ISACA.CISA.v2022-04-06.

q154

Exam Code: CISA

Exam Name: Certified Information Systems Auditor
Certification Provider: ISACA
Free Question Number: 154
Version: v2022-04-06
# of views: 143
# of Questions views: 1880
https://www.freecram.net/torrent/ISACA.CISA.v2022-04-06.q154.html

NEW QUESTION: 1
Which of the following should an IS auditor review FIRST when planning a customer data privacy
audit?
A. Customer agreements
B. Data classification
C. Legal and compliance requirements
D. Organizational policies and procedures
Answer: (SHOW ANSWER)

NEW QUESTION: 2
The members of an emergency modem response team should be:
A. assigned at the time of each incident.
B. restricted to IT personnel.
C. appointed by the CISO.
D. selected from multiple departments
Answer: (SHOW ANSWER)

NEW QUESTION: 3
During a review of an organization's network threat response process, the IS auditor noticed that
the majority of alerts were closed without resolution. Management responded that those alerts
were unworkable doe to lack of actionable intelligence, and therefore the support team is allowed
to dose them. What is the BEST way for the auditor to address this
A. Recommend that management enhance the policy and improve threat awareness training.
B. Further review closed unactioned alerts to identify mishandling of threats.
C. Omit the finding from the report as this practice is in compliance with the current policy.
D. Reopen unactioned alerts and report to the audit committee.
Answer: (SHOW ANSWER)
NEW QUESTION: 4
An IS auditor is executing a risk-based IS audit strategy to ensure that key areas are audited
Which of the following should be of GREATEST concern to the auditor?
A. The risk assessment approach has not been approved by the risk manager
B. The risk assessment methodology relies on subjective audit judgments at certain points of the
process
C. The risk assessment database does not include a complete audit universe
D. The risk assessment methodology does not permit the collection of financial audit data
Answer: (SHOW ANSWER)

NEW QUESTION: 5
Which of the following provides the BEST method for maintaining the security of corporate
applications pushed to employee-owned mobile devices?
A. Implementing mobile device management (MDM)
B. Disabling unnecessary network connectivity options
C. Enabling remote data destruction capabilities
D. Requiring security awareness training for mobile users
Answer: (SHOW ANSWER)

NEW QUESTION: 6
An IS auditor is reviewing security controls related to collaboration to unit responsible for
intellectual property and patents. Which of the following observations should be of MOST concern
to the auditor?
A. Logging and monitoring for content filtering is not enabled.
B. The collaboration tool is hosted and can only be accessed via an Internet browser.
C. Training was not provided to the department that handles intellectual property and patents
D. Employees can share files with users outside the company through collaboration tools
Answer: (SHOW ANSWER)

NEW QUESTION: 7
When responding to an ongoing Daniel of service (DoS) attack, an organization's FIRST course
of action should be to:
A. restore service
B. investigate damage
C. analyze the attack path.
D. minimize impact
Answer: (SHOW ANSWER)

NEW QUESTION: 8
Which of the following provides the MOST comprehensive description of IT's role in an
organization?
A. IT charter
B. IT organizational chart
C. IT job description
D. IT project portfolio
Answer: (SHOW ANSWER)

NEW QUESTION: 9
Which of the following metrics would BEST measure the agility of an organization's IT function?
A. Percentage of staff with sufficient IT-related skills for the competency required of their roles.
B. Average number of learning and training hours per IT staff member
C. Average time to turn strategy IT objectives into an agreed upon and approved initiative.
D. Frequency of security assessments against the most recent standards and guidelines.
Answer: (SHOW ANSWER)

NEW QUESTION: 10

A. Black box penetration test report

B. Independent control assessment
C. Vulnerability scan report
D. The third party's control self-assessment (CSA)
Answer: (SHOW ANSWER)

NEW QUESTION: 11
While planning a review of IT governance, the IS auditor is MOST likely to:
A. assess whether business process owner responsibilities are consistent across the
organization.
B. obtain information about the framework of control adopted by management
C. review compliance with policies and procedures issued by the board of directors,
D. examine audit committee minutes for IS-related matters and their control
Answer: (SHOW ANSWER)

NEW QUESTION: 12
What is BEST for an IS auditor lo review when assessing the effectiveness of changes recently
made to processes and tools related to an organization's business continuity plan (BCP)?
A. Updated inventory of systems
B. Full test results
C. Change management processes
D. Completed test plans
Answer: (SHOW ANSWER)

NEW QUESTION: 13
An IS auditor has discovered that unauthorized customer management software was installed on
a workstation. The auditor determines the software has been uploading customer data to an
external party Which of the following is the IS auditor's BEST course of action?
A. Review other workstations to determine the extent of the incident
B. Present the issue at the next audit progress meeting.
C. Notify the incident response team
D. Determine the number of customer records that were uploaded
Answer: (SHOW ANSWER)

NEW QUESTION: 14
An IS auditor is examining a front-end sub ledger and a main ledger Which of the following would
be the GREATEST concern if there are flaws in the mapping of accounts between the two
systems?
A. Inaccuracy of financial reporting
B. inability to support new business Transactions
C. Double-posting of a single journal entry
D. Unauthorized alteration of account attributes
Answer: (SHOW ANSWER)

NEW QUESTION: 15
During an operational audit of a biometric system used to control physical access, which of the
following should be of GREATEST concern to an IS auditor?
A. False positives
B. User acceptance of biometrics
C. Lack of biometric training
D. False negatives
Answer: (SHOW ANSWER)

NEW QUESTION: 16
Which of the following provides the MOST assurance over the completeness and accuracy of
loan application processing with respect to the implementation of a new system?
A. Running historical transactions through the new system
B. Reviewing quality assurance (QA) procedures
C. Comparing code between old and new systems
D. Loading balance and transaction data to the new system
Answer: (SHOW ANSWER)
 Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam! Fast2test.com
now offer the newest CISA exam dumps, the Fast2test.com CISA exam questions have
been updated and answers have been corrected get the newest Fast2test.com CISA
dumps with Test Engine here: https://www.fast2test.com/CISA-premium-file.html (440 Q&As
Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 17
Which of the following should be defined in an audit charter?
A. Audit results
B. Audit authority
C. Audit methodology
D. Audit schedule
Answer: B (LEAVE A REPLY)

NEW QUESTION: 18
The PRIMARY benefit of information asset classification is that it:
A. facilitates budgeting accuracy.
B. enables risk management decisions.
C. helps to align organizational objectives.
D. prevents loss of assets.
Answer: (SHOW ANSWER)

