CISA exam

Which of the following is the MOST important determining factor when establishing appropriate timeframes for follow-up activities related to audit findings?A . Peak activity periods for the businessB . Remediation dates included in management responsesC . Availability of IS audit resourcesD . Complexity of business processes identified in the auditView...

Sam is the security Manager of a financial institute. Senior management has requested he performs a risk analysis on all critical vulnerabilities reported by an IS auditor. After completing the risk analysis, Sam has observed that for a few of the risks, the cost benefit analysis shows that risk mitigation...

An IS auditor observes a system performance monitoring tool which states that a server critical to the organization averages high CPU utilization across a cluster of four virtual servers throughout the audit period. To determine if further investigation is required, an IS auditor should review:A . the system process activity...

An IS auditor is evaluating the completeness of privacy procedures involving personally identifiable information (PII). Which of the following is MOST important for the auditor to verify is included in the procedures?A . Regulatory requirements for protecting PIIB . The organization’s definition of PIIC . Encryption requirements for transmitting PII...

Which of the following should an IS auditor verify when auditing the effectiveness of virus protection?A . Frequency of IDS log reviewsB . Currency of software patch applicationC . Schedule for migration to productionD . Frequency of external Internet accessView AnswerAnswer: B

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things? A. Governing B. Culture C. Enabling and support D. EmergenceView AnswerAnswer: B Explanation: Culture is a pattern of behaviors, beliefs, assumptions, attitudes and...

During a follow-up audit, an IS auditor learns the organization implemented an automated process instead of the originally agreed upon enhancement of the manual process. The auditor should:A . report the finding that recommendations were not acted uponB . perform a cost-benefit analysis on the new processC . verify that...

An organization was severely impacted after an advanced persistent threat (APT) attack. Afterwards, it was found that the initial breach happened a month prior to the attack. Management’s GREATEST concern should be:A . results of the past internal penetration testB . the effectiveness of monitoring processesC . the installation of...

Which of the following audit risk is related to material error exist that would not be prevented or detected on timely basis by the system of internal controls?A . Inherent RiskB . Control RiskC . Detection RiskD . Overall Audit RiskView AnswerAnswer: B The risk that material error exist that...

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things? A. Governing B. Culture C. Enabling and support D. EmergenceView AnswerAnswer: B Explanation: Culture is a pattern of behaviors, beliefs, assumptions, attitudes and...