Isaca CISA Quiz 60 Topic 4 Questions 296-300

Question: 1

Following a breach, what is the BEST source 10 determine the maximum amount of time before customers must be notified that their personal information may have been compromised?

AIndustry regulations

BIncident response plan

CInformation security policy

DIndustry standards

Show Answer

Question: 2

An IS auditor is executing a risk-based IS audit strategy to ensure that key areas are audited Which of the following should be of GREATEST concern to the auditor?

AThe risk assessment methodology relies on subjective audit judgments at certain points of the process

BThe risk assessment methodology does not permit the collection of financial audit data

CThe risk assessment database does not include a complete audit universe

DThe risk assessment approach has not been approved by the risk manager

Show Answer

Question: 3

The results of an IS audit indicating the need to strengthen controls has been communicated to the appropriate stakeholders. Which of the following is the BEST way for management to enforce implementation of the recommendations?

ARequest auditors to design a roadmap for closure.

BHave stakeholders develop a business case for control changes.

CAssign ownership to each remediation activity.

DCopy senior management on communications related to the audit

Show Answer

Question: 4

Which of the following is the PRIMARY purpose for external assessments of internal audit's quality assurance (OA) systems and frameworks?

ATo confirm the internal audit department has adequate budget to perform its duties

BTo provide assurance that the internal audit function conforms with established professional practices

CTo confirm the accuracy and reliability of prior internal audit results

DTo provide assurance that internal audit staff are qualified to perform their responsibilities

Show Answer

Question: 5

The PRIMARY focus of audit follow-up reports should be to:

Aassess if new risks have developed.

Bdetermine if audit recommendations have been implemented.

Cverify the completion date of the implementation.

Ddetermine if past findings are still relevant.

Show Answer

Isaca CISA Quiz:60 Topic:4 Questions:296-300