CISA exam

When facilitating the alignment of corporate governance and information security governance, which of the following is the MOST important role of an organization’s security steering committee?A . Obtaining support for the integration from business ownersB . Obtaining approval for the information security budgetC . Evaluating and reporting the degree of...

A CEO requests access to corporate documents from a mobile device that does not comply with organizational policy. The information security manager should FIRST:A . evaluate the business riskB . evaluate a third-party solutionC . initiate an exception approval processD . deploy additional security controlsView AnswerAnswer: A

Which of the following conditions would be of MOST concern to an IS auditor assessing the risk of a successful brute force attack encrypted data at rest?A . Use of symmetric encryptionB . Use of asymmetric encryptionC . Random key generationD . Short key lengthView AnswerAnswer: D

You are part of a security staff at a highly profitable bank and each day, all traffic on the network is logged for later review. Every Friday when major deposits are made you're seeing a series of bits placed in the "Urgent Pointer" field of a TCP packet. This is...

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a place to introduce possible solutions such as feedback loops; alignment with process improvement; and consideration of emergent issues in system design life cycle, change control, and risk management? A. Governing B. Culture C. Enabling...

During an IS audit, is discovered that security configurations differ across the organization’s virtual server farm. Which of the following is the IS auditor’s BEST recommendation for improving the control environment?A . Conduct an independent review of each server’s security configurationB . Implement a security configuration baseline for virtual serversC...

Which of the following audit risk is related to exposure of a process or entity to be audited without taking into account the control that management has implemented?A . Inherent RiskB . Control RiskC . Detection RiskD . Overall Audit RiskView AnswerAnswer: A Inherent Risk is the risk level or...

Two servers are deployed in a cluster to run a mission-critical application. To determine whether the system has been designed for optimal efficiency, the IS auditor should verify that:A . the security features in the operating system are all enabledB . the number of disks in the cluster meets minimum...

Which of the following audit mainly focuses on discovering and disclosing on frauds and crimes?A . Compliance AuditB . Financial AuditC . Integrated AuditD . Forensic auditView AnswerAnswer: D Forensic audit is the activity that consists of gathering, verifying, processing, analyzing of and reporting on data in order to obtain...

An IS auditor is a member of an application development team that is selecting software. Which of the following would impair the auditor’s independence?A . Verifying the weighting of each selection criteriaB . Approving the vendor selection methodologyC . Reviewing the request for proposal (RFP)D . Witnessing the vendor selection...