NEW QUESTION: 19
When auditing the closing stages of a system development project, which of the following should
be the MOST important consideration?
A. Rollback procedures
B. User acceptance test (UAT) results
C. Control requirements
D. Functional requirements documentation
Answer: (SHOW ANSWER)

NEW QUESTION: 20

A. The implementation team does not have access to change the source code.
B. A second individual performs code review before the change is released to production.
C. The developer approves changes prior to moving them to the change folder.
D. The implementation team does not have experience writing code.
Answer: (SHOW ANSWER)
NEW QUESTION: 21
Which of the following is MOST likely to be detected by an IS auditor applying data analytic
techniques?
A. Issues resulting from an unsecured application automatically uploading transactions to the
general ledger
B. Completion of inappropriate cross-border transmission of personally identifiable information
(Pll)
C. Unauthorized salary or benefit changes to the payroll system generated by authorized users
D. Potentially fraudulent invoice payments originating within the accounts payable department
Answer: (SHOW ANSWER)

NEW QUESTION: 22
An IS auditor finds the log management system is overwhelmed with false positive alerts. The
auditor's BEST recommendation would be to:
A. reduce the firewall rules.
B. establish criteria for reviewing alerts.
C. fine tune the intrusion detection system (IDS).
D. recruit more monitoring personnel.
Answer: (SHOW ANSWER)

NEW QUESTION: 23
During a review of an organizations network threat response process, the IS auditor noticed that
the majority of alerts were closed without resolution.
Management responded that those alerts were unworkable due to lack of actionable intelligence,
and therefore the support team is allowed to close them. What is the BEST way for the auditor to
address this situation?'
A. Reopen unactioned alerts and report to the audit committee.
B. Recommend that management enhance the policy and improve threat awareness training.
C. Omit the finding from the report as this practice is in compliance with the current policy.
D. Further review closed unactioned alerts to identify mishandling of threats.
Answer: (SHOW ANSWER)

NEW QUESTION: 24
The PRIMARY focus of audit follow-up reports should be to:
A. verify the completion date of the implementation.
B. determine if past findings are still relevant.
C. determine if audit recommendations have been implemented.
D. assess if new risks have developed.
Answer: (SHOW ANSWER)
NEW QUESTION: 25
An advantage of object-oriented system development is that it:
A. partitions systems into a client/server architecture.
B. decreases the need for system documentation.
C. is suited to data with complex relationships.
D. is easier to code than procedural languages.
Answer: (SHOW ANSWER)

NEW QUESTION: 26
An IS auditor is reviewing the business requirements for the deployment of a new website Which
of the following cryptographic systems would provide the BEST evidence of secure
communications on the internet?
A. IP Security (IPSEC)
B. Wi-Fi Protected Access 2 (WPA2)
C. Secure Shell (SSH)
D. Transport Layer Security (TLS)
Answer: (SHOW ANSWER)

NEW QUESTION: 27
Which of the following should be of GREATEST concern to an IS auditor conducting an audit of
an organization that recently experienced a ransomware attack?
A. Antivirus software was unable to prevent the attack even though it was properly updated.
B. Backups were only performed within the local network.
C. Employees were not trained on cybersecurity policies and procedures.
D. The most recent security patches were not tested prior to implementation.
Answer: B (LEAVE A REPLY)

NEW QUESTION: 28
Which of the following is MOST important to ensure when planning a black box penetration test?
A. Diagrams of the organization's network architecture are available
B. The management of the client organization is aware of the testing
C. The test results will be documented and communicated to management.
D. The environment and penetration test scope have been determined
Answer: (SHOW ANSWER)

NEW QUESTION: 29
When Is the BEST time to commence continuity planning for a new application system?
A. Just prior to the handover to the system maintenance group
B. Following successful user testing
C. Immediately after implementation
D. During the design phase
Answer: (SHOW ANSWER)

NEW QUESTION: 30

A. Inherent
B. Control
C. Residual
D. Audit
Answer: (SHOW ANSWER)

NEW QUESTION: 31
An IS audit of notes the transaction processing times in an order processing system have
significantly increased after a major release Which of the following should the IS auditor review
FIRST?
A. Database conversion results
B. Stress testing results
C. Capacity management plan
D. Training plans
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam! Fast2test.com
now offer the newest CISA exam dumps, the Fast2test.com CISA exam questions have
been updated and answers have been corrected get the newest Fast2test.com CISA
dumps with Test Engine here: https://www.fast2test.com/CISA-premium-file.html (440 Q&As
Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 32
An IS auditor performing a review of a newly purchased software program notes that an escrow
agreement has been executed for acquiring the source code. What is MOST important for the IS
auditor to verify?
A. The vendor Is financially viable
B. The source code is being held by an independent third party
C. Product acceptance testing has been completed.
D. The source code is being updated for each change
Answer: (SHOW ANSWER)

NEW QUESTION: 33
Which of the following should be done FIRST to develop an effective business continuity plan
(BCP)?
A. Perform a business impact analysis (BIA).
B. Create a business unit communications plan.
C. Secure an alternate processing site
D. Create a disaster recovery plan (DRP).
Answer: (SHOW ANSWER)

NEW QUESTION: 34
When reviewing a data classification scheme, it is MOST important for an IS auditor to determine
if.
A. Senior IT managers are identified as information owner.
B. the security criteria are clearly documented for each classification
C. the information owner is required to approve access to the asset
D. each information asset is to a assigned to a different classification.
Answer: (SHOW ANSWER)

NEW QUESTION: 35
Which of the following testing methods is MOST appropriate for assessing whether system
integrity has been maintained after changes have been made?
A. Acceptance testing
B. Unit testing
C. Integration testing
D. Regression testing
Answer: (SHOW ANSWER)

NEW QUESTION: 36
Which of the following would be MOST time and cost efficient when performing a control self-
assessment (CSA) for an organization with a large number of widely dispersed employees?
A. Survey questionnaire
B. Face-to-face interviews
C. Top-down and bottom-up analysis
D. Facilitated workshops
Answer: A (LEAVE A REPLY)

NEW QUESTION: 37
An IS auditor is evaluating the security of an organization's data Backup process, which includes
the Transmission of daily incremental backups to a public cloud provider. Which of the following
findings poses the GREATEST risk to the organization?
A. The archived data log is incomplete.
B. Data recovery testing is conducted quarterly
C. Backup transmissions occasionally fail
D. Backup transmissions are not encrypted.
Answer: D (LEAVE A REPLY)

NEW QUESTION: 38
The MOST important function of a business continuity plan (BCP) is to.
A. provide procedures for evaluating tests of the BCP
B. ensure that the critical business functions can be recovered
C. ensure that all business functions are restored
D. provide a schedule of events that has to occur if there is a disaster
Answer: (SHOW ANSWER)

