CISA : Certified Information Systems Auditor : Part 44

  1. An organization is in the process of rolling out a new inventory software tool to replace a suite of verified individual spreadsheet-based inventory solutions. Which of the following is MOST important to help ensure ongoing data integrity within the new inventory tool?

    • Restricting edit access for the new tool to data owners only
    • Ensuring data quality at the point of data entry
    • Requiring key inventory data points to be mandatory fields in the new tool
    • Conducting a post-migration quality assurance review
  2. Which of the following is MOST critical to include when developing a data loss prevention (DLP) policy?

    • Identification of the relevant network channels requiring protection
    • Identification of the users, groups and roles to whom the policy will apply
    • Identification of enforcement actions
    • Identification of the content to protect
  3. Which of the following is the BEST methodology to use for estimating the complexity of developing a large business application?

    • Function point analysis
    • Software cost estimation
    • Work breakdown structure
    • Critical path analysis
  4. Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?

    • Execute access to development program libraries
    • Write access to development data libraries
    • Execute access to production program libraries
    • Write access to production program libraries
  5. Which is the PRIMARY objective of evaluating the readiness of information systems for implementation?

    • Determine whether IT systems projects are on schedule.
    • Determine whether the systems comply with the organization’s policy.
    • Determine whether the systems meet user requirements.
    • Determine whether the systems meet business requirements.
  6. An organization is considering allowing users to connect personal devices to the corporate network. Which of the following should be done FIRST?

    • Configure users on the mobile device management solution.
    • Create inventory records of personal devices.
    • Implement an acceptable use policy.
    • Conduct security awareness training.
  7. Which of the following is MOST important for the successful establishment of a security vulnerability management program?

    • A comprehensive asset inventory
    • A tested incident response plan
    • An approved patching policy
    • A robust tabletop exercise plan
  8. An organization’s audit charter should:

    • set the enterprise strategic direction.
    • detail the audit objectives.
    • define the auditors’ right to access information.
    • include the IS audit plan.
  9. Which of the following is the MOST important privacy consideration for an organization that uses a cloud service provider to process customer data?

    • Data privacy must be monitored in accordance with industry standards and best practices.
    • All customer data transferred to the service provider must be reported to the regulatory authority.
    • No personal information may be transferred to the service provider without the consent of the customer.
    • Data privacy must be managed in accordance with the regulations applicable to the organization.
  10. Which of the following is critical to the successful establishment of an enterprise IT architecture?

    • A well-defined data migration policy
    • Comparison of the architecture with that of other organizations
    • An architecture encompassing only critical systems
    • Organizational support for standardization
  11. Which of the following is MOST important in determining a project’s feasibility?

    • The organization’s main competitor has initiated a similar project.
    • The IT steering committee endorses the project.
    • A project management methodology is established.
    • The project’s value is established in an approved business case.
  12. The MAIN consideration when designing an incident escalation plan should be ensuring that:

    • information assets are classified.
    • appropriate stakeholders are involved.
    • high-impact risks have been identified.
    • requirements cover forensic analysis.
  13. Which of the following should be an information security manager’s MOST important consideration when conducting a physical security review of a potential outsourced data center?

    • Environmental factors of the surrounding location
    • Proximity to law enforcement
    • Availability of network circuit connections
    • Distance of the data center from the corporate office
  14. What should be the information security manager’s MOST important consideration when planning a disaster recovery test?

    • Stakeholder notification procedures
    • Organization-wide involvement
    • Impact to production systems
    • Documented escalation processes
  15. The use of a business case to obtain funding for an information security investment is MOST effective when the business case:

    • translates information security policies and standards into business requirements.
    • articulates management’s intent and information security directives in clear language.
    • relates the investment to the organization’s strategic plan.
    • realigns information security objectives to organizational strategy.
  16. An organization is deciding whether to outsource its customer relationship management systems to a provider located in another country. Which of the following should be the PRIMARY influence in the outsourcing decision?

    • Time zone differences
    • The service provider’s disaster recovery plan
    • Cross-border privacy laws
    • Current geopolitical conditions
  17. An organization is MOST at risk from a new worm being introduced through the intranet when:

    • executable code is run from inside the firewall
    • system software does not undergo integrity checks
    • hosts have static IP addresses
    • desktop virus definition files are not up to date
  18. Which of the following is MOST important for an information security manager to ensure is included in a business case for a new system?

    • Intangible benefits of the system
    • Risk associated with the system
    • Effectiveness of controls
    • Audit-logging capabilities
  19. During a post-incident review. the sequence and correlation of actions must be analyzed PRIMARLY based on:

    • interviews with personnel
    • a consolidated event time line
    • logs from systems involved
    • documents created during the incident
  20. Which of the following BEST enables effective closure of noncompliance issues?

    • Insuring against the risk
    • Performing control self-assessments
    • Capturing issues in a risk register
    • Executing an approved mitigation plan
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments