CISA : Certified Information Systems Auditor : Part 44
-
An organization is in the process of rolling out a new inventory software tool to replace a suite of verified individual spreadsheet-based inventory solutions. Which of the following is MOST important to help ensure ongoing data integrity within the new inventory tool?
- Restricting edit access for the new tool to data owners only
- Ensuring data quality at the point of data entry
- Requiring key inventory data points to be mandatory fields in the new tool
- Conducting a post-migration quality assurance review
-
Which of the following is MOST critical to include when developing a data loss prevention (DLP) policy?
- Identification of the relevant network channels requiring protection
- Identification of the users, groups and roles to whom the policy will apply
- Identification of enforcement actions
- Identification of the content to protect
-
Which of the following is the BEST methodology to use for estimating the complexity of developing a large business application?
- Function point analysis
- Software cost estimation
- Work breakdown structure
- Critical path analysis
-
Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?
- Execute access to development program libraries
- Write access to development data libraries
- Execute access to production program libraries
- Write access to production program libraries
-
Which is the PRIMARY objective of evaluating the readiness of information systems for implementation?
- Determine whether IT systems projects are on schedule.
- Determine whether the systems comply with the organization’s policy.
- Determine whether the systems meet user requirements.
- Determine whether the systems meet business requirements.
-
An organization is considering allowing users to connect personal devices to the corporate network. Which of the following should be done FIRST?
- Configure users on the mobile device management solution.
- Create inventory records of personal devices.
- Implement an acceptable use policy.
- Conduct security awareness training.
-
Which of the following is MOST important for the successful establishment of a security vulnerability management program?
- A comprehensive asset inventory
- A tested incident response plan
- An approved patching policy
- A robust tabletop exercise plan
-
An organization’s audit charter should:
- set the enterprise strategic direction.
- detail the audit objectives.
- define the auditors’ right to access information.
- include the IS audit plan.
-
Which of the following is the MOST important privacy consideration for an organization that uses a cloud service provider to process customer data?
- Data privacy must be monitored in accordance with industry standards and best practices.
- All customer data transferred to the service provider must be reported to the regulatory authority.
- No personal information may be transferred to the service provider without the consent of the customer.
- Data privacy must be managed in accordance with the regulations applicable to the organization.
-
Which of the following is critical to the successful establishment of an enterprise IT architecture?
- A well-defined data migration policy
- Comparison of the architecture with that of other organizations
- An architecture encompassing only critical systems
- Organizational support for standardization
-
Which of the following is MOST important in determining a project’s feasibility?
- The organization’s main competitor has initiated a similar project.
- The IT steering committee endorses the project.
- A project management methodology is established.
- The project’s value is established in an approved business case.
-
The MAIN consideration when designing an incident escalation plan should be ensuring that:
- information assets are classified.
- appropriate stakeholders are involved.
- high-impact risks have been identified.
- requirements cover forensic analysis.
-
Which of the following should be an information security manager’s MOST important consideration when conducting a physical security review of a potential outsourced data center?
- Environmental factors of the surrounding location
- Proximity to law enforcement
- Availability of network circuit connections
- Distance of the data center from the corporate office
-
What should be the information security manager’s MOST important consideration when planning a disaster recovery test?
- Stakeholder notification procedures
- Organization-wide involvement
- Impact to production systems
- Documented escalation processes
-
The use of a business case to obtain funding for an information security investment is MOST effective when the business case:
- translates information security policies and standards into business requirements.
- articulates management’s intent and information security directives in clear language.
- relates the investment to the organization’s strategic plan.
- realigns information security objectives to organizational strategy.
-
An organization is deciding whether to outsource its customer relationship management systems to a provider located in another country. Which of the following should be the PRIMARY influence in the outsourcing decision?
- Time zone differences
- The service provider’s disaster recovery plan
- Cross-border privacy laws
- Current geopolitical conditions
-
An organization is MOST at risk from a new worm being introduced through the intranet when:
- executable code is run from inside the firewall
- system software does not undergo integrity checks
- hosts have static IP addresses
- desktop virus definition files are not up to date
-
Which of the following is MOST important for an information security manager to ensure is included in a business case for a new system?
- Intangible benefits of the system
- Risk associated with the system
- Effectiveness of controls
- Audit-logging capabilities
-
During a post-incident review. the sequence and correlation of actions must be analyzed PRIMARLY based on:
- interviews with personnel
- a consolidated event time line
- logs from systems involved
- documents created during the incident
-
Which of the following BEST enables effective closure of noncompliance issues?
- Insuring against the risk
- Performing control self-assessments
- Capturing issues in a risk register
- Executing an approved mitigation plan
Subscribe
0 Comments
Newest