Certified Information Systems Auditor-CISA Quiz Questions and Answers

An employee who has access to highly confidential information has resigned. Upon departure, which of the following should be done first?

Answer :
  • Revoke the employee’s access to all systems

Which of the following business continuity activities is primarily the responsibility of the IT department?

Answer :
  • Restoring systems and data after a business disruption

Which of the following would most likely be considered a conflict of interest for an IS auditor who is reviewing a cybersecurity implementation?

Answer :
  • Designing the cybersecurity controls

An enterprise has selected a vendor to develop and implement a new software system. To ensure that the enterprise’s investment in software is protected, which of the following security clauses is most important to include in the master services agreement?

Answer :
  • Software escrow

Which of the following is the most effective control when granting temporary access to vendors?

Answer :
  • User accounts are created with expiration dates and are based on services provided

An IS auditor is reviewing an organization’s business continuity plan. Which of the following would provide the best means of evaluating the systems supporting the organization’s critical processes?

Answer :
  • Business impact analysis

Which of the following ensures the availability of transactions in the event of a disaster?

Answer :
  • Transmit transactions offsite in real-time

The management of an organization has decided to establish a security awareness program. Which of the following would most likely be a part of the program?

Answer :
  • Training provided on a regular basis to all current and new employees

You are part of a security staff at a highly profitable bank and each day, all traffic on the network is logged for later review. Every Friday when major deposits are made you're seeing a series of bits placed in the "Urgent Pointer " field of a TCP packet. This is only 16 bits which isn't much but it concerns you because:

Answer :
  • This could be a sign of covert channeling in bank network communications and should be investigated.

John is the product manager for an information system. His product has undergone under security review by an IS auditor. John has decided to apply appropriate security controls to reduce the security risks suggested by an IS auditor. Which of the following technique is used by John to treat the identified risk provided by an IS auditor?

Answer :
  • Risk Mitigation