Isaca CISA Quiz 515 Topic 8 Questions 2571-2575

Question: 1

An IS auditor has found that despite an increase in phishing attacks over the past two years, there has been a significant decrease in the success rate. Which of the following is the MOST likely reason for this decline?

AEnhanced training for incident responders

BImplementation of an intrusion detection system (IDS)

CDevelopment of an incident response plan

DImplementation of a security awareness program

Show Answer

Question: 2

Which of the following is MOST important for an IS auditor to verify after finding repeated unauthorized access attempts were recorded on a security report?

APassword reset requests have been confirmed as legitimate.

BThere is evidence that the incident was investigated.

CSystem configuration changes are properly tracked.

DA comprehensive access policy has been established.

Show Answer

Question: 3

Which of the following observations should be of MOST concern to an IS auditor evaluating an IT security team's incident handling practices?

AThe prioritization of incidents is not done through a standardized process.

BThe team's scope covers any nonstandard operation of IT services within the organization.

CDefined acceptable ranges for incident resolution are not established.

DUnresolved incidents are escalated based on criteria set by the organization's CIO.

Show Answer

Question: 4

An IS auditor reviewing a financial organization's identity management solution found thai some critical business applications do not have identified owners. Which of the following should the auditor do NEXT?

AWrite a finding in the audit report.

BRequest a business risk acceptance.

CDiscuss the issue with the auditee.

DRevoke access rights to the critical applications.

Show Answer

Question: 5

An IS audit team is planning to rely on a system-generated report to reduce the substantive procedures they will need to perform. Which of the following procedures should the IS auditor perform to verify the completeness of the report?

ATest data for appropriateness.

BEstablish some criteria for expected results and compare to actual results.

CValidate the report query.

DTrace a sample of transactions to the internal transactions.

Show Answer

Isaca CISA Quiz:515 Topic:8 Questions:2571-2575