CISA exam

Which of the following data would be used when performing a business impact analysis (BIA)?A . Projected impact of current business on future businessB . Cost-benefit analysis of running the current businessC . Cost of regulatory complianceD . Expected costs for recovering the businessView AnswerAnswer: D Explanation: The expected costs...

An organization's security policy mandates that all new employees must receive appropriate security awareness training. Which of the following metrics would BEST assure compliance with this policy?A . Percentage of new hires that have completed the training.B . Number of new hires who have violated enterprise security policies.C . Number...

Which of the following BEST indicates the effectiveness of an organization's risk management program?A . Inherent risk is eliminated.B . Residual risk is minimized.C . Control risk is minimized.D . Overall risk is quantified.View AnswerAnswer: B Explanation: The effectiveness of a risk management program can be measured by how well...

When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:A . the Internet.B . the demilitarized zone (DMZ).C . the organization's web server.D . the organization's network.View...

Which of the following attack techniques will succeed because of an inherent security weakness in an Internet firewall?A . PhishingB . Using a dictionary attack of encrypted passwordsC . Intercepting packets and viewing passwordsD . Flooding the site with an excessive number of packetsView AnswerAnswer: D Explanation: Flooding the site...

An IS auditor is following up on prior period items and finds management did not address an audit finding. Which of the following should be the IS auditor's NEXT course of action?A . Note the exception in a new report as the item was not addressed by management.B . Recommend...

An IT balanced scorecard is the MOST effective means of monitoring:A . governance of enterprise IT.B . control effectiveness.C . return on investment (ROI).D . change management effectiveness.View AnswerAnswer: A Explanation: An IT balanced scorecard is a strategic management tool that aligns IT objectives with business goals and measures the...

An IS auditor is examining a front-end subledger and a main ledger. Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?A . Double-posting of a single journal entryB . Inability to support new business transactionsC . Unauthorized...

An IS auditor is planning an audit of an organization's accounts payable processes. Which of the following controls is MOST important to assess in the audit?A . Segregation of duties between issuing purchase orders and making payments.B . Segregation of duties between receiving invoices and setting authorization limitsC . Management...

An IS auditor discovers an option in a database that allows the administrator to directly modify any table. This option is necessary to overcome bugs in the software, but is rarely used. Changes to tables are automatically logged. The IS auditor's FIRST action should be to:A . recommend that the...