An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?
A. Requiring policy acknowledgment and nondisclosure agreements (NDAs) signed by employees
B. Establishing strong access controls on confidential data
C. Providing education and guidelines to employees on use of social networking sites
D. Monitoring employees' social networking usage
Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?
A. Assignment of responsibility for each project to an IT team member
B. Adherence to best practice and industry approved methodologies
C. Controls to minimize risk and maximize value for the IT portfolio
D. Frequency of meetings where the business discusses the IT portfolio
While executing follow-up activities, an IS auditor is concerned that management has implemented corrective actions that are different from those originally discussed and agreed with the audit function. In order to resolve the situation, the IS auditor's BEST course of action would be to:
A. re-prioritize the original issue as high risk and escalate to senior management.
B. schedule a follow-up audit in the next audit cycle.
C. postpone follow-up activities and escalate the alternative controls to senior audit management.
D. determine whether the alternative controls sufficiently mitigate the risk.
When auditing the security architecture of an online application, an IS auditor should FIRST review the:
A. firewall standards.
B. configuration of the firewall
C. firmware version of the firewall
D. location of the firewall within the network
Which of the following is the MOST important prerequisite for the protection of physical information assets in a data center?
A. Segregation of duties between staff ordering and staff receiving information assets
B. Complete and accurate list of information assets that have been deployed
C. Availability and testing of onsite backup generators
D. Knowledge of the IT staff regarding data protection requirements
Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:
A. business impact analysis (BIA).
B. threat and risk assessment.
C. business continuity plan (BCP).
D. disaster recovery plan (DRP).
Which of the following tests would provide the BEST assurance that a health care organization is handling patient data appropriately?
A. Compliance with action plans resulting from recent audits
B. Compliance with local laws and regulations
C. Compliance with industry standards and best practice
D. Compliance with the organization's policies and procedures
Which of the following fire suppression systems needs to be combined with an automatic switch to shut down the electricity supply in the event of activation?
A. Carbon dioxide
B. FM-200
C. Dry pipe
D. Halon
Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?
A. The IS auditor provided consulting advice concerning application system best practices.
B. The IS auditor participated as a member of the application system project team, but did not have operational responsibilities.
C. The IS auditor designed an embedded audit module exclusively for auditing the application system.
D. The IS auditor implemented a specific control during the development of the application system.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Isaca exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CISA exam preparations and Isaca certification application, do not hesitate to visit our Vcedump.com to find your solutions here.