Free preview mode
Enjoy the free questions and consider upgrading to gain full access!
CISA
Free trial
Verified
Question 176
Which of the following would be MOST helpful to an IS auditor assessing the reliability of an organization’s network?
- A: Protocol analyzer
- B: Online monitoring
- C: Downtime report
- D: Response time report
Question 177
While conducting an IT operations audit, an internal IS auditor discovers there are backup media missing that potentially contain unencrypted data. Which of the following should be the IS auditor’s NEXT step?
- A: Review the backup media policy and procedures.
- B: Notify legal and regulatory authorities of the lost media.
- C: Write a report regarding the missing media.
- D: Determine what data is on the missing media.
Question 178
An IS auditor has found that despite an increase in phishing attacks over the past two years, there has been a significant decrease in the success rate. Which of the following is the MOST likely reason for this decline?
- A: Implementation of a security awareness program
- B: Enhanced training for incident responders
- C: Implementation of an intrusion detection system (IDS)
- D: Development of an incident response plan
Question 179
Which of the following risks is BEST mitigated by implementing an automated three-way match?
- A: Inaccurate customer records.
- B: Invalid payment processing.
- C: Inaccurate customer discounts.
- D: Purchase order delays
Question 180
An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?
- A: Requiring policy acknowledgment and nondisclosure agreements (NDAs) signed by employees
- B: Monitoring employees' social networking usage
- C: Establishing strong access controls on confidential data
- D: Providing education and guidelines to employees on use of social networking sites
Question 181
A configuration management audit identified that predefined automated procedures are used when deploying and configuring application infrastructure in a cloud-based environment. Which of the following is MOST important for the IS auditor to review?
- A: Contracts of vendors responsible for maintaining provisioning tools
- B: Number of administrators with access to cloud management consoles
- C: Processes for making changes to cloud environment specifications
- D: Storage location of configuration management documentation
Question 182
Which of the following is the PRIMARY reason to perform a risk assessment?
- A: To determine the current risk profile
- B: To ensure alignment with the business impact analysis (BIA)
- C: To help allocated budget for risk mitigation controls
- D: To achieve compliance with regulatory requirements
Question 183
Which of the following is the GREATEST benefit related to disaster recovery for an organization that has converted its infrastructure to a virtualized environment?
- A: Virtual servers decrease the recovery time objective (RTO).
- B: Virtual servers reduce the time and complexity associated with backup procedures.
- C: Virtual servers can be recreated on similar hardware faster than restoring from backups.
- D: Virtual servers eliminate the need to verify backups.
Question 184
Which of the following should be the GREATEST concern to an IS auditor reviewing an organization's method to transport sensitive data between offices?
- A: The method relies exclusively on the use of 128-bit encryption.
- B: The method relies exclusively on the use of digital signatures.
- C: The method relies exclusively on the use of asymmetric encryption algorithms.
- D: The method relies exclusively on the use of public key infrastructure (PKI).
Question 185
During a database management evaluation, an IS auditor discovers that some accounts with database administrator (DBA) privileges have been assigned a default password with an unlimited number of failed login attempts. Which of the following is the auditor's BEST course of action?
- A: Postpone the audit until adequate security and password management practices are established.
- B: Document the finding and explain the risk of having administrator accounts with inappropriate security settings.
- C: Identify accounts that have had excessive failed login attempts and request they be disabled.
- D: Request the IT manager to change administrator security parameters and update the finding.
Question 186
Which of the following is the PRIMARY purpose of performing a parallel run of a new system?
- A: To verify the new system provides required business functionality
- B: To identify any errors in the program and file interfaces immediately
- C: To compare the key performance indicators (KPIs) of the new and old systems
- D: To verify the new system produces the expected results
Question 187
Which of the following is a method to prevent disclosure of classified documents printed on a shared printer?
