Database snapshots can provide an excellent audit trail for an IS auditor. True or false?
正解: A
Explanation/Reference: Database snapshots can provide an excellent audit trail for an IS auditor.
CISA 試験問題 743
An IS auditor is reviewing a machine learning model that predicts the likelihood that a user will watch a certain movie. Which of the following would be of GREATEST concern to the auditor?
正解: A
The quality and reliability of the training data are crucial for the model's accuracy and overall performance. If the training data comes from an unreliable source, the model's predictions could be biased, inaccurate, or unreliable, leading to poor outcomes when applied to real-world scenarios. Ensuring the integrity, quality, and reliability of the training data is fundamental for any machine learning model. While decreased accuracy when tested with data from a different population, the use of open- source programming languages, and testing with data from the same population are important factors to consider, the reliability of the training data is the most critical issue because it directly affects the model's ability to learn correctly and generalize to new data.
CISA 試験問題 744
A global organization's policy states that all workstations must be scanned for malware each day. Which of the following would provide an IS auditor with the BEST evidence of continuous compliance with this policy?
正解: C
Anti-malware tool audit logs would provide an IS auditor with the best evidence of continuous compliance with the global organization's policy that states that all workstations must be scanned for malware each day. Anti-malware tool audit logs are records that capture the activities and events related to the anti-malware software installed on the workstations, such as scan schedules, scan results, updates, alerts, and actions taken1. These logs can help the IS auditor to verify that the anti-malware software is functioning properly, that the scans are performed regularly and effectively, and that any malware incidents are detected and resolved in a timely manner2. Anti-malware tool audit logs can also help the IS auditor to identify any gaps or weaknesses in the anti-malware policy or implementation, and to provide recommendations for improvement3. The other options are not the best evidence of continuous compliance with the anti-malware policy. Penetration testing results are reports that show the vulnerabilities and risks of the workstations and network from an external or internal attacker's perspective4. While penetration testing can help to assess the security posture and resilience of the organization, it does not provide information on the daily anti-malware scans or their outcomes. Management attestation is a statement or declaration from the management that they have complied with the anti-malware policy5. While management attestation can demonstrate commitment and accountability, it does not provide objective or verifiable evidence of compliance. Recent malware scan reports are documents that show the summary or details of the latest anti-malware scans performed on the workstations. While recent malware scan reports can indicate the current status and performance of the anti-malware software, they do not provide historical or comprehensive evidence of compliance. References: * Malwarebytes Anti-Malware (MBAM) log collection and threat reports ... * Malicious Behavior Detection using Windows Audit Logs * PCI Requirement 5.2 - Ensure all Anti-Virus Mechanisms are Current ... * Management Attestation - an overview | ScienceDirect Topics * How to Read a Malware Scan Report | Techwalla
CISA 試験問題 745
Which of the following is the BEST method for uncovering shadow IT within an organization?