Isaca CISA Practice Test - Questions Answers, Page 120
Question list
List of questions
Related questions
Which of the following roles is PRIMARILY responsible for mitigating the risk of benefits not being realized in an IT project?
Project sponsor
Project manager
Quality assurance (QA) manager
Chief risk officer (CRO)
Which of the following will BEST ensure that archived electronic information of permanent importance remains accessible over time?
Performing preventive maintenance on old hardware
Acquiring applications that emulate old software
Regularly migrating data to current technology
Periodically backing up archived data
An organization has decided to build a data warehouse using source data from several disparate systems to support strategic decision-making.
Which of the following is the BEST way to ensure the accuracy and completeness of the data used to support business decisions?
The source data is pre-selected so that it already supports senior management's desired business decision outcome.
The source data is from the current year of operations so that irrelevant data from prior years is not included.
The source data is modified in the data warehouse to remove confidential or sensitive information.
The source data is standardized and cleansed before loading into the data warehouse.
Which of the following poses the GREATEST risk to an organization related to system interfaces?
There is no process documentation for some system interfaces.
Notifications of data transfers through the interfaces are not retained.
Parts of the data transfer process are performed manually.
There is no reliable inventory of system interfaces.
Which type of threat can utilize a large group of automated social media accounts to steal data, send spam, or launch distributed denial of service (DDoS) attacks?
Botnet attack
Data mining
Phishing attempt
Malware sharing
Which of the following would be MOST helpful to an IS auditor performing a risk assessment of an application programming interface (API) that feeds credit scores from a well-known commercial credit agency into an organizational system?
A data dictionary of the transferred data
A technical design document for the interface configuration
The most recent audit report from the credit agency
The approved business case for the API
IT management has accepted the risk associated with an IS auditor's finding due to the cost and complexity of the corrective actions. Which of the following should be the auditor's NEXT course of action?
Perform a cost-benefit analysis.
Document and inform the audit committee.
Report the finding to external regulators.
Notify senior management.
The MOST important measure of the effectiveness of an organization's security program is the:
comparison with critical incidents experienced by competitors.
number of vulnerability alerts escalated to senior management.
number of new vulnerabilities reported.
adverse impact of incidents on critical business activities.
Question