NEW QUESTION: 39
Which cloud deployment model is MOST likely to be limited in scalability?
A. Hybrid
B. Public
C. Community
D. Private
Answer: (SHOW ANSWER)

NEW QUESTION: 40

A. has a decreased risk of leakage.

B. is more effective at suppressing flames.
C. allows more time to abort release of the suppressant
D. disperses dry chemical suppressants exclusively.
Answer: (SHOW ANSWER)

NEW QUESTION: 41
An organization seeks to control costs related to storage media throughout the information life
cycle while still meeting business and regulatory requirements. Which of the following is the BEST
way to achieve this objective?
A. Utilize solid state memory.
B. Stream backups to the cloud.
C. Implement a data retention policy.
D. Perform periodic tape backups.
Answer: (SHOW ANSWER)

NEW QUESTION: 42
Which of the following is the PRIMARY concern when negotiating a contract for a hot site?
A. Availability of the site in the event of multiple disaster declarations
B. Complete testing of the recovery plan
C. Reciprocal agreements with other organizations
D. Coordination with the site staff in the event of multiple disaster declarations
Answer: (SHOW ANSWER)

NEW QUESTION: 43
Which of the following observations would an IS auditor consider the GREATEST risk when
conducting an audit of a virtual server farm for potential software vulnerabilities?
A. Antivirus software has been implemented on the guest operating system only.
B. A variety of guest operating systems operate on one virtual server.
C. Guest operating systems are updated monthly
D. The hypervisor is updated quarterly.
Answer: (SHOW ANSWER)

NEW QUESTION: 44
Which of the following is MOST important for an IS auditor to examine when reviewing an
organization's privacy policy?
A. The encryption mechanism selected by the organization for protecting personal data.
B. The organization's legitimate purpose tor collecting personal data.
C. Whether there is explicit permission from regulators to collect personal data.
D. Whether sharing of personal information with third-party service providers is prohibited.
Answer: (SHOW ANSWER)

NEW QUESTION: 45
Which of the following BEST enables system resiliency for an e-commerce organization that
requires a low recovery time objective (RTO) and a few recovery point objective (RPO)?
A. Nightly backups
B. Mirrored sites
C. Remote backups
D. Redundant arrays
Answer: (SHOW ANSWER)

NEW QUESTION: 46
To address issues related to privileged users identified in an IS audit, management implemented
a security information and event management (SIEM) system. Which type of control is in place?
A. Corrective
B. Preventive
C. Detective
D. Directive
Answer: (SHOW ANSWER)
 Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam! Fast2test.com
now offer the newest CISA exam dumps, the Fast2test.com CISA exam questions have
been updated and answers have been corrected get the newest Fast2test.com CISA
dumps with Test Engine here: https://www.fast2test.com/CISA-premium-file.html (440 Q&As
Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 47
An IS auditor is reviewing documentation of application systems change control and identifies
several patches that were not tested before being put into production. Which of the following is
the MOST significant risk from this situation?
A. Outdated system documentation
B. Developer access to production
C. Lack of system integrity
D. Loss of application support
Answer: (SHOW ANSWER)

NEW QUESTION: 48
An IS auditor is conducting a post-implementation review of an enterprise resource planning
(ERP) system End users indicated concerns with the accuracy of critical automatic calculations
made by the system. The auditor's FIRST course of action should be to:
A. review initial business requirements
B. verify results to determine validity of user concerns
C. review recent changes to the system
D. verify completeness of user acceptance testing
Answer: (SHOW ANSWER)

NEW QUESTION: 49
Which of the following is the MOST important prerequisite for implementing a data loss prevention
(DLP) tool?
A. Reviewing data transfer logs to determine historical patterns of data flow
B. Requiring users to save files in secured folders instead of a company-wide shared drive
C. Developing a DLP policy and requiring signed acknowledgment by users
D. Identifying where existing data resides and establishing a data classification matrix
Answer: (SHOW ANSWER)

NEW QUESTION: 50
A. Configure users on the mobile device management (MOM) solution.
B. Conduct security awareness training.
C. Create inventory records of personal devices.
D. Implement an acceptable use policy.
Answer: (SHOW ANSWER)

NEW QUESTION: 51
In the case of a disaster where the data center is no longer available which of the following tasks
should be done FIRST?
A. Analyze risk
B. Perform data recovery
C. Activate the call tree
D. Arrange for a secondary site
Answer: (SHOW ANSWER)

NEW QUESTION: 52
A computer forensic audit is MOST relevant in which of the following situations?
A. Inadequate controls in the IT environment
B. Mismatches in transaction data
C. Data loss due to hacking of servers
D. Missing server patches
Answer: (SHOW ANSWER)

NEW QUESTION: 53
Which of the following is MOST important for an organization to complete prior to developing its
disaster recovery plan (DRP)?
A. Comprehensive IT inventory
B. Business impact analysis (BIA)
C. Support staff skills gap analysis
D. Risk assessment
Answer: (SHOW ANSWER)

NEW QUESTION: 54
A review of an organization's IT portfolio revealed several applications that are not in use. The
BEST way to prevent this situation from recurring would be to implement.
A. Asset life cycle management.
B. Business case development procedures
C. An information asset acquisition policy
D. A formal request for proposal (RFP) process
Answer: (SHOW ANSWER)
NEW QUESTION: 55
When reviewing tin organization's information security policies. an IS auditor should verily that the
polices have been defined PRIMARILY on the basis of
A. a risk management process
B. industry best practices
C. an information security framework.
D. past information security incidents
Answer: C (LEAVE A REPLY)

NEW QUESTION: 56
As part of an audit response, an auditee has concerns with the recommendations and is hesitant
to implement them. Which of the following would be the BEST course of action for the IS auditor?
A. Issue a final report without including the opinion of the auditee.
B. Accept the auditee's response and perform additional testing.
C. Suggest hiring a third-party consultant to perform a current state assessment.
D. Conduct further discussions with the auditee to develop a mitigation plan.
Answer: (SHOW ANSWER)

NEW QUESTION: 57
The PRIMARY role of a control self-assessment (CSA) facilitator is lo:
A. focus the team on internal controls.
B. report on the internal control weaknesses
C. conduct interviews to gain background information.
D. provide solutions (or control weaknesses
Answer: (SHOW ANSWER)

NEW QUESTION: 58
Which of the following would MOST likely impair the independence of the IS auditor when
performing a post-implementation review of an application system?
A. The IS auditor implemented a specific control during the development of the application
system.
B. The IS auditor designed an embedded audit module exclusively for auditing the application
system.
C. The IS auditor participated as a member of the application system pro)ecl team.
but did not have operational responsibilities.
D. The IS auditor provided consulting advice concerning application system best practices.
Answer: A (LEAVE A REPLY)

