Isaca CISA Quiz 533 Topic 8 Questions 2661-2665

Question: 1

An IS auditor is reviewing the results of a business process improvement project. Which of the following should

be performed FIRST?

AEvaluate control gaps between the old and the new processes.

BDevelop compensating controls.

CDocument the impact of control weaknesses in the process.

DEnsure that lessons learned during the change process are documented.

Show Answer

Question: 2

Which of the following is MOST important for an IS auditor to consider when auditing a vulnerability scanning

software solution?

AThe scanning software was purchased from an approved vendor.

BThe scanning software was approved for release into production.

CThe scanning software covers critical systems.

DThe scanning software is cost-effective.

Show Answer

Question: 3

A database administrator (DBA) extracts a user listing for an auditor as testing evidence. Which of the following will provide the GREATEST assurance that the user listing is reliable?

AObtaining sign-off from the DBA to attest that the list is complete

BRequesting a copy of the query that generated the user listing

CRequesting a query that returns the count of the users

DWitnessing the DBA running the query in-person

Show Answer

Question: 4

An IS auditor is assigned to review the IS department's quality procedures. Upon contacting the IS manager,

the auditor finds that there is an informal unwritten set of standards. Which of the following should be the

auditor's NEXT action?

AFinalize the audit and report the finding.

BMake recommendations to IS management as to appropriate quality standards.

CPostpone the audit until IS management implements written standards.

DDocument and test compliance with the informal standards.

Show Answer

Question: 5

Which of the following threats is MOST effectively controlled by a firewall?

ANetwork congestion

BDenial of service (DoS) attack

CNetwork sniffing

DPassword cracking

Show Answer

Isaca CISA Quiz:533 Topic:8 Questions:2661-2665