ISACA - CISA.v2021-07-30.q99: Show Answer

ISACA.CISA.v2021-07-30.
q99
Exam Code: CISA

Exam Name: Certified Information Systems Auditor
Certification Provider: ISACA
Free Question Number: 99
Version: v2021-07-30
# of views: 113
# of Questions views: 1029
https://www.freecram.com/torrent/ISACA.CISA.v2021-07-30.q99.html
NEW QUESTION: 1
What should be the PRIMARY basis for scheduling a follow-up audit?
A. The significance of reported findings
B. The completion of all corrective actions
C. The availability of audit resources
D. The time elapsed after audit report submission
Answer: (SHOW ANSWER)
NEW QUESTION: 2
The practice of periodic secure code reviews is which type of control?
A. Detective
B. Corrective
C. Compensating
D. Preventive
Answer: D (LEAVE A REPLY)
NEW QUESTION: 3
What is BEST for an IS auditor to review when assessing the effectiveness of changes
recently made to processes and tools related to an organization's business continuity plan
(BCP)?
A. Change management processes
B. Completed test plans
C. Full test results
D. Updated Inventory of systems
NEW QUESTION: 4
Which of the following features can be provided only by asymmetric encryption?
A. 128-bit key length
B. Nonrepudiation
C. Data confidentiality
D. Information privacy
Answer: C (LEAVE A REPLY)
NEW QUESTION: 5
When evaluating the recent implementation of an intrusion detection system (IDS), an IS
auditor should be MOST concerned with inappropriate:
A. patching
B. encryption
C. tuning
D. training
NEW QUESTION: 6
An IS auditor finds the timeliness and depth of information regarding the organization's IT
projects varies based on which project manager is assigned. Which of the following
recommendations would be A MOST helpful in achieving predictable and repeatable
project management processes?
A. Alignment of project performance to pay incentives
B. Adoption of business case and earned value templates
C. Use of Gantt charts and work breakdown structures
D. Measurement against defined and documented procedures
Answer: B (LEAVE A REPLY)
NEW QUESTION: 7
Which of the following is the BEST control to mitigate the malware risk associated with an
instant messaging (IM) system1?
A. Blocking external IM traffic
B. Encrypting IM traffic
C. Allowing only corporate IM solutions
D. Blocking attachments in IM
NEW QUESTION: 8
Audit management has just completed the annual audit plan for the upcoming year, which
consists entirely of high-risk processor. However it is determined that there are insufficient
resources to execute the plan. What should be done NEXT?
A. Reduce the scope of the audit to better match the number of resources available
B. Present the annual plan to the audit committee and ask for more resources
C. Review the audit plan and defer some audits to the subsequent year
D. Remove audit from the annual plan to better match the number of resources available.
NEW QUESTION: 9
Which of the following attacks would MOST likely result in the interception and modification
of traffic for mobile phones connecting to potentially insecure public Wi-Fi networks?
A. Vishing
B. Man-in-the-middle
C. Brute force
D. Phishing
NEW QUESTION: 10
A legacy application is running on an operating system that is no longer supported by
vendor, if the organization continues to use the current application, which of the application
should be the IS auditor's GREATEST concern?
A. Increased cost of maintaining the system
B. Inability to use the operating system due to potential licence issues
C. Inability to update the legacy application database
D. Potential exploitation of zero-day vulnerabilities in the system
NEW QUESTION: 11
Which of the following is the MOST significant risk associated with peer-to-peer networking
technology?
A. Lack of reliable internet network connections
B. Reduction in staff productivity
C. Lack of central monitoring
D. Loss of information during transmission
NEW QUESTION: 12
Which of the following is the PRIMARY purpose of quality assurance (QA) within an IS
audit department?
A. To regularly assess and improve audit methodology
B. To confirm audit practice is aligned with industry standards and benchmarks
C. To enforce audit policies and identify any deviations
D. To ensure conclusions are reliable and no false assurance is given
Answer: A (LEAVE A REPLY)
NEW QUESTION: 13
An audit has identified that business units have purchased cloud-based applications
without ITs support. What is [he GREATEST risk associated with this situation?
A. The applications may not reasonably protect data.
B. The applications could be modified without advanced notice.
C. The applications are not included in business continuity plans (BCPs).
D. The application purchases did not follow procurement policy.
NEW QUESTION: 14
On a public-key cryptosystem when there is no previous knowledge between parties,
which of the following will BEST help to prevent one person from using a fictitious key to
impersonate someone else?
A. cryptosystem 1 Encrypt the message containing the sender's public key. using the
recipient's public key