NEW QUESTION: 59
Which of the following is the PRIMARY advantage of using virtualization technology for corporate
applications?
A. Improved disaster recovery
B. Better utilization of resources
C. Stronger data security
D. Increased application performance
Answer: (SHOW ANSWER)

NEW QUESTION: 60

A. No employee awareness training and education program

B. No official charter for the information security management system
C. No periodic assessments to identify threats and vulnerabilities
D. No dedicated security officer
Answer: (SHOW ANSWER)

NEW QUESTION: 61
IS management has recently disabled certain referential integrity controls in the database
management system (DBMS) software to provide users increased query performance Which of
the following controls win MOST effectively compensate for the lack of referential integrity?
A. Periodic table link checks
B. Performance monitoring tools
C. More frequent data backups
D. Concurrent access controls
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam! Fast2test.com
now offer the newest CISA exam dumps, the Fast2test.com CISA exam questions have
been updated and answers have been corrected get the newest Fast2test.com CISA
dumps with Test Engine here: https://www.fast2test.com/CISA-premium-file.html (440 Q&As
Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 62
Which of the following is the MOST important consideration for an organization when strategizing
to comply with privacy regulations?
A. Ensuring up-to-date knowledge of where customer personal data is saved
B. Ensuring there are staff members with in-depth knowledge of the regulations.
C. Ensuring contracts with third parties that process customer data are regularly updated
D. Ensuring regular access recertification to information systems
Answer: (SHOW ANSWER)
NEW QUESTION: 63
To create a digital signature in a message using asymmetric encryption, it is necessary to:
A. First use a symmetric algorithm for the authentication sequence.
B. encrypt the authentication sequence using a private key.
C. transmit the actual digital signature in unencrypted clear text.
D. encrypt the authentication sequence using a public key.
Answer: (SHOW ANSWER)

NEW QUESTION: 64
A USB device containing sensitive production data was lost by an employee and its contents
were subsequently found published online Which of the following controls is the BEST
recommendation to prevent a similar recurrence?
A. Using a strong encryption algorithm
B. Monitoring data being downloaded on USB devices
C. Training users on USB device security
D. Electronically tracking portable devices
Answer: (SHOW ANSWER)

NEW QUESTION: 65
Which of the following is the PRIMARY reason for using a digital signature?
A. Provide confidentiality to the transmission
B. Provide availability to the transmission
C. Authenticate the sender of a message
D. Verify the integrity of the data and the identity of the recipient
Answer: (SHOW ANSWER)

NEW QUESTION: 66
Which of the following will MOST likely compromise the control provided by a digital signature
created using RSA encryption?
A. Reversing the hash function using the digest
B. Deciphering the receiver's public key
C. Obtaining the sender's private key
D. Altering the plaintext message
Answer: (SHOW ANSWER)

NEW QUESTION: 67
Due to system limitations, segregation of duties (SoD) cannot be enforced in an accounts payable
system. Which of the following is the IS auditor s BEST recommendation for a compensating
control?
A. Review payment transaction history.
B. Restrict payment authorization to senior staff members
C. Require written authorization for all payment transactions.
D. Reconcile payment transactions with invoices.
Answer: (SHOW ANSWER)

NEW QUESTION: 68
Which of the following Is the BEST method to prevent wire transfer fraud by bank employees?
A. System-enforced dual control
B. Independent reconciliation
C. Two-factor authentication control
D. Re-keying of wire dollar amounts
Answer: (SHOW ANSWER)

NEW QUESTION: 69
An organization's information security department has recently created a centralized governance
model to ensure that network-related findings are remediated within the service level agreement
(SLA). What should the IS auditor use to assess the maturity and capability of this governance
model?
A. Key data elements
B. Key risk indicators (KRIs)
C. Key performance indicators (KPIs)
D. Key process controls
Answer: (SHOW ANSWER)

NEW QUESTION: 70

A. Discovery sampling
B. Variable sampling
C. Judgemental sampling
D. Stratified sampling
Answer: (SHOW ANSWER)

NEW QUESTION: 71
Which of the following is necessary for effective risk management in IT governance?
A. Risk evaluation is embedded in management processes.
B. Local managers are solely responsible for risk evaluation
C. Risk management strategy is approved by the audit committee
D. IT risk management is separate from corporate risk management
Answer: (SHOW ANSWER)
NEW QUESTION: 72
An evaluation of an IT department finds that some IT goals do not align with the organization's
goals. Which of the following would be the GREATEST impact?
A. IT may not meet thresholds on the balanced scorecard
B. IT may prioritize projects with little perceived value outside the department
C. IT goals may not be valued across the organization
D. IT resources may not be effectively managed
Answer: (SHOW ANSWER)

NEW QUESTION: 73
Which of the following is the BEST use of a balanced scorecard when evaluating IT performance?
A. Monitoring alignment of IT with the rest of the organization
B. Determining compliance with relevant regulatory requirements
C. Monitoring alignment of the IT project portfolio to budget
D. Evaluating implementation of the business strategy
Answer: (SHOW ANSWER)

NEW QUESTION: 74
Which of the following is the BEST compensating control when segregation of duties is lacking in
a small IS department?
A. Mandatory holidays
B. User awareness training
C. Background checks
D. Transaction log review
Answer: (SHOW ANSWER)

NEW QUESTION: 75
An organization's enterprise architecture (EA) department decides to change a legacy system's
components while maintaining its original functionality Which of the following is MOST important
for an IS auditor to understand when reviewing this decision?
A. The current business capabilities delivered by the legacy system.
B. The database entity relationships within the legacy system
C. The proposed network topology to be used by the redesigned system
D. The data flows between the components to be used by the redesigned system
Answer: (SHOW ANSWER)

NEW QUESTION: 76
During an audit of a financial application, it was determined that many terminated users' accounts
were not disabled. Which of the following should be the IS auditors NEXT step?
A. Perform a review of terminated users' account activity.
B. Perform substantive testing of terminated users' access rights.
C. Communicate risks to the application owner.
D. Conclude that IT general controls are ineffective.
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam! Fast2test.com
now offer the newest CISA exam dumps, the Fast2test.com CISA exam questions have
been updated and answers have been corrected get the newest Fast2test.com CISA
dumps with Test Engine here: https://www.fast2test.com/CISA-premium-file.html (440 Q&As
Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 77
The PRIMARY objective of IT service level management is to.
A. manage computer operations activities.
B. increase awareness of IT services
C. improve IT cost control
D. satisfy customer requirements.
Answer: (SHOW ANSWER)

