AllExam Dumps

DUMPS, FREE DUMPS, VCP5 DUMPS| VMWARE DUMPS, VCP DUMPS, VCP4 DUMPS, VCAP DUMPS, VCDX DUMPS, CISCO DUMPS, CCNA, CCNA DUMPS, CCNP DUMPS, CCIE DUMPS, ITIL, EXIN DUMPS,


READ Free Dumps For Isaca- CISA





Question ID 22449

Which of the following is the BEST information source for management to use as an aid in the identification of assets that are subject to laws and regulations?

Option A

Security incident summaries

Option B

Vendor best practices

Option C

CERT coordination center

Option D

Significant contracts

Correct Answer D
Explanation Contractual requirements are one of the sources that should be consulted to identify the requirements for the management of information assets. Vendor best practices provides a basis for evaluating how competitive an enterprise is, while security incident summaries are a source for assessing the vulnerabilities associated with the IT infrastructure. CERT {www.cert.org) is an information source for assessing vulnerabilities within the IT infrastructure.


Question ID 22450

An organization has outsourced its help desk activities. An IS auditor's GREATEST concern when reviewing the contract and associated service level agreement
(SLA) between the organization and vendor should be the provisions for:

Option A

documentation of staff background checks.

Option B

independent audit reports or full audit access.

Option C

reporting the year-to-year incremental cost reductions.

Option D

reporting staff turnover, development or training.

Correct Answer B
Explanation When the functions of an IS department are outsourced, an IS auditor should ensure that a provision is made for independent audit reports that cover all essential areas, or that the outsourcer has full audit access. Although it is necessary to document the fact that background checks are performed, this is not as important as provisions for audits. Financial measures such as year-to-year incremental cost reductions are desirable to have in a service level agreement ( SLA ); however, cost reductions are not as important as the availability of independent audit reports or full audit access. An SLA might include human relationship measures such as resource planning, staff turnover, development or training, but this is not as important as the requirements for independent reports or full audit access by the outsourcing organization.

Send email to admin@getfreedumps for new dumps request!!!