CISA—Certified Information Systems Auditor - Part 372

1. An IS auditor has just completed a physical access review of the organization's primary data center. Which of the following weaknesses should be of MOST concern?

A) Metal keys are used for access.
B) Backups of video cameras are corrupt.
C) There is no mantrap at the main door.
D) There is no manual logging for visitors.



2. An IS auditor's PRIMARY concern about a business partner agreement for the exchange of electronic information should be to determine whether there is:

A) a clause that addresses the audit of shared systems.
B) evidence of review and approval by each partner's legal department.
C) an information classification framework.
D) appropriate control and responsibility defined for each partner.



3. The BEST reason for implementing a virtual private network (VPN) is that it:

A) eases the implementation of data encryption.
B) allows for public use of private networks.
C) enables use of existing hardware platforms.
D) allows for private use of public networks.



4. In an annual audit cycle, the audit of an organization's IT department resulted in many findings. Which of the following would be the MOST important consideration when planning the next audit?

A) Limiting the review to the deficient areas
B) Verifying that all recommendations have been implemented
C) Postponing the review until all of the findings have been rectified
D) Following up on the status of all recommendations



5. An IS auditor is conducting a follow-up internal IS audit and determines that several recommendations from the prior year have not been implemented. Which of the following should be the auditor's FIRST course of action?

A) Evaluate the recommendations in context of the current IT environment.
B) Continue the audit and disregard prior audit recommendations.
C) Request management implement recommendations from the prior year.
D) Add unimplemented recommendations as findings for the new audit.