Isaca CISA Quiz 199 Topic 9 Questions 991-995

Question: 1

Time constraints and expanded needs have been found by an IS auditor to be the root causes for recent violations of corporate data definition standards in a new business intelligence project. Which of the following is the MOST appropriate suggestion for an auditor to make?

AAchieve standards alignment through an increase of resources devoted to the project

BAlign the data definition standards after completion of the project

CDelay the project until compliance with standards can be achieved

DEnforce standard compliance by adopting punitive measures against violators

Show Answer

Question: 2

After installing a network, an organization installed a vulnerability assessment tool or security scanner to identify possible weaknesses. Which is the MOST serious risk associated with such tools?

ADifferential reporting

BFalse-positive reporting

CFalse-negative reporting

DLess-detail reporting

Show Answer

Question: 3

The FIRST step in managing the risk of a cyber attack is to:

Aassess the vulnerability impact.

Bevaluate the likelihood of threats.

Cidentify critical information assets.

Destimate potential damage.

Show Answer

Question: 4

Which of the following is the MOST effective method for dealing with the spreading of a network worm that exploits vulnerability in a protocol?

AInstall the vendor's security fix for the vulnerability.

BBlock the protocol traffic in the perimeter firewall.

CBlock the protocol traffic between internal network segments.

DStop the service until an appropriate security fix is installed.

Show Answer

Question: 5

The PRIMARY objective of performing a postincident review is that it presents an opportunity to:

Aimprove internal control procedures.

Bharden the network to industry best practices.

Chighlight the importance of incident response management to management.

Dimprove employee awareness of the incident response process.

Show Answer

Isaca CISA Quiz:199 Topic:9 Questions:991-995