NEW QUESTION: 78
Invoking a business continuity plan (BCP) is demonstrating which type of control?
A. Detective
B. Preventive
C. Corrective
D. Directive
Answer: (SHOW ANSWER)

NEW QUESTION: 79
An organization is shifting to a remote workforce. In preparation, the IT department is performing
stress and capacity testing of remote access infrastructure and systems. What type of control is
being implemented?
A. Directive
B. Compensating
C. Detective
D. Preventive
Answer: (SHOW ANSWER)

NEW QUESTION: 80
A. The bot can only select samples from the current period.
B. Data must be validated manually before being loaded into the bot.
C. Evidence of population completeness is not maintained.
D. Auditor judgment is removed from the process
Answer: (SHOW ANSWER)

NEW QUESTION: 81
During a review, an IS auditor discovers that corporate users are able to access cloud-based
applications and data from any Internet-connected web browser. Which of the following is the
auditor's BEST recommendation to help prevent unauthorized access?
A. Implement multi-factor authentication.
B. Implement an intrusion detection system (IDS).
C. Utilize strong anti-malware controls on all computing devices.
D. Update security policies and procedures.
Answer: (SHOW ANSWER)

NEW QUESTION: 82
An IS auditor is planning an audit of an organization's accounts payable processes. Which of the
following controls is I to assess m the audit?
A. Management review and approval of purchase orders
B. Segregation of duties between issuing purchase orders and making payments
C. Segregation of duties between receiving invoices and setting authorization limits
D. Management review and approval of authorization tiers
Answer: (SHOW ANSWER)

NEW QUESTION: 83
Which of the following is a challenge in developing a service level agreement (SLA) for network
services?
A. Establishing a well-designed framework for network services
B. Finding performance metrics that can be measured properly
C. Ensuring that network components are not modified by the client
D. Reducing the number of entry points into the network
Answer: (SHOW ANSWER)

NEW QUESTION: 84
During the implementation of an enterprise resource planning (ERP) system, an IS auditor is
reviewing the results of user acceptance testing (UAT). The auditor's PRIMARY focus should be
to determine if:
A. system integration testing was performed.
B. application interfaces have been satisfactorily tested.
C. all errors found in the testing process have been corrected.
D. the business process owner has signed off on the results.
Answer: (SHOW ANSWER)

NEW QUESTION: 85
Which of the following would be the BEST Indicator of the effectiveness of an organization's
portfolio management program?
A. Experience of the portfolio management personnel
B. Percentage of investments achieving their forecasted value
C. Maturity levels of the value management processes
D. Stakeholders' perception of IFs value
Answer: (SHOW ANSWER)

NEW QUESTION: 86
An IS auditor Is reviewing an organization's business continuity plan (BCP) following a change in
organizational structure with significant impact to business processes Which of the following
findings should be me auditor's GREATEST concern?
A. The most recent business impact analysts (BIA) was performed two years before the
reorganization
B. A test plan for the BCP has not been completed during the last two years.
C. Key business process end users did not participate in the business impact analysis (BIA)
D. Copies of the BCP have not been distributed to new business unit end users since the
reorganization
Answer: (SHOW ANSWER)

NEW QUESTION: 87
A bank's web-hosting provider has just completed an internal IT security audit and provides only a
summary of the findings to the bank's auditor. Which of the following should be the bank's
GREATEST concern?
A. The audit may be duplicative of the bank's internal audit procedures.
B. The bank's auditors are not independent of the service provider.
C. The audit procedures are not provided to the bank.
D. The audit scope may not have addressed critical areas.
Answer: (SHOW ANSWER)

NEW QUESTION: 88
An IS auditor is reviewing an industrial control system (ICS) that uses older unsupported
technology in the scope of an upcoming audit. What should the auditor consider the MOST
significant concern?
A. Disaster recovery plans (DRPs) are not in place.
B. Attack vectors are evolving for industrial control systems.
C. Technical specifications are not documented.
D. There is a greater risk of system exploitation.
Answer: (SHOW ANSWER)

NEW QUESTION: 89
After the merger of two organizations, which of the following is the MOST important task for an IS
auditor to perform?
A. Updating the security policy
B. Verifying that access privileges have been reviewed
C. Updating the continuity plan for critical resources
D. Investigating access rights for expiration dates
Answer: (SHOW ANSWER)

NEW QUESTION: 90

A. Execute nondisclosure agreements (NDAs).

B. Obtain management consent for the testing
C. Define the testing scope.
D. Determine reporting requirements for vulnerabilities
Answer: (SHOW ANSWER)

NEW QUESTION: 91
Which of the following should be the PRIMARY role of an internal audit function in the
management of identified business risks?
A. Establishing a risk management framework
B. Validating enterprise risk management (ERM)
C. Operating the risk management framework
D. Establishing a risk appetite
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam! Fast2test.com
now offer the newest CISA exam dumps, the Fast2test.com CISA exam questions have
been updated and answers have been corrected get the newest Fast2test.com CISA
dumps with Test Engine here: https://www.fast2test.com/CISA-premium-file.html (440 Q&As
Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 92
Of the following, who are the MOST appropriate staff for ensuring the alignment of user
authorization tables with approved authorization forms?
A. Database administrators (DBAs)
B. System owners
C. Security administrators
D. IT managers
Answer: (SHOW ANSWER)

NEW QUESTION: 93
Which of the following should be of GREATEST concern to an IS auditor reviewing a system
software development project based on agile practices?
A. Lack of secure coding practices
B. Lack of user acceptance testing (UAT) sign off
C. Lack of change management documentation
D. Lack of weekly production releases
Answer: (SHOW ANSWER)

NEW QUESTION: 94
Which of the following approaches would utilize data analytics to facilitate the testing of a new
account creation process?
A. Review the business requirements document for date of birth field requirements.
B. Review new account applications submitted in the past month for invalid dates of birth
C. Evaluate configuration settings for the date of birth field requirements.
D. Attempt to submit new account applications with invalid dates of birth
Answer: (SHOW ANSWER)

NEW QUESTION: 95
Which of the following is the GREATEST concern associated with a high number of IT policy
exceptions approved by management?
A. The exceptions may result in noncompliance.
B. The exceptions may elevate the level of operational risk.
C. The exceptions may negatively impact process efficiency.
D. The exceptions are likely to continue indefinitely.
Answer: (SHOW ANSWER)

