Valid CISA Dumps shared by ExamDiscuss.com for Helping Passing CISA Exam! ExamDiscuss.com now offer the newest CISA exam dumps, the ExamDiscuss.com CISA exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CISA dumps with Test Engine here:
Access CISA Dumps Premium Version
(1435 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 273/434
An IS auditor reviewing security incident processes realizes incidents are resolved and closed, but root causes are not investigated. Which of the following should be the MAJOR concern with this situation?
Correct Answer: C
Explanation
The major concern with the situation where security incidents are resolved and closed, but root causes are not investigated, is that vulnerabilities have not been properly addressed. Vulnerabilities are weaknesses or gaps in the security posture of an organization that can be exploited by threat actors to compromise its systems, data, or operations. If root causes are not investigated, vulnerabilities may remain undetected or unresolved, allowing attackers to exploit them again or use them as entry points for further attacks. This can result in repeated or escalated security incidents that can cause more damage or disruption to the organization.
The other options are not as major as the concern about vulnerabilities, but rather secondary or related issues that may arise from the lack of root cause analysis. Abuses by employees have not been reported is a concern that may indicate a lack of awareness, accountability, or monitoring of insider threats. Lessons learned have not been properly documented is a concern that may indicate a lack of improvement, learning, or feedback from security incidents. Security incident policies are out of date is a concern that may indicate a lack of alignment, review, or update of security incident processes.
References:
ISACA CISA Review Manual 27th Edition (2019), page 254
Why Root Cause Analysis is Crucial to Incident Response (IR) - Avertium3 Root Cause Analysis Steps and How it Helps Incident Response ...
The major concern with the situation where security incidents are resolved and closed, but root causes are not investigated, is that vulnerabilities have not been properly addressed. Vulnerabilities are weaknesses or gaps in the security posture of an organization that can be exploited by threat actors to compromise its systems, data, or operations. If root causes are not investigated, vulnerabilities may remain undetected or unresolved, allowing attackers to exploit them again or use them as entry points for further attacks. This can result in repeated or escalated security incidents that can cause more damage or disruption to the organization.
The other options are not as major as the concern about vulnerabilities, but rather secondary or related issues that may arise from the lack of root cause analysis. Abuses by employees have not been reported is a concern that may indicate a lack of awareness, accountability, or monitoring of insider threats. Lessons learned have not been properly documented is a concern that may indicate a lack of improvement, learning, or feedback from security incidents. Security incident policies are out of date is a concern that may indicate a lack of alignment, review, or update of security incident processes.
References:
ISACA CISA Review Manual 27th Edition (2019), page 254
Why Root Cause Analysis is Crucial to Incident Response (IR) - Avertium3 Root Cause Analysis Steps and How it Helps Incident Response ...
- Question List (434q)
- Question 1: In an environment that automatically reports all program cha...
- Question 2: Which of the following information security requirements BE ...
- Question 3: Which of the following is the MOST effective way for an orga...
- Question 4: Which of the following is the BEST reason to implement a dat...
- Question 5: An IS auditor found that a company executive is encouraging ...
- Question 6: Which of the following should be performed FIRST before key ...
- Question 7: An IS auditor is assigned to review the IS department s qual...
- Question 8: Which of the following would MOST likely impair the independ...
- Question 9: In response to an audit finding regarding a payroll applicat...
- Question 10: When testing the adequacy of tape backup procedures, which s...
- Question 11: Which of the following is a social engineering attack method...
- Question 12: Which of the following would the IS auditor MOST likely revi...
- Question 13: An IS auditor is preparing a plan for audits to be carried o...
- Question 14: Which of the following is the BEST way to prevent social eng...
- Question 15: Which of the following is MOST important to consider when as...
- Question 16: Which of the following demonstrates the use of data analytic...
- Question 17: Which of the following should be done FIRST when planning to...
- Question 18: Which of the following will be the MOST effective method to ...
- Question 19: Retention periods and conditions for the destruction of pers...
- Question 20: Which of the following methods would BEST help detect unauth...
- Question 21: When verifying the accuracy and completeness of migrated dat...
- Question 22: Which of the following is the MOST important reason to imple...
- Question 23: An organization outsourced its IS functions to meet its resp...
- Question 24: Which of the following would provide the BEST evidence that ...
- Question 25: During a pre-deployment assessment, what is the BEST indicat...
- Question 26: From a risk management perspective, which of the following i...
