DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CISA Certification Exam Answers Solutions for Exam Success, Certified Information Systems Auditor | SPOTO

Unlock the key to CISA certification success with SPOTO's comprehensive exam answers solutions. Our exhaustive database provides meticulously verified answers to a vast array of exam questions, sample questions, and mock exams, ensuring you're fully prepared for the real test. Gain insights into complex concepts through detailed explanations from subject matter experts. Access regularly updated exam materials, including free test dumps and online exam questions, to stay ahead of the curve. Simulate the actual exam environment with our realistic exam simulator, complete with timed, full-length practice tests. Maximize your preparation efficiency with SPOTO's proven CISA certification exam answers solutions.
Take other online exams

Question #1
In the event of a disruption or disaster, which of the following technologies provides for continuous operations?
A. Load balancing
B. Fault-tolerant hardware
C. Distributed backups
D. High-availability computing
View answer
Correct Answer: B
Question #2
Which of the following would BEST maintain the integrity of a firewall log?
A. Granting access to log information only to administrators
B. Capturing log events in the operating system layer
C. Writing dual logs onto separate storage media
D. Sending log information to a dedicated third-party log server
View answer
Correct Answer: D
Question #3
The MOST likely effect of the lack of senior management commitment to IT strategic planning is:
A. a lack of investment in technology
B. a lack of a methodology for systems development
C. technology not aligning with the organization's objectives
D. an absence of control over technology contracts
View answer
Correct Answer: C
Question #4
A disaster recovery plan for an organization should:
A. reduce the length of the recovery time and the cost of recovery
B. increase the length of the recovery time and the cost of recovery
C. reduce the duration of the recovery time and increase the cost of recovery
D. affect neither the recovery time nor the cost of recovery
View answer
Correct Answer: A
Question #5
An IS auditor finds that client requests were processed multiple times when received from different independent departmental databases, which are synchronized weekly. What would be the BEST recommendation?
A. increase the frequency for data replication between the different department systems to ensure timely updates
B. Centralize all request processing in one department to avoid parallel processing of the same request
C. Change the application architecture so that common data is held in just one shared database for all departments
D. implement reconciliation controls to detect duplicates before orders are processed in the systems
View answer
Correct Answer: C
Question #6
Which of the following would prevent unauthorized changes to information stored in a server's log?
D.
A. Write-protecting the directory containing the system log
B. Writing a duplicate log to another serverC
E.
View answer
Correct Answer: D
Question #7
Passwords should be:
A. assigned by the security administrator for first time logon
B. changed every 30 days at the discretion of the user
C. reused often to ensure the user does not forget the password
D. displayed on the screen so that the user can ensure that it has been entered properly
View answer
Correct Answer: A
Question #8
An IS auditor conducting a review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor take?
A. Personally delete all copies of the unauthorized software
B. Inform the auditee of the unauthorized software, and follow up to confirm deletion
D. Take no action, as it is a commonly accepted practice and operations management is responsible for monitoring such use
View answer
Correct Answer: C
Question #9
When performing an audit of access rights, an IS auditor should be suspicious of which of the following if allocated to a computer operator?
A. Read access to data
B. Delete access to transaction data files
C. Logged read/execute access to programs
D. Update access to job control language/script files
View answer
Correct Answer: B
Question #10
An IS auditor recommends that an initial validation control be programmed into a credit card transaction capture application. The initial validation process would MOST likely:
A. check to ensure that the type of transaction is valid for the card type
B. verify the format of the number entered then locate it on the database
C. ensure that the transaction entered is within the cardholder's credit limit
D. confirm that the card is not shown as lost or stolen on the master file
View answer
Correct Answer: B
Question #11
Which of the following environmental controls is appropriate to protect computer equipment against short-term reductions in electrical power?
A. Power line conditioners
B. Surge protective devices
C. Alternative power supplies
D. Interruptible power supplies Section: Protection of Information Assets Explanation Explanation/Reference: Explanation:
View answer
Correct Answer: A
Question #12
Which of the following methods of suppressing a fire in a data center is the MOST effective and environmentally friendly?
A. Halon gas
B. Wet-pipe sprinklersC
D. Carbon dioxide gas
View answer
Correct Answer: C
Question #13
There are several methods of providing telecommunications continuity. The method of routing traffic through split cable or duplicate cable facilities is called:
A. alternative routing
B. diverse routing
C. long-haul network diversity
D. last-mile circuit protection
View answer
Correct Answer: B
Question #14
In the event of a data center disaster, which of the following would be the MOST appropriate strategy to enable a complete recovery of a critical database?
