DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Best CISA Practice Exams and Real Exam Simulations, Certified Information Systems Auditor | SPOTO

Elevate your CISA exam readiness with SPOTO's best-in-class practice exams and real exam simulations. Our meticulously crafted materials mirror the actual CISA certification exam, providing an authentic testing experience. Gain invaluable insights into your strengths and weaknesses through detailed performance reports and explanations. Access an extensive database of practice questions covering all exam domains to comprehensively assess your knowledge. Simulate the real exam environment with our timed, full-length mock tests to build confidence and familiarity. Trust SPOTO's industry-leading CISA practice exams and simulations to unlock your auditing potential and achieve certification success.
Take other online exams

Question #1
An IS auditor reviewing access controls for a client-server environment should FIRST:
A. evaluate the encryption technique
B. identify the network access points
C. review the identity management system
D. review the application level access controls
View answer
Correct Answer: C
Question #2
Which of the following testing method examines internal structure or working of an application?
A. White-box testing
B. Parallel Test
C. Regression Testing
D. Pilot Testing
View answer
Correct Answer: A
Question #3
Which of the following should an IS auditor review to gain an understanding of the effectiveness of controls over the management of multiple projects?
A. Project database
B. Policy documents
C. Project portfolio database
D. Program organization
View answer
Correct Answer: B
Question #4
Which of the following cloud computing service model is a provision model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components?
A. Software as a service
B. Data as a service
C. Platform as a service
D. Infrastructure as a service
View answer
Correct Answer: D
Question #5
An IS auditor should aware of various analysis models used by data architecture. Which of the following analysis model outline the major process of an organization and the external parties with which business interacts?
A. Context Diagrams
B. Activity Diagrams
C. Swim-lane diagrams
D. Entity relationship diagrams
View answer
Correct Answer: A
Question #6
An organization has a mix of access points that cannot be upgraded to stronger security and newer access points having advanced wireless security. An IS auditor recommends replacing the non-upgradeable access points. Which of the following would BEST justify the IS auditor's recommendation?
A. The new access points with stronger security are affordable
B. The old access points are poorer in terms of performance
C. The organization's security would be as strong as its weakest points
D. The new access points are easier to manage
View answer
Correct Answer: C
Question #7
An external security audit risk has reported multiple instances of control noncompliance. Which of the following would be MOST important for the information security manager to communicate to senior management?
A. The impact of noncompliance on the organization’s risk profile
B. An accountability report to initiate remediation activities
C. A plan for mitigating the risk due to noncompliance
D. Control owner responses based on a root cause analysis
View answer
Correct Answer: A
Question #8
An IS auditor should know information about different network transmission media. Which of the following transmission media is used for short distance transmission?
A. Copper cable
B. Fiber Optics
C. Satellite Radio Link
D. Satellite Radio Link
View answer
Correct Answer: A
Question #9
Which of the following environmental controls is appropriate to protect computer equipment against short-term reductions in electrical power?
A. Power line conditioners
B. Surge protective devices
C. Alternative power supplies
D. Interruptible power supplies
View answer
Correct Answer: B
Question #10
While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/backup at an offsite location would be:
A. shadow file processing
B. electronic vaulting
C. hard-disk mirroring
D. hot-site provisioning
View answer
Correct Answer: C
Question #11
An organization’s information security department is creating procedures for handling digital evidence that may be used in court. Which of the following would be the MOST important consideration from a risk standpoint?
A. Ensuring the entire security team reviews the evidence
B. Ensuring that analysis is conducted on the original data
C. Ensuring the original data is kept confidential
D. Ensuring the integrity of the data is preserved
View answer
Correct Answer: D
Question #12
Which of the following step of PDCA establishes the objectives and processes necessary to deliver results in accordance with the expected output?
A. Plan
B. Do
C. Check
D. Act
View answer
Correct Answer: A
Question #13
An IS auditor should aware of various analysis models used by data architecture. Which of the following analysis model depict data entities and how they relate?
