CISA Study Guide – Questions With Definite
Solutions
Save
Terms in this set (402)
NO.1 Which of the following B
observations should be of GREATEST
concern to an IS auditor reviewing
a large organization's virtualization
environment?
A. An unused printer has been left
connected to the host system.
B. Guest tools have been installed
without sufficient access control,
C. A rootkit was found on the host
operating system
D. Host inspection capabilities have
been disabled
NO.2 An IS auditor is reviewing a B. Change log
recent security incident and is seeking
information about the
approval of a recent modification to a
database system's security settings
Where would the auditor
MOST likely find this information?
A. System event correlation report
B. Change log
C. Database log
D. Security incident and event
management (SIEM) report
,NO.3 An IS auditor wants to C
understand the collective effect of the
preventive, detective, and
corrective controls for a specific
business process. Which of the
following should the auditor focus on
FIRST?
A. The formal documentation of the
process and how adherence is
measured
B. Whether the existence of preventive
controls causes corrective controls to
become unnecessary
C. Whether segregation of duties is in
place when two controls are applied
simultaneously
D. The various points in the process
where controls are exercised
NO.4 Which of the following is the A
BEST way to minimize the impact of a
ransomware attack?
A. Perform more frequent system
backups.
B. Maintain a regular schedule for
patch updates.
C. Provide user awareness training on
ransomware attacks.
D. Grant system access based on least
privilege.
NO.5 Which of the following group is A
MOST likely responsible for the
implementation of IT projects?
A. IT steering committee
B. IT strategy committee
C. IT compliance committee
D. IT governance committee
,NO.6 Which of the following is MOST A
influential when defining disaster
recovery strategies?
A. Annual loss expectancy
B. Maximum tolerable downtime
IT Certification Guaranteed, The Easy
Way!
2
C. Data classification scheme
D. Existing server redundancies
NO.7 When aligning IT projects with C
organizational objectives, it is MOST
important to ensure that
the:
A. percentage of growth in project
intake is reviewed.
B. overall success rate of projects is
high.
C. business cases have been clearly
defined for all projects.
D. project portfolio database is
updated when new systems are
acquired.
NO.8 An IS auditor determines that a C
business continuity plan has not been
reviewed and approved
by management.
Which of the following is the MOST
significant risk associated with this
situation?
A. Continuity planning may be subject
to resource constraints.
B. The plan may not be aligned with
industry best practice.
C. Critical business processes may not
be addressed adequate.
D. The plan has not been reviewed by
risk management
, NO.9 Which of the following is an IS C
auditor's BEST guidance regarding the
use of IT frameworks?
A. To ensure consistency throughout
the organization, management should
adopt a single
comprehensive framework.
B. Frameworks provide standards that
enable management to benchmark
against peer organizations
.
C. Frameworks encourage efficiency,
provide a way to measure
effectiveness, and allow for
improvements
D. Industry-specific frameworks, when
available, are preferred over the more
generic comprehensive
frameworks.
NO.10 Which of the following provides B
an IS auditor with the BEST evidence
that a system has been
assessed for known exploits?
A. Patch cycle report
B. Vulnerability scanning report
C. Black box testing report
D. White box testing report
Solutions
Save
Terms in this set (402)
NO.1 Which of the following B
observations should be of GREATEST
concern to an IS auditor reviewing
a large organization's virtualization
environment?
A. An unused printer has been left
connected to the host system.
B. Guest tools have been installed
without sufficient access control,
C. A rootkit was found on the host
operating system
D. Host inspection capabilities have
been disabled
NO.2 An IS auditor is reviewing a B. Change log
recent security incident and is seeking
information about the
approval of a recent modification to a
database system's security settings
Where would the auditor
MOST likely find this information?
A. System event correlation report
B. Change log
C. Database log
D. Security incident and event
management (SIEM) report
,NO.3 An IS auditor wants to C
understand the collective effect of the
preventive, detective, and
corrective controls for a specific
business process. Which of the
following should the auditor focus on
FIRST?
A. The formal documentation of the
process and how adherence is
measured
B. Whether the existence of preventive
controls causes corrective controls to
become unnecessary
C. Whether segregation of duties is in
place when two controls are applied
simultaneously
D. The various points in the process
where controls are exercised
NO.4 Which of the following is the A
BEST way to minimize the impact of a
ransomware attack?
A. Perform more frequent system
backups.
B. Maintain a regular schedule for
patch updates.
C. Provide user awareness training on
ransomware attacks.
D. Grant system access based on least
privilege.
NO.5 Which of the following group is A
MOST likely responsible for the
implementation of IT projects?
A. IT steering committee
B. IT strategy committee
C. IT compliance committee
D. IT governance committee
,NO.6 Which of the following is MOST A
influential when defining disaster
recovery strategies?
A. Annual loss expectancy
B. Maximum tolerable downtime
IT Certification Guaranteed, The Easy
Way!
2
C. Data classification scheme
D. Existing server redundancies
NO.7 When aligning IT projects with C
organizational objectives, it is MOST
important to ensure that
the:
A. percentage of growth in project
intake is reviewed.
B. overall success rate of projects is
high.
C. business cases have been clearly
defined for all projects.
D. project portfolio database is
updated when new systems are
acquired.
NO.8 An IS auditor determines that a C
business continuity plan has not been
reviewed and approved
by management.
Which of the following is the MOST
significant risk associated with this
situation?
A. Continuity planning may be subject
to resource constraints.
B. The plan may not be aligned with
industry best practice.
C. Critical business processes may not
be addressed adequate.
D. The plan has not been reviewed by
risk management
, NO.9 Which of the following is an IS C
auditor's BEST guidance regarding the
use of IT frameworks?
A. To ensure consistency throughout
the organization, management should
adopt a single
comprehensive framework.
B. Frameworks provide standards that
enable management to benchmark
against peer organizations
.
C. Frameworks encourage efficiency,
provide a way to measure
effectiveness, and allow for
improvements
D. Industry-specific frameworks, when
available, are preferred over the more
generic comprehensive
frameworks.
NO.10 Which of the following provides B
an IS auditor with the BEST evidence
that a system has been
assessed for known exploits?
A. Patch cycle report
B. Vulnerability scanning report
C. Black box testing report
D. White box testing report
