ISACA-CISA

Which feature associated with an Infrastructure as a Service (IaaS) cloud service provider allows for the provisioning of new servers as demand changes?

Which of the following provides the BEST evidence that all elements of a business continuity plan (BCP) are operating effectively?

Spreadsheets are used to calculate project cost estimates. Totals for each cost category are then keyed into the job-costing system. What is the BEST control to ensure that data is accurately entered into the system?

Email required for business purposes is being stored on employees’ personal devices. Which of the following is an IS auditor's BEST recommendation?

Which of the following steps of data conversion requires users to define the flow and relationship between the source and target objects on a field-by-field basis?

Which of the following should be an IS auditor's GREATEST concern when an international organization intends to roll out a global data privacy policy?

An IS auditor is conducting a physical security audit of a healthcare facility and finds closed-circuit television (CCTV) systems located in a patient care area. Which of the following is the GREATEST concern?

Which of the following is the BEST audit procedure to determine whether a firewall is configured in compliance with the organization's security policy?

Which of the following would BEST indicate the effectiveness of a security awareness training program?

An organization recently migrated its data warehouse from a legacy system to a different architecture in the cloud. Which of the following should be GREATEST concern to the IS auditor reviewing the new data architecture?

An organization sends daily backup media by courier to an offsite location. Which of the following provides the BEST evidence that the media is transported reliably?

As part of a recent business-critical initiative, an organization is re-purposing its customer data. However, its customers are unaware that their data is being used for another purpose What is the BEST recommendation to address the associated data privacy risk to the organization?

An organization has adopted a backup and recovery strategy that involves copying on-premise virtual machine (VM) images to a cloud service provider. Which of the following provides the BEST assurance that VMs can be recovered in the event of a disaster?

During the implementation of an enterprise resource planning (ERP) system, an IS auditor is reviewing the results of user acceptance testing (UAT). The auditor's PRIMARY focus should be to determine if:

When evaluating whether the expected benefits of a project have been achieved, it is MOST important for an IS auditor to review:

Which of the following provides the MOST assurance that new information systems are ready for migration to the production environment?

Which of the following controls BEST ensures appropriate segregation of duties within an accounts payable department?

An IS auditor notes that the previous year's disaster recovery test was not completed within the scheduled time frame due to insufficient hardware allocated by a third-party vendor. Which of the following provides the BEST evidence that adequate resources are now allocated to successfully recover the systems?

Which of the following reports would provide the GREATEST assurance to an IS auditor about the controls of a third party that processes critical data for the organization?

Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (IDSs)?

Which of the following BEST ensures the confidentiality of sensitive data during transmission?

Which of the following is the BEST detective control for a job scheduling process involving data transmission?

Which of the following is MOST important when creating a forensic image of a hard drive?

Which of the following is the MOST effective way for an organization to help ensure agreed-upon action plans from an IS audit will be implemented?

When implementing Internet Protocol security (IPsec) architecture, the servers involved in application delivery:

An organization is implementing a new data loss prevention (DLP) tool. Which of the following will BEST enable the organization to reduce false positive alerts?

Which of the following is an example of shadow IT?

Which of the following BEST enables an organization to determine the effectiveness of its information security awareness program?

An organization has decided to reengineer business processes to improve the performance of overall IT service delivery. Which of the following recommendations from the project team should be the GREATEST concern to the IS auditor?

Reviewing project plans and status reports throughout the development life cycle will: