Free ISACA CISA Übungsprüfungen - Seite 2 von 55

Question #11

The PRIMARY reason to perform internal quality assurance (QA) for an internal audit function is to ensure:

A . Internal audit activity conforms with audit standards and methodology.
B . The audit function is adequately governed and meets performance metrics.
C . Inherent risk in audits is minimized.
D . Audit resources are used most effectively.

Lösung einblenden Lösung ausblenden

Question #12

Which of the following would BEST protect the confidentiality of sensitive data in transit between multiple offices?

A . Hash algorithms
B . Digital signatures
C . Public key infrastructure (PKI)
D . Kerberos

Lösung einblenden Lösung ausblenden

Question #13

An IS auditor is reviewing a medical device that is attached to a patient’s body, which automatically takes and uploads measurements to a cloud server. Treatment may be updated based on the measurements.

Which of the following should be the auditor’s PRIMARY focus?

A . Physical access controls on the device
B . Security and quality certification of the device
C . Device identification and authentication
D . Confirmation that the device is regularly updated

Lösung einblenden Lösung ausblenden

Question #14

Which of the following is the MOST important outcome of an information security program?

A . Operating system weaknesses are more easily identified.
B . Emerging security technologies are better understood and accepted.
C . The cost to mitigate information security risk is reduced.
D . Organizational awareness of security responsibilities is improved.

Lösung einblenden Lösung ausblenden

Richtige Antwort: D
D

Explanation:

The most important outcome of an information security program is to improve the organizational awareness of security responsibilities, as this will foster a culture of security and ensure that all stakeholders are aware of their roles and obligations in protecting the information assets of the organization. An information security program should also aim to achieve other outcomes, such as identifying operating system weaknesses, understanding and accepting emerging security technologies, and reducing the cost to mitigate information security risk, but these are not as important as improving the awareness of security responsibilities, which is the foundation of any effective information security program. *References: According to the ISACA IT Audit and Assurance Standards, Guidelines and Tools and Techniques for IS Audit and Assurance Professionals, section 2402 Planning, “The IS audit and assurance professional should identify and assess risk relevant to the area under review.” 1 One of the risk factors to consider is “the level of awareness of management and staff regarding IT risk management” 1. According to the ISACA IT Audit and Assurance Guideline G13 Information Security Management, “The objective of an information security management audit/assurance review is to provide management with an independent assessment relating to the effectiveness of information security management within the enterprise.” The guideline also states that “the audit/assurance professional should evaluate whether there is an appropriate level of awareness throughout the enterprise regarding information security policies, standards, procedures and guidelines.” According to a web search result from Microsoft Security, “Information security programs need to: … Support the execution of decisions.” 2 One of the ways to support the execution of decisions is to ensure that everyone in the organization understands their security responsibilities and follows the security policies and procedures.

Question #15

Following a breach, what is the BEST source to determine the maximum amount of time before customers must be notified that their personal information may have been compromised?

A . Industry regulations
B . Industry standards
C . Incident response plan
D . Information security policy

Lösung einblenden Lösung ausblenden

Question #16

Which of the following practices associated with capacity planning provides the GREATEST assurance that future incidents related to existing server performance will be prevented?

A . Reviewing results from simulated high-demand stress test scenarios
B . Performing a root cause analysis for past performance incidents
C . Anticipating current service level agreements (SLAs) will remain unchanged
D . Duplicating existing disk drive systems to improve redundancy and data storage

Lösung einblenden Lösung ausblenden

Question #17

Which of the following would protect the confidentiality of information sent in email messages?

A . Secure Hash Algorithm 1(SHA-1)
B . Digital signatures
C . Encryption
D . Digital certificates

Lösung einblenden Lösung ausblenden

Question #18

Which of the following is the MOST important task of an IS auditor during an application post-implementation review?

A . Conduct a business impact analysis (BIA)
B . Perform penetration testing
C . identify project delays
D . Verify user access controls

Lösung einblenden Lösung ausblenden

Question #19

An IS auditor reviewing an organization’s IT systems finds that the organization frequently purchases systems that are incompatible with the technologies already in the organization.

Which of the following is the MOST likely reason?

A . Ineffective risk management policy
B . Lack of enterprise architecture (EA)
C . Lack of a maturity model
D . Outdated enterprise resource planning (ERP) system

Lösung einblenden Lösung ausblenden

Question #20

An IS auditor Is reviewing a recent security incident and is seeking information about me approval of a recent modification to a database system’s security settings Where would the auditor MOST likely find this information?

A . System event correlation report
B . Database log
C . Change log
D . Security incident and event management (SIEM) report

Lösung einblenden Lösung ausblenden