Free Access to ISACA.CISA.v2022-02-26.q471 with Valid Practice Test (Page 33)

Question 156

If an IS auditor observes that an IS department fails to use formal documented methodologies, policies,
and standards, what should the auditor do?

A.Lack of IT documentation is not usually material to the controls tested in an IT audit.
B.The auditor should at least document the informal standards and policies. Furthermore, the IS auditor
should create formal documented policies to be implemented.
C.The auditor should at least document the informal standards and policies, and test for a compliance.
Furthermore, the IS auditor should recommend management that formal documented policies be
developed and implemented.
D.The auditor should at least document the informal standards and policies, and test for compliance.
Furthermore, the IS auditor should create formal documented policies to be implemented.

Question 157

The Secure Sockets Layer (SSL) protocol addresses the confidentiality of a message through:

A.symmetric encryption.
B.message authentication code.
C.hash function.
D.digital signature certificates.

Question 158

A review of an organization's IT portfolio revealed several applications that are not in use. The BEST way to prevent this situation from recurring would be to implement.

A.Business case development procedures
B.An information asset acquisition policy
C.Asset life cycle management.
D.A formal request for proposal (RFP) process

Question 159

Which of the following is the PRIMARY responsibility of an information security governance committee?

A.Approving the purchase of information security technologies
B.Approving the information security awareness training strategy
C.Reviewing the information security strategy
D.Analyzing information security policy compliance reviews

Question 160

ALL computer programming languages are vulnerable to command injection attack.

A.True
B.False

Question 156

Question 157

Question 158

Question 159

Question 160

Download PDF File