CISA exam

Statistical sampling is NOT based on which of the following audit sample techniques?A . Haphazard SamplingB . Random SamplingC . Cell SamplingD . Fixed interval samplingView AnswerAnswer: A Explanation: The NOT keyword is used in the question. You need find out an option which is NOT an example of statistical...

Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a place to introduce possible solutions such as feedback loops; alignment with process improvement; and consideration of emergent issues in system design life cycle, change control, and risk management? A. Governing B. Culture C. Enabling...

An IS auditor is reviewing an organization’s incident management processes and procedures. which of the following observations should be the auditor’s GREATEST concern?A . Ineffective incident classificationB . Ineffective incident prioritizationC . Ineffective incident detectionD . Ineffective post-incident reviewView AnswerAnswer: C

 Which of the following is the most appropriate indicator of the effectiveness of change management?A . The interval between the change and the document material updateB . Number of accidents caused by the changeC . Number of system software changesD . The interval between configuration changes and record updatesView...

 The information systems auditor is reviewing the maintenance contract for a core banking application. Which of the following can minimize the impact of bankruptcy of application vendors?A . Service Level Agreement (SLA)B . Liability AgreementC . Third Party Hosting AgreementD . Force Majeure AgreementView AnswerAnswer: C

 When disaster occurs and the data center is no longer available, which of the following tasks should be performed first?A . Schedule backup locationsB . Start the call treeC . Perform data recoveryD . Analyze riskView AnswerAnswer: A

 Which of the following is the best way to minimize data leakage during data transfer?A . Digital signatureB . Virtual Local Area NetworkC . Storage encryptionD . Virtual Private NetworkView AnswerAnswer: C

 The company's operational procedures require urgent changes to be approved for business within 7 days of the occurrence. The Information Systems Auditor indicates that the manager verifies process compliance by performing a monthly review via uncompleted urgent change. In this case, which one is the biggest risk?A . Audit...

 A system that is undergoing acceptance testing is also making small changes to the program that can be banned by what requirements of the acceptance test strategy:A . Strength test.B . Exit condition.C . Stop condition.D . Enter condition.View AnswerAnswer: D

 A company plans to have automated data feeds from third-party service providers into enterprise data warehousing. Which of the following is the best way to prevent receiving bad data?A . Implement business rules to reject invalid dataB . Purchase data cleanup tools from reputable suppliersC . Appointment of data...