A. Context Diagrams
B. Activity Diagrams
C. Swim-lane diagrams
D. Entity relationship diagrams
View answer
Correct Answer: D
Question #14
Which of the following would provide the BEST protection against the hacking of a computer connected to the Internet?
A. A remote access server
B. A proxy server
C. A personal firewall
D. A password-generating token
View answer
Correct Answer: C
Question #15
Which of the following method should be recommended by security professional to erase the data on the magnetic media that would be reused by another employee?
A. Degaussing
B. Overwrite every sector of magnetic media with pattern of 1's and 0's
C. Format magnetic media
D. Delete File allocation table
View answer
Correct Answer: B
Question #16
Which of the following types of testing would determine whether a new or modifies system can operate in its target environment without adversely impacting other existing systems?
A. Parallel testing
B. Pilot testing
C. Interface/integration testing
D. Sociability testing
View answer
Correct Answer: C
Question #17
The waterfall life cycle model of software development is most appropriately used when:
A. requirements are well understood and are expected to remain stable, as is the business environment in which the system will operate
B. requirements are well understood and the project is subject to time pressures
C. the project intends to apply an object-oriented design and programming approach
D. the project will involve the use of new technology
View answer
Correct Answer: B
Question #18
Which of the following is the MOST important objective of data protection? identifying persons who need access to information
B. Ensuring the integrity of information
C. Denying or authorizing access to the IS system
D. Monitoring logical accesses
View answer
Correct Answer: D
Question #19
Functionality is a characteristic associated with evaluating the quality of software products throughout their life cycle, and is BEST described as the set of attributes that bear on the:
A. existence of a set of functions and their specified properties
B. ability of the software to be transferred from one environment to another
C. capability of software to maintain its level of performance under stated conditions
D. relationship between the performance of the software and the amount of resources used
View answer
Correct Answer: A
Question #20
An efficient use of public key infrastructure (PKI) should encrypt the:
A. entire message
B. private key
C. public key
D. symmetric session key
View answer
Correct Answer: A
Question #21
An IS auditor is a member of an application development team that is selecting software. Which of the following would impair the auditor’s independence?
A. Verifying the weighting of each selection criteria Explanation/Reference:
B. Approving the vendor selection methodology
C. Reviewing the request for proposal (RFP)
D. Witnessing the vendor selection process
View answer
Correct Answer: B
Question #22
Which of the following encryption techniques will BEST protect a wireless network from a man-in-the-middle attack?
A. 128-bit wired equivalent privacy (WEP)
B. MAC-based pre-shared key(PSK)
C. Randomly generated pre-shared key (PSKJ
D. Alphanumeric service set identifier (SSID)
View answer
Correct Answer: D
Question #23
Following a recent acquisition, an information security manager has been requested the outstanding risk reported early in the acquisition process. Which of the following would be the manager’s BEST course of action?
A. Perform a vulnerability assessment of the acquired company’s infrastructure
B. Re-evaluate the risk treatment plan for the outstanding risk
C. Re-assess the outstanding risk of the acquired company
D. Add the outstanding risk to the acquiring organization’s risk registry
View answer
Correct Answer: C
Question #24
The GREATEST risk when performing data normalization is:
A. the increased complexity of the data model
B. duplication of audit logs
C. reduced data redundancy
D. decreased performance
View answer
Correct Answer: A
Question #25
An IS auditor has completed an audit of an organization’s accounts payable system. Which of the following should be rated as the HIGHEST risk in the audit report and requires immediate remediation?
A. Lack of segregation of duty controls for reconciliation of payment transactions Explanation/Reference:
B. Lack of segregation of duty controls for removal of vendor records
C. Lack of segregation of duty controls for updating the vendor master file
D. Lack of segregation of duty controls for reversing payment transactions
View answer
Correct Answer: A
Question #26
There is a concern that a salesperson may download an organization’s full customer list from the Software as a Service (SaaS) when leaving to work for a competitor. Which of the following would BEST help to identify this type of incident?
