لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
During business process reengineering (BPR) of a bank's teller activities, an IS auditor should evaluate:
A. the cost of new controls
B. continuous improvement and monitoring plans
C. BPR project plans
D. the impact of changed business processes
عرض الإجابة
اجابة صحيحة: D

View The Updated CISA Exam Questions

SPOTO Provides 100% Real CISA Exam Questions for You to Pass Your CISA Exam!

Get CISA Practice Test
السؤال #2
Which of the following provides an IS auditor the MOST assurance that an organization is compliant with legal and regulatory requirements?
A. Controls associated with legal and regulatory requirements have been identified and tested
B. Senior management has provided attestation of legal and regulatory compliance
C. There is no history of complaints or fines from regulators regarding noncompliance
D. The IT manager is responsible for the organization's compliance with legal and regulatory requirements
عرض الإجابة
اجابة صحيحة: A
السؤال #3
In the risk assessment process, which of the following should be identified FIRST?
A. Assets
B. Vulnerabilities
C. Impact
D. Threats
عرض الإجابة
اجابة صحيحة: A
السؤال #4
An auditor is creating an audit program where the objective is to establish the adequacy of personal data privacy controls in a payroll process. Which of the following is MOST important to include?
A. User access provisioning
B. Segregation of duties controls
C. Approval of data changes
D. Audit logging of administrative user activity
عرض الإجابة
اجابة صحيحة: C
السؤال #5
Which of the following is the BEST compensating control for a lack of proper segregation of duties in an IT department?
A. Authorization forms
B. System activity logging
C. Audit trail reviews
D. Control self-assessment (CSA)
عرض الإجابة
اجابة صحيحة: B
السؤال #6
An IS auditor is reviewing an enterprise database platform. The review involves statistical methods, Benford analysis, and duplicate checks. Which of the following computer-assisted audit technique (CAAT) tools would be MOST useful for this review?
A. Audit hooks
B. Integrated test facility (ITF)
C. Generalized audit software (GAS)
D. Continuous and intermittent simulation (CIS)
عرض الإجابة
اجابة صحيحة: C
السؤال #7
When an IS auditor evaluates key performance indicators (KPIs) for IT initiatives, it is MOST important that the KPIs indicate:
A. IT resources are fully utilized
B. IT objectives are measured
C. IT solutions are within budget
D. IT deliverables are process driven
عرض الإجابة
اجابة صحيحة: B
السؤال #8
An IS audit reveals that many of an organization's Internet of Things (loT) devices have not been patched. Which of the following should the auditor do FIRST when determining why these devices have not received the required patches?
A. Ensure the devices are listed in the asset inventory database
C. Determine the physical location of the deployed devices
D. Review the organization's most recent risk assessment on loT devices
عرض الإجابة
اجابة صحيحة: B
السؤال #9
A financial institution has a system interface that is used by its branches to obtain applicable currency exchange rates when processing transactions. Which of the following should be the PRIMARY control objective for maintaining the security of the system interface?
A. Preventing unauthorized access to the data via malicious activity
B. Ensuring the integrity of the data being transferred
C. Preventing unauthorized access to the data via interception
D. Ensuring the availability of the data being transferred
عرض الإجابة
اجابة صحيحة: B
السؤال #10
An airline's online booking system uses an automated script that checks whether fares are within the defined threshold of what is reasonable before the fares are displayed on the website. Which type of control is in place?
A. Directive control
B. Compensating control
C. Corrective control
D. Preventive control
عرض الإجابة
اجابة صحيحة: A
السؤال #11
A recent audit identified duplicate software licenses and technologies. SSWhich of the following would be MOST helpful to prevent this type of duplication in the future?
