← Back to exam page

CISA Certified Information Systems Auditor

Loading demo links...

Showing 1–3 of 20 questions

Question 1 (Exam Pool B)

During a follow-up audit, it was found that a complex security vulnerability of low risk was not resolved within the agreed-upon timeframe. IT has stated that the system with the identified vulnerability is being replaced and is expected to be fully functional in two months Which of the following is the BEST course of action?

Select an option, then click Submit answer.

  • Require documentation that the finding will be addressed within the new system

  • Schedule a meeting to discuss the issue with senior management

  • Perform an ad hoc audit to determine if the vulnerability has been exploited

  • Recommend the finding be resolved prior to implementing the new system
Question 2 (Exam Pool C)

An IS auditor is reviewing the installation of a new server. The IS auditor's PRIMARY objective is to ensure that

Select an option, then click Submit answer.

  • security parameters are set in accordance with the manufacturer s standards.

  • a detailed business case was formally approved prior to the purchase.

  • security parameters are set in accordance with the organization's policies.

  • the procurement project invited lenders from at least three different suppliers.
Question 3 (Exam Pool D (NEW))

An IS department is evaluated monthly on its cost-revenue ratio user satisfaction rate, and computer downtime This is BEST zed as an application of.

Select an option, then click Submit answer.

  • risk framework

  • balanced scorecard

  • value chain analysis

  • control self-assessment (CSA)