CISA Exam
Information system auditors have identified separation of duties
in enterprise resource planning (ERP) systems.
Which of the following is the best way to prevent repetitive
configuration from occurring?
A. Use a role-based model to grant user access
B. Regularly monitor access rights
C. Correcting separation of duties
D. Reference standard user access matrix - ✓✓A. Use a role-based
model to grant user access
Which of the following should be the most important factor driving
a single application availability requirement when developing a
disaster recovery plan?
A. Confidentiality of data processed by the application
B. The criticality of the business processes supported by the
application
C. Total cost of ownership (TCO) of the application
D. Support the application's network bandwidth - ✓✓B. The
criticality of the business processes supported by the application
In order to develop a robust data security program, the first step
you should take is:
A. Talk to the senior management level of IT.
, B. Implement monitoring controls.
C. Implement data loss prevention measures
D. Perform inventory of assets - ✓✓D. Perform inventory of assets
he advantage of object-oriented system development is that it:
A. Suitable for data with complex relationships
B. Partition the system as a client server architecture
C. Easier to program than procedural languages
D. Reduce system documentation requirements - ✓✓A. Suitable
for data with complex relationships
Several portable computers containing customer-sensitive data
were stolen from the staff's office because they were unattended.
Which of the following is the best advice for an information
systems auditor to protect data when it prevents similar incidents
from happening again?
A. Enhance physical security
B. Encrypted disk drive
C. Request for dual certification
D. Requires the use of a cable lock - ✓✓A. Enhance physical
security
During the physical security audit, the information system auditor
received a contactless proximity card that allowed to access to
three specific floors of the corporate office building.
Which of the following questions should be the biggest concern?
Information system auditors have identified separation of duties
in enterprise resource planning (ERP) systems.
Which of the following is the best way to prevent repetitive
configuration from occurring?
A. Use a role-based model to grant user access
B. Regularly monitor access rights
C. Correcting separation of duties
D. Reference standard user access matrix - ✓✓A. Use a role-based
model to grant user access
Which of the following should be the most important factor driving
a single application availability requirement when developing a
disaster recovery plan?
A. Confidentiality of data processed by the application
B. The criticality of the business processes supported by the
application
C. Total cost of ownership (TCO) of the application
D. Support the application's network bandwidth - ✓✓B. The
criticality of the business processes supported by the application
In order to develop a robust data security program, the first step
you should take is:
A. Talk to the senior management level of IT.
, B. Implement monitoring controls.
C. Implement data loss prevention measures
D. Perform inventory of assets - ✓✓D. Perform inventory of assets
he advantage of object-oriented system development is that it:
A. Suitable for data with complex relationships
B. Partition the system as a client server architecture
C. Easier to program than procedural languages
D. Reduce system documentation requirements - ✓✓A. Suitable
for data with complex relationships
Several portable computers containing customer-sensitive data
were stolen from the staff's office because they were unattended.
Which of the following is the best advice for an information
systems auditor to protect data when it prevents similar incidents
from happening again?
A. Enhance physical security
B. Encrypted disk drive
C. Request for dual certification
D. Requires the use of a cable lock - ✓✓A. Enhance physical
security
During the physical security audit, the information system auditor
received a contactless proximity card that allowed to access to
three specific floors of the corporate office building.
Which of the following questions should be the biggest concern?
