Isaca CISA Quiz 625 Topic 6 Questions 3121-3125

Question: 1

Which of the following is MOST important to consider when scheduling follow-up audits?

AThe efforts required for independent verification with new auditors

BThe impact if corrective actions are not taken

CThe amount of time the auditee has agreed to spend with auditors

DControls and detection risks related to the observations

Show Answer

Question: 2

Which of the following is the GREATEST advantage of vulnerability scanning over penetration testing?

AThe testing produces a lower number of false positive results

BNetwork bandwidth is utilized more efficiently

CCustom-developed applications can be tested more accurately

DThe testing process can be automated to cover large groups of assets

Show Answer

Question: 3

In which of the following sampling methodologies does each member of the population have a known nonzero probability of being selected?

AStratified sampling

BHaphazard sampling

CQuota sampling

DJudgmental sampling

Show Answer

Question: 4

Which of the following is the BEST indication that an organization's security incident and event monitoring (SIEM) capability is operating effectively?

ASecurity event logging is centralized.

BSecurity event logging policies are defined.

CSecurity event logging is enabled for individual applications.

DSecurity event logging is correlated across multiple applications.

Show Answer

Question: 5

An IS auditor finds a number of system accounts that do not have documented approvals Which of the following should be performed FIRST by the auditor?

AHave the accounts removed immediately

BObtain sign-off on the accounts from the application owner

CDocument a finding and report an ineffective account provisioning control

DDetermine the purpose and risk of the accounts

Show Answer

Isaca CISA Quiz:625 Topic:6 Questions:3121-3125