A. Monitor applications logs
B. Disable remote access to the application
C. Implement a web application firewall
D. Implement an intrusion detection system (IDS)
View answer
Correct Answer: A
Question #27
Which of the following should an IS auditor recommend to BEST enforce alignment of an IT project portfolio with strategic organizational priorities?
A. Define a balanced scorecard (BSC) for measuring performance
B. Consider user satisfaction in the key performance indicators (KPIs)
C. Select projects according to business benefits and risks
D. Modify the yearly process of defining the project portfolio
View answer
Correct Answer: A
Question #28
Which of the following would contribute MOST to an effective business continuity plan (BCP)?
A. Document is circulated to all interested parties
B. Planning involves all user departments
C. Approval by senior management
D. Audit by an external IS auditor
View answer
Correct Answer: A
Question #29
Which of the following physical access controls effectively reduces the risk of piggybacking?
A. Biometric door locks
B. Combination door locks
C. Deadman doors
D. Bolting door locks
View answer
Correct Answer: A
Question #30
Which of the following type of honey pot essentially gives a hacker a real environment to attack?
A. High-interaction
B. Low-interaction
C. Med-interaction
D. None of the choices
View answer
Correct Answer: A
Question #31
The MAIN purpose of documenting information security guidelines for use within a large, international organization is to:
A. ensure that all business units have the same strategic security goals
B. provide evidence for auditors that security practices are adequate
C. explain the organization’s preferred practices for security
D. ensure that all business units implement identical security procedures
View answer
Correct Answer: A
Question #32
Which of the following biometrics has the highest reliability and lowest false-acceptance rate (FAR)?
A. Palm scan
B. Face recognition
C. Retina scan
D. Hand geometry
View answer
Correct Answer: C
Question #33
Time constraints and expanded needs have been found by an IS auditor to be the root causes for recent violations of corporate data definition standards in a new business intelligence project. Which of the following is the MOST appropriate suggestion for an auditor to make?
A. Achieve standards alignment through an increase of resources devoted to the project
B. Align the data definition standards after completion of the project
C. Delay the project until compliance with standards can be achieved
D. Enforce standard compliance by adopting punitive measures against violators
View answer
Correct Answer: B
Question #34
An IS auditor examining the configuration of an operating system to verify the controls should review the: D.
A. transaction logs
B. authorization tables
C. parameter settings
View answer
Correct Answer: B
Question #35
When developing a security architecture, which of the following steps should be executed FIRST?
A. Developing security procedures
B. Defining a security policy
C. Specifying an access control methodology
D. Defining roles and responsibilities
View answer
Correct Answer: A
Question #36
The goal of an information system is to achieve integrity, authenticity and non-repudiation of information’s sent across the network. Which of the following statement correctly describe the steps to address all three?
A. Encrypt the message digest using symmetric key and then send the encrypted digest to receiver along with original message
B. Encrypt the message digest using receiver's public key and then send the encrypted digest to receiver along with original message
C. Encrypt the message digest using sender's public key and then send the encrypted digest to the receiver along with original message
D. Encrypt message digest using sender's private key and then send the encrypted digest to the receiver along with original message
View answer
Correct Answer: D
Question #37
Which of the following terms generally refers to small programs designed to take advantage of a software flaw that has been discovered?
A. exploit
B. patch
C. quick fix
D. service pack
E. malware
F. None of the choices
View answer
Correct Answer: D
Question #38
A computer system is no more secure than the human systems responsible for its operation. Malicious individuals have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them. zombie computers are being HEAVILY relied upon on by which of the following types of attack?
A. Eavedropping
B. DoS
C. DDoS
D. ATP
E. Social EngineeringF
View answer
Correct Answer: B
Question #39
Which of the following should be the PRIMARY objective of an information security governance framework?
