CISA exam

 When reviewing the security policy, the information system auditor found that there was no mention that the employee should return all the company's smartphones once the employment relationship was terminated. The biggest risk caused by this situation is the unreturned equipment:A . Access to company resourcesB . The inventory...

 Which of the following should be considered when an information system auditor considers the risks associated with sensitive reporting by offline printing?A . Data may be easily modified by unauthorized personnelB . An unauthorised copy of the report can be printedC . Operators can easily read dataD . If...

 Which of the following can provide the fastest secure backup for companies that process large amounts of data?A . Hardware encryptionB . Source encryptionC . Symmetric encryptionD . Software encryptionView AnswerAnswer: C

 An enterprise deployed data storage hardware. Which of the following should the information system auditor review to assess whether to maximize the use of storage and networking?A . Capacity management planB . Daily and non-daily work schedulesC . Downtime statisticsD . Quality Management SystemView AnswerAnswer: A

 Information systems auditors have found that software systems that are still in use are outdated for years and are no longer supported. The auditee stated that it still takes six months for the software to run on the current version. Which of the following is the best way to...

 In order to develop a robust data security program, the first step you should take is:A . Talk to the senior management level of IC . Implement monitoring controls.D . Implement data loss prevention measuresE . Perform inventory of assetsView AnswerAnswer: D

 Which of the following best reflects the mature strategic planning process?A . Strategic planning includes specifications for control and safeguard mechanismsB . All projects have an action plan that includes IT requirementsC . IT strategic planning supports corporate strategyD . IT projects from strategic planning are approved by managementView...

 The overall progress report for the project indicates that the project is proceeding as planned. However, progress reports from project grouping do not support this. The biggest risk from this situation may be:A . The project may not be completed in the safe periodB . User involvement may be...

 During the physical security audit, the information system auditor received a contactless proximity card that allowed to access to three specific floors of the corporate office building. Which of the following questions should be the biggest concern?A . In the first two days of field work of audit, the...

 Which of the following recommendations should the information system auditor propose to reduce the likelihood of intruders using social engineering?A . Deploy a security awareness training programB . Perform a simulated attackC . Implementing an intrusion detection system (IDS)D . Prohibit the use of social networking platformsView AnswerAnswer: A