- Question 27: Which of the following areas of responsibility would cause t...
- Question 28: Which of the following is the GREATEST risk of using a recip...
- Question 29: Which of the following is the PRIMARY reason to follow a con...
- Question 30: Which of the following would minimize the risk of losing tra...
- Question 31: Which of the following is the BEST way to address segregatio...
- Question 32: A programmer has made unauthorized changes lo key fields in ...
- Question 33: What would be the PRIMARY reason an IS auditor would recomme...
- Question 34: An organization relies on an external vendor that uses a clo...
- Question 35: Which of the following should be the FIRST step when conduct...
- Question 36: While evaluating the data classification process of an organ...
- Question 37: Which of the following would BEST demonstrate that an effect...
- Question 38: Which of the following is an IS auditor's BEST recommendatio...
- Question 39: Which of the following is the MOST important activity in the...
- Question 40: An IS auditor has been asked to review an event log aggregat...
- Question 41: Which of the following helps to ensure the integrity of data...
- Question 42: The PRIMARY benefit of information asset classification is t...
- Question 43: Which of the following access rights presents the GREATEST r...
- Question 44: An organization's enterprise architecture (EA) department de...
- Question 45: A new system is being developed by a vendor for a consumer s...
- Question 46: Which of the following is the MOST important consideration f...
- Question 47: To enable the alignment of IT staff development plans with I...
- Question 48: A third-party consultant is managing the replacement of an a...
- Question 49: Which of the following is the BEST indicator of the effectiv...
- Question 50: The use of access control lists (ACLs) is the MOST effective...
- Question 51: An IS auditor has identified deficiencies within the organiz...
- Question 52: A bank performed minor changes to the interest calculation c...
- Question 53: An IS auditor is reviewing the perimeter security design of ...
- Question 54: What would be an IS auditor's BEST course of action when an ...
- Question 55: Which of the following is MOST critical to the success of an...
- Question 56: Which of the following would BEST help lo support an auditor...
- Question 57: An IS auditor would MOST likely recommend that IT management...
- Question 58: Which of the following controls is MOST important for ensuri...
- Question 59: Which of the following would be the BEST criteria for monito...
- Question 60: Which of the following should be given GREATEST consideratio...
- Question 61: Which of the following should be the FRST step when developi...
- Question 62: Secure code reviews as part of a continuous deployment progr...
- Question 63: Which of the following audit procedures would be MOST conclu...
- Question 64: Which of the following provides the MOST assurance over the ...
- Question 65: Which of the following is the BEST security control to valid...
- Question 66: The decision to accept an IT control risk related to data qu...
- Question 67: Which of the following would BEST determine whether a post-i...
- Question 68: Which of the following poses the GREATEST risk to an organiz...
- Question 69: Which of the following business continuity activities priori...
- Question 70: Which of the following types of firewalls provide the GREATE...
- Question 71: Which of the following findings should be of GREATEST concer...
- Question 72: Which of the following physical controls provides the GREATE...
- Question 73: Which of the following is the BEST way for management to ens...
- Question 74: Which of the following is MOST important for an IS auditor t...
- Question 75: Which of the following is MOST useful when planning to audit...
- Question 76: Which of the following is MOST important during software lic...
- Question 77: An organization with many desktop PCs is considering moving ...
- Question 78: When reviewing a project to replace multiple manual data ent...
- Question 79: What is MOST important to verify during an external assessme...
- Question 80: An organization that operates an e-commerce website wants to...
- Question 81: Which of the following would present the GREATEST concern du...
- Question 82: Which of the following should be of GREATEST concern to an I...
- Question 83: Which of the following would an IS auditor recommend as the ...
- Question 84: Which of the following is MOST important to include in secur...
- Question 85: Which of the following BEST ensures that effective change ma...
- Question 86: When evaluating the design of controls related to network mo...
- Question 87: Which of the following BEST protects an organization's propr...
- Question 88: Which of the following is the BEST source of information to ...
- Question 89: Which of the following environments is BEST used for copying...
- Question 90: Which of the following methods will BEST reduce the risk ass...
- Question 91: What is the PRIMARY purpose of performing a parallel run of ...
- Question 92: Backup procedures for an organization's critical data are co...
- Question 93: A system administrator recently informed the IS auditor abou...
- Question 94: During an external review, an IS auditor observes an inconsi...
- Question 95: Which of the following is the BEST way to foster continuous ...