A. Increase the organization’s return on security investment
B. Provide a baseline for optimizing the security profile of the organization
C. Ensure that users comply with the organization’s information security policies
D. Demonstrate compliance with industry best practices to external stakeholders
View answer
Correct Answer: B
Question #40
Which of the following antispam filtering techniques would BEST prevent a valid, variable- length e-mail message containing a heavily weighted spam keyword from being labeled as spam?
A. Heuristic (rule-based)
B. Signature-based
C. Pattern matching
D. Bayesian (statistical)
View answer
Correct Answer: B
Question #41
In large corporate networks having supply partners across the globe, network traffic may continue to rise. The infrastructure components in such environments should be scalable. Which of the following firewall architectures limits future scalability?
A. Appliances
B. Operating system-based
C. Host-based
D. Demilitarized
View answer
Correct Answer: A
Question #42
In which of the following transmission media it is MOST difficult to modify the information traveling across the network?
A. Copper cable
B. Fiber Optics
C. Satellite Radio Link
D. Coaxial cable
View answer
Correct Answer: B
Question #43
Which of the following is an advantage of asymmetric crypto system over symmetric key crypto system?
A. Performance and Speed
B. Key Management is built in
C. Adequate for Bulk encryption
D. Number of keys grows very quickly
View answer
Correct Answer: B
Question #44
Which of the following should be a concern to an IS auditor reviewing a wireless network?
A. 128-bit static-key WEP (Wired Equivalent Privacy) encryption is enabled
B. SSID (Service Set IDentifier) broadcasting has been enabled
C. Antivirus software has been installed in all wireless clients
D. MAC (Media Access Control) access control filtering has been deployed
View answer
Correct Answer: B
Question #45
Which of the following is the MOST important action in recovering from a cyberattack?
A. Creation of an incident response team
B. Use of cybenforensic investigators
C. Execution of a business continuity plan
D. Filling an insurance claim
View answer
Correct Answer: A
Question #46
Why is one-time pad not always preferable for encryption (choose all that apply):
A. it is difficult to use securely
B. it is highly inconvenient to use
C. it requires licensing fee
D. it requires internet connectivity
E. it is Microsoft only
F. None of the choices
View answer
Correct Answer: D
Question #47
Which of the following potentially blocks hacking attempts?
A. intrusion detection system
B. Honeypot system
C. Intrusion prevention system
D. Network security scanner
View answer
Correct Answer: B
Question #48
The information in the knowledge base can be expressed in several ways. Which of the following way uses questionnaires to lead the user through a series of choices until a conclusion is reached?
A. Decision tree
B. Rules
C. Semantic nets
D. Knowledge interface
View answer
Correct Answer: A
Question #49
Which of the following is the PRIMARY purpose for conducting parallel testing?
A. To determine if the system is cost-effective
B. To enable comprehensive unit and system testing
C. To highlight errors in the program interfaces with files
D. To ensure the new system meets user requirements
View answer
Correct Answer: A
Question #50
An organization’s senior management is encouraging employees to use social media for promotional purposes. Which of the following should be the information security manager’s FIRST step to support this strategy?
A. Develop a business case for a data loss prevention solution
B. Develop a guideline on the acceptable use of social media
C. Incorporate social media into the security awareness program
D. Employ the use of a web content filtering solution
View answer
Correct Answer: B
Question #51
Which of the following layer of an enterprise data flow architecture is concerned with transporting information between the various layers?
A. Data preparation layer
B. Desktop Access Layer
C. Application messaging layer
D. Data access layer
View answer
Correct Answer: C
Question #52
Confidentiality of the data transmitted in a wireless LAN is BEST protected if the session is:
A. restricted to predefined MAC addresses
B. encrypted using static keys
C. encrypted using dynamic keys
D. initiated from devices that have encrypted storage
View answer
Correct Answer: A
Question #53
A client/server configuration will:
A. optimize system performance by having a server on a front-end and clients on a host
B. enhance system performance through the separation of front-end and back-end processes
C. keep track of all the clients using the IS facilities of a service organization
D. limit the clients and servers’ relationship by limiting the IS facilities to a single hardware system
View answer
Correct Answer: A
Question #54
What is an IS auditor’s BEST course of action if informed by a business unit’s representatives that they are too busy to cooperate with a scheduled audit?
