CISA Exam Dumps - Certified Information Systems Auditor

Searching for workable clues to ace the Isaca CISA Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CISA PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:

<< First
Prev
1
2
3
4
5
6
7
8
9
10
Next
Last >>

Question # 41

Which of the following would be to MOST concern when determine if information assets are adequately safequately safeguarded during transport and disposal?

Lack of appropriate labelling

Lack of recent awareness training.

Lack of password protection

Lack of appropriate data classification

Full Access

Answer:

Explanation:

The most concerning issue when determining if information assets are adequately safeguarded during transport and disposal is lack of appropriate data classification. Data classification is a process that assigns categories or levels of sensitivity to different types of information assets based on their value, criticality, or risk to the organization. Data classification can help safeguard information assets during transport and disposal by providing criteria and guidelines for identifying, labeling, handling, and protecting information assets according to their sensitivity. Lack of appropriate data classification can compromise the security and confidentiality of information assets during transport and disposal by exposing them to unauthorized access, disclosure, theft, damage, or destruction. The other options are not as concerning as lack of appropriate data classification in safeguarding information assets during transport and disposal, as they do not affect the identification, labeling, handling, or protection of information assets according to their sensitivity. Lack of appropriate labeling is a possible factor that may increase the risk of misplacing, losing, or mishandling information assets during transport and disposal, but it does not affect the classification of information assets according to their sensitivity. Lack of recent awareness training is a possible factor that may affect the knowledge or behavior of staff involved in transporting or disposing of information assets, but it does not affect the classification of information assets according to their sensitivity. Lack of password protection is a possible factor that may affect the security or confidentiality of information assets stored on devices during transport and disposal, but it does not affect the classification of information assets according to their sensitivity.Â References:Â CISA Review Manual (Digital Version), Chapter 5, Section 5.3.2

Question # 42

An IS auditor has been tasked with analyzing an organization's capital expenditures against its repair and maintenance costs. Which of the following is the BEST reason to use a data analytics tool for this purpose?

It reduces the error rate.

It improves the reliability of the data.

It enables the auditor to work with 100% of the transactions.

It reduces the sample size required to perform the audit.

Full Access

Question # 43

Which of the following user actions poses the GREATEST risk for inadvertently introducing malware into a local network?

Uploading a file onto an internal server

Viewing a hypertext markup language (HTML) document

Downloading a file from an enterprise file share

Opening an email attachment from an external account

Full Access

Question # 44

An organization is modernizing its technology policy framework to demonstrate compliance with external industry standards. Which of the following would be MOST useful to an IS auditor for validating the outcome?

Benchmarking of internal standards against peer organizations

Inventory of the organization's approved policy exceptions

Policy recommendations from a leading external consulting agency

Mapping of relevant standards against the organization's controls

Full Access

Question # 45

An IS auditor finds that a key Internet-facing system is vulnerable to attack and that patches are not available. What should the auditor recommend be done FIRST?

Implement a new system that can be patched.

Implement additional firewalls to protect the system.

Decommission the server.

Evaluate the associated risk.

Full Access

Question # 46

Coding standards provide which of the following?

Program documentation

Access control tables

Data flow diagrams

Field naming conventions

Full Access

Question # 47

Prior to a follow-up engagement, an IS auditor learns that management has decided to accept a level of residual risk related to an audit finding without remediation. The IS auditor is concerned about management's decision. Which of the following should be the IS auditor's NEXT course of action?

Accept management's decision and continue the follow-up.

Report the issue to IS audit management.

Report the disagreement to the board.

Present the issue to executive management.

Full Access

Question # 48

An organization has recently acquired and implemented intelligent-agent software for granting loans to customers. During the post-implementation review, which of the following is the MOST important procedure for the IS auditor to perform?

Review system and error logs to verify transaction accuracy.

Review input and output control reports to verify the accuracy of the system decisions.

Review signed approvals to ensure responsibilities for decisions of the system are well defined.

Review system documentation to ensure completeness.

Full Access