ExamGecko
Search Search Login
Home Home / Isaca / CISA

Isaca CISA Practice Test - Questions Answers, Page 81

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
Which of the following poses the GREATEST risk to the use of active RFID tags?
The FIRST step in an incident response plan is to:
An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?
An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, which of the following should present the GREATEST concern to the auditor?
Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?
An IS auditor is reviewing the backup procedures in an organization that has high volumes of data with frequent changes to transactions. Which of the following is the BEST backup scheme to recommend given the need for a shorter restoration time in the event of a disruption?

Question 801

Report
Export
Collapse

Which of the following is MOST important to define within a disaster recovery plan (DRP)?

A.
A comprehensive list of disaster recovery scenarios and priorities
A.
A comprehensive list of disaster recovery scenarios and priorities
Answers
B.
Business continuity plan (BCP)
B.
Business continuity plan (BCP)
Answers
C.
Test results for backup data restoration
C.
Test results for backup data restoration
Answers
D.
Roles and responsibilities for recovery team members
D.
Roles and responsibilities for recovery team members
Answers
Suggested answer: D

Question 802

Report
Export
Collapse

When designing metrics for information security, the MOST important consideration is that the metrics:

A.
conform to industry standards.
A.
conform to industry standards.
Answers
B.
apply to all business units.
B.
apply to all business units.
Answers
C.
provide actionable data.
C.
provide actionable data.
Answers
D.
are easy to understand.
D.
are easy to understand.
Answers
Suggested answer: C

Question 803

Report
Export
Collapse

Which of the following would be an IS auditor's BEST recommendation to senior management when several IT initiatives are found to be misaligned with the organization's strategy?

A.
Modify IT initiatives that do not map to business strategies.
A.
Modify IT initiatives that do not map to business strategies.
Answers
B.
Reassess IT initiatives that do not map to business strategies.
B.
Reassess IT initiatives that do not map to business strategies.
Answers
C.
Define key performance indicators (KPIs) for IT.
C.
Define key performance indicators (KPIs) for IT.
Answers
D.
Reassess the return on investment (ROI) for the IT initiatives.
D.
Reassess the return on investment (ROI) for the IT initiatives.
Answers
Suggested answer: B

Question 804

Report
Export
Collapse

During the planning phase of a data loss prevention (DLP) audit, management expresses a concern about mobile computing. Which of the following should the IS auditor identify as the associated risk?

A.
Increased vulnerability due to anytime, anywhere accessibility
A.
Increased vulnerability due to anytime, anywhere accessibility
Answers
B.
Increased need for user awareness training
B.
Increased need for user awareness training
Answers
C.
The use of the cloud negatively impacting IT availability
C.
The use of the cloud negatively impacting IT availability
Answers
D.
Lack of governance and oversight for IT infrastructure and applications
D.
Lack of governance and oversight for IT infrastructure and applications
Answers
Suggested answer: A

Question 805

Report
Export
Collapse

Which of the following is the BEST way to prevent social engineering incidents?

A.
Ensure user workstations are running the most recent version of antivirus software.
A.
Ensure user workstations are running the most recent version of antivirus software.
Answers
B.
Maintain an onboarding and annual security awareness program.
B.
Maintain an onboarding and annual security awareness program.
Answers
C.
Include security responsibilities in job descriptions and require signed acknowledgment.
C.
Include security responsibilities in job descriptions and require signed acknowledgment.
Answers
D.
Enforce strict email security gateway controls.
D.
Enforce strict email security gateway controls.
Answers
Suggested answer: B

Question 806

Report
Export
Collapse

When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:

A.
the organization's network.
A.
the organization's network.
Answers
B.
the demilitarized zone (DMZ).
B.
the demilitarized zone (DMZ).
Answers
C.
the Internet.
C.
the Internet.
Answers
D.
the organization's web server.
D.
the organization's web server.
Answers
Suggested answer: C

Question 807

Report
Export
Collapse

Which of the following is the PRIMARY advantage of using an automated security log monitoring tool instead of conducting a manual review to monitor the use of privileged access?

A.
Reduced costs associated with automating the review
A.
Reduced costs associated with automating the review
Answers
B.
Increased likelihood of detecting suspicious activity
B.
Increased likelihood of detecting suspicious activity
Answers
C.
Ease of storing and maintaining log file
C.
Ease of storing and maintaining log file
Answers
D.
Ease of log retrieval for audit purposes
D.
Ease of log retrieval for audit purposes
Answers
Suggested answer: B

Question 808

Report
Export
Collapse

Which of the following is the PRIMARY reason an IS auditor would recommend offsite backups although critical data is already on a redundant array of inexpensive disks (RAID)?

A.
Disks of the array cannot be hot-swapped for quick recovery.
A.
Disks of the array cannot be hot-swapped for quick recovery.
Answers
B.
The array cannot offer protection against disk corruption.
B.
The array cannot offer protection against disk corruption.
Answers
C.
The array relies on proper maintenance.
C.
The array relies on proper maintenance.
Answers
D.
The array cannot recover from a natural disaster.
D.
The array cannot recover from a natural disaster.
Answers
Suggested answer: D

Question 809

Report
Export
Collapse

Which of the following should an IS auditor be MOST concerned with when a system uses RFID?

A.
Scalability
A.
Scalability
Answers
B.
Maintainability
B.
Maintainability
Answers
C.
Nonrepudiation
C.
Nonrepudiation
Answers
D.
Privacy
D.
Privacy
Answers
Suggested answer: D

Question 810

Report
Export
Collapse

Which of the following components of a risk assessment is MOST helpful to management in determining the level of risk mitigation to apply?

A.
Risk classification
A.
Risk classification
Answers
B.
Control self-assessment (CSA)
B.
Control self-assessment (CSA)
Answers
C.
Risk identification
C.
Risk identification
Answers
D.
Impact assessment
D.
Impact assessment
Answers
Suggested answer: D
Total 1.198 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms