Isaca CISA Quiz 534 Topic 6 Questions 2666-2670

Question: 1

Which of the following is the GREATEST cause for concern when an organization is planning to migrate

business-critical applications to the cloud using a Platform as a Service (PaaS) model?

AThe organization will not manage operating system patches.

BThe cloud provider does not offer regional redundancy.

CCompliance requirements are not being validated.

DApplication data will not be encrypted at rest.

Show Answer

Question: 2

During a post-incident review of a security breach, what type of analysis should an IS auditor expect to be

performed by the organization's information security team?

AGap analysis

BBusiness impact analysis (BIA)

CQualitative risk analysis

DRoot cause analysis

Show Answer

Question: 3

Following an acquisition, it was decided that legacy applications subject to compliance requirements will

continue to be used until they can be phased out. The IS auditor needs to determine where there are control

redundancies and where gaps may exist. Which of the following activities would be MOST helpful in making

this determination?

AControl self-assessments

BRisk assessment

CControl testing

DControl mapping

Show Answer

Question: 4

Which of the following activities provides an IS auditor with the MOST insight regarding potential single person

dependencies that might exist withing the organization?

AReviewing user activity logs

BMapping IT processes to roles

CReviewing vacation patterns

DInterviewing senior IT management

Show Answer

Question: 5

Which of the following is MOST important for the successful establishment of a security vulnerability

management program?

AA comprehensive asset inventory

BA tested incident response plan

CAn approved patching policy

DA robust tabletop exercise plan

Show Answer

Isaca CISA Quiz:534 Topic:6 Questions:2666-2670