Online Access Free CISA Exam Questions

Which of the following is the BEST recommendation to prevent fraudulent electronic funds transfers by accounts payable employees?

• A.Periodic vendor reviews
• B.Dual control
• C.Engage an external security incident response expert for incident handling.
• D.Independent reconciliation
• E.Re-keying of monetary amounts

Which of the following should be of MOST concern to an IS auditor reviewing the public key infrastructure (PKI) for enterprise email?

• A.The private key certificate has not been updated.
• B.The certificate revocation list has not been updated.
• C.The PKI policy has not been updated within the last year.
• D.The certificate practice statement has not been published

The GREATEST concern for an IS auditor reviewing vulnerability assessments by the auditee would be if the assessments are:

• A.Conducted by the internal technical team instead of external experts.
• B.Performed for critical systems, not for the entire infrastructure.
• C.Performed using open-source testing tools.
• D.Conducted once per year just before system audits are scheduled.

In a public key cryptographic system, which of the following is the PRIMARY requirement to address the risk of man-in-the-middle attacks through spoofing?

• A.Kerberos authentication
• B.Registration authority
• C.Strong encryption algorithms
• D.Certificate authority (CA)

Which of the following is MOST important for an IS auditor to verify when reviewing the use of an outsourcer for disposal of storage media?

• A.The vendor has not experienced security incidents in the past.
• B.The contract includes issuance of a certificate of destruction by the vendor
• C.The vendor ' s process appropriately sanitizes the media before disposal
• D.The disposal transportation vehicle is fully secure