A. Reschedule the audit for a time more convenient to the business unit
B. Notify the chief audit executive who can negotiate with the head of the business unit
C. Begin the audit regardless and insist on cooperation from the business unit
D. Notify the audit committee immediately and request they direct the audit begin on schedule
View answer
Correct Answer: B
Question #55
Of the following, who should the security manager consult FIRST when determining the severity level of a security incident involving a third-party vendor?
A. IT process owners
B. Business partners
C. Risk manager
D. Business process owners
View answer
Correct Answer: B
Question #56
Which of the following is the BEST way to increase the effectiveness of security incident detection?
A. Educating end users on identifying suspicious activity
B. Establishing service level agreements (SLAs) with appropriate forensic service providers
C. Determining containment activities based on the type of incident
D. Documenting root cause analysis procedures
View answer
Correct Answer: D
Question #57
An IS auditor finds a number of system accounts that do not have documented approvals. Which of the following should be performed FIRST by the auditor?
A. Have the accounts removed immediately
B. Obtain sign-off on the accounts from the application owner
C. Document a finding and report an ineffective account provisioning control
D. Determine the purpose and risk of the accounts
View answer
Correct Answer: D
Question #58
During the review of a web-based software development project, an IS auditor realizes that coding standards are not enforced and code reviews are rarely carried out. This will MOST likely increase the likelihood of a successful:
A. buffer overflow
B. brute force attack
C. distributed denial-of-service attack
D. war dialing attack
View answer
Correct Answer: A
Question #59
Which of the following is a dynamic analysis tool for the purpose of testing software modules?
A. Blackbox test
B. Desk checking
C. Structured walk-through
D. Design and code
View answer
Correct Answer: A
Question #60
An organization is using symmetric encryption. Which of the following would be a valid reason for moving to asymmetric encryption? Symmetric encryption:
A. provides authenticity
B. is faster than asymmetric encryption
C. can cause key management to be difficult
D. requires a relatively simple algorithm
View answer
Correct Answer: C
Question #61
In a botnet, mailbot logs into a particular type of system for making coordinated attack attempts. What type of system is this?
A. Chat system
B. SMS system
C. Email system
D. Log system
E. Kernel systemF
View answer
Correct Answer: D
Question #62
What is the FIRST line of defense against criminal insider activities?
A. Validating the integrity of personnel
B. Monitoring employee activities
C. Signing security agreements by critical personnel
D. Stringent and enforced access controls
View answer
Correct Answer: D
Question #63
The prioritization of incident response actions should be PRIMARILY based on which of the following?
A. Scope of disaster
B. Business impact
C. Availability of personnel
D. Escalation process
View answer
Correct Answer: B
Question #64
Which of the following is protocol data unit (PDU) of transport layer in TCP/IP model?
A. Data
B. Segment
C. Packet
D. Frame
View answer
Correct Answer: B
Question #65
Which of the following would be an INAPPROPRIATE activity for a network administrator?
A. Analyzing network security incidents
B. Prioritizing traffic between subnets
C. Modifying a router configuration
D. Modifying router log files
View answer
Correct Answer: D
Question #66
Which of the following is the MOST important aspect relating to employee termination?
A. The details of employee have been removed from active payroll files
B. Company property provided to the employee has been returned
C. User ID and passwords of the employee have been deleted
D. The appropriate company staff are notified about the termination
View answer
Correct Answer: D
Question #67
An information security manager is preparing an incident response plan. Which of the following is the MOST important consideration when responding to an incident involving sensitive customer data?
A. The assignment of a forensics teams
B. The ability to recover from the incident in a timely manner
C. Following defined post-incident review procedures
D. The ability to obtain incident information in a timely manner
View answer
Correct Answer: C
Question #68
An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?
