$0.00
Isaca CISA Exam Dumps
Certified Information Systems Auditor
Total Questions : 857
Update Date : November 10, 2024
PDF + Test Engine
$65 $95
Test Engine
$55 $85
PDF Only
$45 $75
Last Week CISA Exam Results
235
Customers Passed Isaca CISA Exam
98%
Average Score In Real CISA Exam
99%
Questions came from our CISA dumps.
Choosing the Right Path for Your CISA Exam Preparation
Welcome to PassExamHub's comprehensive study guide for the Certified Information Systems Auditor exam. Our CISA dumps is designed to equip you with the knowledge and resources you need to confidently prepare for and succeed in the CISA certification exam.
What Our Isaca CISA Study Material Offers
PassExamHub's CISA dumps PDF is carefully crafted to provide you with a comprehensive and effective learning experience. Our study material includes:
In-depth Content: Our study guide covers all the key concepts, topics, and skills you need to master for the CISA exam. Each topic is explained in a clear and concise manner, making it easy to understand even the most complex concepts.
Online Test Engine: Test your knowledge and build your confidence with a wide range of practice questions that simulate the actual exam format. Our test engine cover every exam objective and provide detailed explanations for both correct and incorrect answers.
Exam Strategies: Get valuable insights into exam-taking strategies, time management, and how to approach different types of questions.
Real-world Scenarios: Gain practical insights into applying your knowledge in real-world scenarios, ensuring you're well-prepared to tackle challenges in your professional career.
Why Choose PassExamHub?
Expertise: Our CISA exam questions answers are developed by experienced Isaca certified professionals who have a deep understanding of the exam objectives and industry best practices.
Comprehensive Coverage: We leave no stone unturned in covering every topic and skill that could appear on the CISA exam, ensuring you're fully prepared.
Engaging Learning: Our content is presented in a user-friendly and engaging format, making your study sessions enjoyable and effective.
Proven Success: Countless students have used our study materials to achieve their CISA certifications and advance their careers.
Start Your Journey Today!
Embark on your journey to Certified Information Systems Auditor success with PassExamHub. Our study material is your trusted companion in preparing for the CISA exam and unlocking exciting career opportunities.
Related Exams
Isaca CISA Sample Question Answers
Question # 1Which of the following techniques would provide the BEST assurance to an IS auditor that all necessary data has been successfully migrated from a legacy system to a modern platform?
A. Review of logs from the migration process
B. Data analytics
C. Interviews with migration staff
D. Statistical sampling
Question # 2
An audit of the quality management system (QMS) begins with an evaluation of the:
A. organization’s QMS policy
B. sequence and interaction of QMS processes
C. QMS processes and their application
D. QMS document control procedures
Question # 3
What is BEST for an IS auditor to review when assessing the effectiveness of changes recently made to processes and tools related to an organization's business continuity plan (BCP)?
A. Updated Inventory of systems
B. Full test results
C. Completed test plans
D. Change management processes
Question # 4
Which of the following provides an IS auditor the MOST assurance that an organization is compliant with legal and regulatory requirements?
A. Senior management has provided attestation of legal and regulatory compliance
B. Controls associated with legal and regulatory requirements have been identified and tested
C. There is no history of complaints or fines from regulators regarding noncompliance
D. The IT manager is responsible for the organization s compliance with legal and regulatory requirements.
Question # 5
Which of the following practices BEST ensures that archived electronic information of permanent importance is accessible over time?
A. Acquire applications that emulate old software.
B. Periodically test the integrity of the information.
C. Regularly migrate data to current technology.
D. Periodically backup the archived data.
Question # 6
Which of the following would be the MOST appropriate reason for an organization to purchase fault-tolerant hardware?
A. Improving system performance
B. Reducing hardware maintenance costs
C. Minimizing business loss
D. Compensating for the lack of contingency planning
Question # 7
Which of the following findings should be of GREATEST concern to an IS auditor reviewing system deployment tools for a critical enterprise application system?
A. Change requests do not contain backout plans.
B. There are no documented instructions for using the tool.
C. Access to the tool is not approved by senior management.
D. Access to the tool is not restricted.
Question # 8
An accounts receivable data entry routine prevents the entry of the same customer with different account numbers. Which of the following is the BEST way to test if this programmed control is effective?
