Certified Information Systems Auditor v1.0

Page:    1 / 180   
Exam contains 2694 questions

An IS auditor discovers that validation controls in a web application have been moved from the server side into the browser to boost performance. This would
MOST likely increase the risk of a successful attack by:

  • A. phishing
  • B. structured query language (SQL) injection
  • C. denial of service (DoS)
  • D. buffer overflow


Answer : B

In a follow-up audit, an IS auditor notes that management has addressed the original findings in a different way than originally agreed upon. The auditor should
FIRST:

  • A. mark the recommendation as satisfied and close the finding
  • B. verify if management’s action mitigates the identified risk
  • C. re-perform the audit to assess the changed control environment
  • D. escalate the deviation to the audit committee


Answer : D

An organization is considering outsourcing the processing of customer insurance claims. An IS auditor notes that customer data will be sent offshore for processing. Which of the following would be the BEST way to address the risk of exposing customer data?

  • A. Require background checks on all service provider personnel involved in the processing of data.
  • B. Recommend the use of a service provider within the same country as the organization.
  • C. Consider whether the service provider has the ability to meet service level agreements (SLAs).
  • D. Assess whether the service provider meets the organization’s data protection policies.


Answer : D

An IS audit team is evaluating the documentation related to the most recent application user-access review performed by IT and business management. It is determined the user list was not system-generated. Which of the following should be the GREATEST concern?

  • A. Source of the user list reviewed
  • B. Availability of the user list reviewed
  • C. Confidentiality of the user list reviewed
  • D. Completeness of the user list reviewed


Answer : A

Which of the following should an IS auditor determine FIRST when evaluating additional hardware required to support the acquisition of a new accounting system?

  • A. A training program has been developed to support the new accounting system.
  • B. The supplier has experience supporting accounting systems.
  • C. The hardware specified will be compliant with the current IT strategy.
  • D. The hardware will be installed in a secure and environmentally controlled area.


Answer : C

A company requires that all program change requests (PCRs) be approved and all modifications be automatically logged. Which of the following IS audit procedures will BEST determine whether unauthorized changes have been made to production programs?

  • A. Review a sample of PCRs for proper approval throughout the program change process.
  • B. Trace a sample of program changes from the log to completed PCR forms.
  • C. Use source code comparison software to determine whether any changes have been made to a sample of programs since the last audit date.
  • D. Trace a sample of complete PCR forms to the log of all program changes.


Answer : C

An IS auditor submitted audit reports and scheduled a follow-up audit engagement with a client. The client has requested to engage the services of the same auditor to develop enhanced controls. What is the GREATEST concern with this request?

  • A. It would require the approval of the audit manager.
  • B. It would be beyond the original audit scope.
  • C. It would a possible conflict of interest.
  • D. It would require a change to the audit plan.


Answer : C

An IS auditor is evaluating the completeness of privacy procedures involving personally identifiable information (PII). Which of the following is MOST important for the auditor to verify is included in the procedures?

  • A. Regulatory requirements for protecting PII
  • B. The organization’s definition of PII
  • C. Encryption requirements for transmitting PII externally
  • D. A description of how PII is masked within key systems


Answer : A

The risk that the IS auditor will not find an error that has occurred is identified by which of the following terms?

  • A. Control
  • B. Prevention
  • C. Inherent
  • D. Detection


Answer : D

An IS auditor finds that application servers had inconsistent security settings leading to potential vulnerabilities. Which of the following is the BEST recommendation by the IS auditor?

  • A. Improve the change management process
  • B. Perform a configuration review
  • C. Establish security metrics
  • D. Perform a penetration test


Answer : B

An IS auditor reviewing a new application for compliance with information privacy principles should be the MOST concerned with:

  • A. nonrepudiation
  • B. collection limitation
  • C. availability
  • D. awareness


Answer : B

Which of the following is the PRIMARY reason for an IS auditor to issue an interim audit report?

  • A. To avoid issuing a final audit report
  • B. To enable the auditor to complete the engagement in a timely manner
  • C. To provide feedback to the auditee for timely remediation
  • D. To provide follow-up opportunity during the audit


Answer : C

Which of the following conditions would be of MOST concern to an IS auditor assessing the risk of a successful brute force attack encrypted data at rest?

  • A. Use of symmetric encryption
  • B. Use of asymmetric encryption
  • C. Random key generation
  • D. Short key length


Answer : D

In which of the following SDLC phases would the IS auditor expect to find that controls have been incorporated into system specifications?

  • A. Development
  • B. Implementation
  • C. Design
  • D. Feasibility


Answer : B

An IS auditor has been invited to join an IT project team responsible for building and deploying a new digital customer marketing platform. Which of the following is the BEST way for the auditor to support this project while maintaining independence?

  • A. Develop selection criteria for potential digital technology vendors.
  • B. Conduct an industry peer benchmarking exercise and advise on alternative solutions.
  • C. Conduct a risk assessment of the proposed initiative.
  • D. Design controls based on current regulatory requirements for digital technologies.


Answer : A

Page:    1 / 180   
Exam contains 2694 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us