- Question 96: When designing a data analytics process, which of the follow...
- Question 97: The operations team of an organization has reported an IS se...
- Question 98: An IS auditor is reviewing an organization's business intell...
- Question 99: Which of the following BEST demonstrates to senior managemen...
- Question 100: An organization that has suffered a cyber-attack is performi...
- Question 101: An organization has made a strategic decision to split into ...
- Question 102: Which of the following is the PRIMARY reason for an IS audit...
- Question 103: Which of the following BEST ensures the quality and integrit...
- Question 104: Which of the following weaknesses would have the GREATEST im...
- Question 105: Stress testing should ideally be carried out under a:...
- Question 106: Which of the following is MOST helpful to an IS auditor revi...
- Question 107: Which of the following is the PRIMARY reason for an IS audit...
- Question 108: Which of the following provides the MOST useful information ...
- Question 109: An incident response team has been notified of a virus outbr...
- Question 110: Which of the following statements appearing in an organizati...
- Question 111: Which of the following features of a library control softwar...
- Question 112: An organization has virtualized its server environment witho...
- Question 113: When reviewing an IT strategic plan, the GREATEST concern wo...
- Question 114: Which type of risk would MOST influence the selection of a s...
- Question 115: During audit planning, the IS audit manager is considering w...
- Question 116: Which of the following is the MOST effective way to detect a...
- Question 117: An organization is considering allowing users to connect per...
- Question 118: A post-implementation review was conducted by issuing a surv...
- Question 119: Which of the following is MOST important for an IS auditor t...
- Question 120: Which of the following is a social engineering attack method...
- Question 121: An organization's software developers need access to persona...
- Question 122: Which of the following responses to risk associated with seg...
- Question 123: Which of the following is me GREATE ST impact as a result of...
- Question 124: During an operational audit on the procurement department, t...
- Question 125: An IS auditor discovers a box of hard drives in a secured lo...
- Question 126: Which of the following is the PRIMARY reason an IS auditor s...
- Question 127: Which of the following provides the MOST reliable method of ...
- Question 128: When planning a follow-up, the IS auditor is informed by ope...
- Question 129: An organization has developed mature risk management practic...
- Question 130: In a high-volume, real-time system, the MOST effective techn...
- Question 131: What is the MAIN reason to use incremental backups?...
- Question 132: During an exit interview, senior management disagrees with s...
- Question 133: During the planning stage of a compliance audit, an IS audit...
- Question 134: An IS auditor is reviewing a contract for the outsourcing of...
- Question 135: An organizations audit charier PRIMARILY:...
- Question 136: Which of the following is MOST important for an IS auditor t...
- Question 137: When auditing the security architecture of an online applica...
- Question 138: Which of the following occurs during the issues management p...
- Question 139: An organization has an acceptable use policy in place, but u...
- Question 140: A CFO has requested an audit of IT capacity management due t...
- Question 141: An IS auditor is assigned to perform a post-implementation r...
- Question 142: Which audit approach is MOST helpful in optimizing the use o...
- Question 143: An IS auditor conducts a review of a third-party vendor's re...
- Question 144: After delivering an audit report, the audit manager discover...
- Question 145: When physical destruction IS not practical, which of the fol...
- Question 146: In an environment where data virtualization is used, which o...
- Question 147: Which of the following is MOST critical to the success of an...
- Question 148: The BEST way to evaluate the effectiveness of a newly develo...
- Question 149: An organization implemented a cybersecurity policy last year...
- Question 150: In the case of a disaster where the data center is no longer...
- Question 151: Which of the following would be the GREATEST concern to an I...
- Question 152: Which of the following provides the MOST protection against ...
- Question 153: Which of the following is the BEST indication of effective g...
- Question 154: A financial group recently implemented new technologies and ...
- Question 155: An IS auditor finds a high-risk vulnerability in a public-fa...
- Question 156: Which of the following would MOST effectively help to reduce...
- Question 157: What is the FIRST step when creating a data classification p...
- Question 158: An IS auditor is conducting a review of a data center. Which...
- Question 159: Which of the following is the BEST method to delete sensitiv...
- Question 160: Which of the following is MOST likely to be a project delive...
- Question 161: Which of the following observations would an IS auditor cons...
- Question 162: Which of the following activities would allow an IS auditor ...
- Question 163: Which of the following should be the PRIMARY basis for prior...
