CISA exam

Which of the following is a step in establishing a security policy?A . Developing platform-level security baselines.B . Developing configurations parameters for the network,C . Implementing a process for developing and maintaining the policy.D . Creating a RACI matrix.View AnswerAnswer: C

The IS auditor has identified a potential fraud perpetrated by the network administrator. The IS auditor should:A . issue a report to ensure a timely resolutionB . review the audit finding with the audit committee prior to any other discussionsC . perform more detailed tests prior to disclosing the audit...

Which of the following step of PDCA establishes the objectives and processes necessary to deliver results in accordance with the expected output? A. Plan B. Do C. Check D. ActView AnswerAnswer: A Explanation: Plan - Establish the objectives and processes necessary to deliver results in accordance with the expected output...

An IS auditor discovers that validation controls in a web application have been moved from the server side into the browser to boost performance. This would MOST likely increase the risk of a successful attack by:A . phishingB . structured query language (SQL) injectionC . denial of serviceD . buffer...

The MAIN benefit of using an integrated test facility (ITF) as an online auditing technique is that it enables:A . a cost-effective approach to application controls auditB . auditors to investigate fraudulent transactionsC . auditors to test without impacting production dataD . the integration of financial and audit testsView AnswerAnswer:...

Which of the following BEST demonstrates effective information security management within an organization?A . Employees support decisions made by information security management.B . Excessive risk exposure in one department can be absorbed by other departments.C . Information security governance is incorporated into organizational governance.D . Control ownership is assigned to...

In which of the following SDLC phases would the IS auditor expect to find that controls have been incorporated into system specifications?A . DevelopmentB . ImplementationC . DesignD . FeasibilityView AnswerAnswer: B

When evaluating the ability of a disaster recovery plan to enable the recovery of IT processing capabilities, it is MOST important for the IS auditor to verify the plan is:A . stored at an offsite locationB . communicated to department headsC . regularly reviewedD . periodically testedView AnswerAnswer: C

Which of the following is NOT an example of corrective control?A . OS UpgradeB . Backup and restoreC . Contingency planningD . System MonitoringView AnswerAnswer: D Explanation: The word NOT is used as a keyword in the question. You need to find out a security control from given options which...

To address the issue that performance pressures on IT may conflict with information security controls, it is MOST important that:A . the security policy is changed to accommodate IT performance pressureB . noncompliance issues are reported senior managementC . senior management provides guidance and dispute resolutionD . information security management...