Certified Information Systems Auditor CISA Exam Questions and Answers 2022.

Information system auditors have identified separation of duties in enterprise resource planning (ERP) systems. Which of the following is the best way to prevent repetitive configuration from occurring? A. Use a role-based model to grant user access B. Regularly monitor access rights C. Correcting separation of duties D. Reference standard user access matrix A. Use a role-based model to grant user access Which of the following should be the most important factor driving a single application availability requirement when developing a disaster recovery plan? A. Confidentiality of data processed by the application B. The criticality of the business processes supported by the application C. Total cost of ownership (TCO) of the application D. Support the application's network bandwidth B. The criticality of the business processes supported by the application 00:39 01:36 In order to develop a robust data security program, the first step you should take is: A. Talk to the senior management level of IT. B. Implement monitoring controls. C. Implement data loss prevention measures D. Perform inventory of assets D. Perform inventory of assets he advantage of object-oriented system development is that it: A. Suitable for data with complex relationships B. Partition the system as a client server architecture C. Easier to program than procedural languages D. Reduce system documentation requirements A. Suitable for data with complex relationships Several portable computers containing customer-sensitive data were stolen from the staff's office because they were unattended. Which of the following is the best advice for an information systems auditor to protect data when it prevents similar incidents from happening again? A. Enhance physical security B. Encrypted disk drive C. Request for dual certification D. Requires the use of a cable lock A. Enhance physical security During the physical security audit, the information system auditor received a contactless proximity card that allowed to access to three specific floors of the corporate office building. Which of the following questions should be the biggest concern? A. In the first two days of field work of audit, the proximity card did not work. B. No follow-up was made for unsuccessful attempts to access violations. C. The proximity card incorrectly grants access to the restricted zone D. No escort required during field work. C. The proximity card incorrectly grants access to the restricted zone The company's operational procedures require urgent changes to be approved for business within 7 days of the occurrence. The Information Systems Auditor indicates that the manager verifies process compliance by performing a monthly review via uncompleted urgent change. In this case, which one is the biggest risk? A. Audit risk B. Detection risk C. Inherent risk D. Control risk C. Inherent risk An information system auditor who is conducting an application development review is attending a meeting of the development team. Which of the following actions the auditor may impair his independence? A. Assist in the development of integrated test equipment on the system. B. Re-execute the test program used by the development team C. Design and implement the user's acceptance test plan. D. Review the results of the system tests performed by the development team. C. Design and implement the user's acceptance test plan. The information system auditor found that the accounts payable clerk had direct access to the file after the payment file was generated. The most significant risk to the business is that the money may be: A. Changed. B. Rejected. C. Very late to the customer. D. Copied. A. Changed. Which of the following attacks is best suited for intrusion detection systems (IDS) checking? A. Spoofing B. System scanning C. Logic bomb D. Spamming B. System scanning