CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISA

Free CISA Exam Braindumps (page: 26)

Page 26 of 457
PDF with 1823 Questions

During a follow-up audit, an IS auditor learns that some key management personnel have been replaced since the original audit, and current management has decided not to implement some previously accepted recommendations. What is the auditor's BEST course of action?

  1. Retest the control.
  2. Notify the audit manager.
  3. Close the audit finding.
  4. Notify the chair of the audit committee

Answer(s): B



An organization wants to classify database tables according to its data classification scheme. From an IS auditor's perspective, the tables should be classified based on the:

  1. specific functional contents of each single table.
  2. frequency of updates to the table.
  3. number of end users with access to the table.
  4. descriptions of column names in the table.

Answer(s): A



Management is concerned about sensitive information being intentionally or unintentionally emailed as attachments outside the organization by employees. What is the MOST important task before implementing any associated email controls?

  1. Provide notification to employees about possible email monitoring.
  2. Develop an information classification scheme.
  3. Develop an acceptable use policy for end-user computing (EUC).
  4. Require all employees to sign nondisclosure agreements (NDAs).

Answer(s): B



While auditing a small organization's data classification processes and procedures, an IS auditor noticed that data is often classified at the incorrect level. What is the MOST effective way for the organization to improve this situation?

  1. Conduct awareness presentations and seminars for information classification policies.
  2. Use automatic document classification based on content.
  3. Have IT security staff conduct targeted training for data owners.
  4. Publish the data classification policy on the corporate web portal.

Answer(s): C






Post your Comments and Discuss ISACA CISA exam with other Community members:

CISA Exam Discussions & Posts