B. Send the public key to the recipient prior to establishing the connection
C. Send a certificate that can be verified by a certification authority with the public key
D. Encrypt the message containing the sender's public key using a private-key
NEW QUESTION: 15
Which of the following is the MOST important issue for an IS auditor to consider with
regard to Voice-over IP (VoIP) communications?
A. Homogeneity of the network
B. Nonrepudiation
C. Continuity of service
D. Identity management
NEW QUESTION: 16
Which of the following is the PRIMARY advantage of using virtualization technology for
corporate applications?
A. Better utilization of resources
B. Increased application performance
C. Stronger data security
D. Improved disaster recovery
Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam!
Fast2test.com now offer the newest CISA exam dumps, the Fast2test.com CISA exam
questions have been updated and answers have been corrected get the newest
Fast2test.com CISA dumps with Test Engine here: https://www.fast2test.com/CISA-
practice-test.html (613 Q&As Dumps, 40%OFF Special Discount: freecram)
NEW QUESTION: 17
Which of the following audit procedures would be MOST conclusive in evaluating the
effectiveness of an e-commerce application system's edit routine?
A. Use of test transactions
B. Interviews with knowledgeable users
C. Review of source code
D. Review of program documentation
NEW QUESTION: 18
After the release of an application system, an IS auditor wants to verify that the system is
providing value to the organization. The auditor's BEST course of action would be to:
A. Quantify improvements in client satisfaction
B. Perform a gap analysis against the benefits defined in the business case
C. Confirm that risk has declined since the application system release
D. Review the results of compliance testing
NEW QUESTION: 19
Which of the following is an IS auditor's BEST course of action upon learning that
preventive controls have been replaced with detective and corrective controls'
A. Evaluate whether new controls manage the risk at an acceptable level.
B. Verify the revised controls enhance the efficiency of related business processes.
C. Recommend the implementation of preventive controls in addition to the other controls.
D. Report the issue to management as the risk level has increased.
NEW QUESTION: 20
Due to budget restraints, an organization is postponing the replacement of an in-house
developed mission critical application. Which of the following represents the GREATEST
risk?
A. Maintenance costs may rise
B. Inability to virtualize the server
C. Inability to align to changing business needs
D. Eventual replacement may be more expensive
NEW QUESTION: 21
Both statistical and nonstatistical sampling techniques:
A. permit the auditor to quantify and fix the level of risk
B. require judgment when defining population characteristics
C. provide each item an equal opportunity of being selected.
D. permit the auditor to quantity the probability of error,
NEW QUESTION: 22
An IS audit manager finds that data manipulation logic developed by the audit analytics
team leads to incorrect conclusions This inaccurate logic is MOST likely an indication of
lich of the following?
A. The team's poor understanding of the business process being analyzed
B. Poor change controls over data sets collected from the business
C. Incompatibility between data volume and analytics processing capacity
D. Poor security controls that grant inappropriate access to analysis produced
NEW QUESTION: 23
Which of the following is the PRIMARY reason for an IS auditor to use computer-assisted
audit techniques (CAATs)?
A. To enable quicker access to information
B. To efficiently test an entire population
C. To conduct automated sampling for testing
D. To perform direct testing of production data
NEW QUESTION: 24
To ensure the integrity of a recovered database, which of the following would be MOST
useful?
A. Before-and-after transaction images
B. Application transaction logs
C. Database defragmentation tools
D. A copy of the data dictionary
NEW QUESTION: 25
Which of the following would an IS auditor PRIMARILY review to understand key drivers of
a project?
A. Earned value analysis (EVA)
B. Business case
C. IT strategy and objectives
D. Project risk matrix
NEW QUESTION: 26
Which of the following is the PRIMARY concern when negotiating a contract for a hot site?
A. Coordination with the site staff in the event of multiple disaster declarations
B. Reciprocal agreements with other organizations
C. Availability of the site in the event of multiple disaster declarations
D. Complete testing of the recovery plan
NEW QUESTION: 27
Which of the following should be of MOST concern lo an IS auditor reviewing the public
key infrastructure (PKI) for enterprise email?
A. The private key certificate has not been updated.
B. The PKI policy has not been updated within the last year.
C. The certificate practice statement has not been published.
D. The certificate revocation list has not been updated.
NEW QUESTION: 28
