Free preview mode
Enjoy the free questions and consider upgrading to gain full access!
CISA
Free trial
Verified
Question 276
The BEST way to provide assurance that a project is adhering to the project plan is to:
- A: conduct compliance audits at major system milestones.
- B: require design reviews at appropriate points in the life cycle.
- C: have an IS auditor participate on the quality assurance (QA) team.
- D: have an IS auditor participate on the steering committee.
Question 277
An organization requires any travel and entertainment expenses over $10,000 to be approved by senior management. Which of the following is the MOST effective way to mitigate the risk that employees will split invoices to avoid the approval process?
- A: Develop computer-assisted audit techniques (CAATs) to check the full year's transactions.
- B: Adopt a zero-tolerance policy that requires termination of employees who submitted fraudulent claims.
- C: Establish a whistle-blowing policy that allows employees to report suspicious activity anonymously.
- D: Review alerts generated from continuous auditing scripts for suspicious claims submitted.
Question 278
During the evaluation of controls over a major application development project, the MOST effective use of an IS auditor's time would be to review and evaluate:
- A: cost-benefit analysis.
- B: acceptance testing.
- C: application test cases.
- D: project plans.
Question 279
An organization needs to comply with data privacy regulations forbidding the display of personally identifiable information (PII) on customer bills or receipts.
However, it is a business requirement to display at least one attribute so that customers can verify the bills or receipts are intended for them. What is the BEST recommendation?
- A: Data sanitization
- B: Data masking
- C: Data encryption
- D: Data tokenization
Question 280
Which of the following is the BEST sampling method to use when relatively few errors are expected to be found in a population?
- A: Variable sampling
- B: Stop-or-go sampling
- C: Discovery sampling
- D: Judgmental sampling
Question 281
Following a security incident, which of the following BEST enables the integrity of the data captured during a forensic investigation?
- A: An expert presenting the results of forensic analysis
- B: Comparison of the hash of data files in storage
- C: Comparison of the data with printouts from the investigation
- D: Maintenance of chain of custody
Question 282
During an audit, an IT finding is agreed upon by all IT teams involved, but no team wants to be responsible for remediation or considers the finding within its area of responsibility. Which of the following is the IS auditor's BEST course of action?
- A: Determine the most appropriate team and assign accordingly.
- B: Issue the finding without identifying an owner.
- C: Escalate to IT management for resolution.
- D: Assign shared responsibility to all IT teams.
Question 283
During an organization's implementation of a data loss prevention (DLP) solution, which of the following activities should be completed FIRST?
- A: Configuring rule sets
- B: Enabling detection points
- C: Establishing exceptions workflow
- D: Configuring reports
Question 284
Which of the following development practices would BEST mitigate the risk associated with theft of user credentials transmitted between mobile devices and the corporate network?
- A: Enforce the validation of digital certificates used in the communication sessions.
- B: Release mobile applications in debugging mode to allow for easy troubleshooting.
- C: Embed cryptographic keys within the mobile application source code.
- D: Allow persistent sessions behveen mobile applications and the corporate network.
Question 285
An IS auditor noted a recent production incident in which a teller transaction system incorrectly charged fees to customers due to a defect from a recent release. Which of the following should be the auditor's NEXT step?
- A: Evaluate developer training.
- B: Evaluate secure code practices.
- C: Evaluate the incident management process.
- D: Evaluate the change management process.
Question 286
Which of the following changes intended to improve and streamline an organization's incident management process would be a potential concern to an IS auditor?
- A: Implementing automatic reporting for all open incidents over three months old
- B: Enabling the capability for the individual reporting the incident to assign priority to a ticket
- C: Configuring automated messaging to service lines notifying them of the status of the ticket
- D: Introducing self-service functions for selected low-complexity incident types
Question 287
Which type of risk would MOST influence the selection of a sampling methodology?
- A: Inherent
- B: Residual
- C: Control
- D: Detection
Question 288
Which of the following should be responsible for verifying changes to an application are authorized?
- A: Project oversight board
- B: Business line management
- C: Release management team
- D: Steering committee
Question 289
Which of the following is the PRIMARY reason an IS auditor should discuss observations with management before delivering a final report?
- A: Identify business risks associated with the observations.
- B: Validate the audit observations.
- C: Assist the management with control enhancements.
- D: Record the proposed course of corrective action.
Question 290
A business has requested an audit to determine whether information stored in an application is adequately protected. Which of the following is the MOST important action before the audit work begins?
- A: Assess the threat landscape.
- B: Perform penetration testing.
- C: Review remediation reports.
- D: Establish control objectives.
That’s the end of your free questions
You’ve reached the preview limit for CISAConsider upgrading to gain full access!
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!