ISACA-CISA

Which of the following is an example of a preventive control for physical access?

Which of the following should be considered when examining fire suppression systems as part of a data center environmental controls review?

Which of the following would be MOST effective to protect information assets in a data center from theft by a vendor?

Which of the following is a social engineering attack method?

A new system development project is running late against a critical implementation deadline. Which of the following is the MOST important activity?

Data from a revenue collection system is uploaded into an enterprise data warehouse to be used for reporting purposes. An IS audit identifies that some revenue transactions were uploaded into the warehouse twice. Which of the following is the GREATEST risk in this situation?

Which of the following is an IS auditor's BEST recommendation to protect an organization from attacks when its file server needs to be accessible to external users?

Which of the following is the BEST evidence that a project is ready for production?

An IS auditor has been tasked to review the processes that prevent fraud within a business expense claim system. Which of the following stakeholders is MOST important to involve in this review?

Which of the following is the MOST likely reason that local area network (LAN) servers can contribute to the rapid distribution of viruses?

An organization's database administrator (DBA) has implemented native database auditing. Which of the following is the GREATEST concern with this situation?

When protecting the confidentiality of information assets, the MOST effective control practice is the:

Which of the following is the MOST important consideration when relying on the work of the prior auditor?

A bank uses a system that requires monetary amounts found on check images to be input twice by two separate individuals. The system then identifies any mismatches between the first and second input. Which type of control has the bank implemented?

An organization is migrating its HR application to an Infrastructure as a Service (IaaS) model in a private cloud. Who is PRIMARILY responsible for the security configurations of the deployed application's operating system?

Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following is the IS auditor's BEST recommendation?

For an organization that has plans to implement web-based trading, it would be MOST important for an IS auditor to verify the organization's information security plan includes:

Which cloud deployment model is MOST likely to be limited in scalability?

After the release of an application system, an IS auditor wants to verify that the system is providing value to the organization. The auditor's BEST course of action would be to:

A chief information officer (CIO) has asked an IS auditor to implement several security controls for an organization's IT processes and systems. The auditor should:

An organization experienced a domain name system (DNS) attack caused by default user accounts not being removed from one of the servers. Which of the following would have been the BEST way to mitigate the risk of this DNS attack?

When utilizing attribute sampling, which of the following would cause the sample size to increase?

An IS auditor is reviewing a client’s outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?

Which of the following is the MOST efficient control that helps to ensure complete data transfer through an interface?

Which of the following helps to ensure the integrity of data for a system interface?

Which of the following BEST helps to ensure data integrity across system interfaces?

During a review of an organization’s technology policies, which of the following observations should be of MOST concern to the IS auditor?

Which of the following provides a new IS auditor with the MOST useful information to evaluate overall IT performance?

Which risk response has been adopted by a risk owner postponing the implementation of proper controls due to budget constraints?

Before the release of a new application into an organization's production environment, which of the following should be in place to ensure that proper testing has occurred and rollback plans are in place?