CISA exam

Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?A . The IS auditor provided consulting advice concerning application system best practices.B . The IS auditor participated as a member of the application system project team, but...

Which of the following is the BEST way to address segregation of duties issues in an organization with budget constraints?A . Rotate job duties periodically.B . Perform an independent audit.C . Hire temporary staff.D . Implement compensating controls.View AnswerAnswer: D Explanation: The best way to address segregation of duties issues...

During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period. Which of the following is the auditor's MOST important course of action?A . Document the finding and present it to management.B . Determine if a root cause analysis was conducted.C ....

The decision to accept an IT control risk related to data quality should be the responsibility of the:A . information security team.B . IS audit manager.C . chief information officer (CIO).D . business owner.View AnswerAnswer: D Explanation: The decision to accept an IT control risk related to data quality should...

An organization's enterprise architecture (EA) department decides to change a legacy system's components while maintaining its original functionality. Which of the following is MOST important for an IS auditor to understand when reviewing this decision?A . The current business capabilities delivered by the legacy systemB . The proposed network topology...

Which of the following is the MOST important prerequisite for the protection of physical information assets in a data center?A . Segregation of duties between staff ordering and staff receiving information assetsB . Complete and accurate list of information assets that have been deployedC . Availability and testing of onsite...

Which of the following is the PRIMARY advantage of parallel processing for a new system implementation?A . Assurance that the new system meets functional requirementsB . More time for users to complete training for the new systemC . Significant cost savings over other system implemental or approachesD . Assurance that...

Which of the following is the BEST control to prevent the transfer of files to external parties through instant messaging (IM) applications?A . File level encryptionB . File Transfer Protocol (FTP)C . Instant messaging policyD . Application-level firewallsView AnswerAnswer: D Explanation: Application level firewalls are the best control to prevent...

Which of the following is the BEST control to mitigate the malware risk associated with an instant messaging (IM) system?A . Blocking attachments in IMB . Blocking external IM trafficC . Allowing only corporate IM solutionsD . Encrypting IM trafficView AnswerAnswer: C Explanation: Allowing only corporate IM solutions is the...

An IS auditor finds that a key Internet-facing system is vulnerable to attack and that patches are not available. What should the auditor recommend be done FIRST?A . Implement a new system that can be patched.B . Implement additional firewalls to protect the system.C . Decommission the server.D . Evaluate...