NEW QUESTION: 96
An organization is running servers with critical business application that are in an area subject to
frequent but brief power outages. Knowledge of which of the following would allow the
organization's management to monitor the ongoing adequacy of the uninterruptable power supply
(UPS)?
A. Mean time to recover servers after failure
B. Duration and interval of the power outages
C. Business impact of server downtime
D. Number of servers supported by the ups
Answer: B (LEAVE A REPLY)

NEW QUESTION: 97
An organization is disposing of a system containing sensitive data and has deleted all files from
the hard disk. An IS auditor should be concerned because:
A. deleted data cannot easily be retrieved.
B. backup copies of files were not deleted as well.
C. deleting the files logically does not overwrite the files' physical data,
D. deleting all files separately is not as efferent as formatting the hard disk,
Answer: (SHOW ANSWER)

NEW QUESTION: 98
Several unattended laptops containing sensitive customer data were stolen from personnel
offices Which of the following would be an IS auditor's BEST recommendation to protect data in
case of recurrence?
A. Enhance physical security
B. Encrypt the disk drive
C. Require two-factor authentication
D. Require the use of cable locks
Answer: (SHOW ANSWER)

NEW QUESTION: 99
An IS auditor should ensure that an application's audit trail:
A. logs all database records.
B. is accessible online.
C. does not impact operational efficiency
D. has adequate security,
Answer: (SHOW ANSWER)

NEW QUESTION: 100

A. incidents cannot be investigated without a centralized log file.

B. Lost or stolen cards cannot be disabled immediately.
C. The system is not easily scalable to accommodate a new device.
D. Card reader firmware updates cannot be rolled out automatically.
Answer: (SHOW ANSWER)
NEW QUESTION: 101
An organization developed a comprehensive three-year IT strategic plan Halfway into the plan a
major legislative change impacting the organization is enacted Which oi the following should be
management's NEXT course of action?
A. Assess the legislation to determine whether changes are required to the strategic
B. Develop specific procedural documentation related to the changed legislation
C. Perform a risk assessment of the legislative changes
D. IT plan Develop a new IT strategic plan that encompasses the new legislation
Answer: (SHOW ANSWER)

NEW QUESTION: 102

Which of the following is the FIRST step in initiating a data classification program?
A. Assignment of data ownership
B. Inventory of data assets
C. Assignment of sensitivity levels
D. Risk appetite assessment
Answer: (SHOW ANSWER)

NEW QUESTION: 103

An IS auditor is reviewing the perimeter security design of a network Which of the following
provides the GREATEST assurance that both incoming and outgoing Internet traffic is controlled?
A. Intrusion detection system (IDS)
B. Security information and event management (SIEM) system
C. Stateful firewall
D. Load balancer
Answer: (SHOW ANSWER)

NEW QUESTION: 104

During the planning stage of a compliance audit an IS auditor discovers that a bank's Inventory of
compliance requirements does not include recent regulatory changes related to managing data
risk. What should the auditor do FIRST?
A. Exclude recent regulatory changes from the audit scope
B. Discuss potential regulatory issues with the legal department.
C. Ask management why the regulatory changes have not been included
D. Report the missing regulatory updates to the chief information officer (CIO)
Answer: C (LEAVE A REPLY)

NEW QUESTION: 105

Which of the following measures BEST mitigates the risk of exfiltration during a cyber attack?
A. Hashing of sensitive data
B. Network access controls (NAC)
C. Data loss prevention (DLP) system
D. Perimeter firewall
Answer: (SHOW ANSWER)

NEW QUESTION: 106

Which of the following is MOST critical for the effective implementation of IT governance?
A. Internal auditor commitment
B. Strong risk management practices
C. Supportive corporate culture
D. Documented policies
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam! Fast2test.com
now offer the newest CISA exam dumps, the Fast2test.com CISA exam questions have
been updated and answers have been corrected get the newest Fast2test.com CISA
dumps with Test Engine here: https://www.fast2test.com/CISA-premium-file.html (440 Q&As
Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 107

Which of the following is MOST important to ensure when reviewing a global organization's
controls to protect data held on its IT infrastructure across all of its locations?
A. The threat of natural disasters in each location hosting infrastructure has been accounted for.
B. Technical capabilities exist in each location to manage the data and recovery operations
C. Relevant data protection legislation and regulations for each location are adhered to.
D. The capacity of underlying communications infrastructure in the host locations is sufficient.
Answer: (SHOW ANSWER)

NEW QUESTION: 108

During a project meeting for the implementation of an enterprise resource planning (ERP), a new
requirement is requested by the finance department. Which of the following would BEST indicate
to an IS auditor that the resulting risk to the project has been assessed?
A. The project status as reported in the meeting minutes
B. The updated business requirements
C. The approval of the change by the finance department
D. The analysis of the cost and time impact of the requirement
Answer: (SHOW ANSWER)

NEW QUESTION: 109

Secure code reviews as part of a continuous deployment program are which type of control?
A. Corrective
B. Detective
C. Preventive
D. Logical
Answer: (SHOW ANSWER)

NEW QUESTION: 110

A. Data sanitization
B. Data masking
C. Data encryption
D. Data tokenization
Answer: (SHOW ANSWER)

NEW QUESTION: 111

Which of the following would be an appropriate role of internal audit in helping to establish an
organization's privacy program?
A. Defining roles within the organization related to privacy
B. Analyzing risks posed by new regulations
C. Designing controls to protect personal data
D. Developing procedures to monitor the use of personal data
Answer: (SHOW ANSWER)

NEW QUESTION: 112

An organization wants to change its project methodology to address increasing costs and process
changes. Which of the following is the BEST methodology to use?
A. Joint application development
B. Waterfall application development
C. Agile application development
D. Object-oriented application development
Answer: (SHOW ANSWER)

NEW QUESTION: 113

Which of the following is the BEST control to mitigate the malware risk associated with an instant
messaging (IM) system?
A. Blocking attachments in IM
B. Encrypting IM traffic
C. Blocking external IM traffic
D. Allowing only corporate IM solutions
Answer: (SHOW ANSWER)

NEW QUESTION: 114

Which of the following should be the PRIMARY basis for procedures to dispose of data securely?
A. Data retention policy
B. Type of media used for data storage
C. Environmental regulations
D. Classification of data
Answer: (SHOW ANSWER)

NEW QUESTION: 115

Which of the following are BEST suited for continuous auditing?
A. Manual transactions
B. Irregular transactions
C. Real-time transactions
D. Low-value transactions
Answer: (SHOW ANSWER)

NEW QUESTION: 116

Which of the following is the BEST source of information for assessing the effectiveness of IT
process monitoring?
A. Participative management techniques
B. Real-time audit software
C. Performance data
D. Quality assurance (QA) reviews
Answer: (SHOW ANSWER)

