CISA exam

Which of the following is the BEST detective control for a job scheduling process involving data transmission?A . Metrics denoting the volume of monthly job failures are reported and reviewed by senior management. B. Jobs are scheduled to be completed daily and data is transmitted using a Secure File Transfer...

From an IS auditor's perspective, which of the following would be the GREATEST risk associated with an incomplete inventory of deployed software in an organization?A . Inability to close unused ports on critical servers B. Inability to identify unused licenses within the organization C. Inability to deploy updated security patches...

The decision to accept an IT control risk related to data quality should be the responsibility of the:A . information security team. B. IS audit manager. C. chief information officer (CIO). D. business owner.View AnswerAnswer: D

An organization has outsourced its data processing function to a service provider. Which of the following would BEST determine whether the service provider continues to meet the organization s objectives?A . Assessment of the personnel training processes of the provider B. Adequacy of the service provider's insurance C. Review of...

Which of the following is the BEST compensating control when segregation of duties is lacking in a small IS department?A . Background checks B. User awareness training C. Transaction log review D. Mandatory holidaysView AnswerAnswer: C

A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization. Which of the following is MOST effective in detecting such an intrusion?A . Periodically reviewing log files B. Configuring the router as a firewall C. Using smart cards with one-time...

During the implementation of an upgraded enterprise resource planning (ERP) system, which of the following is the MOST important consideration for a go-live decision?A . Rollback strategy B. Test cases C. Post-implementation review objectives D. Business caseView AnswerAnswer: D

An IS auditor discovers an option in a database that allows the administrator to directly modify any table. This option is necessary to overcome bugs in the software, but is rarely used. Changes to tables are automatically logged. The IS auditor's FIRST action should be to:A . recommend that the...

While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed with the audit function. In order to resolve the situation, the IS auditor's BEST course of action would be to:A . re-prioritize the original issue as...

Which of the following is the BEST way to mitigate the impact of ransomware attacks?A . Invoking the disaster recovery plan (DRP) B. Backing up data frequently C. Paying the ransom D. Requiring password changes for administrative accountsView AnswerAnswer: B