CISA exam

 Which of the following should be based on the priority of the incident response measures?A . Problem escalation processB . Business impactC . Personnel availabilityD . Disaster scopeView AnswerAnswer: B

 When reviewing the procurement of new equipment, which of the following is considered a significant weakness by the information systems auditor?A . The final evaluation criteria are determined after the supplier’s response has been studied.B . The response deadline was postponed at the request of the supplier.C . The...

 Which of the following audit results is the biggest concern when reviewing a disaster recovery plan with high availability requirements?A . Undefined recovery time targetB . Disaster recovery testing is not requiredC . Current supplier contact information is not includedD . Undefined recovery team responsibilityView AnswerAnswer: B

 In order to ensure that the firewall can effectively protect the network from external attacks, which of the following basic practices should be followed?A . Only allow the necessary external services.B . All external communications must go through firewall.C . The firewall must be placed in non-protected area (DMZ)D...

 Several portable computers containing customer-sensitive data were stolen from the staff's office because they were unattended. Which of the following is the best advice for an information systems auditor to protect data when it prevents similar incidents from happening again?A . Enhance physical securityB . Encrypted disk driveC ....

 The information system auditor did not find out which of the following terms can be identified by the risk of an error?A . DetectionB . PreventionC . ControlD . InherentView AnswerAnswer: A

 The information systems auditor is reviewing the priority process of the outsourcing plan in the T portfolio. Which of the following is missing is the biggest concern?A . Company-wide priority criteriaB . Service Level Agreement MonitoringC . Resource Priority PlanD . Budget allocation planView AnswerAnswer: B

 During the information system audit, the security configuration on the company's virtual server cluster was found to be different. Which of the following is the best advice for an information systems auditor to improve the control environment?A . Implement security monitoring for high-risk virtual servers.B . Independent review of...

 Information system auditors should primarily review which of the following to understand the main drivers of the project?A . Business caseB . Earned value analysisC . IT strategy and goalsD . Project risk matrixView AnswerAnswer: C

 The information system auditor found that the accounts payable clerk had direct access to the file after the payment file was generated. The most significant risk to the business is that the money may be:A . Changed.B . Rejected.C . Very late to the customer.D . Copied.View AnswerAnswer: A