A. Implement a computer-assisted audit technique (CAAT).
B. Compare source code against authorized software.
C. Review a sorted customer list for duplicates.
D. Attempt to create a duplicate customer.
Question # 9
An IS auditor is evaluating the risk associated with moving from one database management system (DBMS) to another. Which of the following would be MOST helpful to ensure the integrity of the system throughout the change?
A. Preserving the same data inputs
B. Preserving the same data interfaces
C. Preserving the same data classifications
D. Preserving the same data structure
Question # 10
Which of the following is found in an audit charter?
A. Audit objectives and scope
B. Required training for audit staff
C. The process of developing the annual audit plan
D. The authority given to the audit function
Question # 11
An IS auditor finds a number of system accounts that do not have documented approvals Which of the following should be performed FIRST by the auditor?
A. Have the accounts removed immediately
B. Obtain sign-off on the accounts from the application owner
C. Document a finding and report an ineffective account provisioning control
D. Determine the purpose and risk of the accounts
Question # 12
Which of the following physical controls will MOST effectively prevent breaches of computer room security?
A. Photo IDs
B. CCTV monitoring
C. Retina scanner
D. RFID badge
Question # 13
Which of the following is the MOST effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines?
A. Restrict access to images and snapshots of virtual machines
B. Limit creation of virtual machine images and snapshots
C. Monitor access To stored images and snapshots of virtual machines
D. Review logical access controls on virtual machines regularly
Question # 14
Which of the following technologies has the SMALLEST maximum range for data transmission between devices?
A. Near-field communication (NFC)
B. Long-term evolution (LTE)
C. Bluetooth
D. Wi-Fi
Question # 15
Which of the following should the IS auditor do FIRST to ensure data transfer integrity for Internet of Things (loT) devices?
A. Verify access control lists to the database where collected data is stored.
B. Determine how devices are connected to the local network.
C. Confirm that acceptable limits of data bandwidth are defined for each device.
D. Ensure that message queue telemetry transport (MQTT) is used.
Question # 16
Which of the following is the MOST likely cause of a successful firewall penetration?
A. Use of a Trojan to bypass the firewall
B. Loophole m firewall vendor's code
C. Virus infection
D. Firewall misconfiguration by the administrator
Question # 17
Which of the following should be the FIRST step when drafting an incident response plan for a new cyber-attack scenario?
A. Create a new incident response team.
B. Identify relevant stakeholders.
C. Schedule response testing.
D. Create a reporting template.
Question # 18
The CIO of an organization is concerned that the information security policies may not be comprehensive. Which of the following should an IS auditor recommend be performed FIRST?
A. Determine if there is j process to handle exceptions to the policies
B. Establish a governance board to track compliance with the policies
C. Obtain a copy of their competitor's policies
D. Compare the policies against an industry framework.
Question # 19
Which of the following is MOST influential when defining disaster recovery strategies?
A. Annual loss expectancy
B. Maximum tolerable downtime
C. Data classification scheme
D. Existing server redundancies
Question # 20
Which of the following is MOST important for an IS auditor to verify when evaluating an organization's firewall?
A. Logs are being collected in a separate protected host.
B. Access to configuration files is restricted.
C. Insider attacks are being controlled.
D. Automated alerts are being sent when a risk is detected.
Question # 21
An IS auditor is reviewing the change management process in a large IT service organization. Which of the following observations would be the GREATEST concern?
A. Emergency software releases are not fully documented after implementation
B. User acceptance testing (UAT) can be waived in case of emergency software releases
C. Code is migrated manually into production during emergency software releases
D. A senior developer has permanent access to promote code for emergency software releases
Question # 22
Code changes are compiled and placed in a change folder by the developer. An implementation learn migrates changes to production from the change folder. Which of the following BEST indicates separation of duties is in place during the migration process?
A. A second individual performs code review before the change is released to production.
B. The implementation team does not have access to change the source code.
C. The implementation team does not have experience writing code.
D. The developer approves changes prior to moving them to the change folder.
Question # 23
Which of the following should be an IS auditor's GREATEST concern when reviewing an outsourcing arrangement with a third-party cloud service provider to host personally identifiable data?
A. The data is not adequately segregated on the host platform.
B. Fees are charged based on the volume of data stored by the host.
C. The outsourcing contract does not contain a right-to-audit clause.
D. The organization's servers are not compatible with the third party's infrastructure
Question # 24
To ensure the integrity of a recovered database, which of the following would be MOST useful?