A. Conducting periodic inventory reviews
B. Establishing a project management office
C. Centralizing IT procurement and approval practices
D. Updating IT procurement policies and procedures
عرض الإجابة
اجابة صحيحة: D
السؤال #12
Capacity management enables organizations to:
A. establish the capacity of network communication links
B. forecast technology trends
C. identify the extent to which components need to be upgraded
D. determine business transaction volumes
عرض الإجابة
اجابة صحيحة: C
السؤال #13
Due to a high volume of customer orders, an organization plans to implement a new application for customers to use for online ordering. Which type of testing is MOST important to ensure the security of the application prior to go-live?
A. User acceptance testing (UAT)
B. Regression testing
C. Vulnerability testing
D. Stress testing
عرض الإجابة
اجابة صحيحة: C
السؤال #14
Which of the following should be an IS auditor's GREATEST concern when reviewing an outsourcing arrangement with a third-partly cloud service provider to host personally identifiable data?
A. The outsourcing contract does not contain a right-to-audit clause
B. The organization's servers are not compatible with the third party's infrastructure
C. The data is not adequately segregated on the host platform
D. Fees are charged based on the volume of data stored by the host
عرض الإجابة
اجابة صحيحة: C
السؤال #15
An organization has agreed to perform remediation related to high-risk audit findings. The remediation process involves a complex reorganization of user roles as well as the implementation of several compensating controls that may not be completed within the next audit cycle. Which of the following is the BEST way for an IS auditor to follow up on the activities?
A. Provide management with a remediation timeline and verify adherence
B. Continue to audit the failed controls according to the audit schedule
C. Schedule a review of the controls after the projected remediation date
D. Review the progress of remediation on a regular basis
عرض الإجابة
اجابة صحيحة: A
السؤال #16
Which of the following BEST ensures the quality and integrity of test procedures used in audit analytics?
A. Developing and communicating test procedure best practices to audit teams
B. Decentralizing procedures and implementing periodic peer review
C. Developing and implementing an audit data repository
D. Centralizing procedures and implementing change control
عرض الإجابة
اجابة صحيحة: D
السؤال #17
During data migration, which of the following BEST prevents integrity issues when multiple processes within the migration program are attempting to write to the same table in the databases?
A. Authentication controls
B. Normalization controls
C. Concurrency controls
D. Database limit controls
عرض الإجابة
اجابة صحيحة: C
السؤال #18
Within the context of an IT-related governance framework, which type of organization would be considered MOST mature?
A. An organization in a state of dynamic growth with continuously updated policies and procedures
B. An organization with processes systematically managed by continuous improvement
C. An organization in which processes are repeatable and results periodically reviewed
D. An organization with established sets of documented standard processes
عرض الإجابة
اجابة صحيحة: B
السؤال #19
The objective of a vulnerability identification step in a risk assessment process is to:
A. identify the compensating controls
B. determine the impact of compromise
C. develop a list of weaknesses
D. determine the likelihood of a threat
عرض الإجابة
اجابة صحيحة: C
السؤال #20
Which of the following is the BEST way to minimize the impact of a ransomware attack?
A. Provide user awareness training on ransomware attacks
B. Perform more frequent system backups
C. Maintain a regular schedule for patch updates
D. Grant system access based on least privilege
عرض الإجابة
اجابة صحيحة: B
السؤال #21
When using a wireless device, which of the following BEST ensures confidential access to email via web mail?
A. Simple Object Access Protocol (SOAP)
B. Wired equivalent privacy (WEP)
C. Extensible markup language (XML)
D. Hypertext Transfer Protocol Secure (HTTPS)
عرض الإجابة
اجابة صحيحة: B
السؤال #22
Which of the following communication modes should be of GREATEST concern to an IS auditor evaluating end user networking?
A. Host-to-host
B. Peer-to-peer
C. System-to-system
D. Client-to-server
عرض الإجابة
اجابة صحيحة: B
السؤال #23
The PRIMARY reason to follow up on prior-year audit reports is to determine if:
A. prior-year recommendations have become irrelevant
B. identified control weaknesses have been addressed
C. significant changes to the control environment have occurred
D. inherent risks have changed
عرض الإجابة
اجابة صحيحة: B
السؤال #24
Which of the following is found in an audit charter?