Which of the following is an IS auditor s GREATEST concern when an organization does
not regularly update software on individual workstations in the internal environment?
A. The organization may not be in compliance with licensing agreement.
B. The organization may be more susceptible to cyber-attacks.
C. The system may have version control issues.
D. System functionality may not meet business requirements.
NEW QUESTION: 29
What is the BEST control to address SOL injection vulnerabilities?
A. Secure Sockets Layer (SSL) encryption
B. Digital signatures
C. Input validation
D. Unicode translation
NEW QUESTION: 30
An IS auditor is examining a front-end sub ledger and a main ledger Which of the following
would be the GREATEST concern if there are flaws in the mapping of accounts between
the two systems?
A. Inaccuracy of financial reporting
B. Double-posting of a single journal entry
C. inability to support new business Transactions
D. Unauthorized alteration of account attributes
NEW QUESTION: 31
An IS auditor reviewing the use of encryption finds that the symmetric key is sent by an
email message between the parties. Which of the following audit responses is correct in
this situation?
A. An audit finding is recorded as the key should be asymmetric and therefore changed
B. An audit finding is recorded as the key should be distributed in a secure manner
C. No audit finding is recorded as the key can only be used once
D. No audit finding is recorded as it is normal to distribute a key of this nature in this
manner
NEW QUESTION: 32
When reviewing a contract for a disaster recovery hot site, which of the following would be
the MOST significant omission?
A. Equipment provided
B. Testing procedures
C. Audit rights
D. Exposure coverage
NEW QUESTION: 33
Which of the following would an IS auditor recommend as the MOST effective preventive
control to reduce the risk of data leakage?
A. Ensure that paper documents arc disposed security.
B. Validate that all data files contain digital watermarks
C. Implement an intrusion detection system (IDS).
D. Verify that application logs capture any changes made.
NEW QUESTION: 34
Which of the following is MOST important for an IS auditor to consider during a review of
the IT governance of an organization?
A. Defined service levels
B. Risk management methodology
C. Decision making responsibilities
D. Funding allocation
NEW QUESTION: 35
Capacity management enables organizations to:
A. determine business transaction volumes.
B. establish the capacity of network communication links.
C. forecast technology trends.
D. identify the extent to which components need to be upgraded.
NEW QUESTION: 36
The MOST important function of a business continuity plan (BCP) is to.
A. provide a schedule of events that has to occur if there is a disaster
B. ensure that the critical business functions can be recovered
C. provide procedures for evaluating tests of the BCP
D. ensure that all business functions are restored
NEW QUESTION: 37
Which of the following is the PRIMARY reason for an organization's procurement
processes to include an independent party who is not directly involved with business
operations and related decision-making'?
A. To ensure favorable price negotiations
B. To ensure continuity of processes and procedures
C. To optimize use of business team resources
D. To avoid conflicts of interest
NEW QUESTION: 38
An IS auditor has been asked to assess the security of a recently migrated database
system that contains personal and financial data for a bank's customers. Which of the
following controls is MOST important for the auditor to confirm is in place?
A. All tables in the database are normalized.
B. The default configurations have been changed.
C. The default administration account is used after changing the account password.
D. The service port used by the database server has been changed.
NEW QUESTION: 39
Which of the following would be of GREATEST concern to an IS auditor evaluating
governance over open source development components?
A. The open source development components do not meet industry best practices
B. The development project has gone over budget and time
C. The software is not analyzed for compliance with organizational requirements
D. Existing open source policies have not been approved in over a year
NEW QUESTION: 40
planning an end-user computing (EUC) audit, it is MO ST important for the IS auditor to
A. evaluate EUC threats and vulnerabilities
B. evaluate the organization's EUC policy
C. determine EUC materiality and complexity thresholds
D. obtains an inventory EUC applications
NEW QUESTION: 41
An IS auditor will be testing accounts payable controls by performing data analytics on the
entire population of transactions. Which of the following is MOST important for the auditor
to confirm when sourcing the population data?
A. The data analysis tools have been recently updated.
B. The data can be obtained in a timely manner.
C. The data is taken directly from the system.
D. There is no privacy information in the data.
NEW QUESTION: 42