A. Database defragmentation tools
B. Application transaction logs
C. A copy of the data dictionary
D. Before-and-after transaction images
Question # 25
An IS auditor will be testing accounts payable controls by performing data analytics on the entire population of transactions. Which of the following is MOST important for the auditor to confirm when sourcing the population data?
A. There is no privacy information in the data.
B. The data is taken directly from the system.
C. The data can be obtained in a timely manner.
D. The data analysis tools have been recently updated.
Question # 26
An IS auditor assessing the controls within a newly implemented call center would FIRST
A. test the technical infrastructure at the call center.
B. review the manual and automated controls in the call center.
C. gather information from the customers regarding response times and quality of service.
D. evaluate the operational risk associated with the call center.
Question # 27
Which of the following is the GREATEST threat to Voice-over Internet Protocol (VoIP) related to privacy?
A. Call recording
B. Incorrect routing
C. Eavesdropping
D. Denial of service (DoS)
Question # 28
Which of the following is the MOST effective sampling method for an IS auditor to use for identifying fraud and circumvention of regulations?
A. Discovery sampling
B. Stop-or-go sampling
C. Statistical sampling
D. Variable sampling
Question # 29
A review of IT interface controls finds an organization does not have a process to identify and correct records that do not get transferred to the receiving system. Which of the following is.........
A. Implement software to perform automatic reconciliations of data between systems
B. Automate the transfer of data between systems as much as feasible.
C. Enable automatic encryption, decryption and electronic signing of data files
D. Have coders perform manual reconciliation of data between systems
Question # 30
Which of the following should MOST concern an IS auditor reviewing an intrusion detection system (IDS)?
A. Number of false negatives
B. Legitimate traffic blocked by the system
C. Number of false positives
D. Reliability of IDS logs
Question # 31
When using a wireless device, which of the following BEST ensures confidential access to email via web mail?
A. Wired equivalent privacy (WEP)
B. Hypertext transfer protocol secure (HTTPS)
C. Simple object access protocol (SOAP)
D. Extensible markup language (XML)
Question # 32
A company is using a software developer for a project. At which of the following points should the software quality assurance (QA) plan be developed?
A. Prior to acceptance testing
B. During the feasibility phase
C. As part of software definition
D. As part of the design phase
Question # 33
Which of the following controls will BEST ensure that the board of directors receives sufficient information about IT?
A. The CIO reports on performance and corrective actions in a timely manner.
B. Board members are knowledgeable about IT and the CIO is consulted on IT issues.
C. The CIO regularly sends IT trend reports to the board.
D. Regular meetings occur between the board the CIO and a technology committee
Question # 34
What is the MOST critical finding when reviewing an organization's information security management?
A. No periodic assessments to identify threats and vulnerabilities
B. No dedicated security officer
C. No employee awareness training and education program
D. No official charter for the information security management system
Question # 35
A security company and service provider have merged and the CEO has requested one comprehensive set of security policies be developed for the newly formed company. The IS auditor s BEST recommendation would be to:
A. implement the service provider's policies
B. implement the security company s policies,
C. adopt an industry standard security policy
D. conduct a policy gap assessment
Question # 36
Which of the following is a detective control that can be used to uncover unauthorized access to information systems?
A. Requiring long and complex passwords for system access
B. Implementing a security information and event management (SIEM) system
C. Requiring internal audit to perform periodic reviews of system access logs
D. Protecting access to the data center with multif actor authentication
Question # 37
Which of the following is the BEST way to ensure payment transaction data is restricted to the appropriate users?
A. Implementing two-factor authentication
B. Using a single menu for sensitive application transactions
C. Implementing role-based access at the application level
D. Restricting access to transactions using network security software
Question # 38
The MOST important reason why an IT risk assessment should be updated on a regular basis is to:
A. comply with risk management policies
B. comply with data classification changes.
C. react to changes in the IT environment.
D. utilize IT resources in a cost-effective manner.
Question # 39
Which of the following should be done FIRST to effectively define the IT audit universe for an entity with multiple business lines?
A. Identify aggregate residual IT risk for each business line.
B. Obtain a complete listing of the entity's IT processes
C. Obtain a complete listing of assets fundamental to the entity's businesses.
D. Identify key control objectives for each business line's core processes
Question # 40
Which of the following factors constitutes a strength in regard to the use of a disaster recovery planning reciprocal agreement?
