Isaca CISA Quiz 557 Topic 3 Questions 2781-2785

Question: 1

An organization decides to establish a formal incident response capability with clear roles and responsibilities facilitating centralized reporting of security incidents. Which type of control is being implemented?

ACorrective control

BCompensating control

CPreventive control

DDetective control

Show Answer

Question: 2

Which of the following is the GREATEST risk associated with the use of instant messaging (IM)?

AData leakage

BLoss of employee productivity

CInternet Protocol (IP) address spoofing

DExcess bandwidth consumption

Show Answer

Question: 3

An organization plans to eliminate pilot releases and instead deliver all functionality in a single release. Which of the following is the GREATEST risk with this approach?

ALikelihood of scope creep over time

BIncreased oversight required to track projects

CInability to track project costs

DReleasing critical deficiencies into production

Show Answer

Question: 4

During a privileged access review, an IS auditor observes many help desk employees have privileges within systems not required for their job functions. Implementing which of the following would have prevented this situation?

AMulti-factor authentication

BSeparation of duties

CLeast privilege access

DPrivileged access reviews

Show Answer

Question: 5

Which of the following metrics is MOST useful to an IS auditor when evaluating whether IT investments are meeting business objectives?

ARealized return on investment (ROI) versus projected ROI

BActual return on investment (ROI) versus industry average ROI.

CActual versus projected customer satisfaction

DBudgeted spend versus actual spend

Show Answer

Isaca CISA Quiz:557 Topic:3 Questions:2781-2785