Isaca CISA Quiz 352 Topic 7 Questions 1756-1760

Question: 1

While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed the audit function. In order to resolve the situation, the IS auditor/, BEST course of action would be to:

Apostpone follow-up activities and escalate the alternative controls to senior audit management

Bschedule another audit due to the implementation of alternative controls.

Creject the alternative controls and re-prioritize the original issue as high risk.

Ddetermine whether the alternative controls sufficiently mitigate the risk and record the results

Show Answer

Question: 2

During an IS audit, it is discovered that security configurations differ across the organization's virtual server farm. Which of the following is the IS auditor's BEST recommendation to proving the control environment?

AConduct a standard patch management review across the virtual server farm.

Bimplement a security configuration baseline for virtual servers.

Cimplement security monitoring controls for high-risk virtual servers

DConduct an independent review of each server s security configuration.

Show Answer

Question: 3

Both statistical and nonstatistical sampling techniques:

Apermit the auditor to quantify and fix the level of risk

Bpermit the auditor to quantity the probability of error,

Cprovide each item an equal opportunity of being selected,

Drequire judgment when defining population characteristics

Show Answer

Question: 4

Which of the following is the BEST guidance from an IS auditor to an organization planning an initiative to improve the effectiveness of its IT processes?

AIT management should include process improvement requirements in staff performance objectives

BIT staff should be surveyed to identify current IT process weaknesses and suggest improvements.

CThe organization should refer to poor audit reports to identify the specific IT processes to be improved

DThe organization should use a capability maturity model to identify current maturity levels for each IT process.

Show Answer

Question: 5

Which of the following a recent internal data breach, an IS auditor was asked to evaluate information security practices within the organization. Which of the following findings would be MOST important to report to senior management?

ADesktop passwords do not require special characters

BEmployees are not required to sign a non-compete agreement.

CUsers lack technical knowledge related to security and data protection

DSecurity education and awareness workshops have not been completed

Show Answer

Isaca CISA Quiz:352 Topic:7 Questions:1756-1760