A. Daily data backup to tape and storage at a remote site
B. Real-time replication to a remote site
C. Hard disk mirroring to a local server
D. Real-time data backup to the local storage area network (SAN)
View answer
Correct Answer: B
Question #15
Of the three major types of off-site processing facilities, what type is often an acceptable solution for preparing for recovery of noncritical systems and data?
A. Cold site
B. Hot site
C. Alternate site
D. Warm site
View answer
Correct Answer: A
Question #16
The responsibility for authorizing access to a business application system belongs to the:
A. data owner
B. security administrator
C. IT security manager
D. requestor's immediate supervisor
View answer
Correct Answer: A
Question #17
Which of the following line media would provide the BEST security for a telecommunication network?
A. broadband network digital transmission
B. Baseband network
C. Dial-up
D. Dedicated lines
View answer
Correct Answer: D
Question #18
After completing the business impact analysis (BIA), what is the next step in the business continuity planning process?
A. Test and maintain the plan
B. Develop a specific plan
C. Develop recovery strategies
D. implement the plan
View answer
Correct Answer: C
Question #19
An IS auditor should expect the responsibility for authorizing access rights to production data and systems to be entrusted to the:
A. process owners
B. system administrators
C. security administrator
D. data owners
View answer
Correct Answer: D
Question #20
Which of the following is a risk of cross-training?
A. Increases the dependence on one employee
B. Does not assist in succession planning
C. One employee may know all parts of a system
D. Does not help in achieving a continuity of operations
View answer
Correct Answer: C
Question #21
What are used as a countermeasure for potential database corruption when two processes attempt to simultaneously edit or update the same information?
A. Referential integrity controls
B. Normalization controls
C. Concurrency controls
D. Run-to-run totals
View answer
Correct Answer: A
Question #22
An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization has discovered the following: -The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization's IT department using transaction flow projections from the operations department. -The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his/her attention. -The plan has never been updated, tested or circulated to key m
A. take no action as the lack of a current plan is the only significant finding
B. recommend that the hardware configuration at each site is identical
C. perform a review to verify that the second configuration can support live processing
D. report that the financial expenditure on the alternative site is wasted without an effective plan
View answer
Correct Answer: C
Question #23
Key verification is one of the best controls for ensuring that:
A. Data is entered correctly
B. Only authorized cryptographic keys are used
C. Input is authorized
D. Database indexing is performed properly
View answer
Correct Answer: A
Question #24
The development of an IS security policy is ultimately the responsibility of the:
A. IS department
B. security committee
C. security administrator
D. board of directors
View answer
Correct Answer: D
Question #25
An organization has implemented a disaster recovery plan. Which of the following steps should be carried out next?
A. Obtain senior management sponsorship
B. Identify business needs
C. Conduct a paper test
D. Perform a system restore test
View answer
Correct Answer: C
Question #26
To develop a successful business continuity plan, end user involvement is critical during which of the following phases?
A. Business recovery strategy
B. Detailed plan development
C. Business impact analysis (BIA)
D. Testing and maintenance
View answer
Correct Answer: C
Question #27
The frequent updating of which of the following is key to the continued effectiveness of a disaster recovery plan (DRP)?
A. Contact information of key personnel
B. Server inventory documentation
C. individual roles and responsibilities
D. Procedures for declaring a disaster
View answer
Correct Answer: A
Question #28
A disaster recovery plan for an organization's financial system specifies that the recovery point objective (RPO) is no data loss and the recovery time objective (RTO) is 72 hours. Which of the following is the MOST cost-effective solution?
