CISA exam

The decision to accept an IT control risk related to data quality should be the responsibility of the:A . information security team. B. IS audit manager. C. chief information officer (CIO). D. business owner.View AnswerAnswer: D

An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization s objectives?A . Assessment of the personnel training processes of the provider B. Adequacy of the service provider's insurance C. Review of...

Which of the following is the BEST compensating control when segregation of duties is lacking in a small IS department?A . Background checks B. User awareness training C. Transaction log review D. Mandatory holidaysView AnswerAnswer: C

A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization. Which of the following is MOST effective in detecting such an intrusion?A . Periodically reviewing log files B. Configuring the router as a firewall C. Using smart cards with one-time...

During the implementation of an upgraded enterprise resource planning (ERP) system, which of the following is the MOST important consideration for a go-live decision?A . Rollback strategy B. Test cases C. Post-implementation review objectives D. Business caseView AnswerAnswer: D

An IS auditor discovers an option in a database that allows the administrator to directly modify any table. This option is necessary to overcome bugs in the software, but is rarely used. Changes to tables are automatically logged. The IS auditor's FIRST action should be to:A . recommend that the...

While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed with the audit function. In order to resolve the situation, the IS auditor's BEST course of action would be to:A . re-prioritize the original issue as...

Which of the following is the BEST way to mitigate the impact of ransomware attacks?A . Invoking the disaster recovery plan (DRP) B. Backing up data frequently C. Paying the ransom D. Requiring password changes for administrative accountsView AnswerAnswer: B

When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:A . the Internet. B. the demilitarized zone (DMZ). C. the organization's web server. D. the organization's network.View...

During the discussion of a draft audit report. IT management provided suitable evidence fiat a process has been implemented for a control that had been concluded by the IS auditor as Ineffective. Which of the following is the auditor's BEST action?A . Explain to IT management that the new control...