Isaca CISA Quiz 615 Topic 5 Questions 3071-3075

Question: 1

Which of the following should be defined in an audit chatter?

AAudit schedule

BAudit methodology

CAudit results

DAudit authority

Show Answer

Question: 2

Which of the following procedures for testing a disaster recovery plan (DRP) is MOST effective7

AReviewing documented backup and recovery procedures

BPerforming an unannounced shutdown of the computing facility after hours

CTesting at a secondary site using offsite data backups

DPerforming a quarterly tabletop exercise

Show Answer

Question: 3

When reviewing an organization's IT governance processes, which of the following provides the BEST indication that information security expectations are being met at all levels?

AUtilization of an internationally recognized security standard

BImplementation of a comprehensive security awareness program

CAchievement of established security metrics

DApproval of the security program by senior management

Show Answer

Question: 4

An IS audit team s evaluating the documentation related to the most recent application user-access review performed by IT and business management. It is determined that the user list was not system-generated. Which of the following: should be the GREATEST concern?

ASource of the user list reviewed

BAvailability of the user list reviewed

CCompleteness of the user list reviewed

DConfidentiality of the user list reviewed

Show Answer

Question: 5

An IS auditor observes that exceptions have been approved (or an organization's information security policy. Which of the following is MOST important for the auditor to confirm?

AExceptions are approved by the board of directors.

BExceptions are approved for predefined periods.

CExceptions require changes to the policy.

DExceptions do not change residual risk.

Show Answer

Isaca CISA Quiz:615 Topic:5 Questions:3071-3075