CISA exam

During an external review, an IS auditor observes an inconsistent approach in classifying system criticality within the organization. Which of the following should be recommended as the PRIMARY factor to determine system criticality?A . Key performance indicators (KPIs)B . Maximum allowable downtime (MAD)C . Recovery point objective (RPO)D . Mean...

Which of the following would BEST facilitate the successful implementation of an IT-related framework?A . Aligning the framework to industry best practicesB . Establishing committees to support and oversee framework activitiesC . Involving appropriate business representation within the frameworkD . Documenting IT-related policies and proceduresView AnswerAnswer: C

Which of the following should be done FIRST when planning a penetration test?A . Execute nondisclosure agreements (NDAs).B . Determine reporting requirements for vulnerabilities.C . Define the testing scope.D . Obtain management consent for the testing.View AnswerAnswer: D Explanation: The first step when planning a penetration test is to obtain...

During the evaluation of controls over a major application development project, the MOST effective use of an IS auditor's time would be to review and evaluate:A . application test cases.B . acceptance testing.C . cost-benefit analysis.D . project plans.View AnswerAnswer: A Explanation: Reviewing and evaluating application test cases is the...

An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?A . Requiring policy acknowledgment and nondisclosure agreements (NDAs) signed by employeesB . Establishing strong access controls...

To confirm integrity for a hashed message, the receiver should use:A . the same hashing algorithm as the sender's to create a binary image of the file.B . a different hashing algorithm from the sender's to create a binary image of the file.C . the same hashing algorithm as the...

Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?A . The IS auditor provided consulting advice concerning application system best practices.B . The IS auditor participated as a member of the application system project team, but...

Which of the following is the BEST way to address segregation of duties issues in an organization with budget constraints?A . Rotate job duties periodically.B . Perform an independent audit.C . Hire temporary staff.D . Implement compensating controls.View AnswerAnswer: D Explanation: The best way to address segregation of duties issues...

During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period. Which of the following is the auditor's MOST important course of action?A . Document the finding and present it to management.B . Determine if a root cause analysis was conducted.C ....

The decision to accept an IT control risk related to data quality should be the responsibility of the:A . information security team.B . IS audit manager.C . chief information officer (CIO).D . business owner.View AnswerAnswer: D Explanation: The decision to accept an IT control risk related to data quality should...