When reviewing an organization's data protection practices, an IS auditor should be MOST
concerned with a lack of:
A. a security team.
B. data classification.
C. training manuals.
D. data encryption.
NEW QUESTION: 43
In assessing the priority given to systems covered in an organization's business continuity
plan (BCP), an IS auditor should FIRST:
A. Review results of previous business continuity plan (BCP) tests
B. Validate the recovery time objectives and recovery point objectives
C. Verify the criteria for disaster recovery site selection
D. Review the backup and restore process
NEW QUESTION: 44
Which of the following is the MOST likely cause of a successful firewall penetration?
A. Use of a Trojan to bypass the firewall
B. Loophole m firewall vendor's code
C. Virus infection
D. Firewall misconfiguration by the administrator
NEW QUESTION: 45
Which of the following is the GREATEST security risk associated with data migration from
a legacy human resources (HR) system to a cloud-based system''
A. Data from the source and target system may have different data formats
B. Records past their retention period may not be migrated to the new system
C. Data from the source and target system may be intercepted
D. System performance may be impacted by the migration
NEW QUESTION: 46
A user of a telephone banking system has forgotten his personal identification number
(PIN), after the user has been authenticated, the BEST method of issuing a new pin is to
have:
A. A randomly generated pin communicated by banking personnel
B. Banking personnel assign the user a new PIN via email
C. The user enter a new PIN twice
D. Banking personnel verbally assign a new PIN
NEW QUESTION: 47
Which of the following is the BEST way to detect system security breaches?
A. Performing intrusion tests on a regular basis
B. Ensuring maximum interoperability among systems throughout the organization
C. Conducting frequent vulnerability scans
D. Conducting continuous monitoring with an automated system security tool
NEW QUESTION: 48
The GREATEST risk of database denormalization is:
A. decreased performance.
B. incorrect metadata.
C. loss of data confidentiality.
D. loss of database integrity.
NEW QUESTION: 49
Which of the following is MOST likely to result from compliance testing?
A. Comparison of data with physical counts
B. Discovery of controls that have not been applied
C. Identification of errors due to processing mistakes
D. Confirmation of data with outside sources
NEW QUESTION: 50
An IS auditor intends to accept a management position in the data processing department
within the same organization. However, the auditor is currently working on an audit of a
major application and has not yet finished the report. Which of the following would be the
BEST step tor the IS auditor to take?
A. Start in the position and inform the application owner of the job change.
B. Disclose this issue to the appropriate parties.
C. Complete the audit without disclosure and then start in the position.
D. Start in the position immediately.
NEW QUESTION: 51
The BEST way to prevent fraudulent payments is to implement segregation of duties
between payment processing and:
A. check creation.
B. requisition creation.
C. payment approval.
D. vendor setup.
NEW QUESTION: 52
Post-implementation testing is an example of which of the following control types?
A. Deterrent
B. Detective
C. Preventive
D. Directive
NEW QUESTION: 53
An IS department is evaluated monthly on its cost-revenue ratio user satisfaction rate, and
computer downtime This is BEST zed as an application of.
A. value chain analysis
B. risk framework
C. balanced scorecard
D. control self-assessment (CSA)
NEW QUESTION: 54
Which of the following is the MOST important difference between end-user computing
(EUC) applications and traditional applications?
A. Traditional application input controls are typically more robust than EUC application
input controls.
B. Traditional application documentation is typically less comprehensive than EUC
application documentation.
C. Traditional applications require roll-back procedures whereas EUC applications do not.
D. Traditional applications require periodic patching whereas EUC applications do not.
NEW QUESTION: 55
A warehouse employee of a retail company has been able to conceal the theft of inventory
items by entering adjustments of either damaged or lost stock items to the inventory
system Which control would have BEST prevented this type of fraud in a retail
environment?
A. An edit check for the validity of the inventory transaction
B. Unscheduled audits of lost stock lines
C. Statistical sampling of adjustment transactions
D. Separate authorization for input of transactions
NEW QUESTION: 56
A project team evaluated vendor responses to a request for proposal (RFP). An IS auditor
reviewing the evaluation process would expect the team to have considered each
vendor's:
A. acceptance test plan
B. security policy.
C. financial stability
D. development methodology.
NEW QUESTION: 57
Which of the following is the GREATEST concern when an organization allows personal
