Free ISACA CISA Übungsprüfungen - Seite 48 von 55

Question #471

Which of the following is an IS auditor’s BEST recommendation to mitigate the risk of eavesdropping associated with an application programming interface (API) integration implementation?

A . Encrypt the extensible markup language (XML) file.
B . Implement Transport Layer Security (TLS).
C . Implement Simple Object Access Protocol (SOAP).
D . Mask the API endpoints.

Lösung einblenden Lösung ausblenden

Question #472

Which of the following is MOST important to define within a disaster recovery plan (DRP)?

A . A comprehensive list of disaster recovery scenarios and priorities
B . Business continuity plan (BCP)
C . Test results for backup data restoration
D . Roles and responsibilities for recovery team members

Lösung einblenden Lösung ausblenden

Question #473

An IS auditor finds that irregularities have occurred and that auditee management has chosen to ignore them.

If reporting to external authorities is required which of the following is the BEST action for the IS auditor to take?

A . Submit the report to appropriate regulators immediately.
B . Obtain approval from audit management to submit the report.
C . Obtain approval from auditee management to release the report.
D . Obtain approval from both audit and auditee management to release the report.

Lösung einblenden Lösung ausblenden

Question #474

When planning an internal penetration test, which of the following is the MOST important step prior to finalizing the scope of testing?

A . Ensuring the scope of penetration testing is restricted to the test environment
B . Obtaining management’s consent to the testing scope in writing
C . Notifying the IT security department regarding the testing scope
D . Agreeing on systems to be excluded from the testing scope with the IT department

Lösung einblenden Lösung ausblenden

Question #475

Which of the following is MOST useful when planning to audit an organization’s compliance with cybersecurity regulations in foreign countries?

A . Prioritize the audit to focus on the country presenting the greatest amount of operational risk.
B . Follow the cybersecurity regulations of the country with the most stringent requirements.
C . Develop a template that standardizes the reporting of findings from each country’s audit team
D . Map the different regulatory requirements to the organization’s IT governance framework

Lösung einblenden Lösung ausblenden

Question #476

The PRIMARY focus of a post-implementation review is to verify that:

A . enterprise architecture (EA) has been complied with.
B . user requirements have been met.
C . acceptance testing has been properly executed.
D . user access controls have been adequately designed.

Lösung einblenden Lösung ausblenden

Richtige Antwort: B
B

Explanation:

The primary focus of a post-implementation review is to verify that user requirements have been met. User requirements are specifications that define what users need or expect from a system or service, such as functionality, usability, reliability, etc. User requirements are usually gathered and documented at the beginning of a project, and used as a basis for designing, developing, testing, and implementing a system or service. A post-implementation review is an evaluation that assesses whether a system or service meets its objectives and delivers its expected benefits after it has been implemented. The primary focus of a post-implementation review is to verify that user requirements have been met, as this can indicate whether the system or service satisfies the user needs and expectations, provides value and quality to the users, and supports the user goals and tasks. Enterprise architecture (EA) has been complied with is a possible focus of a post-implementation review, but it is not the primary one. EA is a framework that defines how an organization’s business processes, information systems, and technology infrastructure are aligned and integrated to support its vision and strategy. EA has been complied with, as this can indicate whether the system or service fits with the organization’s current and future state, and follows the organization’s standards and principles. Acceptance testing has been properly executed is a possible focus of a post-implementation review, but it is not the primary one. Acceptance testing is a process that verifies whether a system or service meets the user requirements and expectations before it is accepted by the users or stakeholders. Acceptance testing has been properly executed, as this can indicate whether the system or service has been tested and validated by the users or stakeholders, and whether any issues or defects have been identified and resolved. User access controls have been adequately designed is a possible focus of a post-implementation review, but it is not the primary one. User access controls are mechanisms that ensure that only authorized users can access or use a system or service, and prevent unauthorized access or use. User access controls have been adequately designed, as this can indicate whether the system or service has appropriate security and privacy measures in place, and whether any risks or threats have been mitigated.

Question #477

An organization is planning to implement a control self-assessment (CSA) program for selected business processes.

Which of the following should be the role of the internal audit team for this program?

A . Perform testing to validate the accuracy of management’s self-assessment.
B . Advise management on the self-assessment process.
C . Design testing procedures for management to assess process controls effectively.
D . De-scope business processes to be covered by CSAs from future audit plans.

Lösung einblenden Lösung ausblenden

Question #478

In an annual audit cycle, the audit of an organization’s IT department resulted in many findings.

Which of the following would be the MOST important consideration when planning the next audit?

A . Postponing the review until all of the findings have been rectified
B . Limiting the review to the deficient areas
C . Verifying that all recommendations have been implemented
D . Following up on the status of all recommendations

Lösung einblenden Lösung ausblenden

Question #479

An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes.

Which of the following recommendations would BEST help to reduce the risk of data leakage?

A . Requiring policy acknowledgment and nondisclosure agreements signed by employees
B . Providing education and guidelines to employees on use of social networking sites
C . Establishing strong access controls on confidential data
D . Monitoring employees‘ social networking usage

Lösung einblenden Lösung ausblenden

Question #480

Which of the following BEST mitigates the risk associated with the deployment of a new production system?

A . Problem management
B . Incident management
C . Configuration management
D . Release management

Lösung einblenden Lösung ausblenden