Inspirational journeys

Follow the stories of academics and their research expeditions

CISA—Certified Information Systems Auditor - Part 372

Mary Smith

Wed, 09 Jul 2025

CISA—Certified Information Systems Auditor - Part 372

1. An IS auditor has just completed a physical access review of the organization's primary data center. Which of the following weaknesses should be of MOST concern?

A) Metal keys are used for access.
B) Backups of video cameras are corrupt.
C) There is no mantrap at the main door.
D) There is no manual logging for visitors.



2. An IS auditor's PRIMARY concern about a business partner agreement for the exchange of electronic information should be to determine whether there is:

A) a clause that addresses the audit of shared systems.
B) evidence of review and approval by each partner's legal department.
C) an information classification framework.
D) appropriate control and responsibility defined for each partner.



3. The BEST reason for implementing a virtual private network (VPN) is that it:

A) eases the implementation of data encryption.
B) allows for public use of private networks.
C) enables use of existing hardware platforms.
D) allows for private use of public networks.



4. In an annual audit cycle, the audit of an organization's IT department resulted in many findings. Which of the following would be the MOST important consideration when planning the next audit?

A) Limiting the review to the deficient areas
B) Verifying that all recommendations have been implemented
C) Postponing the review until all of the findings have been rectified
D) Following up on the status of all recommendations



5. An IS auditor is conducting a follow-up internal IS audit and determines that several recommendations from the prior year have not been implemented. Which of the following should be the auditor's FIRST course of action?

A) Evaluate the recommendations in context of the current IT environment.
B) Continue the audit and disregard prior audit recommendations.
C) Request management implement recommendations from the prior year.
D) Add unimplemented recommendations as findings for the new audit.



1. Right Answer: C
Explanation:

2. Right Answer: C
Explanation: The overall purpose of using a formal information classification scheme is to ensure proper handling based on the information content and context. Context refers to the usage of information.Two major risks are present in the absence of an information classification scheme. The first major risk is that information will be mishandled. The second major risk is that without an information classification scheme, all of the organization's data may be subject to scrutiny during legal proceedings. The information classification scheme safeguards knowledge. Failure to implement a records and data classification scheme leads to disaster

3. Right Answer: D
Explanation: Virtual private networks (VPNs) connect remote users over an insecure public network such as the Internet. The connection is virtual because it is temporary with no physical presence. VPN technology is cost-effective and highly flexible. A VPN creates an encrypted tunnel to securely pass data as follows: Between two machines (host-host) From a machine to a network (host-gateway) From one network to another network (gateway-gateway)

4. Right Answer: D
Explanation:

5. Right Answer: D
Explanation:

0 Comments

Leave a comment