Isaca CISA Quiz 8 Topic 2 Questions 36-40

Question: 1

During a follow-up audit, it was found that a complex security vulnerability of low risk was not resolved within the agreed-upon timeframe. IT has stated that the system with the identified vulnerability is being replaced and is expected to be fully functional In two months. Which of the following is the BEST course of action?

APerform an ad hoc audit to determine if the vulnerability has been exploited.

BRecommend the finding be resolved prior to implementing the new system.

CSchedule a meeting to discuss the issue with senior management.

DRequire documentation that the finding will be addressed within the new system.

Show Answer

Question: 2

Which of the following is the MOST effective way for an organization to protect against data loss?

AReview firewall logs for anomalies.

BLimit employee Internet access.

CImplement data classification procedures.

DConduct periodic security awareness training.

Show Answer

Question: 3

During an audit of identity and access management, an IS auditor finds that the engagement audit plan does not include the testing of controls that regulate access by third parties Which of the following would be the auditors BEST course of action?

APlan to test these controls in another audit.

BEscalate the deficiency to audit management.

CAdd testing of third-party access controls to the scope of the audit.

DDetermine whether the risk has been identified in the planning documents

Show Answer

Question: 4

Which of the following is the MOST important feature of access control software?

ANonreputation

BViolation reporting

CIdentification

DAuthentication

Show Answer

Question: 5

What is the BEST way is evaluate a control environment where the organization and a third party have shared responsibility?

AReview the service level agreement (SLA).

BConduct a control self-assessment (CSA).

CReview complementary user entity controls.

DPerform an onsite evaluation

Show Answer

Isaca CISA Quiz:8 Topic:2 Questions:36-40