . The hypervisor is updated quarterly.B . Guest operating systems are updated monthly.C . Antivirus software has been implemented on the guest operating system...

Which of the following audit assess accuracy of financial reporting?A . Compliance AuditB . Financial AuditC . Operational AuditD . Forensic auditView AnswerAnswer: B Explanation: A financial audit, or more accurately, an audit of financial statements, is the verification of the financial statements of a legal entity, with a view...

During a privileged access review, an IS auditor observes many help desk employees have privileges within systems not required for their job functions. Implementing which of the following would have prevented this situation?A . Separation of dutiesB . Multi-factor authenticationC . Least privilege accessD . Privileged access reviewsView AnswerAnswer: C