Free Access to ISACA.CISA.v2024-12-27.q999 with Valid Practice Test (Page 48)

Question 231

A recent audit concluded that an organization's information security system was weak and that monitoring would likely fail to detect penetration. Which of the following would be the MOST appropriate recommendation?

A.Establish a clear policy related to security and the handling of sensitive data
B.Encrypt sensitive data while strengthening the system
C.Look continually for new criminal behavior and attacks on sensitive data
D.Identify and periodically remove sensitive data that is no longer needed

Question 232

Reviewing which of the following would provide the GREATEST input to the asset classification process:

A.Risk assessment
B.Sensitivity of the data
C.Replacement cost of the asset
D.Compliance requirements

Question 233

In an annual audit cycle, the audit of an organization's IT department resulted in many findings. Which of the following would be the MOST important consideration when planning the next audit?

A.Postponing the review until all of the findings have been rectified
B.Limiting the review to the deficient areas
C.Verifying that all recommendations have been implemented
D.Following up on the status of all recommendations

Question 234

Of the following procedures for testing a disaster recovery plan (DRP), which should be used MOST frequently?

A.Unannounced shutdown of the primary computing facility.
B.Review of documented backup and recovery procedures
C.Testing at a secondary site using offsite data backups
D.Preplanned shutdown of the computing facility during an off-peak period

Question 235

Which of the following reports would provide the GREATEST assurance to an IS auditor about the controls of a third party that processes critical data for the organization?

A.Independent control assessment
B.Black box penetration test report
C.The third party's control self-assessment (CSA)
D.Vulnerability scan report

Question 231

Question 232

Question 233

Question 234

Question 235

Download PDF File