Free Access to ISACA.CISA.v2024-12-27.q999 with Valid Practice Test (Page 56)

Question 271

Which of the following should be an IS auditor's PRIMARY focus when evaluating the response process for cyber crimes?

A.Root cause analysis
B.Communication with law enforcement
C.Evidence collection
D.Notification to regulators

Question 272

When auditing a disaster recovery plan for a critical business area, an IS auditor finds that it does not cover all the systems. Which of the following is the MOST appropriate action for the IS auditor?

A.Alert management and evaluate the impact of not covering all systems.
B.Cancel the audit.
C.Complete the audit of the systems covered by the existing disaster recovery plan.
D.Postpone the audit until the systems are added to the disaster recovery plan.

Question 273

For a discretionary access control to be effective, it must:

A.operate within the context of mandatory access controls.
B.operate independently of mandatory access controls.
C.enable users to override mandatory access controls when necessary.
D.be specifically permitted by the security policy.

Question 274

Which of the following is a function of an IS steering committee?

A.Monitoring vendor-controlled change control and testing
B.Ensuring a separation of duties within the information's processing environment
C.Approving and monitoring major projects, the status of IS plans and budgets
D.Liaising between the IS department and the end users

Question 275

What should be of MOST concern to an IS auditor reviewing an organization's proposal to combine its online transaction processing (OLTP) data and data warehouse in the same database environment?

A.A significant amount of data computing resources will be required.
B.The combination of static data with dynamic data could reduce data quality.
C.The complexity of the solution could lead to delays in deployment.
D.The quality of business intelligence reporting may be impacted.

Question 271

Question 272

Question 273

Question 274

Question 275

Download PDF File