CISA exam

Which of the following findings would be of GREATEST concern to an IS auditor performing an information security audit of critical server log management activities?A . Log records can be overwritten before being reviewed.B . Logging procedures are insufficiently documented.C . Log records are dynamically into different servers.D . Logs...

A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server. Which of the following would MOST effectively allow the hospital to avoid paying the ransom?A . A continual server replication processB . A property tested offline backup systemC ....

An IS auditor discovered abnormalities in a monthly report generated from a system upgraded six months ago. Which of the following should be the auditor’s FIRST course of action?A . Inspect source code for proof of abnormalitiesB . Perform a change management review of the systemC . Schedule an access...

Which of the following would be best suited to oversee the development of an information security policy?A . System AdministratorsB . End UserC . Security OfficersD . Security administratorsView AnswerAnswer: C Explanation: The security officer would be the best person to oversee the development of such policies. Security officers and...

When continuous monitoring systems are being implemented, an IS auditor should FIRST identify:A . the location and format of output filesB . applications that provide the highest financial riskC . high-risk areas within the organizationD . the controls on which to focusView AnswerAnswer: D

An IS audit team is evaluating the documentation related to the most recent application user-access review performed by IT and business management. It is determined the user list was not system-generated. Which of the following should be the GREATEST concern?A . Source of the user list reviewedB . Availability of...

In a multinational organization, local security regulations should be implemented over global security policy because:A . global security policies include unnecessary controls for local businessesB . business objectives are defined by local business unit managersC . requirements of local regulations take precedenceD . deploying awareness of local regulations is more...

Which of the following findings would be of MOST concern to an IS auditor performing a review of an end-user developed application that generates financial statements?A . The application is not sufficiently supported by the IT departmentB . There is not adequate training in the use of the applicationC ....

Which of the following risk handling technique involves the practice of being proactive so that the risk in question is not realized?A . Risk MitigationB . Risk AcceptanceC . Risk AvoidanceD . Risk transferView AnswerAnswer: C Explanation: Risk avoidance is the practice of coming up with alternatives so that the...

A shared resource matrix is a technique commonly used to locate:A . Malicious codeB . Security flawsC . Trap doorsD . Covert channelsView AnswerAnswer: D Explanation: Analyzing resources of a system is one standard for locating covert channels because the basis of a covert channel is a shared resource. The...