Certified Information Systems Auditor v1.0 (CISA)

Page:    1 / 70   
Total 1055 questions

Which of the following is the BEST performance indicator for the effectiveness of an incident management program?

  • A. Incident alert meantime
  • B. Number of incidents reported
  • C. Average time between incidents
  • D. Incident resolution meantime


Answer : D

Backups will MOST effectively minimize a disruptive incident's impact on a business if they are:

  • A. taken according to recovery point objectives (RPOs).
  • B. scheduled according to the service delivery objectives.
  • C. performed by automated backup software on a fixed schedule.
  • D. stored on write-once read-many media.


Answer : B

An IS audit reveals that an organization is not proactively addressing known vulnerabilities. Which of the following should the IS auditor recommend the organization do FIRST?

  • A. Ensure the intrusion prevention system (IPS) is effective.
  • B. Verify the disaster recovery plan (DRP) has been tested.
  • C. Assess the security risks to the business.
  • D. Confirm the incident response team understands the issue.


Answer : C

An IS auditor has completed the fieldwork phase of a network security review and is preparing the initial draft of the audit report. Which of the following findings should be ranked as the HIGHEST risk?

  • A. Network penetration tests are not performed.
  • B. The network firewall policy has not been approved by the information security officer.
  • C. Network firewall rules have not been documented.
  • D. The network device inventory is incomplete.


Answer : D

Which of the following is the PRIMARY advantage of parallel processing for a new system implementation?

  • A. Assurance that the new system meets functional requirements
  • B. Significant cost savings over other system implementation approaches
  • C. More time for users to complete training for the new system
  • D. Assurance that the new system meets performance requirements


Answer : A

During an internal audit of automated controls, an IS auditor identifies that the integrity of data transfer between systems has not been tested since successful implementation two years ago. Which of the following should the auditor do NEXT?

  • A. Review previous system interface testing records.
  • B. Document the finding in the audit report.
  • C. Review relevant system changes.
  • D. Review IT testing policies and procedures.


Answer : C

The MAIN benefit of using an integrated test facility (ITF) as an online auditing technique is that it enables:

  • A. the integration of financial and audit tests.
  • B. auditors to test without impacting production data.
  • C. a cost-effective approach to application controls audit.
  • D. auditors to investigate fraudulent transactions.


Answer : B

Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?

  • A. Adherence to best practice and industry approved methodologies
  • B. Frequency of meetings where the business discusses the IT portfolio
  • C. Assignment of responsibility for each project to an IT team member
  • D. Controls to minimize risk and maximize value for the IT portfolio


Answer : D

Which of the following would BEST facilitate the successful implementation of an IT-related framework?

  • A. Establishing committees to support and oversee framework activities
  • B. Documenting IT-related policies and procedures
  • C. Aligning the framework to industry best practices
  • D. Involving appropriate business representation within the framework


Answer : D

What is the MAIN reason to use incremental backups?

  • A. To increase backup resiliency and redundancy
  • B. To reduce costs associates with backups
  • C. To improve key availability metrics
  • D. To minimize the backup time and resources


Answer : D

When auditing the security architecture of an online application, an IS auditor should FIRST review the:

  • A. location of the firewall within the network.
  • B. firewall standards.
  • C. firmware version of the firewall.
  • D. configuration of the firewall.


Answer : D

An organization is planning an acquisition and has engaged an IS auditor to evaluate the IT governance framework of the target company. Which of the following would be MOST helpful in determining the effectiveness of the framework?

  • A. Recent third-party IS audit reports
  • B. Current and previous internal IS audit reports
  • C. IT performance benchmarking reports with competitors
  • D. Self-assessment reports of IT capability and maturity


Answer : A

Due to limited storage capacity, an organization has decided to reduce the actual retention period for media containing completed low-value transactions. Which of the following is MOST important for the organization to ensure?

  • A. The policy includes a strong risk-based approach.
  • B. The retention period complies with data owner responsibilities.
  • C. The retention period allows for review during the year-end audit.
  • D. The total transaction amount has no impact on financial reporting.


Answer : A

Which of the following should an IS auditor be MOST concerned with during a post-implementation review?

  • A. The system does not have a maintenance plan.
  • B. The system contains several minor defects.
  • C. The system deployment was delayed by three weeks.
  • D. The system was over budget by 15%.


Answer : B

Which of the following is the PRIMARY basis on which audit objectives are established?

  • A. Audit risk
  • B. Consideration of risks
  • C. Assessment of prior audits
  • D. Business strategy


Answer : B

Page:    1 / 70   
Total 1055 questions