Certified Information Systems Auditor (CISA) - Practice Exams by Karamagi Robert
Author:Karamagi, Robert [Karamagi, Robert]
Language: eng
Format: epub
Published: 2021-04-25T16:00:00+00:00
Practice Exam 2
1. A. The best first step in aligning an IT department to the organizationâs strategic objectives is to better understand those objectives, including the resources and activities that will be employed to achieve them. B is incorrect because without a dialogue with business leaders, simply identifying supporting activities is more likely to miss important details. C is incorrect because proper alignment of an IT department does not generally begin with the selection or implementation of controls. In fact, the implementation of controls may play only a minor part (if any) in support of strategic objectives. D is incorrect because proper alignment of an IT department does not generally involve identifying relevant security policies. This may be a minor, supporting activity, but would not be a primary activity when aligning an IT department to the business.
2. C. A risk appetite statement (sometimes known as a risk tolerance statement or risk capacity statement) provides guidance on the types of risk and the amount of risk an organization may be willing to accept versus what risks an organization may instead prefer to mitigate, avoid, or transfer. Risk appetite statements are most often created in financial services organizations, although they are seen in other types of organizations as well. They help management seek a more consistent approach to risk treatment decisions. In part, this can help management avoid the appearance of being biased or preferential through the use of objective or measurable means for risk treatment decisions. A is incorrect because security policy is not a primary means for making risk treatment decisions. B is incorrect because an organizationâs control framework is not typically used for making risk treatment decisions. D is incorrect because control testing procedures are not related to risk treatment decisions.
3. D. All of the audit types are valid except procedural, SAS-74, verification, and regulatory (which are all distracters). The valid audit types are financial, operational (SAS-70), integrated (SAS-94), compliance, administrative, forensic, and information systems. A forensic audit is used to discover information about a possible crime.
4. C. The recovery point objective (RPO) indicates the fallback position and duration of loss that has occurred. A valid RPO example is to recover by using backup data from last nightâs backup tape, meaning that the more-recent transactions would be lost. The recovery time objective (RTO) indicates a point in time that the restored data should be available for the user to access.
5. B. The auditor must be independent of personal and organizational relationships with the auditee, which could imply a biased opinion. The auditor is not permitted to audit a system for which they participated in the support, configuration, or design. An auditor may not audit any system that they helped to remediate.
6. A. Notice that analyzing the business impact is always the first step. Then criteria are selected to guide the strategy selection. A detailed plan is written by using the strategy. The written plan is then implemented. After implementation, the plan and staff are tested for effectiveness. The plan is revised, and then the testing and maintenance cycle begins.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4118)
Ego Is the Enemy by Ryan Holiday(3959)
Offensive Shellcode from Scratch by Rishalin Pillay(3471)
Exploring Deepfakes by Bryan Lyon and Matt Tora(2926)
Liar's Poker by Michael Lewis(2793)
Learning C# by Developing Games with Unity 2021 by Harrison Ferrone(2776)
Speed Up Your Python with Rust by Maxwell Flitton(2773)
Linux Command Line and Shell Scripting Techniques by Vedran Dakic and Jasmin Redzepagic(2726)
Extreme DAX by Michiel Rozema & Henk Vlootman(2723)
OPNsense Beginner to Professional by Julio Cesar Bueno de Camargo(2717)
Agile Security Operations by Hinne Hettema(2714)
Robo-Advisor with Python by Aki Ranin(2696)
Essential Cryptography for JavaScript Developers by Alessandro Segala(2671)
Elevating React Web Development with Gatsby by Samuel Larsen-Disney(2666)
AI-Powered Commerce by Andy Pandharikar & Frederik Bussler(2572)
Cryptography Algorithms by Massimo Bertaccini(2564)
Distributed .NET with Microsoft Orleans by Bhupesh Guptha Muthiyalu Suneel Kumar Kunani(2561)
Python for ArcGIS Pro by Silas Toms Bill Parker(2556)
Incident Response Techniques for Ransomware Attacks by Oleg Skulkin(2551)