- Question 164: Which task should an IS auditor complete FIRST during the pr...
- Question 165: When a data center is attempting to restore computing facili...
- Question 166: An IS auditor finds that application servers had inconsisten...
- Question 167: An organization recently implemented a cloud document storag...
- Question 168: Which of the following should be the PRIMARY role of an inte...
- Question 169: Which of the following BEST enables the effectiveness of an ...
- Question 170: An organization's IT department and internal IS audit functi...
- Question 171: In which phase of the internal audit process is contact esta...
- Question 172: The PRIMARY purpose of a configuration management system is ...
- Question 173: Which of the following should an IS auditor be MOST concerne...
- Question 174: Which of the following provides the BEST evidence that a thi...
- Question 175: A secure server room has a badge reader system that records ...
- Question 176: Which of the following is the MOST important reason for an I...
- Question 177: Which of the following would provide an IS auditor with the ...
- Question 178: To mitigate the risk of exposing data through application pr...
- Question 179: Which of the following is MOST helpful for measuring benefit...
- Question 180: Which of the following is the BEST way to mitigate risk to a...
- Question 181: An IS auditor finds that one employee has unauthorized acces...
- Question 182: Which of the following is the BEST testing approach to facil...
- Question 183: Management has requested a post-implementation review of a n...
- Question 184: The PRIMARY benefit of automating application testing is to:...
- Question 185: Which of the following is MOST critical to the success of an...
- Question 186: When reviewing a business case for a proposed implementation...
- Question 187: Which type of attack targets security vulnerabilities in web...
- Question 188: In data warehouse (DW) management, what is the BEST way to p...
- Question 189: To reduce operational costs, IT management plans to reduce t...
- Question 190: Which of the following is the GREATEST risk when relying on ...
- Question 191: During the evaluation of controls over a major application d...
- Question 192: Which of the following is the PRIMARY reason to perform a ri...
- Question 193: Which of the following is a PRIMARY benefit of using risk as...
- Question 194: The use of which of the following is an inherent risk in the...
- 1 commentQuestion 195: During the walk-through procedures for an upcoming audit, an...
- Question 196: An organization plans to receive an automated data feed into...
- Question 197: An IS auditor finds the log management system is overwhelmed...
- Question 198: During an audit of a multinational bank's disposal process, ...
- Question 199: As part of the architecture of virtualized environments, in ...
- Question 200: Which of the following provides the GREATEST assurance that ...
- Question 201: An organization plans to receive an automated data feed into...
- Question 202: Which type of attack poses the GREATEST risk to an organizat...
- Question 203: A small business unit is implementing a control self-assessm...
- Question 204: A business has requested an audit to determine whether infor...
- Question 205: A vendor requires privileged access to a key business applic...
- Question 206: Which of the following BEST describes an audit risk?...
- Question 207: Which of the following would BEST help to ensure that an inc...
- Question 208: Which of the following is the BEST evidence that an organiza...
- Question 209: A new regulation requires organizations to report significan...
- Question 210: For an organization that has plans to implement web-based tr...
- Question 211: An IS auditor discovers that validation controls m a web app...
- Question 212: During an incident management audit, an IS auditor finds tha...
- Question 213: A sample for testing must include the 80 largest client bala...
- Question 214: An IS auditor notes the transaction processing times in an o...
- Question 215: Which of the following MOST effectively minimizes downtime d...
- Question 216: During a disaster recovery audit, an IS auditor finds that a...
- Question 217: Which of the following is MOST important for an IS auditor t...
- Question 218: Which of the following BEST enables an organization to impro...
- Question 219: An auditee disagrees with a recommendation for corrective ac...
- Question 220: Which of the following Is the BEST way to ensure payment tra...
- Question 221: Which of the following is the PRIMARY advantage of using vis...
- Question 222: In a RAO model, which of the following roles must be assigne...
- Question 223: An IS auditor is reviewing logical access controls for an or...
- Question 224: Which of the following backup schemes is the BEST option whe...
- Question 225: Controls related to authorized modifications to production p...
- Question 226: Which of the following is MOST important to determine during...
- Question 227: Which of the following is MOST important to consider when de...
- Question 228: An IT balanced scorecard is the MOST effective means of moni...
- Question 229: An audit identified that a computer system is not assigning ...
- Question 230: An IS auditor has found that a vendor has gone out of busine...
- Question 231: Which of the following is the BEST detective control for a j...