NEW QUESTION: 117

An organization is experiencing a large number of phishing attacks targeting employees and
executives following a press release announcing an acquisition Which of the following would
provide the BEST defense against these attacks?
A. Deploy intrusion detection and prevention systems
B. Require signed acknowledgment of the organization's security policy
C. Conduct organization-wide awareness training
D. Install spam filters on the acquired systems
Answer: (SHOW ANSWER)

NEW QUESTION: 118

Which of the following approaches would BEST ensure that data protection controls are
embedded into software being developed?
A. Deriving data protection requirements from key stakeholders
B. Utilizing a data protection template for user acceptance testing (UAT)
C. Implementing a quality assurance (QA) process during the development phase
D. Tracking data protection requirements throughout the SDLC
Answer: (SHOW ANSWER)

NEW QUESTION: 119

When evaluating the ability of a disaster recovery plan (DRP) to enable the recovery of IT
processing capabilities, it is MOST important for the IS auditor to verify the plan is:
A. stored at an offsite location.
B. periodically tested.
C. communicated to department heads,
D. regularly reviewed.
Answer: (SHOW ANSWER)

NEW QUESTION: 120

A. Annual tabletop exercises are performed instead of functional incident response exercises.
B. Workstation antivirus software alerts are not regularly reviewed.
C. Roles for computer emergency response learn (CERT) members have not been formally
documented.
D. Guidelines for prioritizing incidents have not been identified.
Answer: (SHOW ANSWER)

NEW QUESTION: 121

As part of business continuity planning, which of the following is MOST important to assess when
conducting a business impact analysis (B1A)?
A. Risk appetite
B. Completeness of critical asset inventory
C. Critical applications in the cloud
D. Recovery scenarios
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam! Fast2test.com
now offer the newest CISA exam dumps, the Fast2test.com CISA exam questions have
been updated and answers have been corrected get the newest Fast2test.com CISA
 dumps with Test Engine here: https://www.fast2test.com/CISA-premium-file.html (440 Q&As
Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 122

Which of the following is the PRIMARY benefit of continuous auditing?
A. It enables timely detection of anomalies.
B. It facilitates the use of robotic automation processes.
C. It allows reduced sample sizes for testing
D. It deters fraudulent transactions.
Answer: (SHOW ANSWER)

NEW QUESTION: 123

During the implementation of an upgraded enterprise resource planning (ERP) system, which of
the following is the MOST important consideration for a go-live decision?
A. Post-implementation review objectives
B. Rollback strategy
C. Business case
D. Test cases
Answer: (SHOW ANSWER)

NEW QUESTION: 124

Due to a high volume of customer orders, an organization plans to implement a new application
for customers to use for online ordering Which type of testing is MOST important to ensure the
security of the application prior to go-live?
A. User acceptance testing (UAT)
B. Vulnerability testing
C. Regression testing
D. Stress testing
Answer: (SHOW ANSWER)

NEW QUESTION: 125

Which of the following should be of GREATEST concern for an IS auditor reviewing an
organization's bring your own device (BYOD) policy?
A. The policy is not updated annually.
B. The policy does not include the right to audit BYOD devices.
C. Not all devices are approved for BYOD.
D. A mobile device management (MDM) solution is not implemented.
Answer: (SHOW ANSWER)

NEW QUESTION: 126

Which of the following is the PRIMARY benefit of performing a maturity model assessment?
A. It ensures organizational consistency and improvement
B. It identifies and fixes attribute weaknesses
C. It acts as a measuring tool and progress indicator
D. It facilitates the execution of an improvement plan
Answer: (SHOW ANSWER)

NEW QUESTION: 127

In which phase of penetration testing would host detection and domain name system (DNS)
interrogation be performed?
A. Planning
B. Discovery
C. Attacks
D. Reporting
Answer: B (LEAVE A REPLY)

NEW QUESTION: 128

Which of the following is MOST important for an effective control self-assessment (CSA)
program?
A. Evaluating changes to the risk environment
B. Performing detailed test procedures
C. Understanding the business process
D. Determining the scope of the assessment
Answer: (SHOW ANSWER)

NEW QUESTION: 129

The PRIMARY advantage of object-oriented technology is enhanced:
A. management of a restricted variety of data types for a data object
B. management of sequential program execution for data access
C. efficiency due to the re-use of elements of logic
D. grouping of objects into methods for data access
Answer: (SHOW ANSWER)

NEW QUESTION: 130

A. Threat and risk assessment

B. Comprehensive testing
C. Change management
D. Comprehensive documentation
Answer: (SHOW ANSWER)
NEW QUESTION: 131
Which of the following would be the MOST useful metric for management to consider when
reviewing a project portfolio?
A. Total cost of each project
B. Expected return divided by total project cost
C. Net present value (NPV) of the portfolio
D. Cost of projects divided by total IT cost
Answer: C (LEAVE A REPLY)

NEW QUESTION: 132

Which of the following is MOST likely to ensure that an organization's systems development
meets its business objectives?
A. A project plan with clearly identified requirements
B. Segregation of systems development and testing
C. A focus on strategic projects
D. Business owner involvement
Answer: (SHOW ANSWER)

NEW QUESTION: 133

Which of the following is MOST important when creating a forensic image of a hard drive?
A. Choosing an industry-leading forensics software tool
B. Generating a content hash of the hard drive
C. Securing a backup copy of the hard drive
D. Requiring an independent third-party be present while imaging
Answer: (SHOW ANSWER)

NEW QUESTION: 134

Which of the following should be of GREATEST concern to an IS auditor reviewing project
documentation for a client relationship management (CRM) system migration project?
A. The technical migration is planned for a holiday weekend and end users may not be available.
B. A single implementation phase is planned and the legacy system will be immediately
decommissioned.
C. Five weeks prior to the target date, there are still numerous defects in the printing functionality.
D. Employees are concerned that data representation in the new system is completely different
from the old system.
Answer: (SHOW ANSWER)

NEW QUESTION: 135

In an environment that automatically reports all program changes. which of the following is the
MOST efficient way to detect unauthorized changes to production programs?
A. Manually comparing code in production programs to controlled copies
B. Periodically running and reviewing test data against production programs
C. Verifying user management approval of modifications
D. Reviewing the last compile date of production programs
Answer: (SHOW ANSWER)

