Isaca CISA Quiz 380 Topic 1 Questions 1896-1900

Question: 1

Which of the following should an IS auditor expect to find in an organization s information security policies?

ASecure coding procedures

BAuthentication requirements

CSecurity configuration settings

DAsset provisioning lifecycle

Show Answer

Question: 2

An organization is replacing a mission-critical system. Which of the following is the BEST implementation strategy to mitigate and reduce the risk of system failure?

AStage

BPhase

CParallel

DBig-bang

Show Answer

Question: 3

Which of the following would an IS auditor recommend as the MOST effective preventive control to reduce the risk of data leakage'

AEnsure that paper documents arc disposed security.

BImplement an intrusion detection system (IDS).

CVerify that application logs capture any changes made.

DValidate that all data files contain digital watermarks

Show Answer

Question: 4

Assessments of critical information systems are based on a cyclical audit plan that has not been updated for several years. Which of the following should the IS auditor recommend to BEST address this situation?

AUpdate the audit plan quarterly to account for delays and deferrals of period* reviews

BUse a revolving set of audit plans to cover all systems

CDo not include periodic reviews in detail as part of the audit plan.

DRegularly validate the audit plan against business risks.

Show Answer

Question: 5

An IS auditor has completed a service level management audit related to order management services provided by a third party Which of the following is the MOST significant finding?

AThe service level agreement does not define how availability is measured

BService desk support is not available outside the company s business hours

CPenalties for missing service levels are limited.

DThe third party has offshore support arrangements.

Show Answer

Isaca CISA Quiz:380 Topic:1 Questions:1896-1900