- A: Producing a header page with classification level for printed documents
- B: Encrypting the data stream between the user's computer and the printer
- C: Using passwords to allow authorized users to send documents to the printer
- D: Requiring a key code to be entered on the printer to produce hard copy
Question 188
Which of the following should be done FIRST when planning to conduct internal and external penetration testing for a client?
- A: Establish the timing of testing.
- B: Identify milestones.
- C: Determine the test reporting.
- D: Establish the rules of engagement.
Question 189
Due to advancements in technology and electronic records, an IS auditor has completed an engagement by email only. Which of the following did the IS auditor potentially compromise?
- A: Reporting
- B: Proficiency
- C: Due professional care
- D: Sufficient evidence
Question 190
Which of the following provides the BEST evidence of effective IT portfolio management?
- A: Programs in the IT portfolio are prioritized by each business function.
- B: The IT portfolio is updated on the basis of current industry benchmarks.
- C: The IT portfolio is updated as business strategy changes.
- D: IT portfolio updates are communicated when approved.
Question 191
Which of the following is the MOST efficient way to assess the controls in a service provider's environment?
- A: Review testing performed by the service provider's internal audit department.
- B: Require the service provider to conduct control self-assessments (CSAs).
- C: Review the service provider's master service agreement (MSA).
- D: Obtain an independent auditor's report from the service provider.
Question 192
Which of the following is the PRIMARY responsibility of an internal IS auditor regarding IT controls?
- A: Providing independent assurance to the public over IT controls implemented by the organization
- B: Continuously monitoring IT control operations and reporting any abnormal or exceptional cases
- C: Designing and deploying IT controls as part of normal operations
- D: Validating IT control effectiveness after implementation across the organization
Question 193
Which of the following should an IS auditor be MOST concerned with when reviewing the IT asset disposal process?
- A: Data stored on the asset
- B: Certificate of destruction
- C: Monetary value of the asset
- D: Data migration to the new asset
Question 194
A firewall between internal network segments improves security and reduces risk by:
- A: inspecting all traffic flowing between network segments and applying security policies.
- B: ensuring all connecting systems have appropriate security controls enabled.
- C: monitoring and reporting on sessions between network participants.
- D: logging all packets passing through network segments.
Question 195
Which of the following BEST enables an IS auditor to understand the shared control requirements between multiple cloud service providers and the customer organization?
- A: Roles and responsibilities of the IT professionals working under a shared responsibility model
- B: An industry-accepted cloud security framework for which all parties have obtained certification
- C: Logs produced by a cloud access security broker (CASB) monitoring the multi-cloud solution
- D: A risk and controls matrix that documents a clear set of actions for each party
Question 196
The BEST way to evaluate the effectiveness of a newly developed application is to:
- A: perform a post-implementation review.
- B: review acceptance testing results.
- C: perform a secure code review
- D: analyze load testing results.
Question 197
Which of the following is an IS auditor's BEST recommendation to mitigate the risk of eavesdropping associated with an application programming interface (API) integration implementation?
- A: Implement Simple Object Access Protocol (SOAP).
- B: Encrypt the extensible markup language (XML) file.
- C: Mask the API endpoints.
- D: Implement Transport Layer Security (TLS).
Question 198
Which of the following should be used to evaluate an IT development project before an investment is committed?
- A: Feasibility study
- B: Function point analysis
- C: Rapid application development
- D: Earned value analysis (EVA)
Question 199
A small business unit is implementing a control self-assessment (CSA) program and leveraging the internal audit function to test its internal controls annually. Which of the following is the MOST significant benefit of this approach?
- A: Line management is more motivated to avoid control exceptions.
- B: Business owners can focus more on their core roles.
- C: Risks are detected earlier.
- D: Compliance costs are reduced.
Question 200
An organization has recently become aware of a pervasive chip-level security vulnerability that affects all of its processors. Which of the following is the BEST way to prevent this vulnerability from being exploited?
- A: Install vendor patches.
- B: Review security log incidents.
- C: Implement security awareness training.
- D: Review hardware vendor contracts.
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!