Scribd Logo
Upload

Welcome to Scribd!

  • Cisa Test Bank Part 1

    Uploaded by

    JEP Walwal
    193 views2 pages

    Original Title

    CISA TEST BANK PART 1.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    193 views2 pages

    Cisa Test Bank Part 1

    Uploaded by

    JEP Walwal

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    CISA TEST BANK PART 1

    1. The development of an IS security policy is ultimately the responsibility of the:


    A. IS department.
    B. security committee.
    C. security administrator.
    D. board of directors.

    2. To minimize costs and improve service levels an outsourcer should seek which of the following contract clauses?
    A. O/S and hardware refresh frequencies
    B. Gain-sharing performance bonuses
    C. Penalties for noncompliance
    D. Charges tied to variable cost metrics

    3. Involvement of senior management is MOST important in the development of:


    A. strategic plans.
    B. IS policies.
    C. IS procedures.
    D. standards and guidelines.

    4. An IS auditor should be concerned when a telecommunication analyst:


    A. monitors systems performance and tracks problems resulting from program changes.
    B. reviews network load requirements in terms of current and future transaction volumes.
    C. assesses the impact of the network load on terminal response times and network data transfer rates.
    D. recommends network balancing procedures and improvements.

    5. The output of the risk management process is an input for making:


    A. business plans.
    B. audit charters.
    C. security policy decisions.
    D. software design decisions.

    6. The risks associated with electronic evidence gathering would MOST likely be reduced by an e-mail:
    A. destruction policy.
    B. security policy.
    C. archive policy.
    D. audit policy.

    7. An IT steering committee should review information systems PRIMARILY to assess:


    A. whether IT processes support business requirements.
    B. if proposed system functionality is adequate.
    C. the stability of existing software.
    D. the complexity of installed technology.
    EXPLANATION: The role of an IT steering committee is to ensure that the IS department is in harmony with the organization's
    mission and objectives. To ensure this, the committee must determine whether IS processes support the business
    requirements. Assessing proposed additional functionality and evaluating software stability and the complexity of technology
    are too narrow in scope to ensure that IT processes are, in fact, supporting the organization's goals.

    8. An IS auditor reviewing an organization's IT strategic plan should FIRST review:


    A. the existing IT environment.
    B. the business plan.
    C. the present IT budget.
    D. current technology trends.

    9. As an outcome of information security governance, strategic alignment provides:


    A. security requirements driven by enterprise requirements.
    B. baseline security following best practices.
    C. institutionalized and commoditized solutions.
    D. an understanding of risk exposure.

    10. A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate
    the potential losses, the team should:
    A. compute the amortization of the related assets.
    B. calculate a return on investment (ROI).
    C. apply a qualitative approach.
    D. spend the time needed to define exactly the loss amount.

    You might also like