Valid CISA Dumps shared by ExamDiscuss.com for Helping Passing CISA Exam! ExamDiscuss.com now offer the newest CISA exam dumps, the ExamDiscuss.com CISA exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CISA dumps with Test Engine here:
Access CISA Dumps Premium Version
(1435 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 173/227
An IS auditor finds that, in accordance with IS policy, IDs of terminated users are deactivated within 90 days of termination. The IS auditor should:
Correct Answer: C
Explanation/Reference:
Explanation:
Although a policy provides a reference for performing IS audit assignments, an IS auditor needs to review the adequacy and the appropriateness of the policy. If, in the opinion of the auditor, the time frame defined for deactivation is inappropriate,the auditor needs to communicate this to management and recommend changes to the policy. Though the deactivation happens as stated in the policy, it cannot be concluded that the control is effective. Best practice would require that the ID of a terminated user be deactivated immediately. Verifying that user access rights have been granted on a need-to-have basis is necessary when permissions are granted. Recommending that activity logs of terminated users be reviewed on a regular basis is a good practice, but not as effective as deactivation upon termination.
Explanation:
Although a policy provides a reference for performing IS audit assignments, an IS auditor needs to review the adequacy and the appropriateness of the policy. If, in the opinion of the auditor, the time frame defined for deactivation is inappropriate,the auditor needs to communicate this to management and recommend changes to the policy. Though the deactivation happens as stated in the policy, it cannot be concluded that the control is effective. Best practice would require that the ID of a terminated user be deactivated immediately. Verifying that user access rights have been granted on a need-to-have basis is necessary when permissions are granted. Recommending that activity logs of terminated users be reviewed on a regular basis is a good practice, but not as effective as deactivation upon termination.
- Question List (227q)
- 1 commentQuestion 1: Which of the following is an advantage of an integrated test...
- Question 2: A company laptop has been stolen and all photos on the lapto...
- Question 3: .What must an IS auditor understand before performing an app...
- Question 4: You should know the difference between an exploit and a vuln...
- Question 5: Which of the following is MOST important for an IS auditor t...
- Question 6: Which of the following should be the PRIMARY audience for a ...
- Question 7: Which of the following type of honey pot essentially gives a...
- Question 8: Which of the following is the BEST indication of effective I...
- Question 9: Which of the following is a method to prevent disclosure of ...
- Question 10: Which of the following would BEST facilitate the detection o...
- Question 11: Which of the following is an IS auditor s GREATEST concern w...
- Question 12: Proper segregation of duties does not prohibit a quality con...
- Question 13: After discussing findings with an auditee, an IS auditor is ...
- Question 14: What would be the MOST effective control for enforcing accou...
- Question 15: Which of the following statement correctly describes the dif...
- Question 16: During a security audit, an IS auditor is tasked with review...
- Question 17: Input/output controls should be implemented for which applic...
- 1 commentQuestion 18: A manufacturing firm wants to automate its invoice payment s...
- Question 19: Which of the following risks could result from inadequate so...
- Question 20: Which of the following encryption methods uses a matching pa...
- Question 21: During an audit of a financial application, it was determine...
- Question 22: An IS auditor finds that conference rooms have active networ...
- Question 23: What is BEST for an IS auditor to review when assessing the ...
- Question 24: Which of the following is the MOST critical and contributes ...
- Question 25: Which of the following observations should be of GREATEST co...
- Question 26: Which of the following would help to ensure the portability ...
- Question 27: The MOST likely explanation for the use of applets in an Int...
- Question 28: To optimize an organization's business contingency plan (BCP...
- Question 29: Which of the following term related to network performance r...
- Question 30: Which of the following is the GREATEST threat to Voice-over ...
- Question 31: Which of the following ensures the availability of transacti...
- Question 32: Due to cost restraints, a company defers the replacement of ...
- Question 33: Establishing data ownership is an important first step for w...
- Question 34: .Using the OSI reference model, what layer(s) is/are used to...
- Question 35: Which of the following ensures a sender's authenticity and a...
- Question 36: Which of the following would be an auditor's GREATEST concer...
