CISA exam

 Information systems auditors have found that software systems that are still in use are outdated for years and are no longer supported. The auditee stated that it still takes six months for the software to run on the current version. Which of the following is the best way to...

 In order to develop a robust data security program, the first step you should take is:A . Talk to the senior management level of IC . Implement monitoring controls.D . Implement data loss prevention measuresE . Perform inventory of assetsView AnswerAnswer: D

 Which of the following best reflects the mature strategic planning process?A . Strategic planning includes specifications for control and safeguard mechanismsB . All projects have an action plan that includes IT requirementsC . IT strategic planning supports corporate strategyD . IT projects from strategic planning are approved by managementView...

 The overall progress report for the project indicates that the project is proceeding as planned. However, progress reports from project grouping do not support this. The biggest risk from this situation may be:A . The project may not be completed in the safe periodB . User involvement may be...

 During the physical security audit, the information system auditor received a contactless proximity card that allowed to access to three specific floors of the corporate office building. Which of the following questions should be the biggest concern?A . In the first two days of field work of audit, the...

 Which of the following recommendations should the information system auditor propose to reduce the likelihood of intruders using social engineering?A . Deploy a security awareness training programB . Perform a simulated attackC . Implementing an intrusion detection system (IDS)D . Prohibit the use of social networking platformsView AnswerAnswer: A

 Which of the following is a major consideration for information systems auditors when reviewing software license management?A . No current software listB . Do not use a site licenseC . Lack of agreement on software third party preservationD . No backup license for future useView AnswerAnswer: A

 Which of the following best describes the effectiveness of a portfolio management plan?A . Maturity level of the value management processB . Experience of portfolio managersC . Percentage of investment to achieve its predicted valueD . Stakeholders’ perception of IT valueView AnswerAnswer: A

 During the review of the IT Strategic Plan, the Information Systems Auditor found that some of the action plans focused on launching new systems and technologies were inconsistent with the company's strategy. Which of the following would be the best advice for an information systems auditor?A . Reassess the...

 The main purposes of testing an alternate site that is part of a disaster recovery plan are:A . Verify that the infrastructure of the alternate site works as expected.B . Determine recovery time objectivesC . Identify the hidden costs of the maintenance site.D . Assess employee safety awarenessView AnswerAnswer:...