Isaca CISA Quiz 355 Topic 7 Questions 1771-1775

Question: 1

Which of the following would BEST indicate the effectiveness of a security awareness training program?

AIncreased number of employees completing training

BReduced unintentional violations

CResults of third-parry social engineering tests

DEmployee satisfaction with trailing

Show Answer

Question: 2

To help ensure the organization s information assets are adequately protected, which of the following considerations is MOST important when developing an information classification and handling policy?

AThe policy is owned by the head of information security, who has the authority to enforce the policy.

BThe policy has been mapped against industry frameworks for classifying information assets.

CThe policy specifies requirements to safeguard information assets based on their importance to the organization

DThe policy is subject to periodic reviews to ensure its provisions are up to date

Show Answer

Question: 3

An IS auditor conducting audit follow-up activities learns that some previously agreed-upon corrective actions have not been taken and that the associated risk has been accepted by senior management. If the auditor disagrees with management s decision what is the BEST way to address the situation?

AReport the issue to the chief audit executive for resolution

BRepeat the audit with audit scope only covering areas with accepted risks.

CTake no action since management s decision has been made

DRecommend new corrective actions to mitigate the accepted risk.

Show Answer

Question: 4

An organization has software that is not compliant with data protection requirements. To help ensure that appropriate and relevant data protection controls are implemented in the future, the auditor s BEST course of action would be to:

Amap the organization's business processes to identify personally identifiable information (PII)

Brecommend an executive be appointed to oversee privacy program improvements.

Crecommend that privacy checks are included within the solution development life cycle.

Dconduct a privacy impact assessment to identify gaps in the organization's privacy practices

Show Answer

Question: 5

Which of the following is BEST addressed when using a timestamp within a digital signature to deliver sensitive financial information?

AAuthentication

BNonrepudiation

CData integrity

DReplay protection

Show Answer

Isaca CISA Quiz:355 Topic:7 Questions:1771-1775