Isaca CISA Quiz 501 Topic 6 Questions 2501-2505

Question: 1

Which of the following should be of GREATEST concern to an IS auditor assessing the effectiveness of an organization's vulnerability scanning program?

AResults are not approved by senior management.

BResults are not reported to individuals with authority to ensure resolution.

CScans are performed less frequently than required by the organization's vulnerability scanning schedule

DSteps taken to address identified vulnerabilities are not formally documented

Show Answer

Question: 2

A detailed audit of user access rights results In many high-risk findings Once management reports that all recommendations have been implemented, which of the following is the IS auditor's BEST course of action?

AValidate the results by reviewing management's report

BConduct a follow-up audit to verify appropriate implementation

CRe-perform the original audit procedures.

DIssue a report update based on management's assertions.

Show Answer

Question: 3

Which of the following reliably associates users and their public keys and Includes attributes that uniquely identify the users?

ADigital signature

BHashing algorithm

CEncryption

DDigital certificate

Show Answer

Question: 4

During an internal audit of an organization's information security program, the IS auditor observes a number of security incidents nave remained open over an extended period of time What is the IS auditor's BEST course of action?

AReview staffing levels for the security incident handling team.

BRecommend the open incidents be closed immediately.

CReview status of open incidents to determine why they remain open

DDiscuss the issue with the chief information security officer (CISO)

Show Answer

Question: 5

An IS auditor reviewing an organization's data privacy controls observes that privacy notices do not clearly state how the organization uses customer data for its processing operations. Which of the following data protection principles MUST be implemented to address this gap?

AMaintenance of data integrity

BAccess to collected data

CPurpose for data collection

DRetention of consent documentation

Show Answer

Isaca CISA Quiz:501 Topic:6 Questions:2501-2505