Free Access to ISACA.CISA.v2023-04-24.q308 with Valid Practice Test (Page 31)

Question 146

Which of the following is MOST important for an IS auditor to verify when reviewing the use of an outsourcer for disposal of storage media?

A.The vendor has not experienced security incidents in the past.
B.The contract includes issuance of a certificate of destruction by the vendor
C.The disposal transportation vehicle is fully secure
D.The vendor's process appropriately sanitizes the media before disposal

Question 147

An IS auditor is following up on prior period items and finds management did not address an audit finding. Which of the following should be the IS auditor's NEXT course of action?

A.Recommend alternative solutions to address the repeat finding
B.Conduct a risk assessment of the repeat finding
C.Note the exception in a new report as the item was not addressed by management
D.Interview management to determine why the finding was not addressed

Question 148

Which of the following methods BEST enforces data leakage prevention in a multi-tenant cloud environment?

A.Data for different tenants is segregated by database schema
B.Monitoring tools are configured to alert in case of downtime
C.A comprehensive security review is performed every quarter.
D.Tenants are required to implement data classification polices

Question 149

The decision to accept an IT control risk related to data quality should be the responsibility of the:

A.information security team.
B.business owner.
C.IS audit manager.
D.chief information officer (CIO).

Question 150

An IS auditor is reviewing documentation of application systems change control and identifies several patches that were not tested before being put into production. Which of the following is the MOST significant risk from this situation?

A.Developer access 1o production
B.Lack of system integrity
C.Loss of application support
D.Outdated system documentation

Question 146

Question 147

Question 148

Question 149

Question 150

Download PDF File