- Question 37: Which of the following is a detective control?...
- Question 38: When developing metrics to measure the contribution of IT to...
- Question 39: An IS auditor performs a follow-up audit and learns the appr...
- Question 40: Which of the following would BEST support 24/7 availability?...
- Question 41: An IS auditor finds multiple situations where the help desk ...
- Question 42: In the review of a feasibility study for an IS acquisition, ...
- Question 43: Which of the following online auditing techniques is most ef...
- Question 44: An emergency power-off switch should:...
- Question 45: How do modems (modulation/demodulation) function to facilita...
- Question 46: Which of the following reports should an IS auditor use to c...
- Question 47: Which of the following would a digital signature MOST likely...
- Question 48: An IS auditor has been asked to audit a complex system with ...
- Question 49: A vulnerability in which of the following virtual systems wo...
- Question 50: During the planning stage of an IS audit, the PRIMARY goal o...
- Question 51: An organization has established three IS processing environm...
- Question 52: When using an integrated test facility (ITF), an IS auditor ...
- Question 53: An IS auditor finds that a DBA has read and write access to ...
- Question 54: Which of the following is the MAIN purpose of an information...
- Question 55: .Which of the following is an effective method for controlli...
- Question 56: Which of the following BEST limits the impact of server fail...
- Question 57: What is the first step in a business process re-engineering ...
- Question 58: An IS auditor finds out-of-range data in some tables of a da...
- Question 59: In wireless communication, which of the following controls a...
- Question 60: The purpose of a deadman door controlling access to a comput...
- Question 61: Which of the following PBX feature supports shared extension...
- Question 62: Identify the INCORRECT statement from below mentioned testin...
- Question 63: Which of the following is the BEST way to address ongoing co...
- Question 64: A web organization is developed in-house by an organization....
- Question 65: Which of the following should an IS auditor be MOST concerne...
- 1 commentQuestion 66: The use of risk assessment tools for classifying risk factor...
- Question 67: During an audit of the logical access control of an ERP fina...
- Question 68: Which of the following is MOST important for the successful ...
- Question 69: Before concluding that internal controls can be relied upon,...
- Question 70: Which of the following is the PRIMARY role of the IS auditor...
- Question 71: The MOST likely effect of the lack of senior management comm...
- Question 72: Which of the following is MOST likely to result from complia...
- Question 73: Which of the following would be MOST useful when analyzing c...
- Question 74: The PRIMARY goal of a web site certificate is:...
- Question 75: Which of the following types of attack often take advantage ...
- Question 76: An IS auditor reviewing a proposed application software acqu...
- Question 77: An IS auditor is reviewing logical access controls for an or...
- Question 78: Which of the following conditions would be of MOST concern t...
- Question 79: Many organizations require an employee to take a mandatory v...
- Question 80: Once an organization has finished the business process reeng...
- Question 81: chain management processes Customer orders are not being ful...
- Question 82: An organization wants to reuse company-provided smartphones ...
- Question 83: What is BEST for an IS auditor lo review when assessing the ...
- Question 84: An IS auditor is reviewing the security of a web-based custo...
- Question 85: The PRIMARY purpose of audit trails is to:...
- Question 86: Which of the following software tools is often used for stea...
- Question 87: Of the following, who is BEST suited to establish an organiz...
- Question 88: A purpose of project closure is to determine the:...
- Question 89: An organization wants to replace its suite of legacy applica...
- Question 90: An IS auditor reviewing the risk assessment process of an or...
- Question 91: .Processing controls ensure that data is accurate and comple...
- Question 92: Which of the following provides nonrepudiation in an electro...
- Question 93: Which of the following types of audit always takes high prio...
- Question 94: An IS auditor has discovered that unauthorized customer mana...
- Question 95: Which of the following insurance types provide for a loss ar...
- Question 96: The ultimate purpose of IT governance is to:...
- Question 97: The FIRST step in managing the risk of a cyber attack is to:...
- Question 98: After delivering an audit report, the audit manager discover...
- Question 99: Which of the following is the BEST sampling method to ensure...