A. Reciprocal agreements may not be formally established in a contract.
B. The two companies might share a need for a specialized piece of equipment
C. Changes to the hardware or software environment by one company could make the agreement ineffective or obsolete.
D. A disaster could occur that would affect both companies.
Question # 41
An IS auditor reviewing a purchase accounting system notices several duplicate payments made for the services rendered. Which of the following is the auditor's BEST recommendation for preventing duplicate payments?
A. Implement a configuration control to enable sequential numbering of invoices.
B. Request vendors to attach service acknowledgment notices to purchase orders.
C. Implement a system control that determines if there are corresponding invoices for purchase orders.
D. Perform additional supervisory reviews prior to the invoice payments.
Question # 42
Due to a global pandemic, a health organization has instructed its employees to work from home as much as possible. The employees communicate using instant messaging Which of the following is the GREATEST risk in this situation?
A. Home office setups may not be compliant with workplace health and safety
requirements.
B. Employee productivity may decrease when working from home.
C. The capacity of servers may not allow all users to connect simultaneously
D. Employees may exchange patient information through less secure methods.
Question # 43
Which of the following sampling techniques is BEST to use when verifying the operating effectiveness of internal controls during an audit of transactions?
A. Attribute sampling
B. Statistical sampling
C. Judgmental sampling
D. Stop-or-go sampling
Question # 44
Which of the following will MOST likely compromise the control provided by a digital signature created using RSA encryption?
A. Obtaining the sender's private key
B. Reversing the hash function using the digest
C. Altering the plaintext message
D. Deciphering the receiver's public key
Question # 45
When determining which IS audits to conduct during the upcoming year, internal audit has received a request from management for multiple audits of the contract division due to fraud findings during the prior year Which of the following is the BEST basis for selecting the audits to be performed?
A. Select audits based on management's suggestion
B. Select audits based on the skill sets of the IS auditors.
C. Select audits based on collusion risk
D. Select audits based on an organizational risk assessment.
Question # 46
Which of the following is the BEST way to enforce the principle of least privilege on a server containing data with different security classifications?
A. Applying access controls determined by the data owner
B. Limiting access to the data files based on frequency of use
C. Using scripted access control lists to prevent unauthorized access to the server
D. Obtaining formal agreement by users to comply with the data classification policy
Question # 47
Which of the following would be an appropriate role of internal audit in helping to establish an organization’s privacy program?
A. Analyzing risks posed by new regulations
B. Developing procedures to monitor the use of personal data
C. Defining roles within the organization related to privacy
D. Designing controls to protect personal data
Question # 48
An organization s audit charter PRIMARILY:
A. formally records the annual and quarterly audit plans
B. documents the audit process and reporting standards
C. describes the auditors' authority to conduct audits
D. defines the auditors' code of conduct
Question # 49
Which of the following attacks would MOST likely result in the interception and modification of traffic for mobile phones connecting to potentially insecure public Wi-Fi networks?
A. Man-in-the-middle
B. Phishing
C. Vishing
D. Brute force
Question # 50
In the risk assessment process, which of the following should be identified FIRST?
A. Impact
B. Threats
C. Assets
D. Vulnerabilities
Question # 51
Which of the following is the GREATEST concern when an organization allows personal devices to connect to its network?
A. It is difficult To enforce the security policy on personal devices
B. It is difficult to maintain employee privacy.
C. IT infrastructure costs will increase.
D. Help desk employees will require additional training to support devices.
Question # 52
Which of the following would be the MOST significant factor when choosing among several backup system alternatives with different restoration speeds?
A. Recovery point objective (RPO)
B. Mean time between failures (MTBFs)
C. Maximum tolerable outages (MTOs)
D. Recovery time objective (RTO)
Question # 53
Which of the following is the PRIMARY purpose of quality assurance (QA) within an IS audit department?
A. To ensure conclusions are reliable and no false assurance is given
A. To ensure conclusions are reliable and no false assurance is given
C. To enforce audit policies and identify any deviations
D. To confirm audit practice is aligned with industry standards and benchmarks
Question # 54
When aligning IT projects with organizational objectives, it is MOST important to ensure that the:
A. percentage of growth in project intake is reviewed.
B. overall success rate of projects is high.
C. business cases have been clearly defined for all projects.
D. project portfolio database is updated when new systems are acquired.
Question # 55
An IS auditor is reviewing a network diagram. Which of the following would be the BEST location for placement of a firewall?