A. A hot site that can be operational in eight hours with asynchronous backup of the transaction logs
B. Distributed database systems in multiple locations updated asynchronously
C. Synchronous updates of the data and standby active systems in a hot site
D. Synchronous remote copy of the data in a warm site that can be operational in 48 hours
View answer
Correct Answer: D
Question #29
The BEST overall quantitative measure of the performance of biometric control devices is:
A. false-rejection rate
B. false-acceptance rate
C. equal-error rate
D. estimated-error rate
View answer
Correct Answer: C
Question #30
Depending on the complexity of an organization's business continuity plan (BCP), the plan may be developed as a set of more than one plan to address various aspects of business continuity and disaster recovery, in such an environment, it is essential that:
A. each plan is consistent with one another
B. all plans are integrated into a single plan
C. each plan is dependent on one another
D. the sequence for implementation of all plans is defined
View answer
Correct Answer: A
Question #31
While reviewing the IT infrastructure, an IS auditor notices that storage resources are continuously being added. The IS auditor should:
A. recommend the use of disk mirroring
B. review the adequacy of offsite storage
C. review the capacity management process
D. recommend the use of a compression algorithm
View answer
Correct Answer: C
Question #32
An IS auditor finds that user acceptance testing of a new system is being repeatedly interrupted as defect fixes are implemented by developers. Which of the following would be the BEST recommendation for an IS auditor to make?
A. Consider feasibility of a separate user acceptance environment
B. Schedule user testing to occur at a given time each day
C. implement a source code version control tool
D. Only retest high priority defects
View answer
Correct Answer: A
Question #33
When implementing an IT governance framework in an organization the MOST important objective is:
A. IT alignment with the business
B. accountability
C. value realization with IT
D. enhancing the return on IT investments
View answer
Correct Answer: A
Question #34
An IS auditor interviewing a payroll clerk finds that the answers do not support job descriptions and documented procedures. Under these circumstances, the IS auditor should:
A. conclude that the controls are inadequate
B. expand the scope to include substantive testing
C. place greater reliance on previous audits
D. suspend the audit
View answer
Correct Answer: B
Question #35
How does the SSL network protocol provide confidentiality?
A. Through symmetric encryption such as RSA
B. Through asymmetric encryption such as Data Encryption Standard, or DES
C. Through asymmetric encryption such as Advanced Encryption Standard, or AES
D. Through symmetric encryption such as Data Encryption Standard, or DES
View answer
Correct Answer: D
Question #36
To provide protection for media backup stored at an offsite location, the storage site should be:
A. located on a different floor of the building
B. easily accessible by everyone
C. clearly labeled for emergency access
D. protected from unauthorized access
View answer
Correct Answer: D
Question #37
Which of the following is the MOST reasonable option for recovering a noncritical system?
A. Warm site
B. Mobile site
C. Hot site
D. Cold site
View answer
Correct Answer: D
Question #38
An IS auditor reviewing an organization's data file control procedures finds that transactions are applied to the most current files, while restart procedures use earlier versions. The IS auditor should recommend the implementation of:
A. source documentation retention
B. data file security
C. version usage control
D. one-for-one checking
View answer
Correct Answer: C
Question #39
When an organization is outsourcing their information security function, which of the following should be kept in the organization?
A. Accountability for the corporate security policy
B. Defining the corporate security policy
C. Implementing the corporate security policy
D. Defining security procedures and guidelines
View answer
Correct Answer: A
Question #40
Which of the following append themselves to files as a protection against viruses?
A. Behavior blockers
B. Cyclical redundancy checkers (CRCs)
C. Immunizers
D. Active monitors
View answer
Correct Answer: C
Question #41
An organization has recently installed a security patch, which crashed the production server. To minimize the probability of this occurring again, an IS auditor should:
A. apply the patch according to the patch's release notes
B. ensure that a good change management process is in place
C. thoroughly test the patch before sending it to production
D. approve the patch after doing a risk assessment
View answer
Correct Answer: B
Question #42
IT governance is PRIMARILY the responsibility of the:
A. chief executive officer
B. board of directors
C. IT steering committee
D. audit committee
View answer
Correct Answer: B
Question #43
Which of the following must exist to ensure the viability of a duplicate information processing facility?
A. The site is near the primary site to ensure quick and efficient recovery
B. The site contains the most advanced hardware available
C. The workload of the primary site is monitored to ensure adequate backup is available
D. The hardware is tested when it is installed to ensure it is working properly
View answer
Correct Answer: C
Question #44
An example of a direct benefit to be derived from a proposed IT-related business investment is:
A. enhanced reputation
B. enhanced staff morale
C. the use of new technology
D. increased market penetration
View answer
Correct Answer: D
Question #45
A programmer maliciously modified a production program to change data and then restored the original code. Which of the following would MOST effectively detect the malicious activity?
A. Comparing source code
B. Reviewing system log files
C. Comparing object code
D. Reviewing executable and source code integrity
View answer
Correct Answer: B
Question #46
Which of the following would help to ensure the portability of an application connected to a database?
