CISA Practice Test

An organization is in the process of deciding whether to allow a bring your own device (BYOD) program. If approved, which of the following should be the FIRST control required before implementation?

A.

An accept able use policy

B.

Device registration

C.

Device baseline configurations

D.

An awareness program

Which of the following group is MOST likely responsible for the implementation of IT projects?

A.

IT steering committee

B.

IT strategy committee

C.

IT compliance committee

D.

IT governance committee

Which of the following should be the PRIMARY reason to establish a social media policy for all employees?

A.

To raise awareness and provide guidance about social media risks

B.

To restrict access to social media during business hours to maintain productivity

C.

To publish acceptable messages to be used by employees when posting

D.

To prevent negative public social media postings and comments

Which of the following access control situations represents the MOST serious control weakness?

A.

Computer operators have access to system level flowcharts

B.

Programmers have access to development hardware

C.

System developers have access to production data

D.

End users have access to program development tools.

Which of the following would be an IS auditor's GREATEST concern when reviewing an organization s security controls for policy compliance?

A.

End users are not required to acknowledge security policy training.

B.

Security policy documents are available on a public domain website.

C.

Buy-in from system owners to support the policies is inadequate

D.

Security policies are not uniformly applicable across the organization