- Question 232: An IS auditor is performing a follow-up audit for findings i...
- Question 233: Which of the following provides the BEST audit evidence that...
- Question 234: A finance department has a multi-year project to upgrade the...
- Question 235: During a review of system access, an IS auditor notes that a...
- Question 236: Which of the following is the GREATEST benefit of adopting a...
- Question 237: Which of the following documents should specify roles and re...
- Question 238: Which of the following should be of GREATEST concern to an I...
- Question 239: An IS auditor has been asked to advise on measures to improv...
- Question 240: An IS auditor finds that while an organization's IT strategy...
- Question 241: Which of the following applications has the MOST inherent ri...
- Question 242: An IS auditor is evaluating an organization's IT strategy an...
- Question 243: Which of the following should an IS auditor ensure is classi...
- Question 244: Which of the following is the MAIN responsibility of the IT ...
- Question 245: An IS auditor found that a company executive is encouraging ...
- Question 246: The charging method that effectively encourages the MOST eff...
- Question 247: A month after a company purchased and implemented system and...
- Question 248: Which of the following is MOST critical for the effective im...
- Question 249: Which of the following is the BEST approach for determining ...
- Question 250: During a database management evaluation an IS auditor discov...
- Question 251: Which of the following is MOST helpful for an IS auditor to ...
- Question 252: When assessing whether an organization's IT performance meas...
- Question 253: A project team has decided to switch to an agile approach to...
- Question 254: Which of the following controls BEST ensures appropriate seg...
- Question 255: An IS auditor has completed the fieldwork phase of a network...
- Question 256: Which of the following is MOST important for an effective co...
- Question 257: Which of the following should be done FIRST to minimize the ...
- Question 258: Which of the following is an audit reviewer's PRIMARY role w...
- Question 259: Which of the following is the MOST important consideration f...
- Question 260: Which of the following is a concern associated with virtuali...
- Question 261: An internal audit department recently established a quality ...
- Question 262: Which of the following is the MOST important control for vir...
- Question 263: Which of the following is the BEST indicator of the effectiv...
- Question 264: An organization has recently acquired and implemented intell...
- Question 265: Which of the following would be of MOST concern for an IS au...
- Question 266: A small IT department has embraced DevOps, which allows memb...
- Question 267: Which of the following should be the FIRST step when develop...
- Question 268: An organization is concerned with meeting new regulations fo...
- Question 269: Which of the following should be the FIRST step in the incid...
- Question 270: Which of the following should an IS auditor expect to see in...
- Question 271: Which of the following is an IS auditor's BEST approach when...
- Question 272: An IS auditor finds that capacity management for a key syste...
- Question 273: An IS auditor reviewing security incident processes realizes...
- Question 274: An IS auditor is reviewing an organization's business contin...
- Question 275: Which of the following is the BEST control to prevent the tr...
- Question 276: What should an IS auditor do FIRST when management responses...
- Question 277: A data center's physical access log system captures each vis...
- Question 278: Which of the following is a PRIMARY responsibility of an IT ...
- Question 279: When planning an audit, it is acceptable for an IS auditor t...
- Question 280: An IS auditor is planning an audit of an organization's risk...
- Question 281: An IS auditor is reviewing the backup procedures in an organ...
- Question 282: What is the BEST way to reduce the risk of inaccurate or mis...
- Question 283: During an IT general controls audit of a high-risk area wher...
- Question 284: During an audit of a reciprocal disaster recovery agreement ...
- Question 285: Which type of review is MOST important to conduct when an IS...
- Question 286: Which of the following should be of MOST concern to an IS au...
- Question 287: Which of the following issues associated with a data center'...
- Question 288: Which of the following is a challenge in developing a servic...
- Question 289: A characteristic of a digital signature is that it...
- Question 290: During the implementation of an upgraded enterprise resource...
- Question 291: Which of the following is the BEST way to mitigate the risk ...
- Question 292: Which of the following should be done FIRST when planning a ...
- Question 293: An IS auditor requests direct access to data required to per...
- Question 294: Which of the following is the MOST effective control to miti...
- Question 295: Which of the following is the BEST reason for an organizatio...
- Question 296: Which of the following would BEST indicate the effectiveness...
- Question 297: An IT strategic plan that BEST leverages IT in achieving org...
- Question 298: During an ongoing audit, management requests a briefing on t...
- Question 299: What should an IS auditor do FIRST when a follow-up audit re...
