Isaca CISA - Certified Information Systems Auditor
Which of the following activities provides an IS auditor with the MOST insight regarding potential single person dependencies that might exist within the organization?
Which of the following are BEST suited for continuous auditing?
Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following should be an IS auditor's GREATEST concern when an international organization intends to roll out a global data privacy policy?
After the merger of two organizations, which of the following is the MOST important task for an IS auditor to perform?
Which of the following is the MOST appropriate and effective fire suppression method for an unstaffed computer room?
Which of the following weaknesses would have the GREATEST impact on the effective operation of a perimeter firewall?
An information systems security officer's PRIMARY responsibility for business process applications is to:
An IS auditor has been asked to audit the proposed acquisition of new computer hardware. The auditor’s PRIMARY concern Is that:
Which of the following metrics would BEST measure the agility of an organization's IT function?
Which of the following security risks can be reduced by a property configured network firewall?
A project team has decided to switch to an agile approach to develop a replacement for an existing business application. Which of the following should an IS auditor do FIRST to ensure the effectiveness of the protect audit?
In a RAO model, which of the following roles must be assigned to only one individual?
Which of the following is the BEST way to verify the effectiveness of a data restoration process?
Which of the following is the GREATEST risk if two users have concurrent access to the same database record?
An IS auditor finds that while an organization's IT strategy is heavily focused on research and development, the majority of protects n the IT portfolio focus on operations and maintenance. Which of the Mowing is the BEST recommendation?
Which of following is MOST important to determine when conducting a post-implementation review?
The PRIMARY purpose of a configuration management system is to:
An IS auditor requests direct access to data required to perform audit procedures instead of asking management to provide the data Which of the following is the PRIMARY advantage of this approach?
Which of the following methods will BEST reduce the risk associated with the transition to a new system using technologies that are not compatible with the old system?
A financial group recently implemented new technologies and processes, Which type of IS audit would provide the GREATEST level of assurance that the department's objectives have been met?
Which of the following should be an IS auditor's PRIMARY focus when evaluating the response process for cybercrimes?
An IS auditor is reviewing a bank's service level agreement (SLA) with a third-party provider that hosts the bank's secondary data center, which of the following findings should be of GREATEST concern to the auditor?
Transaction records from a business database were inadvertently deleted, and system operators decided to restore from a snapshot copy. Which of the following provides assurance that the BEST transactions were recovered successfully?
Which of the following is the BEST way to address potential data privacy concerns associated with inadvertent disclosure of machine identifier information contained within security logs?
Which of the following is a PRIMARY responsibility of an IT steering committee?
During the discussion of a draft audit report IT management provided suitable evidence that a process has been implemented for a control that had been concluded by the IS auditor as ineffective Which of the following is the auditor's BEST action?
Users are complaining that a newly released enterprise resource planning (ERP) system is functioning too slowly. Which of the following tests during the quality assurance (QA) phase would have identified this concern?
Which of the following provides the BEST audit evidence that a firewall is configured in compliance with the organization's security policy?
In the development of a new financial application, the IS auditor's FIRST involvement should be in the:
In which of the following system development life cycle (SDLC) phases would an IS auditor expect to find that controls have been incorporated into system specifications?
An IT balanced scorecard is PRIMARILY used for:
Which of the following should be the FIRST consideration when deciding whether data should be moved to a cloud provider for storage?
Which of the following is the MOST important consideration when evaluating the data retention policy for a global organization with regional offices in multiple countries?
When planning an audit, it is acceptable for an IS auditor to rely on a third-party provider’s external audit report on service level management when the
An auditee disagrees with a recommendation for corrective action that appears in the draft engagement report. Which of the following is the IS auditor's BEST course of action when preparing the final report?
Which of the following is MOST important to consider when developing a service level agreement (SLAP)?
Which of the following is the GREATEST advantage of vulnerability scanning over penetration testing?
Which of the following is the PRIMARY reason for an IS audit manager to review the work performed by a senior IS auditor prior to presentation of a report?
in a post-implantation Nation review of a recently purchased system it is MOST important for the iS auditor to determine whether the:
Which of the following findings should be of GREATEST concern to an IS auditor reviewing an organization s newly implemented online security awareness program'?
Which of the following is the BEST method to delete sensitive information from storage media that will be reused?
The PRIMARY benefit of automating application testing is to:
Which of the following is MOST important for an IS auditor to review when determining whether IT investments are providing value to tie business?
An IS auditor is assigned to review the IS department s quality procedures. Upon contacting the IS manager, the auditor finds that there is an informal unwritten set of standards Which of the following should be the auditor's NEXT action1?
Which of the following provides the MOST useful information regarding an organization's risk appetite and tolerance?
Which of the following provides an IS auditor assurance that the interface between a point-of-sale (POS) system and the general ledger is transferring sales data completely and accurately?
When reviewing the functionality of an intrusion detection system (IDS), the IS auditor should be MOST concerned if:
An organization has engaged a third party to implement an application to perform business-critical calculations. Which of the following is the MOST important process to help ensure the application provides accurate calculations?
An IS auditor is reviewing an organization's business continuity plan (BCP) following a change in organizational structure with significant impact to business processes. Which of the following findings should be the auditor's GREATEST concern?