CISA exam

A large number of exceptions to an organization’s information security standards have been granted after senior management approved a bring your own device (BYOD) program. To address this situation, it is MOST important for the information security manage to:A . introduce strong authentication on devicesB . reject new exception requestsC...

From a risk management perspective, which of the following is MOST important to be tracked in continuous monitoring?A . Number of prevented attacksB . Changes in the threat environmentC . Changes in user privilegesD . Number of failed loginsView AnswerAnswer: B

Which of the following is the MOST important requirement for an IS auditor to evaluate when reviewing a transmission of personally identifiable information between two organizations?A . CompletenessB . TimelinessC . NecessityD . AccuracyView AnswerAnswer: C

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a place to introduce possible solutions such as feedback loops; alignment with process improvement; and consideration of emergent issues in system design life cycle, change control, and risk management? A. Governing B. Culture C. Enabling...

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things? A. Governing B. Culture C. Enabling and support D. EmergenceView AnswerAnswer: B Explanation: Culture is a pattern of behaviors, beliefs, assumptions, attitudes and...

Which of the following security control is intended to bring environment back to regular operation?A . DeterrentB . PreventiveC . CorrectiveD . RecoveryView AnswerAnswer: D Recovery controls are intended to bring the environment back to regular operations For your exam you should know below information about different security controls Deterrent...

Which of the following is MOST important for an IS auditor to determine when reviewing how the organization’s incident response team handles devices that may be involved in criminal activity?A . Whether devices are checked for malicious applicationsB . Whether the access logs are checked before seizing the devicesC ....

Which of the following is the BEST way to evaluate the effectiveness of access controls to an internal network?A . Perform a system penetration testB . Test compliance with operating proceduresC . Review access rightsD . Review router configuration tablesView AnswerAnswer: A

Which of the following testing procedure is used by the auditor during accounting audit to check errors in balance sheet and other financial documentation?A . Compliance testingB . Sanity testingC . Recovery testingD . Substantive testingView AnswerAnswer: D Explanation: A procedure used during accounting audits to check for errors in...

Which of the following is an analytical review procedure for a payroll system?A . Performing penetration attempts on the payroll systemB . Evaluating the performance of the payroll system, using benchmarking softwareC . Performing reasonableness tests by multiplying the number of employees by the average wage rateD . Testing hours...