- Question 300: An IS auditor is reviewing processes for importing market pr...
- Question 301: What is the PRIMARY reason for an organization to classify t...
- Question 302: Which of the following strategies BEST optimizes data storag...
- Question 303: The PRIMARY purpose of an incident response plan is to:...
- Question 304: An IS auditor who was instrumental in designing an applicati...
- Question 305: Which of the following provides the MOST useful information ...
- Question 306: During an exit meeting, an IS auditor highlights that backup...
- Question 307: An IS auditor has learned that access privileges are not per...
- Question 308: Which of the following approaches will ensure recovery time ...
- Question 309: Which of the following should be the FIRST step to successfu...
- Question 310: An IS audit manager is reviewing workpapers for a recently c...
- Question 311: Which of the following would be an auditor's GREATEST concer...
- Question 312: A computer forensic audit is MOST relevant in which of the f...
- Question 313: Which of the following BEST enables the timely identificatio...
- Question 314: The PRIMARY objective of value delivery in reference to IT g...
- Question 315: Which of the following is MOST useful for determining whethe...
- Question 316: Which of the following approaches would utilize data analyti...
- Question 317: An IS auditor follows up on a recent security incident and f...
- Question 318: Which of the following is an executive management concern th...
- Question 319: Which of the following documents would be MOST useful in det...
- Question 320: What would be an IS auditor's BEST recommendation upon findi...
- Question 321: Which of the following should be an IS auditor's PRIMARY con...
- Question 322: Which of the following is MOST important for an IS auditor t...
- Question 323: Which of the following is the BEST performance indicator for...
- Question 324: An IS auditor learns the organization has experienced severa...
- Question 325: What should an IS auditor do FIRST upon discovering that a s...
- Question 326: One advantage of monetary unit sampling is the fact that...
- Question 327: A core system fails a week after a scheduled update, causing...
- Question 328: An IS auditor is conducting a post-implementation review of ...
- Question 329: An organization has partnered with a third party to transpor...
- Question 330: Which of the following would BEST facilitate the successful ...
- Question 331: Which of the following is the GREATEST concern associated wi...
- Question 332: What should be the PRIMARY basis for selecting which IS audi...
- Question 333: When an intrusion into an organization network is deleted, w...
- Question 334: Malicious program code was found in an application and corre...
- Question 335: Which of the following is the MOST important responsibility ...
- Question 336: A credit card company has decided to outsource the printing ...
- Question 337: Which of the following is the BEST way to verify the effecti...
- Question 338: Which of the following is the BEST justification for deferri...
- Question 339: Which of the following is the BEST way to minimize sampling ...
- Question 340: Which of the following is MOST important to consider when re...
- Question 341: An IS auditor notes that the previous year's disaster recove...
- Question 342: An IS auditor reviewing the threat assessment tor a data cen...
- Question 343: An IS auditor finds that a key Internet-facing system is vul...
- Question 344: Which of the following is MOST important for an IS auditor t...
- Question 345: While auditing a small organization's data classification pr...
- Question 346: When planning an internal penetration test, which of the fol...
- Question 347: From an IS auditor's perspective, which of the following wou...
- Question 348: An organization is planning an acquisition and has engaged a...
- Question 349: During a follow-up audit, an IS auditor finds that some crit...
- Question 350: Which of the following controls BEST ensures appropriate seg...
- Question 351: During planning for a cloud service audit, audit management ...
- Question 352: Which of the following is the BEST way to ensure that busine...
- Question 353: How does a continuous integration/continuous development (CI...
- Question 354: When an IS audit reveals that a firewall was unable to recog...
- Question 355: An IS auditor discovers from patch logs that some in-scope s...
- Question 356: Which of the following is the BEST way for an organization t...
- Question 357: A firewall between internal network segments improves securi...
- Question 358: During a follow-up audit, it was found that a complex securi...
- Question 359: Which of the following is the MOST significant risk that IS ...
- Question 360: Using swipe cards to limit employee access to restricted are...
- Question 361: Which of the following would provide the BEST evidence of an...
- Question 362: To develop meaningful recommendations 'or findings, which of...
- Question 363: Which of the following should an IS auditor consider the MOS...
- Question 364: Which of the following findings should be of GREATEST concer...
- Question 365: During a review of a production schedule, an IS auditor obse...
- Question 366: IT disaster recovery time objectives (RTOs) should be based ...
