CISA exam

Which of the following should an IS auditor be MOST concerned with during a post-implementation review?A . The system does not have a maintenance plan.B . The system contains several minor defects.C . The system deployment was delayed by three weeks.D . The system was over budget by 15%.View AnswerAnswer:...

Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:A . business impact analysis (BIA).B . threat and risk assessment.C . business continuity plan (BCP).D . disaster recovery plan (DRP).View AnswerAnswer: C Explanation: A business continuity plan (BCP) is...

Which of the following should be an IS auditor's PRIMARY focus when developing a risk-based IS audit program?A . Portfolio managementB . Business plansC . Business processesD . IT strategic plansView AnswerAnswer: C Explanation: Business processes should be the primary focus of an IS auditor when developing a risk-based IS...

Which of the following fire suppression systems needs to be combined with an automatic switch to shut down the electricity supply in the event of activation?A . Carbon dioxideB . FM-200C . Dry pipeD . HalonView AnswerAnswer: A Explanation: Carbon dioxide fire suppression systems need to be combined with an...

An incorrect version of the source code was amended by a development team. This MOST likely indicates a weakness in:A . incident management.B . quality assurance (QA).C . change management.D . project management.View AnswerAnswer: C Explanation: A weakness in change management is the most likely cause of an incorrect version...

Which of the following strategies BEST optimizes data storage without compromising data retention practices?A . Limiting the size of file attachments being sent via emailB . Automatically deleting emails older than one yearC . Moving emails to a virtual email vault after 30 daysD . Allowing employees to store large...

An IS auditor finds the log management system is overwhelmed with false positive alerts. The auditor's BEST recommendation would be to:A . establish criteria for reviewing alerts.B . recruit more monitoring personnel.C . reduce the firewall rules.D . fine tune the intrusion detection system (IDS).View AnswerAnswer: D Explanation: Fine tuning...

An IS auditor is evaluating an organization's IT strategy and plans. Which of the following would be of GREATEST concern?A . There is not a defined IT security policy.B . The business strategy meeting minutes are not distributed.C . IT is not engaged in business strategic planning.D . There is...

Which audit approach is MOST helpful in optimizing the use of IS audit resources?A . Agile auditingB . Continuous auditingC . Outsourced auditingD . Risk-based auditingView AnswerAnswer: D Explanation: Risk-based auditing is an audit approach that focuses on the analysis and management of risk within an organization. Risk-based auditing helps...

Which of the following is MOST useful for determining whether the goals of IT are aligned with the organization's goals?A . Balanced scorecardB . Enterprise dashboardC . Enterprise architecture (EA)D . Key performance indicators (KPIs)View AnswerAnswer: A Explanation: The most useful tool for determining whether the goals of IT are...