CISA exam

Which of the following is an audit reviewer's PRIMARY role with regard to evidence?A . Ensuring unauthorized individuals do not tamper with evidence after it has been captured B. Ensuring evidence is sufficient to support audit conclusions C. Ensuring appropriate statistical sampling methods were used D. Ensuring evidence is labeled...

Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?A . The IS auditor provided consulting advice concerning application system best practices. B. The IS auditor participated as a member of the application system project team, but...

An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?A . Data masking B. Data tokenization C. Data...

What is MOST important to verify during an external assessment of network vulnerability?A . Update of security information event management (SIEM) rules B. Regular review of the network security policy C. Completeness of network asset inventory D. Location of intrusion detection systems (IDS)View AnswerAnswer: C

Which of the following is an executive management concern that could be addressed by the implementation of a security metrics dashboard?A . Effectiveness of the security program B. Security incidents vs. industry benchmarks C. Total number of hours budgeted to security D. Total number of false positivesView AnswerAnswer: A

An IS auditor finds the log management system is overwhelmed with false positive alerts. The auditor's BEST recommendation would be to:A . establish criteria for reviewing alerts. B. recruit more monitoring personnel. C. reduce the firewall rules. D. fine tune the intrusion detection system (IDS).View AnswerAnswer: D

Which of the following should be an IS auditor's PRIMARY focus when developing a risk-based IS audit program?A . Portfolio management B. Business plans C. Business processes D. IT strategic plansView AnswerAnswer: D

Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?A . Write access to production program libraries B. Write access to development data libraries C. Execute access to production program libraries D. Execute access to development program librariesView AnswerAnswer:...

Which of the following is MOST important for an effective control self-assessment (CSA) program?A . Determining the scope of the assessment B. Performing detailed test procedures C. Evaluating changes to the risk environment D. Understanding the business processView AnswerAnswer: D

A proper audit trail of changes to server start-up procedures would include evidence of:A . subsystem structure. B. program execution. C. security control options. D. operator overrides.View AnswerAnswer: D