Tag - CISA exam

An organization conducted an exercise to test the security awareness level of users by sending an email offering a cash reward 10 those who click on a link embedded in the body of the email. Which of the following metrics BEST indicates the effectiveness of awareness training?A . The number...

Which of the following is the MOST effective way for an organization to project against data loss?A . Limit employee internet access. B. Implement data classification procedures. C. Review firewall logs for anomalies. D. Conduct periodic security awareness training.View AnswerAnswer: B

Which of the following should be done FIRST when planning a penetration test?A . Execute nondisclosure agreements (NDAs). B. Determine reporting requirements for vulnerabilities. C. Define the testing scope. D. Obtain management consent for the testing.View AnswerAnswer: D

Which of the following is the MOST important benefit of involving IS audit when implementing governance of enterprise IT?A . Identifying relevant roles for an enterprise IT governance framework B. Making decisions regarding risk response and monitoring of residual risk C. Verifying that legal, regulatory, and contractual requirements are being...

Which of the following should be an IS auditor's GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?A . Business interruption due to remediation B. IT budgeting constraints C. Availability of responsible IT personnel D. Risk rating of original findingsView AnswerAnswer: D

Which of the following is MOST important for an IS auditor to review when evaluating the accuracy of a spreadsheet that contains several macros?A . Encryption of the spreadsheet B. Version history C. Formulas within macros D. Reconciliation of key calculationsView AnswerAnswer: D

Which of the following would be to MOST concern when determine if information assets are adequately safequately safeguarded during transport and disposal?A . Lack of appropriate labelling B. Lack of recent awareness training. C. Lack of password protection D. Lack of appropriate data classificationView AnswerAnswer: D

An IS auditor discovers that validation controls m a web application have been moved from the server side into the browser to boost performance This would MOST likely increase the risk of a successful attack by.A . phishing. B. denial of service (DoS) C. structured query language (SQL) injection D....

Which of the following would BEST facilitate the successful implementation of an IT-related framework?A . Aligning the framework to industry best practices B. Establishing committees to support and oversee framework activities C. Involving appropriate business representation within the framework D. Documenting IT-related policies and proceduresView AnswerAnswer: C

Which of the following is the BEST method to safeguard data on an organization's laptop computers?A . Disabled USB ports B. Full disk encryption C. Biometric access control D. Two-factor authenticationView AnswerAnswer: C