CISA exam

An IS auditor is planning an audit of an organization's accounts payable processes. Which of the following controls is MOST important to assess in the audit?A . Segregation of duties between issuing purchase orders and making payments.B . Segregation of duties between receiving invoices and setting authorization limitsC . Management...

An IS auditor discovers an option in a database that allows the administrator to directly modify any table. This option is necessary to overcome bugs in the software, but is rarely used. Changes to tables are automatically logged. The IS auditor's FIRST action should be to:A . recommend that the...

An IS auditor notes that several employees are spending an excessive amount of time using social media sites for personal reasons. Which of the following should the auditor recommend be performed FIRST?A . Implement a process to actively monitor postings on social networking sites.B . Adjust budget for network usage...

The PRIMARY advantage of object-oriented technology is enhanced:A . efficiency due to the re-use of elements of logic.B . management of sequential program execution for data access.C . grouping of objects into methods for data access.D . management of a restricted variety of data types for a data object.View AnswerAnswer:...

Which of the following is the BEST way to mitigate the impact of ransomware attacks?A . Invoking the disaster recovery plan (DRP)B . Backing up data frequentlyC . Paying the ransomD . Requiring password changes for administrative accountsView AnswerAnswer: B Explanation: Ransomware is a type of malicious software that encrypts...

During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRSTA . perform a business impact analysis (BIA).B . issue an intermediate report to management.C . evaluate the impact on current disaster recovery capability.D . conduct additional compliance...

An organization has recently acquired and implemented intelligent-agent software for granting loans to customers. During the post-implementation review, which of the following is the MOST important procedure for the IS auditor to perform?A . Review system and error logs to verify transaction accuracy.B . Review input and output control reports...

A system administrator recently informed the IS auditor about the occurrence of several unsuccessful intrusion attempts from outside the organization. Which of the following is MOST effective in detecting such an intrusion?A . Periodically reviewing log filesB . Configuring the router as a firewallC . Using smart cards with one-time...

Which of the following is the MOST effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines?A . Monitor access to stored images and snapshots of virtual machines.B . Restrict access to images and snapshots of virtual machines.C . Limit creation of virtual machine images...

The PRIMARY benefit lo using a dry-pipe fire-suppression system rather than a wet-pipe system is that a dry-pipe system:A . is more effective at suppressing flames.B . allows more time to abort release of the suppressant.C . has a decreased risk of leakage.D . disperses dry chemical suppressants exclusively.View AnswerAnswer:...