ISACA-CISA

The BEST indicator of an optimized quality management system (QMS) is that it:

Which of the following is an objective of IT project portfolio management?

Which of the following observations should be of GREATEST concern to an IS auditor reviewing an organization's enterprise architecture (EA) program?

Which of the following will invalidate the authenticity of digital evidence in a forensic investigation?

An IS auditor is planning an audit of an organization's risk management practices. Which of the following would provide the MOST useful information about risk appetite?

An organization is implementing a data loss prevention (DLP) system in response to a new regulatory requirement. Reviewing which of the following would be MOST helpful in evaluating the system’s design?

Which of the following is MOST useful for determining the strategy for IT portfolio management?

Which of the following recommendations would BEST prevent the implementation of IT projects without collaborating with the business?

Which of the following would be the GREATEST concern during a financial statement audit?

An IS auditor has validated that an organization’s IT department runs several low-priority automated tasks. Which of the following is the BEST recommendation for an automated job schedule?

Which of the following is the BEST way to reduce the risk of vulnerabilities introduced by rapid deployment of applications?

An organization has assigned two new IS auditors to audit a new system implementation. One of the auditors has an IT-related degree, and one has a business degree. Which of the following is MOST important to meet the IS audit standard for proficiency?

Which of the following is the ULTIMATE objective of performing a phishing simulation test?

Which of the following is MOST important to include in a data retention policy to reduce legal liabilities associated with information life cycle management?

An IS auditor is performing an integrated audit covering payment processing activities using point-of-sale (POS) systems. Which of the following findings related to personal identification numbers (PINs) should be of GREATEST concern?

Which of the following provides the BEST assurance of data integrity after file transfers?

Which of the following is the PRIMARY purpose of a post-implementation review?

Which of the following is MOST important to consider when reviewing an organization's defined data backup and restoration procedures?

When assessing a proposed project for the two-way replication of a customer database with a remote call center, the IS auditor should ensure that:

In which phase of the audit life cycle process are audit observations initially discussed with the client?

When evaluating the ability of a disaster recovery plan (DRP) to enable the recovery of IT processing capabilities, it is MOST important for the IS auditor to verify the plan is:

During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST:

During a review, an IS auditor discovers that corporate users are able to access cloud-based applications and data from any Internet-connected web browser. Which of the following is the auditor's BEST recommendation to help prevent unauthorized access?

To create a digital signature in a message using asymmetric encryption, it is necessary to:

During an audit of an access control system, an IS auditor finds that RFID card readers are not connected via the network to a central server. Which of the following is the GREATEST risk associated with this finding?

Which of the following BEST describes the role of the IS auditor in a control self-assessment (CSA)?

Which of the following is the BEST indication that there are potential problems within an organization's IT service desk function?

Which of the following is the PRIMARY objective of cyber resiliency?

During a post-implementation review, which of the following provides the BEST evidence that user requirements have been met?

An IS auditor assessing an organization’s information systems needs to understand management’s approach regarding controls. Which documentation should the auditor review FIRST?