A. Between virtual local area networks (VLANs)
B. At borders of network segments with different security levels
C. Between each host and the local network switch/hub
D. Inside the demilitarized zone (DMZ)
Question # 56
Which of the following is MOST important for an IS auditor to consider during a review of the IT governance of an organization?
A. Funding allocation
B. Defined service levels
C. Risk management methodology
D. Decision making responsibilities
Question # 57
Which of the following situations would impair the independence of an IS auditor involved in a software development project?
A. Determining the nature of implemented controls
B. Programming embedded audit modules
C. Being an expert advisor to the project sponsor
D. Defining end-user requirements
Question # 58
Which of the following is the GREATEST advantage of vulnerability scanning over penetration testing'?
A. The testing process can be automated to cover large groups of assets
B. Network bandwidth is utilized more efficiently.
C. Custom-developed applications can be tested more accurately
D. The testing produces a lower number of false positive results
Question # 59
When deploying an application that was created using the programming language and tools supported by the cloud provider, the MOST appropriate cloud computing model for an organization to adopt is:
A. Platform as a Service (PaaS).
B. Software as a Service (SaaS).
C. Infrastructure as a Service (laaS).
D. Identity as a Service (IDaaS).
Question # 60
Which of the following is MOST likely to be included in computer operating procedures in a large data center?
A. Guidance on setting security parameters
B. Procedures for resequencing source code
C. Procedures for utility configuration
D. Instructions for job scheduling
Question # 61
When reviewing an organization's data protection practices, an IS auditor should be MOST concerned with a lack of:
A. a security team.
B. data classification.
C. training manuals.
D. data encryption.
Question # 62
Which of the following is the MOST important step in the development of an effective IT governance action plan?
A. Setting up an IT governance framework for the process
B. Conducting a business impact analysis (BIA)
C. Measuring IT governance key performance indicators (KPIs)
D. Preparing a statement of sensitivity
Question # 63
During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?
A. Sampling risk
B. Inherent risk
C. Detection risk
D. Control risk
Question # 64
Which of the following is the MOST important difference between end-user computing (EUC) applications and traditional applications?
A. Traditional application documentation is typically less comprehensive than EUC
application documentation
B. Traditional applications require roll-back procedures whereas EUC applications do not.
C. Traditional applications require periodic patching whereas EUC applications do not.
D. Traditional application input controls are typically more robust than EUC application input controls.
Question # 65
Which of the following is MOST important to ensure when reviewing a global organization's controls to protect data held on its IT infrastructure across all of its locations?
A. Relevant data protection legislation and regulations for each location are adhered to.
B. Technical capabilities exist in each location to manage the data and recovery operations
C. The capacity of underlying communications infrastructure in the host locations is sufficient.
D. The threat of natural disasters in each location hosting infrastructure has been accounted for.
Question # 66
Which of the following is a benefit of the DevOps development methodology?
A. It leads to a well-defined system development life cycle (SDLC)
B. It enforces segregation of duties between code developers and release migrators.
C. It enables increased frequency of software releases to production.
D. It restricts software releases to a fixed release schedule
Question # 67
A legacy application is running on an operating system that is no longer supported by vendor, if the organization continues to use the current application, which of the application should be the IS auditor’s GREATEST concern?
A. Inability to use the operating system due to potential licence issues
B. Increased cost of maintaining the system
C. Inability to update the legacy application database
D. Potential exploitation of zero-day vulnerabilities in the system
Question # 68
chain management processes Customer orders are not being fulfilled in a timely manner, and the inventory in the warehouse does not match the quantity of goods in the sales orders. Which of the following is the auditor's BEST recommendation?
A. Require the sales representative to verify inventory levels prior to finalizing sales orders.
B. Require the warehouse manager to send updated inventory levels on a periodic basis.
C. Revise the order fulfillment procedures in collaboration with the e-commerce team.
D. Implement an automated control to verify inventory levels prior to finalizing sales orders.
Question # 69
Which of the following evidence-gathering techniques will provide the GREATEST assurance that procedures are understood and practiced?
A. Survey end users.
B. Review procedures for alignment to policies.
C. Interview process owners.
D. Observe processes.
Question # 70
An IS auditor is a member of an application development team that is selecting software. Which of the following would impair the auditor's independence?