A. Verification of database import and export procedures
B. Usage of a structured query language (SQL)
C. Analysis of stored procedures/triggers
D. Synchronization of the entity-relation model with the database physical schema
View answer
Correct Answer: B
Question #47
The purpose of code signing is to provide assurance that:
A. the software has not been subsequently modified
B. the application can safely interface with another signed application
C. the signer of the application is trusted
D. the private key of the signer has not been compromised
View answer
Correct Answer: A
Question #48
An IS auditor notes that patches for the operating system used by an organization are deployed by the IT department as advised by the vendor. The MOST significant concern an IS auditor should have with this practice is the nonconsideration by lT of:
A. the training needs for users after applying the patch
B. any beneficial impact of the patch on the operational systems
C. delaying deployment until testing the impact of the patch
D. the necessity of advising end users of new patches
View answer
Correct Answer: C
Question #49
An IS auditor reviewing a database application discovers that the current configuration does not match the originally designed structure. Which of the following should be the IS auditor's next action?
A. Analyze the need for the structural change
B. Recommend restoration to the originally designed structure
C. Recommend the implementation of a change control process
D. Determine if the modifications were properly approved
View answer
Correct Answer: D
Question #50
The BEST method for assessing the effectiveness of a business continuity plan is to review the:
A. plans and compare them to appropriate standards
B. results from previous tests
C. emergency procedures and employee training
D. offsite storage and environmental controls
View answer
Correct Answer: B
Question #51
An IS auditor identifies that reports on product profitability produced by an organization's finance and marketing departments give different results. Further investigation reveals that the product definition being used by the two departments is different. What should the IS auditor recommend?
A. User acceptance testing (UAT) occur for all reports before release into production
B. Organizational data governance practices be put in place
C. Standard software tools be used for report development
D. Management sign-off on requirements for new reports
View answer
Correct Answer: B
Question #52
Which of the following audit techniques would BEST aid an auditor in determining whether there have been unauthorized program changes since the last authorized program update?
A. Test data run
B. Code review
C. Automated code comparison
D. Review of code migration procedures
View answer
Correct Answer: C
Question #53
To prevent unauthorized entry to the data maintained in a dial-up, fast response system, an IS auditor should recommend:
B.
A. online terminals are placed in restricted areas
C. ID cards are required to gain access to online terminals
D. online access is terminated after a specified number of unsuccessful attempts
View answer
Correct Answer: D
Question #54
Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity of the transaction processing is BEST ensured by:
A. database integrity checks
B. validation checks
C. input controls
D. database commits and rollbacks
View answer
Correct Answer: D
Question #55
Upon receipt of the initial signed digital certificate the user will decrypt the certificate with the public key of the:
A. registration authority (RA)
B. certificate authority (CA)
C. certificate repository
D. receiver
View answer
Correct Answer: B
Question #56
To determine how data are accessed across different platforms in a heterogeneous environment, an IS auditor should FIRST review:
A. business software
B. infrastructure platform tools
C. application services
D. system development tools
View answer
Correct Answer: C
Question #57
A perpetrator looking to gain access to and gather information about encrypted data being transmitted over the network would use:
A. eavesdropping
B. spoofing
C. traffic analysis
View answer
Correct Answer: C
Question #58
Which of the following cryptography options would increase overhead/cost?
A. The encryption is symmetric rather than asymmetric
B. A long asymmetric encryption key is used
C. The hash is encrypted rather than the message
D. A secret key is used
View answer
Correct Answer: B
Question #59
What does PKI use to provide some of the strongest overall control over data confidentiality, reliability, and integrity for Internet transactions?
A. A combination of public-key cryptography and digital certificates and two-factor authentication
B. A combination of public-key cryptography and two-factor authentication
C. A combination of public-key cryptography and digital certificates
D. A combination of digital certificates and two-factor authentication
View answer
Correct Answer: C
Question #60
Which of the following is the initial step in creating a firewall policy?
A. A cost-benefit analysis of methods for securing the applications
B. Identification of network applications to be externally accessed
C. Identification of vulnerabilities associated with network applications to be externally accessed
D. Creation of an applications traffic matrix showing protection methods
View answer
Correct Answer: B
Question #61
The MAJOR consideration for an IS auditor reviewing an organization's IT project portfolio is the:
A. IT budget
B. existing IT environment
C. business plan
D. investment plan
View answer
Correct Answer: C
Question #62
What increases encryption overhead and cost the most?