A. The process of developing the annual audit plan
B. Required training for audit staff
C. The authority given to the audit function
D. Audit objectives and scope
عرض الإجابة
اجابة صحيحة: C
السؤال #25
An IS auditor is reviewing a network diagram. Which of the following would be the BEST location for placement of a firewall?
A. At borders of network segments with different security levels
B. Inside the demilitarized zone (DMZ)
C. Between each host and the local network switch/hub
D. Between virtual local area networks (VLANs)
عرض الإجابة
اجابة صحيحة: B
السؤال #26
Which of the following is a detective control that can be used to uncover unauthorized access to information systems?
A. Requiring long and complex passwords for system access
B. Protecting access to the data center with multifactor authentication
C. Implementing a security information and event management (SIEM) system
D. Requiring internal audit to perform periodic reviews of system access logs
عرض الإجابة
اجابة صحيحة: C
السؤال #27
Segregation of duties would be compromised if:
A. operations staff modified batch schedules
B. database administrators (DBAs) modified the structure of user tables
C. application programmers moved programs into production
D. application programmers accessed test data
عرض الإجابة
اجابة صحيحة: D
السؤال #28
Which of the following is the MOST likely cause of a successful firewall penetration?
A. Virus infection
B. Firewall misconfiguration by the administrator
C. Loophole in firewall vendor's code
D. Use of a Trojan to bypass the firewall
عرض الإجابة
اجابة صحيحة: B
السؤال #29
Which of the following is the MOST important step in the development of an effective IT governance action plan?
A. Conducting a business impact analysis (BIA)
B. Measuring IT governance key performance indicators (KPIs)
C. Preparing a statement of sensitivity
D. Setting up an IT governance framework for the process
عرض الإجابة
اجابة صحيحة: D
السؤال #30
What information within change records would provide an IS auditor with the MOST assurance that configuration management is operating effectively?
A. mplementation checklist for release management
B. onfiguration management plan and operating procedures
C. Post-implementation review documentation
D. Affected configuration items and associated impacts
عرض الإجابة
اجابة صحيحة: C
السؤال #31
Which of the following is a benefit of the DevOps development methodology?
A. It leads to a well-defined system development life cycle (SDLC)
B. It restricts software releases to a fixed release schedule
C. It enables increased frequency of software releases to production
D. It enforces segregation of duties between code developers and release migrators
عرض الإجابة
اجابة صحيحة: C
السؤال #32
Which of the following is MOST likely to result from compliance testing?
A. Comparison of data with physical counts
B. Discovery of controls that have not been applied
C. Confirmation of data with outside sources
D. Identification of errors due to processing mistakes
عرض الإجابة
اجابة صحيحة: B
السؤال #33
While conducting a system architecture review, an IS auditor learns of multiple complaints from field agents about the latency of a mobile thin client designed to provide information during site inspections. Which of the following is the BEST way to address this situation?
A. Upgrade the thin-client software to provide more informative error messages during application loading
B. Switch to a thick-client architecture that does not require a persistent network connection
C. Deploy a middleware application to improve messaging between application components
D. Upgrade the processors in the field agents' mobile devices
عرض الإجابة
اجابة صحيحة: C
السؤال #34
Which of the following BEST describes the relationship between vulnerability scanning and penetration testing?
A. Both are labor-intensive in preparation, planning, and execution
B. Both utilize a risk-based analysis that considers threat scenarios
C. For entities with regulatory drivers, the two tests must be the same
D. The scope of both is determined primarily by the likelihood of exploitation
عرض الإجابة
اجابة صحيحة: B
السؤال #35
An IS auditor is a member of an application development team that is selecting software. Which of the following would impair the auditor's independence?
A. Approving the vendor selection methodology
B. Reviewing the request for proposal (RFP)
C. Witnessing the vendor selection process
D. Verifying the weighting of each selection criteria
عرض الإجابة
اجابة صحيحة: A
السؤال #36
Which of the following is an IS auditor's GREATEST concern when an organization does not regularly update software on individual workstations in the internal environment?