NEW QUESTION: 136

During a follow-up audit, an IS auditor finds that some critical recommendations have not been
addressed as management has decided to accept the risk. Which of the following is the IS
auditor's BEST course of action?
A. Evaluate senior managements acceptance of the risk.
B. Require the auditee to address the recommendations in full.
C. Adjust the annual risk assessment accordingly.
D. Update the audit program based on management's acceptance of risk.
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam! Fast2test.com
now offer the newest CISA exam dumps, the Fast2test.com CISA exam questions have
been updated and answers have been corrected get the newest Fast2test.com CISA
dumps with Test Engine here: https://www.fast2test.com/CISA-premium-file.html (440 Q&As
Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 137

Which of the following is the MOST effective control to mitigate unintentional misuse of authorized
access?
A. Annual sign-off of acceptable use policy
B. Security awareness training
C. Regular monitoring of user access logs
D. Formalized disciplinary action
Answer: (SHOW ANSWER)

NEW QUESTION: 138

Which of the following would BEST enable an organization to address the security risks
associated with a recently implemented bring your own device (BYOD) strategy?
A. Mobile device tracking program
B. Mobile device upgrade program
C. Mobile device testing program
D. Mobile device awareness program
Answer: (SHOW ANSWER)
NEW QUESTION: 139
Which of the following is the GREATEST risk associated with vulnerability scanning tools used to
identify security weaknesses?
A. False positives
B. False negatives
C. Outdated signatures for detection
D. Use of open source tools
Answer: (SHOW ANSWER)

NEW QUESTION: 140

A. be informed of all IT initiatives.

B. address technical IT issues.
C. approve the IT strategy.
D. have an IT strategy committee.
Answer: (SHOW ANSWER)

NEW QUESTION: 141

A company converted its payroll system from an external service to an internal package Payroll
processing in April was run in parallel. To validate the completeness of data after the conversion,
which of the following comparisons from the old to the new system would be MOST effective?
A. Turnaround time for payroll processing
B. Employee counts and year-to-date payroll totals
C. Cut-off dates and overwrites for a sample of employees
D. Master file employee data to payroll journals
Answer: (SHOW ANSWER)

NEW QUESTION: 142

Which of the following metrics would be MOST useful to an IS auditor when assessing the
resilience of an application programming interface (API)?
A. Number of developers adopting the API for their applications
B. Number of API calls expected versus actually received within a time interval
C. Number of defects logged during development compared to other APIs
D. Number of patches released within a time interval for the API
Answer: (SHOW ANSWER)

NEW QUESTION: 143

Which of the following fire suppression systems needs to be combined with an automate switch to
shut down the electricity supply in the event of activation?
A. FM-200
B. Halon
C. Carbon dioxide
D. Dry pipe
Answer: D (LEAVE A REPLY)

NEW QUESTION: 144

An organization has installed blade server technology in its data center. To determine whether
higher cooling demands are maintained, which of the following should the IS auditor review?
A. Air conditioning capacity
B. Ventilation systems
C. Uninterruptible power supply (UPS) systems
D. Duct maintenance
Answer: (SHOW ANSWER)

NEW QUESTION: 145

Which of the following strategies BEST optimizes data storage without compromising data
retention practices?
A. Allowing employees to store large emails on flash drives
B. Limiting the size of file attachments being sent via email
C. Automatically deleting emails older than one year
D. Moving emails to a virtual email vault after 30 days
Answer: B (LEAVE A REPLY)

NEW QUESTION: 146

Which of the following is the BEST control to help prevent sensitive data leaving an organization
via email?
A. Conducting periodic phishing tests
B. Scanning outgoing emails
C. Providing encryption solutions for employees
D. Blocking outbound emails sent without encryption
Answer: B (LEAVE A REPLY)

NEW QUESTION: 147

Which of the following is the MAIN risk associated with adding a new system functionality during
the development phase without following a project change management process?
A. The project may go over budget.
B. The new functionality may not meet requirements
C. The added functionality has not been documented
D. The project may fail to meet the established deadline
Answer: (SHOW ANSWER)
NEW QUESTION: 148
A warehouse employee of a retail company has been able to conceal the theft of inventory items
by entering adjustments of either damaged or lost stock items to the inventory system Which
control would have BEST prevented this type of fraud in a retail environment?
A. An edit check for the validity of the inventory transaction
B. Statistical sampling of adjustment transactions
C. Separate authorization for input of transactions
D. Unscheduled audits of lost stock lines
Answer: (SHOW ANSWER)

NEW QUESTION: 149

What would be an IS auditor's BEST recommendation upon finding that a third-party IT service
provider hosts the organization's human resources (HR) system in a foreign country?
A. Implement change management review.
B. Conduct a privacy impact analysis.
C. Perform background verification checks.
D. Review third-party audit reports.
Answer: (SHOW ANSWER)

NEW QUESTION: 150

A. The training program curriculum for key end users

B. Identification of IT owners for each end user tool
C. The inclusion of end user tools in the IT balanced scorecard
D. The integrity of data processed by end user tools
Answer: (SHOW ANSWER)

NEW QUESTION: 151

An incorrect version of source code was amended by a development team, This MOST likely
indicates a weakness in:
A. quality assurance (QA)
B. change management.
C. Incident management.
D. project management.
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam! Fast2test.com
now offer the newest CISA exam dumps, the Fast2test.com CISA exam questions have
 been updated and answers have been corrected get the newest Fast2test.com CISA
dumps with Test Engine here: https://www.fast2test.com/CISA-premium-file.html (440 Q&As
Dumps, 30%OFF Special Discount: freecram)

NEW QUESTION: 152

When determining whether a project in the design phase will meet organizational objectives, what
is BEST to compare against the business case?
A. Project budget provisions
B. Requirements analysis
C. Implementation
D. plan Project plan
Answer: (SHOW ANSWER)

NEW QUESTION: 153

Which of the following is the BEST indication of the completeness of interface control documents
used for the development of a new application?
A. Both successful and failed interface data transfers are recorded.
B. Failed interface data transfers prevent subsequent processes.
C. All inputs and outputs for potential actions are included.
D. All documents have been reviewed by end users.
Answer: (SHOW ANSWER)

NEW QUESTION: 154

An organization is acquiring a new customer relationship management (CRM) system In which of
the following would the IS auditor find the MOST relevant information on projected cost savings?
A. Feasibility study document
B. Business case
C. Results of prototype testing
D. Request for proposal (RFP)
Answer: (SHOW ANSWER)

Valid CISA Dumps shared by Fast2test.com for Helping Passing CISA Exam! Fast2test.com
now offer the newest CISA exam dumps, the Fast2test.com CISA exam questions have
been updated and answers have been corrected get the newest Fast2test.com CISA
dumps with Test Engine here: https://www.fast2test.com/CISA-premium-file.html (440 Q&As
Dumps, 30%OFF Special Discount: freecram)