ExamGecko
Search Search Login
Home Home / Isaca / CISA

Isaca CISA Practice Test - Questions Answers, Page 85

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?
Which of the following poses the GREATEST risk to the use of active RFID tags?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
The FIRST step in an incident response plan is to:
An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?
An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, which of the following should present the GREATEST concern to the auditor?
Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?
An IS auditor is reviewing the backup procedures in an organization that has high volumes of data with frequent changes to transactions. Which of the following is the BEST backup scheme to recommend given the need for a shorter restoration time in the event of a disruption?

Question 841

Report
Export
Collapse

Management is concerned about sensitive information being intentionally or unintentionally emailed as attachments outside the organization by employees. What is the MOST important task before implementing any associated email controls?

A.
Provide notification to employees about possible email monitoring.
A.
Provide notification to employees about possible email monitoring.
Answers
B.
Develop an information classification scheme.
B.
Develop an information classification scheme.
Answers
C.
Require all employees to sign nondisclosure agreements (NDAs).
C.
Require all employees to sign nondisclosure agreements (NDAs).
Answers
D.
Develop an acceptable use policy for end-user computing (EUC).
D.
Develop an acceptable use policy for end-user computing (EUC).
Answers
Suggested answer: B

Question 842

Report
Export
Collapse

Which type of control has been established when an organization implements a security information and event management (SIEM) system?

A.
Preventive
A.
Preventive
Answers
B.
Detective
B.
Detective
Answers
C.
Directive
C.
Directive
Answers
D.
Corrective
D.
Corrective
Answers
Suggested answer: C

Question 843

Report
Export
Collapse

A senior IS auditor suspects that a PC may have been used to perpetrate fraud in a finance department. The auditor should FIRST report this suspicion to:

A.
audit management.
A.
audit management.
Answers
B.
the police.
B.
the police.
Answers
C.
the audit committee.
C.
the audit committee.
Answers
D.
auditee line management.
D.
auditee line management.
Answers
Suggested answer: A

Question 844

Report
Export
Collapse

Audit frameworks can assist the IS audit function by:

A.
providing details on how to execute the audit program.
A.
providing details on how to execute the audit program.
Answers
B.
outlining the specific steps needed to complete audits.
B.
outlining the specific steps needed to complete audits.
Answers
C.
providing direction and information regarding the performance of audits.
C.
providing direction and information regarding the performance of audits.
Answers
D.
defining the authority and responsibility of the IS audit function.
D.
defining the authority and responsibility of the IS audit function.
Answers
Suggested answer: C

Question 845

Report
Export
Collapse

Which of the following is the GREATEST advantage of maintaining an internal IS audit function within an organization?

A.
Increased independence and impartiality of recommendations
A.
Increased independence and impartiality of recommendations
Answers
B.
Better understanding of the business and processes
B.
Better understanding of the business and processes
Answers
C.
Ability to negotiate recommendations with management
C.
Ability to negotiate recommendations with management
Answers
D.
Increased IS audit staff visibility and availability throughout the year
D.
Increased IS audit staff visibility and availability throughout the year
Answers
Suggested answer: B

Question 846

Report
Export
Collapse

An IS auditor is reviewing processes for importing market price data from external data providers. Which of the following findings should the auditor consider MOST critical?

A.
The transfer protocol does not require authentication.
A.
The transfer protocol does not require authentication.
Answers
B.
The quality of the data is not monitored.
B.
The quality of the data is not monitored.
Answers
C.
Imported data is not disposed of frequently.
C.
Imported data is not disposed of frequently.
Answers
D.
The transfer protocol is not encrypted.
D.
The transfer protocol is not encrypted.
Answers
Suggested answer: A

Question 847

Report
Export
Collapse

Data from a system of sensors located outside of a network is received by the open ports on a server. Which of the following is the BEST way to ensure the integrity of the data being collected from the sensor system?

A.
Route the traffic from the sensor system through a proxy server.
A.
Route the traffic from the sensor system through a proxy server.
Answers
B.
Hash the data that is transmitted from the sensor system.
B.
Hash the data that is transmitted from the sensor system.
Answers
C.
Implement network address translation on the sensor system.
C.
Implement network address translation on the sensor system.
Answers
D.
Transmit the sensor data via a virtual private network (VPN) to the server.
D.
Transmit the sensor data via a virtual private network (VPN) to the server.
Answers
Suggested answer: B

Question 848

Report
Export
Collapse

An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?

A.
Transfer the assignment to a different audit manager despite lack of IT project management experience.
A.
Transfer the assignment to a different audit manager despite lack of IT project management experience.
Answers
B.
Outsource the audit to independent and qualified resources.
B.
Outsource the audit to independent and qualified resources.
Answers
C.
Manage the audit since there is no one else with the appropriate experience.
C.
Manage the audit since there is no one else with the appropriate experience.
Answers
D.
Have a senior IS auditor manage the project with the IS audit manager performing final review.
D.
Have a senior IS auditor manage the project with the IS audit manager performing final review.
Answers
Suggested answer: B

Question 849

Report
Export
Collapse

During an external review, an IS auditor observes an inconsistent approach in classifying system criticality within the organization. Which of the following should be recommended as the PRIMARY factor to determine system criticality?

A.
Key performance indicators (KPIs)
A.
Key performance indicators (KPIs)
Answers
B.
Mean time to restore (MTTR)
B.
Mean time to restore (MTTR)
Answers
C.
Maximum allowable downtime (MAD)
C.
Maximum allowable downtime (MAD)
Answers
D.
Recovery point objective (RPO)
D.
Recovery point objective (RPO)
Answers
Suggested answer: C

Question 850

Report
Export
Collapse

An organization's sensitive data is stored in a cloud computing environment and is encrypted. Which of the following findings should be of GREATEST concern to an IS auditor?

A.
The encryption keys are not kept under dual control.
A.
The encryption keys are not kept under dual control.
Answers
B.
The cloud vendor does not have multi-regional presence.
B.
The cloud vendor does not have multi-regional presence.
Answers
C.
Symmetric keys are used for encryption.
C.
Symmetric keys are used for encryption.
Answers
D.
Data encryption keys are accessible to the service provider.
D.
Data encryption keys are accessible to the service provider.
Answers
Suggested answer: D
Total 1.198 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms