Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Cisa Test Bank Part 7

    Enviado por

    JEP Walwal
    53 visualizações2 páginas

    Título original

    CISA TEST BANK PART 7.docx

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    DOCX, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato DOCX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    53 visualizações2 páginas

    Cisa Test Bank Part 7

    Enviado por

    JEP Walwal

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato DOCX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 2

    CISA TEST BANK PART 7

    61. IT governance is PRIMARILY the responsibility of the:


    A. chief executive officer.
    B. board of directors.
    C. IT steering committee.
    D. audit committee.
    .
    62. A local area network (LAN) administrator normally would be restricted from:
    A. having end-user responsibilities.
    B. reporting to the end-user manager.
    C. having programming responsibilities.
    D. being responsible for LAN security administration.

    63. An IS auditor performing a general controls review of IS management practices relating to personnel should pay particular
    attention to:
    A. mandatory vacation policies and compliance.
    B. staff classifications and fair compensation policies.
    C. staff training.
    D. the functions assigned to staff.

    64. An IS auditor should expect which of the following items to be included in the request for proposal (RFP) when IS is
    procuring services from an independent service provider (ISP)?
    A. References from other customers
    B. Service level agreement (SLA) template
    C. Maintenance agreement
    D. Conversion plan

    65. Giving responsibility to business units for the development of applications would MOST likely lead to:
    A. significantly reduced data communications needs.
    B. the exercise of a lower level of control.
    C. the exercise of a higher level of control.
    D. an improved segregation of duties.

    66. The management of an organization has decided to establish a security awareness program. Which of the following would
    MOST likely be a part of the program?
    A. Utilization of an intrusion detection system to report incidents
    B. Mandating the use of passwords to access all software
    C. Installing an efficient user log system to track the actions of each user
    D. Training provided on a regular basis to all current and new employees

    67. In an organization, the responsibilities for IT security are clearly assigned and enforced and an IT security risk and impact
    analysis is consistently performed. This represents which level of ranking in the information security governance maturity
    model?
    A. Optimized
    B. Managed
    C. Defined
    D. Repeatable

    68. Which of the following is a mechanism for mitigating risks?


    A. Security and control practices
    B. Property and liability insurance
    C. Audit and certification
    D. Contracts and service level agreements (SLAs)

    69. Which of the following provides the best evidence of the adequacy of a security awareness program?
    A. The number of stakeholders including employees trained at various levels
    B. Coverage of training at all locations across the enterprise
    C. The implementation of security devices from different vendors
    D. Periodic reviews and comparison with best practices

    70. The PRIMARY objective of an audit of IT security policies is to ensure that:


    A. they are distributed and available to all staff.
    B. security and control policies support business and IT objectives.
    C. there is a published organizational chart with functional descriptions.
    D. duties are appropriately segregated.

    Você também pode gostar