CISA exam

An IS auditor is conducting a pre-implementation review to determine a new system’s production readiness. The auditor’s PRIMARY concern should be whether:A . the project adhered to the budget and target dateB . users were involved in the quality assurance (QA) testingC . there are unresolved high-risk itemsD . benefits...

Which of the following is MOST important for the IS auditor to verify when reviewing the development process of a security policy?A . Evidence of active involvement of key stakeholdersB . Output from the enterprise’s risk management systemC . Identification of the control frameworkD . Evidence of management approvalView AnswerAnswer:...

An IS auditor reviewing a new application for compliance with information privacy principles should be the MOST concerned with:A . nonrepudiationB . collection limitationC . availabilityD . awarenessView AnswerAnswer: B

An IS auditor is conducting a review of a healthcare organization’s IT policies for handling medical records. Which of the following is MOST important to verify?A . A documented policy approval process is in placeB . Policy writing standards are consistentC . The policies comply with regulatory requirementsD . IT...

While reviewing similar issues in an organization’s help desk system, an IS auditor finds that they were analyzed independently and resolved differently. This situation MOST likely indicates a deficiency in:A . IT service level management.B . change management.C . configuration management.D . problem management.View AnswerAnswer: D

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a place to introduce possible solutions such as feedback loops; alignment with process improvement; and consideration of emergent issues in system design life cycle, change control, and risk management? A. Governing B. Culture C. Enabling...

Which of the following should an IS auditor determine FIRST when evaluating additional hardware required to support the acquisition of a new accounting system?A . A training program has been developed to support the new accounting system.B . The supplier has experience supporting accounting systems.C . The hardware specified will...

A policy has been established requiring users to install mobile device management (MDM) software on their personal devices. Which of the following would BEST mitigate the risk created by noncompliance with this policy?A . Issuing warnings and documenting noncomplianceB . Disabling remote access from the mobile deviceC . Issuing company-configured...

The risk that the IS auditor will not find an error that has occurred is identified by which of the following terms?A . ControlB . PreventionC . InherentD . DetectionView AnswerAnswer: D

A vulnerability in which of the following virtual systems would be of GREATEST concern to the IS auditor?A . The virtual machine management serverB . The virtual file serverC . The virtual application serverD . The virtual antivirus serverView AnswerAnswer: A