devices to connect to its network?
A. Help desk employees will require additional training to support devices.
B. It is difficult to maintain employee privacy.
C. IT infrastructure costs will increase.
D. It is difficult To enforce the security policy on personal devices
NEW QUESTION: 58
Which of the following BEST measures project progress?
A. Earned-value analysis (EVA)
B. SWOT analysis
C. Gantt chart
D. Project plan
NEW QUESTION: 59
Which control type would provide the MOST useful input to a root cause analysis?
A. Directive
B. Corrective
C. Detective
D. Compensating
NEW QUESTION: 60
Which of the following demonstrates the use of data analytics for a loan origination
process?
A. Evaluating whether loan records are included in the batch file and are validated by the
servicing system
B. Validating whether reconciliations between the two systems are performed and
discrepancies are investigated
C. Reviewing error handling controls to notify appropriate personnel in the event of a
transmission failure
D. Comparing a population of loans input in the origination system to loans booked on the
servicing system
NEW QUESTION: 61
The purpose of data migration testing is to validate data:
A. retention.
B. confidentiality.
C. availability.
D. completeness.
NEW QUESTION: 62
During the implementation of an upgraded enterprise resource planning (ERP) system,
which of the following is the MOST important consideration for a go-live decision?
A. Business case
B. Post-implementation review objectives
C. Rollback strategy
D. Test cases
NEW QUESTION: 63
An IS auditor is a member of an application development team that is selecting software.
Which of the following would impair the auditor's independence?
A. Approving the vendor selection methodology
B. Witnessing the vendor selection process
C. Reviewing the request for proposal (RFP)
D. verifying the weighting of each selection criteria
NEW QUESTION: 64
Which of the following physical controls will MOST effectively prevent breaches of
computer room security?
A. Photo IDs
B. Retina scanner
C. RFID badge
D. CCTV monitoring
NEW QUESTION: 65
Which of the following is the BEST way to minimize the impact of a ransomware attack?
A. Maintain a regular schedule for patch updates.
B. Perform more frequent system backups.
C. Grant system access based on least privilege.
D. Provide user awareness training on ransomware attacks.
NEW QUESTION: 66
Which of the following is the client organization's responsibility in a Software as a Service
(SaaS) environment?
A. Ensuring that users are properly authorized
B. Preventing insertion of malicious code
C. Ensuring the data is available when needed
D. Detecting unauthorized access
NEW QUESTION: 67
Which of the following is MOST critical to include when developing a data loss prevention
(DIP) policy?
A. Identification of enforcement actions
B. Identification of the relevant network channels requiring protection
C. Identification of the content to protect
D. Identification of the users, groups, and roles to whom the policy will apply
NEW QUESTION: 68
Which of the following is MOST important for an IS auditor to review when evaluating the
effectiveness of an organization's incident response process?
A. Incident response roles and responsibilities
B. Results from management testing of incident response procedures
C. Incident response staff experience and qualifications
D. Past incident response actions
NEW QUESTION: 69
Which of the following should be of MOST concern to an IS auditor during the review of a
quality management system?
A. The quality management system includes training records for IT personnel.
B. Indicators are not fully represented in the quality management system.
C. Important quality checklists are maintained outside the quality management system.
D. There are no records to document actions for minor business processes.
NEW QUESTION: 70
An IS auditor finds that periodic reviews of read-only users for a reporting system are not
being performed.
Which of the following should be the IS auditor's NEXT course of action?
A. Obtain a verbal confirmation from IT for this exemption.
B. Verify management's approval for this exemption.
C. Review the list of end users and evaluate for authorization.
D. Report this control process weakness to senior management.
NEW QUESTION: 71
Which of the following is the PRIMARY protocol for protecting outbound content from
tampering and eavesdropping?
A. Point-to-Point Protocol (PPP)
B. Transport Layer Security (TLS)
C. Secure Shell (SSH)
D. Internet Key Exchange (IKE)
NEW QUESTION: 72
What would be of GREATEST concern to an IS auditor observing shared key cards being
utilized to access an organization's data center?
A. The lack of a multi-factor authentication system
B. The inability to identify who has entered the data center
C. The lack of enforcement of organizational policy and procedures
D. The inability to track the number of misplaced cards
NEW QUESTION: 73
Which of the following should be the FIRST step in an organization's forensics process to