- Question 367: Following a breach, what is the BEST source to determine the...
- Question 368: Which of the following provides an IS auditor assurance that...
- Question 369: During a routine internal software licensing review, an IS a...
- Question 370: An IS auditor discovers that an IT organization serving seve...
- Question 371: IT governance should be driven by:...
- Question 372: Which of the following findings would be of GREATEST concern...
- Question 373: The BEST way to determine whether programmers have permissio...
- Question 374: Which of the following is the MAIN risk associated with addi...
- Question 375: An IS auditor has been asked to assess the security of a rec...
- Question 376: During an audit which of the following would be MOST helpful...
- Question 377: Which of the following should be of GREATEST concern to an I...
- Question 378: Which of the following would BEST guide an IS auditor when d...
- Question 379: In reviewing the IT strategic plan, the IS auditor should co...
- Question 380: An IT balanced scorecard is PRIMARILY used for:...
- Question 381: An organization is planning to implement a work-from-home po...
- Question 382: Which of the following provides the BEST assurance of data i...
- Question 383: Which of the following application input controls would MOST...
- Question 384: Which type of control is being implemented when a biometric ...
- Question 385: Which of the following would be a result of utilizing a top-...
- Question 386: Which of the following would be of GREATEST concern when rev...
- Question 387: Stress testing should ideally be earned out under a:...
- Question 388: Which of the following analytical methods would be MOST usef...
- Question 389: Which of the following is MOST important for an IS auditor t...
- Question 390: A company has implemented an IT segregation of duties policy...
- Question 391: Which of the following is the MOST important advantage of pa...
- Question 392: Which of the following is MOST appropriate to prevent unauth...
- Question 393: When reviewing the functionality of an intrusion detection s...
- Question 394: A company requires that all program change requests (PCRs) b...
- Question 395: Providing security certification for a new system should inc...
- Question 396: A database administrator (DBA) should be prevented from havi...
- Question 397: Which of the following biometric access controls has the HIG...
- Question 398: When assessing a proposed project for the two-way replicatio...
- Question 399: Which of the following is the MOST effective accuracy contro...
- Question 400: Which of the following would BEST detect that a distributed ...
- Question 401: Which of the following components of a risk assessment is MO...
- Question 402: During the discussion of a draft audit report IT management ...
- Question 403: In an IT organization where many responsibilities are shared...
- Question 404: Which of the following BEST facilitates the legal process in...
- Question 405: An IS auditor Is renewing the deployment of a new automated ...
- Question 406: Which of the following would protect the confidentiality of ...
- Question 407: The FIRST step in an incident response plan is to:...
- Question 408: Which of the following would lead an IS auditor to conclude ...
- Question 409: An employee loses a mobile device resulting in loss of sensi...
- Question 410: Which of the following should an IS auditor review when eval...
- Question 411: Which of the following is MOST useful to an IS auditor perfo...
- Question 412: Prior to a follow-up engagement, an IS auditor learns that m...
- Question 413: Which of the following is the MOST effective way to identify...
- Question 414: The PRIMARY reason for an IS auditor to use data analytics t...
- Question 415: Which of the following presents the GREATEST challenge to th...
- Question 416: Which of the following is the MOST efficient way to identify...
- Question 417: During an audit of a financial application, it was determine...
- Question 418: The PRIMARY benefit lo using a dry-pipe fire-suppression sys...
- Question 419: A new regulation in one country of a global organization has...
- Question 420: Which of the following is MOST important for an IS auditor t...
- Question 421: An IS auditor found that operations personnel failed to run ...
- Question 422: Which of the following metrics is the BEST indicator of the ...
- Question 423: Which of the following is the PRIMARY reason for an IS audit...
- Question 424: Which of the following should be the GREATEST concern to an ...
- Question 425: A review of Internet security disclosed that users have indi...
- Question 426: The PRIMARY role of a control self-assessment (CSA) facilita...
- Question 427: During the discussion of a draft audit report. IT management...
- Question 428: Which of the following would be of GREATEST concern to an IS...
- Question 429: Which of the following presents the GREATEST risk to an orga...
- Question 430: In a review of the organization standards and guidelines for...
- Question 431: During the planning phase of a data loss prevention (DLP) au...
- Question 432: Which of the following is the BEST way to detect unauthorize...
- Question 433: Which of the following will provide the GREATEST assurance t...
- Question 434: When reviewing past results of a recurring annual audit, an ...
