CISA Practice Exam Questions & Answers 2023/2024

CISA Practice Exam Questions & Answers 2023/2024 It is important to understand the organization and its environment in order to effectively pinpoint the organization's key risk. One specific factor is an understanding of: - ANSWER-The organization's selection and application of policies and procedures Of the following, which is not a way to treat a risk? - ANSWER-Ignore it The three focus areas that management must address in order to govern IT include all of the following except: - ANSWER-Control optimization The first step in establishing a risk management program is: - ANSWER-To decide what the purpose of the program is An incident is any unexpected occurrence. The severity of an incident is generally: - ANSWER-Directly proportional to the time elapsed from the incident to the resolution of the incident One of the issues in managing a project is managing scope changes. Which of the following should be included in management of scope changes? - ANSWER-The work structure should be documented in a component management database Personal area networks (PANs) are used for: - ANSWER-Communications among computer devices, which include telephones, PDAs, cameras, etc. The IS Auditor is preparing the external network security assessment. Of the following, which step should the IS Auditor start with? - ANSWER-Reconnaissance. The IS Auditor should perform reconnaissance, or "footprinting" of the enterprise to appropriate gauge several details such as the scope (what elements to include in the test), what protocols and technology are involved, whether there is any sensitive information readily available to the public, or "leaked"