Online Access Free CISA Exam Questions

Which of the following should an IS auditor expect to see in a network vulnerability assessment?

• A.Malicious software and spyware
• B.Security design flaws
• C.Misconfiguration and missing updates
• D.Zero-day vulnerabilities

Which of the following access rights presents the GREATEST risk when granted to a new member of the system development staff?

• A.Execute access to development program libraries
• B.Write access to development data libraries
• C.Write access to production program libraries
• D.Execute access to production program libraries

Which of the following is the MOST important consideration when establishing vulnerability scanning on critical IT infrastructure?

• A.The scanning will be followed by penetration testing.
• B.The scanning will be cost-effective.
• C.The scanning will be performed during non-peak hours.
• D.The scanning will not degrade system performance.

Which of the following is the BEST evidence that an organization's IT strategy is aligned lo its business objectives?

• A.The IT strategy is modified in response to organizational change.
• B.The IT strategy has significant impact on the business strategy
• C.The IT strategy is based on IT operational best practices.
• D.The IT strategy is approved by executive management.

Which of the following would be MOST helpful to an IS auditor performing a risk assessment of an application programming interface (API) that feeds credit scores from a well-known commercial credit agency into an organizational system?

• A.A technical design document for the interface configuration
• B.The most recent audit report from the credit agency
• C.A data dictionary of the transferred data
• D.The approved business case for the API