CISA exam

An organization's enterprise architecture (EA) department decides to change a legacy system's components while maintaining its original functionality. Which of the following is MOST important for an IS auditor to understand when reviewing this decision?A . The current business capabilities delivered by the legacy systemB . The proposed network topology...

Which of the following is the MOST important prerequisite for the protection of physical information assets in a data center?A . Segregation of duties between staff ordering and staff receiving information assetsB . Complete and accurate list of information assets that have been deployedC . Availability and testing of onsite...

Which of the following is the PRIMARY advantage of parallel processing for a new system implementation?A . Assurance that the new system meets functional requirementsB . More time for users to complete training for the new systemC . Significant cost savings over other system implemental or approachesD . Assurance that...

Which of the following is the BEST control to prevent the transfer of files to external parties through instant messaging (IM) applications?A . File level encryptionB . File Transfer Protocol (FTP)C . Instant messaging policyD . Application-level firewallsView AnswerAnswer: D Explanation: Application level firewalls are the best control to prevent...

Which of the following is the BEST control to mitigate the malware risk associated with an instant messaging (IM) system?A . Blocking attachments in IMB . Blocking external IM trafficC . Allowing only corporate IM solutionsD . Encrypting IM trafficView AnswerAnswer: C Explanation: Allowing only corporate IM solutions is the...

An IS auditor finds that a key Internet-facing system is vulnerable to attack and that patches are not available. What should the auditor recommend be done FIRST?A . Implement a new system that can be patched.B . Implement additional firewalls to protect the system.C . Decommission the server.D . Evaluate...

One benefit of return on investment (ROI) analysts in IT decision making is that it provides the:A . basis for allocating indirect costs.B . cost of replacing equipment.C . estimated cost of ownership.D . basis for allocating financial resources.View AnswerAnswer: D Explanation: One benefit of return on investment (ROI) analysis...

An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization s objectives?A . Assessment of the personnel training processes of the providerB . Adequacy of the service provider's insuranceC . Review of...

Which of the following is an audit reviewer's PRIMARY role with regard to evidence?A . Ensuring unauthorized individuals do not tamper with evidence after it has been capturedB . Ensuring evidence is sufficient to support audit conclusionsC . Ensuring appropriate statistical sampling methods were usedD . Ensuring evidence is labeled...

A proper audit trail of changes to server start-up procedures would include evidence of:A . subsystem structure.B . program execution.C . security control options.D . operator overrides.View AnswerAnswer: D Explanation: A proper audit trail of changes to server start-up procedures would include evidence of operator overrides, which are actions taken...