A. Requiring policy acknowledgment and nondisclosure agreements signed by employees
B. Providing education and guidelines to employees on use of social networking sites
C. Establishing strong access controls on confidential data
D. Monitoring employees’ social networking usage
View answer
Correct Answer: B
Question #69
Multiple invoices are usually received for individual purchase orders, since purchase orders require staggered delivery dates. Which of the following is the BEST audit technique to test for duplicate payments?
A. Run the data on the software programs used to process supplier payments
B. Use generalized audit software on the invoice transaction file
C. Run the data on the software programs used to process purchase orders
D. Use generalized audit software on the purchase order transaction file
View answer
Correct Answer: A
Question #70
To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the:
A. Firewall and the organization's network
B. Internet and the firewall
C. Internet and the web server
D. Web server and the firewall
View answer
Correct Answer: B
Question #71
ISO 9126 is a standard to assist in evaluating the quality of a product. Which of the following is defined as a set of attributes that bear on the existence of a set of functions and their specified properties?
A. Reliability
B. Usability
C. Functionality
D. Maintainability
View answer
Correct Answer: C
Question #72
Which of the following is an environmental issue caused by electric storms or noisy electric equipment and may also cause computer system to hang or crash?
A. Sag
B. Blackout
C. Brownout
D. EMI
View answer
Correct Answer: D
Question #73
Two-factor authentication can be circumvented through which of the following attacks?
A. Denial-of-service
B. Man-in-the-middle
C. Key logging
D. Brute force
View answer
Correct Answer: B
Question #74
Upon receipt of the initial signed digital certificate the user will decrypt the certificate with the public key of the:
A. registration authority (RA)
B. certificate authority (CA)
C. certificate repository
D. receiver
View answer
Correct Answer: A
Question #75
An organization has developed mature risk management practices that are followed across all departments. What is the MOST effective way for the audit team to leverage this risk management maturity?
A. Facilitating audit risk identification and evaluation workshops
B. Implementing risk responses on management’s behalf
C. Providing assurances to management regarding risk
D. Integrating the risk register for audit planning purposes
View answer
Correct Answer: D
Question #76
A firm is considering using biometric fingerprint identification on all PCs that access critical datA. This requires:
A. that a registration process is executed for all accredited PC users
B. the full elimination of the risk of a false acceptance
C. the usage of the fingerprint reader be accessed by a separate password
D. assurance that it will be impossible to gain unauthorized access to critical data
View answer
Correct Answer: C
Question #77
Which of the following should be included in a feasibility study for a project to implement an EDI process?
A. The encryption algorithm format
B. The detailed internal control procedures
C. The necessary communication protocols
D. The proposed trusted third-party agreement
View answer
Correct Answer: D
Question #78
An organization is in the process of acquiring a competitor. The information security manager has been asked to report on the security posture of the target acquisition. Which of the following should be the security manager’s FIRST course of action?
A. Implement a security dashboard
B. Quantity the potential risk
C. Perform a gap analysis Perform a vulnerability assessment
View answer
Correct Answer: A
Question #79
Which of the following is the MOST important outcome of testing incident response plans?
A. Internal procedures are improved
B. An action plan is available for senior management
C. Staff is educated about current threats
D. Areas requiring investment are identified
View answer
Correct Answer: A
Question #80
The 'trusted systems' approach has been predominant in the design of:
A. many earlier Microsoft OS products
B. the IBM AS/400 series
C. the SUN Solaris series
D. most OS products in the market
E. None of the choices
View answer
Correct Answer: A
Question #81
When conducting a post-incident review, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:
A. reduce the costs of future preventive controls
B. provide metrics for reporting to senior management
C. verify compliance with the service level agreement (SLA)
D. learn of potential areas of improvement
View answer
Correct Answer: D
Question #82
When developing a business continuity plan (BCP), which of the following tools should be used to gain an understanding of the organization's business processes?
A. Business continuity self-audit
B. Resource recovery analysis
C. Risk assessment
D. Gap analysis
View answer
Correct Answer: A
Question #83
Which of the following measures can effectively minimize the possibility of buffer overflows?
