CISA exam

 In order to ensure that the firewall can effectively protect the network from external attacks, which of the following basic practices should be followed?A . Only allow the necessary external services.B . All external communications must go through firewall.C . The firewall must be placed in non-protected area (DMZ)D...

 Several portable computers containing customer-sensitive data were stolen from the staff's office because they were unattended. Which of the following is the best advice for an information systems auditor to protect data when it prevents similar incidents from happening again?A . Enhance physical securityB . Encrypted disk driveC ....

 The information system auditor did not find out which of the following terms can be identified by the risk of an error?A . DetectionB . PreventionC . ControlD . InherentView AnswerAnswer: A

 The information systems auditor is reviewing the priority process of the outsourcing plan in the T portfolio. Which of the following is missing is the biggest concern?A . Company-wide priority criteriaB . Service Level Agreement MonitoringC . Resource Priority PlanD . Budget allocation planView AnswerAnswer: B

 During the information system audit, the security configuration on the company's virtual server cluster was found to be different. Which of the following is the best advice for an information systems auditor to improve the control environment?A . Implement security monitoring for high-risk virtual servers.B . Independent review of...

 Information system auditors should primarily review which of the following to understand the main drivers of the project?A . Business caseB . Earned value analysisC . IT strategy and goalsD . Project risk matrixView AnswerAnswer: C

 The information system auditor found that the accounts payable clerk had direct access to the file after the payment file was generated. The most significant risk to the business is that the money may be:A . Changed.B . Rejected.C . Very late to the customer.D . Copied.View AnswerAnswer: A

 When reviewing the security policy, the information system auditor found that there was no mention that the employee should return all the company's smartphones once the employment relationship was terminated. The biggest risk caused by this situation is the unreturned equipment:A . Access to company resourcesB . The inventory...

 Which of the following should be considered when an information system auditor considers the risks associated with sensitive reporting by offline printing?A . Data may be easily modified by unauthorized personnelB . An unauthorised copy of the report can be printedC . Operators can easily read dataD . If...

 Which of the following can provide the fastest secure backup for companies that process large amounts of data?A . Hardware encryptionB . Source encryptionC . Symmetric encryptionD . Software encryptionView AnswerAnswer: C