CISA exam

One benefit of return on investment (ROI) analysts in IT decision making is that it provides the:A . basis for allocating indirect costs.B . cost of replacing equipment.C . estimated cost of ownership.D . basis for allocating financial resources.View AnswerAnswer: D Explanation: One benefit of return on investment (ROI) analysis...

An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization s objectives?A . Assessment of the personnel training processes of the providerB . Adequacy of the service provider's insuranceC . Review of...

Which of the following is an audit reviewer's PRIMARY role with regard to evidence?A . Ensuring unauthorized individuals do not tamper with evidence after it has been capturedB . Ensuring evidence is sufficient to support audit conclusionsC . Ensuring appropriate statistical sampling methods were usedD . Ensuring evidence is labeled...

A proper audit trail of changes to server start-up procedures would include evidence of:A . subsystem structure.B . program execution.C . security control options.D . operator overrides.View AnswerAnswer: D Explanation: A proper audit trail of changes to server start-up procedures would include evidence of operator overrides, which are actions taken...

An organization conducted an exercise to test the security awareness level of users by sending an email offering a cash reward 10 those who click on a link embedded in the body of the email. Which of the following metrics BEST indicates the effectiveness of awareness training?A . The number...

Which of the following is the MOST effective way for an organization to project against data loss?A . Limit employee internet access. B. Implement data classification procedures. C. Review firewall logs for anomalies. D. Conduct periodic security awareness training.View AnswerAnswer: B

Which of the following should be done FIRST when planning a penetration test?A . Execute nondisclosure agreements (NDAs). B. Determine reporting requirements for vulnerabilities. C. Define the testing scope. D. Obtain management consent for the testing.View AnswerAnswer: D

Which of the following is the MOST important benefit of involving IS audit when implementing governance of enterprise IT?A . Identifying relevant roles for an enterprise IT governance framework B. Making decisions regarding risk response and monitoring of residual risk C. Verifying that legal, regulatory, and contractual requirements are being...

Which of the following should be an IS auditor's GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?A . Business interruption due to remediation B. IT budgeting constraints C. Availability of responsible IT personnel D. Risk rating of original findingsView AnswerAnswer: D

Which of the following is MOST important for an IS auditor to review when evaluating the accuracy of a spreadsheet that contains several macros?A . Encryption of the spreadsheet B. Version history C. Formulas within macros D. Reconciliation of key calculationsView AnswerAnswer: D