- Question 100: Which of the following should be the GREATEST concern to an ...
- Question 101: IT best practices for the availability and continuity of IT ...
- Question 102: Which of the following is the MOST critical and contributes ...
- Question 103: With respect to the outsourcing of IT services, which of the...
- Question 104: During an external assessment of network vulnerability which...
- Question 105: An IS auditor reviewing the implementation of an intrusion d...
- Question 106: A comprehensive and effective e-mail policy should address t...
- Question 107: Identify the correct sequence of Business Process Reengineer...
- Question 108: After initial investigation, an IS auditor has reasons to be...
- Question 109: Which of the following is a passive attack to a network?...
- Question 110: To gain a clear understanding of the impact that a new regul...
- Question 111: Which of the following should be of GREATEST concern to an I...
- Question 112: Which of the following situations would increase the likelih...
- Question 113: Which of the following data validation edits is effective in...
- Question 114: Which of the following should an IS auditor review to determ...
- Question 115: The use of access control lists (ACLs) is the MOST effective...
- Question 116: Which of the following statement is NOT true about Voice-Ove...
- Question 117: Which of the following type of network service stores inform...
- Question 118: Which of the following are examples of tools for launching D...
- Question 119: Host Based ILD&P primarily addresses the issue of:...
- Question 120: In which of the following WAN message transmission technique...
- Question 121: An IS auditor finds that conference rooms have active networ...
- Question 122: In computer forensics, which of the following is the process...
- Question 123: Which of the following IS audit findings should be of GREATE...
- Question 124: An IS auditor has completed an audit on the organization's I...
- Question 125: When reviewing an active project, an IS auditor observed tha...
- Question 126: Which of the following virus prevention techniques can be im...
- Question 127: What is the Most critical finding when reviewing an organiza...
- Question 128: Of the following, who should approve a release to a critical...
- Question 129: An IS auditor is reviewing the results of a business process...
- Question 130: A hub is a device that connects:...
- Question 131: Which of the following is a key success factor for implement...
- Question 132: During the review of a biometrics system operation, an IS au...
- Question 133: A computer system is no more secure than the human systems r...
- Question 134: During the audit of an acquired software package, an IS audi...
- Question 135: Which of the following is the MOST reliable network connecti...
- Question 136: A bank has implemented a new accounting system. Which of the...
- Question 137: An IS auditor is performing a network security review of a t...
- Question 138: Who is responsible for ensuring that system controls and sup...
- Question 139: Whenever business processes have been re-engineered, the IS ...
- Question 140: An organization offers an online information security awaren...
- Question 141: An IS auditor is analyzing a sample of accesses recorded on ...
- Question 142: During a postimplementation review of an enterprise resource...
- Question 143: Proper segregation of duties does not prohibit a quality con...
- 1 commentQuestion 144: Which of the following is an IS auditor's BEST recommendatio...
- Question 145: Which of the following would an IS auditor consider the MOST...
- Question 146: Which of the following controls would an IS auditor look for...
- Question 147: What type of cryptosystem is characterized by data being enc...
- Question 148: Which of the following is the BEST way to determine if IT is...
- Question 149: An internal audit department reports directly to the chief f...
- Question 150: The MAJOR reason for replacing checks with electronic funds ...
- Question 151: Which of the following layer of an enterprise data flow arch...
- Question 152: Identify the network topology from below diagram presented b...
- 1 commentQuestion 153: When designing metrics for information security, the MOST im...
- Question 154: The MOST significant reason for using key performance indica...
- Question 155: Which of the following are designed to detect network attack...
- Question 156: Which of the following user profiles should be of MOST conce...
- Question 157: Which of the following should concern an IS auditor when rev...
- Question 158: A team conducting a risk analysis is having difficulty proje...
- Question 159: An online retailer is receiving customer about receiving dif...
- Question 160: Default permit is only a good approach in an environment whe...
- Question 161: In a multinational organization, local security regulations ...
- Question 162: An employee has accidentally posted confidential data to the...
- Question 163: To enable the alignment of IT staff development plans with I...
