Cisa domain 4 - Study guides, Class notes & Summaries

CISA Domain 2 Governance and Management of IT Exam 68 Questions with Verified Answers Governance of IT Enterprise (GEIT) - CORRECT ANSWER system in which ALL stakeholders (including board, senior management, internal customers and departments) provide input into decison making process about the use of IT resources on behalf of stakeholders who expect interests to be met responsibility of Board of directors and exec management Concerned with: IT delivering value to the business AND IT...

Domain 5 (CISA Review Questions, Answers & Explanations Manual, 12th Edition | Print | English) Web application developers sometimes use hidden fields on web pages to save information about a client session. This technique is used, in some cases, to store session variables that enable persistence across web pages, such as maintaining the, contents of a shopping cart on a retail web site application. The MOST likely web-based attack due to this practice is A. parameter tampering. B....

CISA Domain 3 Info Sys Acquisition, Development & Implementation 53 Questions with Verified Answers Benchmarking a Process - CORRECT ANSWER term used to describe the activity of continuous process improvement. The purpose of benchmarking is to compare key measurements in a business process. Plan, Research (yourself), Observe(others), Adopt, Improve Characteristic of the Maturity Levels (CMMI) - CORRECT ANSWER IRDMO - I Remember Do Make Oatmeal 1. Initial -This level has no process, no...

CISA QAE Domain 5 Exam 89 Questions with Verified Answers When reviewing an organization's logical access security to its remote systems, which of the following would be of GREATEST concern to an IS auditor? - CORRECT ANSWER Unencrypted passwords are used. When evaluating the technical aspects of logical security, unencrypted passwords represent the greatest risk because it would be assumed that remote access would be over an untrusted network where passwords could be discovered. Which...

Certified Information Systems Auditor (CISA) Cert Guide 109 Questions with Verified Answers Which of the following best describes a baseline document? a. A PCI industry standard requiring a 15-minute session timeout b. Installation step recommendations from the vendor for an Active Directory server c. A network topography diagram of the Active Directory forest d. Security configuration settings for an Active Directory server - CORRECT ANSWER D. A baseline is correct because it is a platfo...

CISA Domain 5 Study Terms Exam 132 Questions with Verified Answers WiFi Security - Disable vs. Enable - CORRECT ANSWER Enable MAC Filtering Enable Encryption Disable SSID Disable DHCP WEP - CORRECT ANSWER Weakest form of wireless encryption WPA-2 - CORRECT ANSWER strongest encryption standard for wireless; only protects data in-transit war driving - CORRECT ANSWER term used to describe the process of a hacker who, armed with a laptop or other wireless device along with some hackin...

CISA Domain 2 Exam 100 Questions with Verified Answers What does EGIT stand for? What is it's meaning? - CORRECT ANSWER Enterprise Governance of Information and Technology. It a system composed of stakeholders, board of directors, department managers, and internal customers who provide input into the IT decision making process. What are the three broad processes in the EGIT framework are: - CORRECT ANSWER 1. IT Resource Management - Focuses on maintainng an updated inventory of all IT res...

CISA Practice Exam 559 Questions with Verified Answers It is important to understand the organization and its environment in order to effectively pinpoint the organization's key risk. One specific factor is an understanding of: - CORRECT ANSWER The organization's selection and application of policies and procedures Of the following, which is not a way to treat a risk? - CORRECT ANSWER Ignore it The three focus areas that management must address in order to govern IT include all of the...

CISA Domain 1 Exam 88 Questions with Verified Answers Interviewing and Observing Personnel - CORRECT ANSWER Actual Functions - An adequate test to ensure that the individual who is assigned and authorized to perform a particular function is the person who is actually doing the job. Actual Processes and Procedures - allows the IS auditor to gain evidence of compliance and observe deviations, if any. Security Awareness - Should be observed to verify an individuals understanding and practice ...