Last Updated on December 12, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 06

  1. A senior auditor is reviewing work papers prepared by a junior auditor indicating that a finding was removed after the auditee said they corrected the problem. Which of the following is the senior auditor’s MOST appropriate course of action?

    • Approve the work papers as written
    • Refer the issue to the audit director
    • Have the finding reinstated
    • Ask the auditee to retest
  2. An IS auditor is conducting a pre-implementation review to determine a new system’s production readiness. The auditor’s PRIMARY concern should be whether:

    • the project adhered to the budget and target date
    • users were involved in the quality assurance (QA) testing
    • there are unresolved high-risk items
    • benefits realization has been evidenced
  3. An IS auditor reviewing the threat assessment for a data center would be MOST concerned if:

    • all identified threats relate to external entities
    • some of the identified threats are unlikely to occur
    • neighboring organizations’ operations have been included
    • the exercise was completed by local management
  4. When following up on a data breach, an IS auditor finds a system administrator may have compromised the chain of custody. Which of the following should the system administrator have done FIRST to preserve the evidence?

    • Perform forensic discovery
    • Notify key stakeholders
    • Quarantine the system
    • Notify the incident response team
  5. Which of the following should an IS auditor verify when auditing the effectiveness of virus protection?

    • Frequency of IDS log reviews
    • Currency of software patch application
    • Schedule for migration to production
    • Frequency of external Internet access
  6. Which of the following should be reviewed FIRST when planning an IS audit?

    • Recent financial information
    • Annual business unit budget
    • IS audit standards
    • The business environment
  7. An IS auditor is evaluating a virtual server environment and learns that the production server, development server, and management console are housed in the same physical host. What should be the auditor’s PRIMARY concern?

    • The physical host is a single point of failure
    • The management console is a single point of failure
    • The development server and management console share the same host
    • The development and production servers share the same host
  8. An organization’s disposal policy emphasizes obtaining maximum value for surplus IT media. The IS auditor should obtain assurance that:

    • the media is returned to the vendor for credit
    • any existing data is removed before disposal
    • identification labels are removed
    • the media is recycled to other groups within the organization
  9. An auditor notes the administrator user ID is shared among three financial managers to perform month-end updates. Which of the following is the BEST recommendation to ensure the administrator ID in the financial system is controlled effectively?

    • Implement use of individual software tokens
    • Conduct employee awareness training
    • Institute user ID logging and monitoring
    • Ensure data in the financial systems has been classified
  10. Which of the following is MOST important for an IS auditor to verify after finding repeated unauthorized access attempts were recorded on a security report?

    • Password reset requests have been confirmed as legitimate
    • There is evidence that the incident was investigated
    • System configuration changes are properly tracked
    • A comprehensive access policy has been established
  11. An IS auditor is involved with a project and finds an IT project stakeholder wants to make a change that could affect both the project scope and schedule. Which of the following would be the MOST appropriate action for the project manager with respect to the change request?

    • Recommend to the project sponsor whether to approve the change
    • Modify the project plan as a result of the change
    • Evaluate the impact of the change
    • Ignore out-of-scope requests
  12. Which of the following should an IS auditor expect to see in a network vulnerability assessment?

    • Misconfiguration and missing updates
    • Malicious software and spyware
    • Security design flaws
    • Zero-day vulnerabilities
  13. An IS auditor is evaluating the security of an organization’s data backup process, which includes the transmission of daily incremental backups to a dedicated offsite server. Which of the following findings poses the GREATEST risk to the organization?

    • Backup transmissions are not encrypted
    • Backup transmissions occasionally fail
    • Data recovery testing is conducted once per year
    • The archived data log is incomplete
  14. When continuous monitoring systems are being implemented, an IS auditor should FIRST identify:

    • the location and format of output files
    • applications that provide the highest financial risk
    • high-risk areas within the organization
    • the controls on which to focus
  15. During a follow-up audit, an IS auditor concludes that a previously identified issue has not been adequately remediated. The auditee insists the risk has been addressed. The auditor should:

    • recommend an independent assessment by a third party
    • report the disagreement according to established procedures
    • follow-up on the finding next year
    • accept the auditee’s position and close the finding
  16. An organization allows employee use of personal mobile devices for corporate email. Which of the following should be the GREATEST IS audit concern?

    • Email forwarding to private devices requires excessive network bandwidth
    • There is no corporate policy for the acceptable use of private devices
    • There is no adequate tracking of the working time spent out-of-hours
    • The help desk is not able to fully support different kinds of private devices
  17. Which of the following findings would be of GREATEST concern to an IS auditor reviewing an organization’s newly implemented online security awareness program?

    • Only new employees are required to attend the program
    • The timing for program updates has not been determined
    • Metrics have not been established to assess training results
    • Employees do not receive immediate notification of results
  18. What would be of GREATEST concern to an IS auditor observing shared key cards being utilized to access an organization’s data center?

    • The lack of a multi-factor authentication system
    • The inability to identify who has entered the data center
    • The inability to track the number of misplaced cards
    • The lack of enforcement of organizational policy and procedures
  19. Which of the following is MOST important for an IS auditor to ensure is included in a global organization’s online data privacy notification to customers?

    • Consequences to the organization for mishandling the data
    • Consent terms including the purpose of data collection
    • Contact information for reporting violations of consent
    • Industry standards for data breach notification
  20. While planning a security audit, an IS auditor is made aware of a security review carried out by external consultants. It is MOST important for the auditor to:

    • re-perform the security review.
    • accept the findings and conclusions of the consultants.
    • review similar reports issued by the consultants.
    • assess the objectivity and competence of the consultants.