CISA exam

Before concluding that internal controls can be relied upon, the IS auditor should:A . discuss the internal control weaknesses with the auditeeB . document application controlsC . conduct tests of complianceD . document the system of internal controlView AnswerAnswer: D

Which of the following cloud deployment model is provisioned for open use by the general public?A . Private CloudB . Community CloudC . Public CloudD . Hybrid CloudView AnswerAnswer: C Explanation: In Public cloud, the cloud infrastructure is provisioned for open use by the general public. It may be owned,...

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things? A. Governing B. Culture C. Enabling and support D. EmergenceView AnswerAnswer: B Explanation: Culture is a pattern of behaviors, beliefs, assumptions, attitudes and...

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a place to introduce possible solutions such as feedback loops; alignment with process improvement; and consideration of emergent issues in system design life cycle, change control, and risk management? A. Governing B. Culture C. Enabling...

A maturity model can be used to aid the implementation of IT governance by identifying:A . critical success factorsB . performance driversC . improvement opportunitiesD . accountabilitiesView AnswerAnswer: C

Which of the following is the most important benefit of control self-assessment (CSA)? A. CSA is a policy/rule driven B. In CSA approach, risk is identified sooner C. CSA requires limited employee participations D. In CSA, resources are being used in an effective manner.View AnswerAnswer: B Explanation: Control self-assessment is...

What is the MOST effective way to ensure security policies and procedures are up-to-date?A . Verify security requirements are being identified and consistently applied.B . Align the organization’s security practices with industry standards and best practice.C . Define and document senior management’s vision for the direction of the securityD ....

A shared resource matrix is a technique commonly used to locate:A . Malicious codeB . Security flawsC . Trap doorsD . Covert channelsView AnswerAnswer: D Explanation: Analyzing resources of a system is one standard for locating covert channels because the basis of a covert channel is a shared resource. The...

An organization performs nightly backups but does not have a formal policy. An IS auditor should FIRST:A . evaluate current backup proceduresB . escalate to senior managementC . document a policy for the organizationD . recommend automated backupView AnswerAnswer: A

An IS auditor has completed an audit of an organization’s accounts payable system. Which of the following should be rated as the HIGHEST risk in the audit report and requires immediate remediation?A . Lack of segregation of duty controls for reconciliation of payment transactionsB . Lack of segregation of duty...