A. Approving the vendor selection methodology
B. verifying the weighting of each selection criteria
C. Reviewing the request for proposal (RFP)
D. Witnessing the vendor selection process
Question # 71
Which of the following falls within the scope of an information security governance committee?
A. Selecting the organization's external security auditors
B. Approving access to critical financial systems
C. Reviewing content for information security awareness programs
D. Prioritizing information security technology initiatives
Question # 72
Which of the following weaknesses would have the GREATEST impact on the effective operation of a perimeter firewall?
A. Potential back doors to the firewall software
B. Use of stateful firewalls with default configuration
C. Ad hoc monitoring of firewall activity
D. Misconfiguration of the firewall rules
Question # 73
Which of the following is the GREATEST advantage of application penetration testing over vulnerability scanning?
A. Penetration testing can be conducted in a relatively short time period.
B. Penetration testing creates relatively smaller risks to application availability and integrity
C. Penetration testing provides a more accurate picture of gaps in application controls
D. Penetration testing does not require a special skill set to be executed.
Question # 74
A project team evaluated vendor responses to a request for proposal (RFP). An IS auditor reviewing the evaluation process would expect the team to have considered each vendor's:
A. security policy.
B. acceptance test plan
C. financial stability
D. development methodology.
Question # 75
A new privacy regulation requires a customer's privacy information to be deleted within 72 hours, if requested. Which of the following would be an IS auditor's GREATEST concern regarding compliance to this regulation?
A. Outdated online privacy policies
B. Incomplete backup and retention policies
C. End user access to applications with customer information
D. Lack of knowledge of where customers' information is saved
Question # 76
Which of the following BEST helps to identify errors during data transfer?
A. Decrease the size of data transfer packets.
B. Test the integrity of the data transfer.
C. Review and verify the data transfer sequence numbers.
D. Enable a logging process for data transfer.
Question # 77
When evaluating an IT organizational structure, which of the following is MOST important to ensure has been documented?
A. Human resources (HR) policy on organizational changes
B. Provisions for cross-training
C. Succession and promotion plans
D. Job functions and duties
Question # 78
The use of symmetric key encryption controls to protect sensitive data transmitted over a communications network requires that.
A. public keys be stored in encrypted form.
B. encryption keys at one end be changed on a regular basis
C. primary keys for encrypting the data be stored in encrypted form
D. encryption keys be changed only when a compromise is detected at both ends
Question # 79
An IS auditor is planning to audit an organization's infrastructure for access, patching, and change management. Which of the following is the BEST way to prioritize the systems?
A. Complexity of the environment
B. Criticality of the system
C. System hierarchy within the infrastructure
D. System retirement plan
Question # 80
Which of the following provides an IS auditor with the BEST evidence that a system has been assessed for known exploits?
A. Patch cycle report
B. Vulnerability scanning report
C. Black box testing report
D. White box testing report
Question # 81
An organization decides to establish a formal incident response capability with clear roles and responsibilities facilitating centralized reporting of security incidents. Which type of control is being implemented?
A. Corrective control
B. Compensating control
C. Preventive control
D. Detective control
Question # 82
When reviewing an organization's information security policies, an IS auditor should venfy that the policies have been defined PRIMARILY on the basis of
A. an information security framework
B. industry best practices
C. past information security incidents
D. a risk management process
Question # 83
Which of the following is the GREATEST concern associated with migrating computing resources to a cloud virtualized environment?
A. An increase in inherent vulnerability
B. An increase in residual risk
C. An increase in the potential for data leakage
D. An increase in the number of e-discovery requests
Question # 84
A banking organization has outsourced its customer data processing facilities to an external service provider. Which of the following roles is accountable for ensuring the security of customer data?
A. The service provider’s data privacy officer
B. The bank’s vendor risk manager
C. The service provider's data processor
D. The bank's senior management
Question # 85
During an IT governance audit, an IS auditor notes that IT policies and procedures are not regularly reviewed and updated. The GREATEST concern to the IS auditor is that p......
A. incorporate changes to relevant laws.
B. reflect current practices
C. include new systems and corresponding process changes
D. be subject to adequate quality assurance (QA).
Question # 86
Which of the following is the BEST way to reduce sampling risk?
A. Plan the audit in accordance with generally accepted auditing principles
B. Ensure each item has an equal chance to be selected
C. Assign experienced auditors to the sampling process.
D. Align the sampling approach with the one used by external auditors
Copyright © PassExamHub. All rights reserved.