Isaca CISA Quiz 457 Topic 8 Questions 2281-2285

Question: 1

Which of the following is MOST important for an IS auditor to confirm when reviewing the effectiveness of an incident response program?

AIncidents, are escalated to server management in a timely manner.

BIncidents are categorized according to industry standards

CLessons learned are incorporated into incident response processes

DThe plan is reviewed and undated annually.

Show Answer

Question: 2

An organization transmits large amount of data from one internal system to another. The IS auditor is reviewing quality of the data at the originating point. Which of the following should the auditor verify first?

AThe data has been encrypted

BThe data extraction process is completed

CThe data transformation is accurate

DThe source data is accurate

Show Answer

Question: 3

What is the BEST way for an IS auditor to address the risk associated with over-retention of personal data after identifying a large number of customer records retained beyond the retention period defined by law?

ARecommend automatic deletion of records beyond the retention period

BSchedule regular internal audits to identify records for deletion

CReport the retention period noncompliance to the regulatory authority

DEscalate the over-retention issue to the data privacy officer for follow up

Show Answer

Question: 4

The demilitarized zone (DMZ) is the part of a network where servers that are placed are:

ARunning-mission critical, non-web application

BInteracting with the public internet

CRunning internal department applications

DExternal to the organization

Show Answer

Question: 5

Which of the following should be of GREATEST concern to an IS auditor when auditing an organization's information security awareness

ATraining quizzes are designed and run by a third party company under a contract with the organization

BThe number of security incidents logged by employees to the help desk has increased in the past year

CSecurity awareness training is run via the organization's enterprise wide e-learning portal

DSecurity awareness training is not included as part of the on boarding process for new hires

Show Answer

Isaca CISA Quiz:457 Topic:8 Questions:2281-2285