A. A long symmetric encryption key
B. A long asymmetric encryption key
C. A long Advance Encryption Standard (AES) key
D. A long Data Encryption Standard (DES) key
View answer
Correct Answer: B
Question #63
Due to changes in IT, the disaster recovery plan of a large organization has been changed. What is the PRIMARY risk if the new plan is not tested?
A. Catastrophic service interruption
B. High consumption of resources
C. Total cost of the recovery may not be minimized
D. Users and recovery teams may face severe difficulties when activating the plan
View answer
Correct Answer: A
Question #64
What topology provides the greatest redundancy of routes and the greatest network fault tolerance?
A. A star network topology
B. A mesh network topology with packet forwarding enabled at each host
C. A bus network topology
D. A ring network topology
View answer
Correct Answer: B
Question #65
In a contract with a hot, warm or cold site, contractual provisions should cover which of the following considerations?
A. Physical security measures
B. Total number of subscribers
C. Number of subscribers permitted to use a site at one time
D. References by other users
View answer
Correct Answer: C
Question #66
Which of the following would an IS auditor consider to be the MOST important to review when conducting a business continuity audit?
A. A hot site contracted and available as needed
B. A business continuity manual is available and current
C. insurance coverage is adequate and premiums are current
D. Media backups are performed on a timely basis and stored offsite
View answer
Correct Answer: D
Question #67
Which of the following is MOST directly affected by network performance monitoring tools?
A. Integrity
B. Availability
C. Completeness
D. Confidentiality
View answer
Correct Answer: B
Question #68
An organization is implementing a new system to replace a legacy system. Which of the following conversion practices creates the GREATEST risk?
A. Pilot
B. Parallel
C. Direct cutover
D. Phased
View answer
Correct Answer: C
Question #69
In an online banking application, which of the following would BEST protect against identity theft?
A. Encryption of personal password
B. Restricting the user to a specific terminal
C. Two-factor authentication
D. Periodic review of access logs
View answer
Correct Answer: C
Question #70
When preparing an audit report, the IS auditor should ensure that the results are supported by:
A. statements from IS management
B. workpapers of other auditors
C. C
D. sufficient and appropriate audit evidence
View answer
Correct Answer: D
Question #71
Which of the following is the BEST method for determining the criticality of each application system in the production environment?
A. interview the application programmers
B. Perform a gap analysis
C. Review the most recent application audits
D. Perform a business impact analysis
View answer
Correct Answer: D
Question #72
Which of the following reduces the potential impact of social engineering attacks?
A. Compliance with regulatory requirements
B. Promoting ethical understanding
C. Security awareness programs
D. Effective performance incentives
View answer
Correct Answer: C
Question #73
Which of the following would be of MOST concern to an IS auditor reviewing a virtual private network (VPN) implementation? Computers on the network that are located:
A. on the enterprise's internal network
B. at the backup site
C. in employees’ homes
D. at the enterprise’s remote offices
View answer
Correct Answer: C
Question #74
Which of the following would effectively verify the originator of a transaction?
A. Using a secret password between the originator and the receiver
B. Encrypting the transaction with the receiver's public key
C. Using a portable document format (PDF) to encapsulate transaction content
D. Digitally signing the transaction with the source's private key
View answer
Correct Answer: D
Question #75
During an implementation review of a multiuser distributed application, an IS auditor finds minor weaknesses in three areas-the initial setting of parameters is improperly installed, weak passwords are being used and some vital reports are not being checked properly. While preparing the audit report, the IS auditor should:
A. record the observations separately with the impact of each of them marked against each respective finding
B. advise the manager of probable risks without recording the observations, as the control weaknesses are minor ones
C. record the observations and the risk arising from the collective weaknesses
D. apprise the departmental heads concerned with each observation and properly document it in the report
View answer
Correct Answer: C
Question #76
Effective IT governance requires organizational structures and processes to ensure that:
A. the organization's strategies and objectives extend the IT strategy
B. the business strategy is derived from an IT strategy
C. IT governance is separate and distinct from the overall governance
D. the IT strategy extends the organization's strategies and objectives
View answer
Correct Answer: D
Question #77
What would be the MOST effective control for enforcing accountability among database users accessing sensitive information?