A. The organization may not be in compliance with licensing agreements
B. The system may have version control issues
C. System functionality may not meet business requirements
D. The organization may be more susceptible to cyber attacks
عرض الإجابة
اجابة صحيحة: D
السؤال #37
An organization is deciding whether to outsource its customer relationship management (CRM) systems to a provider located in another country. Which of the following should be the PRIMARY influence in the outsourcing decision?
A. The service provider's disaster recovery plan (DRP)
B. Current geopolitical conditions
C. Time zone differences
D. Cross-border privacy laws
عرض الإجابة
اجابة صحيحة: D
السؤال #38
Which of the following should be of GREATEST concern to an IS auditor reviewing actions taken during a forensic investigation?
A. An image copy of the attacked system was not taken
B. The proper authorities were not notified
C. The handling procedures of the attacked system are not documented
D. The investigation report does not indicate a conclusion
عرض الإجابة
اجابة صحيحة: B
السؤال #39
When reviewing a project to replace multiple manual data entry systems with an artificial intelligence (AI) system, the IS auditor should be MOST concerned with the impact Al will have on:
A. enterprise architecture (EA)
B. task capacity output
C. employee retention
D. future task updates
عرض الإجابة
اجابة صحيحة: C
السؤال #40
When evaluating the recent implementation of an intrusion detection system (IDS), an IS auditor should be MOST concerned with inappropriate:
A. patching
B. training
C. encryption
D. tuning
عرض الإجابة
اجابة صحيحة: D
السؤال #41
Which of the following is MOST important for an IS auditor to consider during a review of the IT governance of an organization?
A. Defined service levels
B. Funding allocations
C. Risk management methodology
D. Decision making responsibilities
عرض الإجابة
اجابة صحيحة: A
السؤال #42
An internal IS auditor recommends that incoming accounts payable payment files be encrypted. Which type of control is the auditor recommending?
A. Preventive
B. Detective
C. Corrective
D. Directive
عرض الإجابة
اجابة صحيحة: D
السؤال #43
The BEST way to prevent fraudulent payments is to implement segregation of duties between the vendor setup and:
A. payment processing
B. payroll processing
C. product registration
D. procurement
عرض الإجابة
اجابة صحيحة: A
السؤال #44
An IS auditor is reviewing the change management process in a large IT service organization. Which of the following observations would be the GREATEST concern?
A. User acceptance testing (UAT) can be waived in case of emergency software releases
B. Code is migrated manually into production during emergency software releases
C. A senior developer has permanent access to promote code for emergency software releases
D. Emergency software releases are not fully documented after implementation
عرض الإجابة
اجابة صحيحة: C
السؤال #45
Which audit approach is MOST helpful in optimizing the use of IS audit resources?
A. Risk-based auditing
B. Agile auditing
C. Outsourced auditing
D. Continuous auditing
عرض الإجابة
اجابة صحيحة: A
السؤال #46
Which of the following is the BEST way to mitigate the risk associated with technology obsolescence?
A. Create a technology watch team that evaluates emerging trends
B. Make provisions in the budgets for potential upgrades
C. Invest in current technology
D. Create tactical and strategic IS plans
عرض الإجابة
اجابة صحيحة: D
السؤال #47
An IS auditor reviewing the system development life cycle (SDLC) finds there is no requirement for business cases. Which of the following should be of GREATEST concern to the organization?
A. Business impacts of projects are not adequately analyzed
B. Business resources have not been optimally assigned
C. Vendor selection criteria are not sufficiently evaluated
D. Project costs exceed established budgets
عرض الإجابة
اجابة صحيحة: A
السؤال #48
Which of the following is the MOST important factor when an organization is developing information security policies and procedures?
A. Consultation with security staff
B. Alignment with an information security framework
C. Inclusion of mission and objectives
D. Compliance with relevant regulations
عرض الإجابة
اجابة صحيحة: D

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

Get ISACA Practice Test

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.