CISA—Certified Information Systems Auditor - Part 380

1. Which of the following is a reason for implementing a decentralized IT governance model?

A) Standardized controls and economies of scale
B) IT synergy among business units
C) Greater consistency among business units
D) Greater responsiveness to business needs



2. The use of symmetric key encryption controls to protect sensitive data transmitted over a communications network requires that:

A) primary keys for encrypting the data be stored in encrypted form.
B) encryption keys be changed only when a compromise is detected at both ends.
C) encryption keys at one end be changed on a regular basis.
D) public keys be stored in encrypted form.



3. A purpose of project closure is to determine the:

A) potential risks affecting the quality of deliverables.
B) lessons learned for use in future projects.
C) project feasibility requirements
D) professional expertise of the project manager.



4. When providing a vendor with data containing personally identifiable information (PII) for offsite testing, the data should be:

A) current
B) encrypted.
C) sanitized.
D) backed up.



5. Which of the following should be the PRIMARY basis for prioritizing follow-up audits?

A) Complexity of management's actions plans
B) Recommendation from executive management
C) Audit cycle defined in the audit plan
D) Residual risk from the findings of previous audits