CISA exam

A shared resource matrix is a technique commonly used to locate:A . Malicious codeB . Security flawsC . Trap doorsD . Covert channelsView AnswerAnswer: D Explanation: Analyzing resources of a system is one standard for locating covert channels because the basis of a covert channel is a shared resource. The...

Which of the following audit is mainly designed to evaluate the internal control structure in a given process or area?A . Compliance AuditB . Financial AuditC . Operational AuditD . Forensic auditView AnswerAnswer: C Explanation: Operational audit is mainly designed to evaluate the internal control structure in a given process...

Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?A . Patch managementB . Log monitoringC . Antivirus softwareD . Intrusion detectionView AnswerAnswer: A

Software quality assurance (QA) reviews are planned as part of system development. At which stage in the development process should the first review be initiated?A . At pre-implementation planningB . As a part of the user requirements definitionC . Immediately prior to user acceptance testingD . During the feasibility studyView...

An IS auditor determines that an online retailer processing credit card information does not have a data classification process. The auditor’s NEXT step should be to:A . recommend encryption of all sensitive data at restB . determine existing controls around sensitive dataC . recommend the implementation of data loss prevention...

If concurrent update transactions to an account are not processed properly, which of the following will be affected?A . IntegrityB . ConfidentialityC . AvailabilityD . AccountabilityView AnswerAnswer: A

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a place to introduce possible solutions such as feedback loops; alignment with process improvement; and consideration of emergent issues in system design life cycle, change control, and risk management? A. Governing B. Culture C. Enabling...

Which of the following cloud computing service model is a provision model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components?A . Software as a serviceB . Data as a serviceC . Platform as a serviceD . Infrastructure as a serviceView...

What are the different types of Audits?A . Compliance, financial, operational, forensic and integratedB . Compliance, financial, operational, G9 and integratedC . Compliance, financial, SA1, forensic and integratedD . Compliance, financial, operational, forensic and capabilityView AnswerAnswer: A Explanation: Compliance, financial, operational, forensic and integrated are different types of audit. For...

John is the product manager for an information system. His product has undergone under security review by an IS auditor. John has decided to apply appropriate security controls to reduce the security risks suggested by an IS auditor. Which of the following technique is used by John to treat the...