Certified Information Systems Auditor-CISA Quiz Questions and Answers

Which of the following backup techniques is the most appropriate when an organization requires extremely granular data restore points, as defined in the recovery point objective?

Answer :
  • Continuous data backup

An employee who has access to highly confidential information has resigned. Upon departure, which of the following should be done first?

Answer :
  • Revoke the employee’s access to all systems

Which of the following controls would best help protect an organization from successful phishing attacks?

Answer :
  • Employee awareness training

Which of the following would most likely be considered a conflict of interest for an IS auditor who is reviewing a cybersecurity implementation?

Answer :
  • Designing the cybersecurity controls

An IS auditor is reviewing an organization’s business continuity plan. Which of the following would provide the best means of evaluating the systems supporting the organization’s critical processes?

Answer :
  • Business impact analysis

An enterprise has selected a vendor to develop and implement a new software system. To ensure that the enterprise’s investment in software is protected, which of the following security clauses is most important to include in the master services agreement?

Answer :
  • Software escrow

Which of the following is the most effective control when granting temporary access to vendors?

Answer :
  • User accounts are created with expiration dates and are based on services provided

Which of the following business continuity activities is primarily the responsibility of the IT department?

Answer :
  • Restoring systems and data after a business disruption

Which of the following ensures the availability of transactions in the event of a disaster?

Answer :
  • Transmit transactions offsite in real-time

The management of an organization has decided to establish a security awareness program. Which of the following would most likely be a part of the program?

Answer :
  • Training provided on a regular basis to all current and new employees