Isaca CISA Quiz 550 Topic 5 Questions 2746-2750

Question: 1

Which of the following controls BEST mitigates the impact of a distributed denial of service (DDoS) attack against the controller in a softwaredefined network (SDN)?

ARelocating virtualized network functions to physical infrastructure

BHardening the operating system that hosts the SDN controller

CImplementing multiple physical SDN controllers

DImplementing configuration management for SDN controllers

Show Answer

Question: 2

Which of the following should be the PRIMARY basis for planning and prioritizing IT infrastructure security audits?

AAsset value to the organization

BManagement requests

CThe organization's risk appetite

DSecurity best practice

Show Answer

Question: 3

An IS auditor has identified that some IT staff have administrative access to the enterprise resource planning (ERP) application, database, and

server. IT management has responded that due to limited resources, the same IT staff members have to support all three layers of the ERP

application. Which of the following would be the auditor's BEST recommendation to management?

AMonitor activities of the associated IT staff members by reviewing system-generated logs weekly.

BRequest funding to hire additional IT staff to enable segregation of duties.

CRemove some of the administrative access of the associated IT staff members.

DLeverage business unit personnel to serve as administrators of the application.

Show Answer

Question: 4

As part of a quality assurance initiative, an organization has engaged an external auditor to evaluate the internal IS audit function. Which of the following observations should be of MOST concern?

AThe audit team is not sufficiently leveraging data analytics.

BAudit reports are not approved by the audit committee.

CAudit reports do not state they are conducted in accordance with industry standards.

DAudit engagements are not risk-based.

Show Answer

Question: 5

What should be the PRIMARY basis for scheduling a follow-up audit?

AThe significance of reported findings

BThe completion of all corrective actions

CThe availability of audit resources

DThe time elapsed after audit report submission

Show Answer

Isaca CISA Quiz:550 Topic:5 Questions:2746-2750