preserve evidence?
A. Duplicate digital evidence and validate it using a hash function
B. Create the forensics analysis reporting template
C. Determine which forensic tools to use
D. Perform analytics on digital evidence obtained using forensic methods
NEW QUESTION: 74
Which of the following is the MOST important consideration when incorporating data
analytics into an audit?
A. Ability of the auditor to perform complex analysis
B. Complexity of the data and related audit process
C. Availability and quality of data
D. Availability and cost of the tools
NEW QUESTION: 75
An organization is deciding whether to outsource its customer relationship management
systems to a provider located in another country. Which of the following should be the
PRIMARY influence in the outsourcing decision?
A. The service provider's disaster recovery plan
B. Cross-border privacy laws
C. Current geopolitical conditions
D. Time zone differences
NEW QUESTION: 76
An IS auditor is reviewing a network diagram. Which of the following would be the BEST
location for placement of a firewall?
A. Inside the demilitarized zone (DMZ)
B. Between each host and the local network switch/hub
C. At borders of network segments with different security levels
D. Between virtual local area networks (VLANs)
NEW QUESTION: 77
Which of the following BEST ensures the quality and integrity of test procedures used in
audit analytics?
A. Developing and implementing an audit data repository
B. Centralizing procedures and implementing change control
C. Decentralizing procedures and implementing periodic peer review
D. Developing and communicating test procedure best practices to audit teams
NEW QUESTION: 78
What is the PRIMARY reason for conducting a risk assessment when developing an
annual IS audit plan?
A. Identify and prioritize audit areas
B. Provide assurance material items will be covered
C. Determine the existence of controls in audit areas
D. Decide which audit procedures and techniques to use
NEW QUESTION: 79
Due to a high volume of customer orders, an organization plans to implement a new
application for customers to use for online ordering Which type of testing is MOST
important to ensure the security of the application prior to go-live?
A. User acceptance testing (UAT)
B. Vulnerability testing
C. Stress testing
D. Regression testing
NEW QUESTION: 80
A new application will require multiple interfaces. Which of the following testing methods
can be used to detect interface errors early in the development life cycle1?
A. Acceptance
B. Bottom up
C. Sociability
D. Top down
NEW QUESTION: 81
What information within change records would provide an IS auditor with the MOST
assurance that configuration management is operating effectively?
A. Implementation checklist for release management
B. Configuration management plan and operating procedures
C. Post-implementation review documentation
D. Affected configuration items and associated impacts
NEW QUESTION: 82
Which of the following would provide the BEST evidence of the effectiveness of mandated
annual security awareness training?
A. Number of security incidents
B. Results of a third-party penetration test
C. Surveys completed by randomly selected employees
D. Trending of social engineering test results
NEW QUESTION: 83
An IS auditor reviewing a purchase accounting system notices several duplicate payments
made for the services rendered. Which of the following is the auditor's BEST
recommendation for preventing duplicate payments?
A. Implement a configuration control to enable sequential numbering of invoices.
B. Request vendors to attach service acknowledgment notices to purchase orders.
C. Implement a system control that determines if there are corresponding invoices for
purchase orders.
D. Perform additional supervisory reviews prior to the invoice payments.
NEW QUESTION: 84
Which of the following should be of concern to an IS auditor performing a software audit on
virtual machines?
A. Software has been installed on virtual machines by privileged users.
B. Software licensing does not support virtual machines
C. Applications have not been approved by the chief financial officer (CFO) .
D. Multiple users can access critical applications
NEW QUESTION: 85
Which of the following is the GREATEST benefit of implementing an incident management
process?
A. Reduction in the business impact of incidents
B. Reduction of cost by the efficient use of resources
C. Opportunity for frequent reassessment of incidents
D. Reduction in security threats
NEW QUESTION: 86
A vulnerability in which of the following virtual systems would be of GREATEST concern to
the IS auditor?
A. The virtual file server
B. The virtual application server
C. The virtual antivirus server
D. The virtual machine management server
NEW QUESTION: 87
Which of the following is the PRIMARY reason an IS auditor should use an IT-related
framework as a basis for scoping and structuring an audit?
A. It helps ensure comprehensiveness of the review and provides guidance on best
practices.
B. It simplifies audit planning and reduces resource requirements to complete an audit.