A. Sufficient bounds checking
B. Sufficient memory
C. Sufficient processing capability
D. Sufficient code injection
E. None of the choices
View answer
Correct Answer: D
Question #84
A web server is attacked and compromised. Which of the following should be performed FIRST to handle the incident?
A. Dump the volatile storage data to a disk
B. Run the server in a fail-safe mode
C. Disconnect the web server from the network
D. Shut down the web server
View answer
Correct Answer: D
Question #85
Which of the following layer of an enterprise data flow architecture is responsible for data copying, transformation in Data Warehouse (DW) format and quality control?
A. Data Staging and quality layer
B. Desktop Access Layer
C. Data Mart layer
D. Data access layer
View answer
Correct Answer: A
Question #86
In a public key infrastructure (PKI), which of the following may be relied upon to prove that an online transaction was authorized by a specific customer?
A. Nonrepudiation
B. Encryption
C. Authentication
D. Integrity
View answer
Correct Answer: A
Question #87
Which of the following BEST describes the concept of ""defense in depth""?
A. more than one subsystem needs to be compromised to compromise the security of the system and the information it holds
B. multiple firewalls are implemented
D. intrusion detection and firewall filtering are required
E. None of the choices
View answer
Correct Answer: B
Question #88
To optimize an organization's business contingency plan (BCP), an IS auditor should recommend conducting a business impact analysis (BlA) in order to determine:
A. the business processes that generate the most financial value for the organization and therefore must be recovered first
B. the priorities and order for recovery to ensure alignment with the organization's business strategy
C. the business processes that must be recovered following a disaster to ensure the organization's survival
D. he priorities and order of recovery which will recover the greatest number of systems in the shortest time frame
View answer
Correct Answer: C
Question #89
Which of the following cryptographic systems is MOST appropriate for bulk data encryption and small devices such as smart cards?
A. DES
B. AES
C. Triple DES
D. RSA
View answer
Correct Answer: C
Question #90
Which of the following ACID property ensures that transaction will bring the database from one valid state to another?
A. Atomicity
B. Consistency
C. Isolation
D. Durability
View answer
Correct Answer: B
Question #91
An IS auditor finds that a company is using a payroll provider hosted in a foreign country. Of the following, the MOST important audit consideration is whether the provider’s operations:
A. meet industry best practice and standards
B. comply with applicable laws and regulations
C. are shared with other companies using the provider
D. are aligned with the company’s culture
View answer
Correct Answer: B
Question #92
An organization can ensure that the recipients of e-mails from its employees can authenticate the identity of the sender by:
A. digitally signing all e-mail messages
B. encrypting all e-mail messages
C. compressing all e-mail messages
D. password protecting all e-mail messages
View answer
Correct Answer: D
Question #93
Which of the following requires a consensus by key stakeholders on IT strategic goals and objectives?
A. Balanced scorecards
B. Benchmarking
C. Maturity models
D. Peer reviews
View answer
Correct Answer: A
Question #94
An organization is replacing a mission-critical system. Which of the following is the BEST implementation strategy to mitigate and reduce the risk of system failure?
A. Stage
B. Phase
C. Parallel Big-bang
View answer
Correct Answer: C
Question #95
The IS management of a multinational company is considering upgrading its existing virtual private network (VPN) to support voice-over IP (VoIP) communications via tunneling. Which of the following considerations should be PRIMARILY addressed?
A. Reliability and quality of service (QoS)
B. Means of authentication
C. Privacy of voice transmissions
D. Confidentiality of data transmissions
View answer
Correct Answer: C
Question #96
Which of the following statement INCORRECTLY describes Asynchronous Transfer Mode (ATM) technique?
A. ATM uses cell switching method
B. ATM is high speed network technology used for LAN, MAN and WAN
C. ATM works at session layer of an OSI model
D. Data are segmented into fixed size cell of 53 bytes
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: