ISACA-CISA

Which of the following is the MOST useful information for an IS auditor to review when formulating an audit plan for the organization's outsourced service provider?

Which of the following should be the MOST important consideration when prioritizing the funding for competing IT projects?

Which of the following is the MOST important consideration when investigating a security breach of an e-commerce application?

Which of the following indicates that an internal audit organization is structured to support the independence and clarity of the reporting process?

Which of the following would BEST protect the confidentiality of sensitive data in transit between multiple offices?

To enable the alignment of IT staff development plans with IT strategy, which of the following should be done FIRST?

An internal audit department reports directly to the chief financial officer (CFO) of an organization. This MOST likely leads to:

An internal audit department recently established a quality assurance (QA) program. Which of the following activities is MOST important to include as part of the QA program requirements?

While planning a review of IT governance, the IS auditor is MOST likely to:

Many departments of an organization have not implemented audit recommendations by their agreed upon target dates. Who should address this situation?

Which of the following is the MOST effective control when granting access to a service provider for a cloud-based application?

Which of the following can only be provided by asymmetric encryption?

Which of the following should be an IS auditor’s PRIMARY focus when auditing the implementation of a new IT operations performance monitoring system?

Which of the following poses the GREATEST risk to the use of active RFID tags?

Which of the following is the MOST effective way to ensure adequate system resources are available for high-priority activities?

Which of the following tests is MOST likely to detect an error in one subroutine resulting from a recent change in another subroutine?

Which of the following is the BEST approach to validate whether a streaming site can continue to provide service during a period of live streaming with an anticipated high volume of viewers?

When assessing the overall effectiveness of an organization’s disaster recovery planning process, which of the following is MOST important for the IS auditor to verify?

A post-implementation audit has been completed for the deployment of a sophisticated job scheduling tool. Which of the following observations would be of GREATEST concern?

An IS auditor is reviewing desktop software profiles and notes that a user has downloaded and installed several games that are not approved by the company. Which of the following is the MOST significant risk that could result from this situation?

During a follow-up audit, an IS auditor discovers that a recommendation has not been implemented. However, the auditee has implemented a manual workaround that addresses the identified risk less efficiently than the recommended action would. Which of the following is the auditor's BEST course of action?

Which of the following poses the GREATEST risk to an organization related to system interfaces?

Which of the following would be MOST helpful to an IS auditor performing a risk assessment of an application programming interface (API) that feeds credit scores from a well-known commercial credit agency into an organizational system?

IT management has accepted the risk associated with an IS auditor's finding due to the cost and complexity of the corrective actions. Which of the following should be the auditor's NEXT course of action?

Which of the following BEST reduces the risk of a network transmission failure?

Which of the following should be of MOST concern to an IS auditor reviewing data backup procedures prior to a system migration?

Which type of control has been established when an organization implements a security information and event management (SIEM) system?

What is the MOST effective way to detect installation of unauthorized software packages by employees?

Which of the following should be done FIRST when creating a data protection program?

Which the following component of a service level agreement (SLA) provides the GREATEST assurance that service provider production issues will be resolved promptly?