C. It provides a foundation to recommend certification of the organization's compliance
with the framework.
D. It demonstrates to management whether legal and regulatory requirements have been
met.
NEW QUESTION: 88
An organization wants to replace its suite of legacy applications with a new, in-house
developed solution.
Which of the following is the BEST way to address concerns associated with migration of
all mission-critical business functionality?
A. Expedite go-live by migrating in a single release to allow more time for testing in
production.
B. Increase testing efforts so that all possible combinations of data have been tested prior
to go-live.
C. Strengthen governance by hiring certified and qualified project managers for the
migration.
D. Plan multiple releases to gradually migrate subsets of functionality to reduce production
risk.
NEW QUESTION: 89
When reviewing an organization's information security policies, an IS auditor should venfy
that the policies have been defined PRIMARILY on the basis of
A. past information security incidents
B. industry best practices
C. an information security framework
D. a risk management process
NEW QUESTION: 90
An IS auditor is reviewing a recent security incident and is seeking information about the
approval of a recent modification to a database system's security settings Where would the
auditor MOST likely find this information?
A. Change log
B. System event correlation report
C. Security incident and event management (SIEM) report
D. Database log
NEW QUESTION: 91
Which of the following should be an IS auditor's PRIMARY consideration when evaluating
the development and design of a privacy program?
A. Data governance and data classification procedures
B. Information security and incident management practices
C. Policies and procedures consistent with privacy guidelines
D. Industry practice and regulatory compliance guidance
NEW QUESTION: 92
Which of the following should an IS auditor expect to see in a network vulnerability
assessment?
A. Malicious software and spyware
B. Misconfiguration and missing updates
C. Zero-day vulnerabilities
D. Security design flaws
NEW QUESTION: 93
Which of the following is the MAIN purpose of an information security management
system?
A. To enhance the impact of reports used to monitor information security incidents
B. To reduce the frequency and impact of information security incidents
C. To keep information security policies and procedures up-to-date
D. To identify and eliminate the root causes of information security incidents
NEW QUESTION: 94
internal IS auditor recommends that incoming accounts payable payment files be
encrypted. Which type of control is the auditor recommending?
A. Detective
B. Corrective
C. Preventive
D. Directive
NEW QUESTION: 95
An IS auditor attempts to sample for variables in a population of items with wide
differences in values but determines that an unreasonably large number of sample items
must be selected to produce the desired confidence level. In this situation, which of the
following is the audit decision?
A. Select a judgmental sample
B. Lower the desired confidence level
C. Allow more time and test the required sample
D. Select a stratified sample
NEW QUESTION: 96
An IS auditor is testing employee access to a large financial system and must select a
sample from the current employee list provided by the auditee. Which of the following is
the MOST reliable sample source to support this testing1?
A. Human resources (HR) documents signed by employees' managers
B. Previous audit reports generated by a third party
C. A system access spreadsheet provided by the system administration.
D. A system-generated list of accounts with access levels
NEW QUESTION: 97
When evaluating an IT organizational structure, which of the following is MOST important
to ensure has been documented?
A. Provisions for cross-training
B. Succession and promotion plans
C. Job functions and duties
D. Human resources (HR) policy on organizational changes
NEW QUESTION: 98
Which of the following findings should be of GREATEST concern to an IS auditor reviewing
system deployment tools for a critical enterprise application system?
A. Change requests do not contain backout plans.
B. Access to the tool is not approved by senior management.
C. There are no documented instructions for using the tool.
D. Access to the tool is not restricted.
NEW QUESTION: 99
Which of the following will MOST likely compromise the control provided by a digital
signature created using RSA encryption?
A. Altering the plaintext message
B. Obtaining the sender's private key
C. Reversing the hash function using the digest
D. Deciphering the receiver's public key

ISACA - CISA.v2021-07-30.q99: Show Answer

Uploaded by

Copyright:

Available Formats

ISACA - CISA.v2021-07-30.q99: Show Answer

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ISACA - CISA.v2021-07-30.q99: Show Answer

Uploaded by

Copyright:

Available Formats

ISACA.CISA.v2021-07-30.

Exam Code: CISA

You might also like