Cisa stuvia 2024 - Study guides, Class notes & Summaries

In a public key infrastructure (PKI), which of the following may be relied upon to prove that an online transaction was authorized by a specific customer? Correct A. Nonrepudiation B. Encryption C. Authentication D. Integrity . - ANSWERYou are correct, the answer is A. A. Nonrepudiation, achieved through the use of digital signatures, prevents the senders from later denying that they generated and sent the message. B. Encryption may protect the data transmitted ove...

Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions? a. Parity check b. Echo check c. Block sum check d. Cyclic redundancy check - ANSWERd. Cyclic redundancy check An employee loses a mobile device resulting in loss of sensitive corporate data. Which of the following would have BEST prevented data leakage? A. Data encryption on the mobile device B. The triggering of remote data wipe capabilities C. Awareness training fo...

Acceptable use policy - ANSWERA policy that establishes an agreement between users and the enterprise and defines for all parties' the ranges of use that are approved before gaining access to a network or the Internet. Access control - ANSWERThe processes, rules and deployment mechanisms that control access to information systems, resources and physical access to premises. Access control list (ACL) - ANSWERAn internal computerized table of access rules regarding the levels of computer a...

Capability Maturity Models - ANSWERLevel 1 - Initial - processes are poorly controlled Level 2 - Managed - process is characterized for projects. Level 3 - Defined - documented process characterized for the organization and is proactive Level 4 - Quantitatively Managed - Process is measured and controlled. Quantitative quality goals can be reached. Level 5 - Optimizing - Focus is on process improvement Computer Aided Software Engineering (CASE) - ANSWERThe use of automated tools to aid i...

Chapter 1 - ANSWER Source code - ANSWERuncompiled, archive code Object code - ANSWERcompiled code that is distributed and put into production; not able to be read by humans Inherent risk - ANSWERthe risk that an error could occur assuming no compensating control exist Control risk - ANSWERthe risk that an error exists that would not be prevented by internal controls Detection risk - ANSWERthe risk that an error exists, but is not detected. The risk that an IS auditor may use an in...

Most important step in risk analysis is to identify a. Competitors b. controls c. vulnerabilities d. liabilities - ANSWERc. vulnerabilities In a risk based audit planning, an IS auditor's first step is to identify: a. responsibilities of stakeholders b. high-risk areas within the organization c. cost centre d. profit centre - ANSWERb. high-risk areas within the organization When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure ...

Al-l The internal audit department wrote some scripts that are used for continuous auditing of some information systems. The IT department asked for copies of the scripts so that they can use them for setting up a continuous monitoring process on key systems. Does sharing these scripts with IT affect the ability of the IS auditors to independently and objectively audit the IT function? A. Sharing the scripts is not permitted because it gives IT the ability to pre-audit systems and avoid an ac...

IT governance is most concerned with A. Security policy B. IT policy C. IT strategy D. IT executive compensation - ANSWERIT Strategy IT governance is the mechanism through which IT strategy is established, controlled, and monitored through the balanced scorecard. Long-term and other strategic decisions are made in the context of IT governance. One of the advantages of outsourcing is A. It permits the organization to focus on core competencies. B. It results in reduced costs. C. It pr...

Who should approve the audit charter of an organization? - ANSWERSenior Management What should the content of an audit charter be? - ANSWERThe scope, authority, and responsibilities of the audit function What is the prime reason for review of an organization chart? - ANSWERTo understand the authority and responsibility of individuals The actions of an IS auditor are primiarily influenced by - ANSWERAudit Charter Which document provides the overall authority for an auditor to perform ...

Who is responsible for imposing an IT governance model encompassing IT strategy, information security, and formal enterprise architectural mandates? - ANSWERIT executives and the Board of Directors The party that performs strategic planning, addresses near-term and long-term requirements aligning business objectives, and technology strategies. - ANSWERThe Steering Committee What three elements allow validation of business practices against acceptable measures of regulatory compliance, perf...