- Question 164: A new regulation requires organizations to report significan...
- Question 165: Which of the following is BEST characterized by unauthorized...
- Question 166: Which of the following represents the GREATEST risk created ...
- Question 167: Which of the following is the MOST reliable sender authentic...
- Question 168: Which of the following must exist to ensure the viability of...
- Question 169: The MAIN reason for requiring that all computer clocks acros...
- Question 170: When reviewing a disaster recovery plan (DRP), an IS auditor...
- Question 171: One advantage of monetary unit sampling is the fact that...
- Question 172: An IS auditor is asked to provide feedback on the systems op...
- Question 173: An IS auditor finds that, in accordance with IS policy, IDs ...
- Question 174: An online retailer is receiving customer complaints about re...
- Question 175: Which of the following should be an IS auditor's GREATEST co...
- Question 176: Which of the following functionality is NOT performed by the...
- Question 177: Which of the following will be the MOST effective method to ...
- Question 178: During a business continuity audit an IS auditor found that ...
- Question 179: Which of the following should be of MOST concern to an IS au...
- Question 180: Which of the following controls is MOST appropriate against ...
- Question 181: Which of the following observations should be of concern to ...
- Question 182: Phishing attack works primarily through:...
- Question 183: Which of the following is the MOST important consideration f...
- Question 184: Which of the following is an object-oriented technology char...
- Question 185: An IS auditor needs to consider many factors while evaluatin...
- Question 186: Pretexting is an act of:
- Question 187: To ensure that audit resources deliver the best value to the...
- Question 188: Which of the following would BEST help prioritize various pr...
- Question 189: Company.com has contracted with an external consulting firm ...
- Question 190: Which of the following should an IS auditor review to unders...
- Question 191: An IS auditor reviews an organizational chart PRIMARILY for:...
- Question 192: An organization is migrating from a legacy system to an ente...
- Question 193: What is the MOST effective way to ensure information securit...
- Question 194: Atomicity enforces data integrity by ensuring that a transac...
- Question 195: A long-term IS employee with a strong technical background a...
- Question 196: What is the first step in a business process re-engineering ...
- Question 197: An organization plans to receive an automated data feed into...
- Question 198: During a software acquisition review, an IS auditor should r...
- Question 199: A company has implemented a new client-server enterprise res...
- Question 200: .An IS auditor usually places more reliance on evidence dire...
- Question 201: Which of the following presents an inherent risk with no dis...
- Question 202: Which of the following should be the MOST important consider...
- Question 203: In order to properly protect against unauthorized disclosure...
- Question 204: An internal audit has found that critical patches were not i...
- Question 205: When conducting a penetration test of an IT system, an organ...
- Question 206: An organization developed a comprehensive three-year IT stra...
- Question 207: When using an integrated test facility (ITF), an IS auditor ...
- Question 208: Which of the following should be done FIRST when planning a ...
- Question 209: When auditing the closing stages of a system development pro...
- Question 210: An IS auditor discovers that validation controls in a web ap...
- Question 211: In a client-server architecture, a domain name service (DNS)...
- Question 212: Which of the following is the key benefit of control self-as...
- Question 213: Which of the following are the PRIMARY considerations when d...
- Question 214: Which of the following intrusion detection systems (IDSs) mo...
- Question 215: An IS auditor learns a server administration team regularly ...
- Question 216: An IS auditor who is reviewing incident reports discovers th...
- Question 217: An efficient use of public key infrastructure (PKI) should e...
- Question 218: An organization recently implemented a cloud document storag...
- Question 219: Which of the following attack involves sending forged ICMP E...
- Question 220: Which of the following term related to network performance r...
- Question 221: An IS audit manager has been asked to perform a quality revi...
- Question 222: During the design phase of a software development project, t...
- Question 223: Which of the following controls BEST mitigates the impact of...
- Question 224: The risk that the IS auditor will not find an error that has...
- Question 225: An organization considers implementing a system that uses a ...
- Question 226: When is regression testing used to determine whether new app...
- Question 227: Which of the following internet security threats could compr...
