CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 16
1. When conducting a review of security incident management, an IS auditor found there are no defined escalation processes. All incidents are managed by the service desk. Which of the following should be the auditor's PRIMARY concern?
A) Inefficient use of service desk resources
B) Management's lack of high impact incidents
C) Delays in resolving low priority trouble tickets
D) Management's inability to follow up on incident resolution
2. Which of the following should an IS auditor be MOST concerned with during a post-implementation review?
A) The system does not have a maintenance plan
B) The system contains several minor defects
C) The system was over budget by 15%
D) The system deployment was delayed by three weeks
3. An IS auditor is reviewing a bank's service level agreement (SLA) with a third-party provider that hosts the bank's secondary data center. Which of the following findings should be of GREATEST concern to the auditor?
A) The recovery point objective (RPO) has a shorter duration than documented in the disaster recovery plan
B) The recovery time objective (RTO) has a longer duration than documented in the disaster recovery plan
C) Backup data is hosted online only
D) The SLA has not been reviewed in more than a year
4. Which of the following is the MOST appropriate responsibility of an IS auditor involved in a data center renovation project?
A) Performing independent reviews of responsible parties engaged in the project
B) Ensuring the project progresses as scheduled and milestones are achieved
C) Performing day-to-day activities to ensure the successful completion of the project
D) Providing sign off on the design of controls for the data center
5. Which of the following is MOST important for an IS auditor to determine when reviewing how the organization's incident response team handles devices that may be involved in criminal activity?
A) Whether devices are checked for malicious applications
B) Whether the access logs are checked before seizing the devices
C) Whether users have knowledge of their devices being examined
D) Whether there is a chain of custody for the devices
A) Inefficient use of service desk resources
B) Management's lack of high impact incidents
C) Delays in resolving low priority trouble tickets
D) Management's inability to follow up on incident resolution
2. Which of the following should an IS auditor be MOST concerned with during a post-implementation review?
A) The system does not have a maintenance plan
B) The system contains several minor defects
C) The system was over budget by 15%
D) The system deployment was delayed by three weeks
3. An IS auditor is reviewing a bank's service level agreement (SLA) with a third-party provider that hosts the bank's secondary data center. Which of the following findings should be of GREATEST concern to the auditor?
A) The recovery point objective (RPO) has a shorter duration than documented in the disaster recovery plan
B) The recovery time objective (RTO) has a longer duration than documented in the disaster recovery plan
C) Backup data is hosted online only
D) The SLA has not been reviewed in more than a year
4. Which of the following is the MOST appropriate responsibility of an IS auditor involved in a data center renovation project?
A) Performing independent reviews of responsible parties engaged in the project
B) Ensuring the project progresses as scheduled and milestones are achieved
C) Performing day-to-day activities to ensure the successful completion of the project
D) Providing sign off on the design of controls for the data center
5. Which of the following is MOST important for an IS auditor to determine when reviewing how the organization's incident response team handles devices that may be involved in criminal activity?
A) Whether devices are checked for malicious applications
B) Whether the access logs are checked before seizing the devices
C) Whether users have knowledge of their devices being examined
D) Whether there is a chain of custody for the devices
1. Right Answer: B
Explanation:
2. Right Answer: A
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: D
Explanation:
Explanation:
2. Right Answer: A
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: D
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment