- (Exam Topic 4)
A core system fails a week after a scheduled update, causing an outage that impacts service. Which of the following is MOST important for incident management to focus on when addressing the issue?
Correct Answer:
B
- (Exam Topic 4)
Which of the following should be restricted from a network administrator's privileges in an adequately segregated IT environment?
Correct Answer:
B
The network administrator should not have the privilege of changing existing configurations for applications in an adequately segregated IT environment. This is because changes to existing configurations can introduce vulnerabilities and cause unexpected behavior, which can lead to disruption of services or data loss. The network administrator should not have the ability to make such changes without the explicit authorization of the IT manager. Additionally, the network administrator should be monitored to ensure that any changes they make are in compliance with the organization's security policies and procedures. CISA Certification - Information Systems Auditor official site or book provides a comprehensive guide to best practices and security principles for the IT environment, which includes recommendations on how to restrict access to sensitive configuration changes.
- (Exam Topic 1)
An IS auditor has found that an organization is unable to add new servers on demand in a cost-efficient manner. Which of the following is the auditor's BEST recommendation?
Correct Answer:
D
- (Exam Topic 2)
Which of the following is MOST important for an IS auditor to verify when evaluating an organization's firewall?
Correct Answer:
A
- (Exam Topic 4)
Which of the following provides the MOST useful information regarding an organization's risk appetite and tolerance?
Correct Answer:
C