A. implement a log management process
B. implement a two-factor authentication
C. Use table views to access sensitive data
D. Separate database and application servers
View answer
Correct Answer: A
Question #78
The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to:
A. comply with regulatory requirements
B. provide a basis for drawing reasonable conclusions
D. perform the audit according to the defined scope
View answer
Correct Answer: B
Question #79
The BEST method of proving the accuracy of a system tax calculation is by:
A. detailed visual review and analysis of the source code of the calculation programs
B. recreating program logic using generalized audit software to calculate monthly totals
C. preparing simulated transactions for processing and comparing the results to predetermined results
D. automatic flowcharting and analysis of the source code of the calculation programs
View answer
Correct Answer: C
Question #80
An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls?
A. Allow changes to be made only with the DBA user account
B. Make changes to the database after granting access to a normal user account
C. Use the DBA user account to make changes, log the changes and review the change log the following day
D. Use the normal user account to make changes, log the changes and review the change log the following day
View answer
Correct Answer: C
Question #81
Which of the following intrusion detection systems (IDSs) will MOST likely generate false alarms resulting from normal network activity?
A. Statistical-based
B. Signature-based
C. Neural network
D. Host-based
View answer
Correct Answer: A
Question #82
A lower recovery time objective (RTO) results in:
A. higher disaster tolerance
B. higher cost
C. wider interruption windows
D. more permissive data loss
View answer
Correct Answer: B
Question #83
The responsibilities of a disaster recovery relocation team include:
A. obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule
B. locating a recovery site, if one has not been predetermined, and coordinating the transport of company employees to the recovery site
C. managing the relocation project and conducting a more detailed assessment of the damage to the facilities and equipment
D. coordinating the process of moving from the hot site to a new location or to the restored original location
View answer
Correct Answer: D
Question #84
An IS auditor reviewing an organization's IT strategic plan should FIRST review:
A. the existing IT environment
B. the business plan
C. the present IT budget
D. current technology trends
View answer
Correct Answer: B
Question #85
In an audit of an inventory application, which approach would provide the BEST evidence that purchase orders are valid?
A. Testing whether inappropriate personnel can change application parameters
B. Tracing purchase orders to a computer listing
C. Comparing receiving reports to purchase order details
D. Reviewing the application documentation
View answer
Correct Answer: A
Question #86
Why does the IS auditor often review the system logs?
A. To get evidence of password spoofing
B. To get evidence of data copy activities
C. To determine the existence of unauthorized access to data by a user or program
D. To get evidence of password sharing
View answer
Correct Answer: C
Question #87
The MOST significant level of effort for business continuity planning (BCP) generally is required during the:
A. testing stage
B. evaluation stage
C. maintenance stage
D. early stages of planning
View answer
Correct Answer: D
Question #88
When reviewing a digital certificate verification process, which of the following findings represents the MOST significant risk?
A. There is no registration authority (RA) for reporting key compromises
B. The certificate revocation list(CRL) is not current
C. Digital certificates contain a public key that is used to encrypt messages and verify digital signatures
D. Subscribers report key compromises to the certificate authority (CA)
View answer
Correct Answer: B
Question #89
Which of the following is the GREATEST advantage of elliptic curve encryption over RSA encryption?
A. Computation speed
B. Ability to support digital signatures
C. Simpler key distribution
D. Greater strength for a given key length
View answer
Correct Answer: A
Question #90
What is the MOST effective method of preventing unauthorized use of data files?
A. Automated file entry
B. Tape librarian
C. Access control software
D. Locked library
View answer
Correct Answer: C
Question #91
Responsibility and reporting lines cannot always be established when auditing automated systems since:
A. diversified control makes ownership irrelevant
B. staff traditionally changes jobs with greater frequency
C. ownership is difficult to establish where resources are shared
D. duties change frequently in the rapid development of technology
View answer
Correct Answer: C
Question #92
Which of the following represents the GREATEST potential risk in an EDI environment?
A. Transaction authorization
B. Loss or duplication of EDI transmissions
C. Transmission delay
D. Deletion or manipulation of transactions prior to or after establishment of application controls
View answer
Correct Answer: A
Question #93
Java applets and ActiveX controls are distributed executable programs that execute in the background of a web browser client. This practice is considered reasonable when:
A. a firewall exists
B. a secure web connection is used
C. the source of the executable file is certain
D. the host web site is part of the organization
View answer
Correct Answer: C
Question #94
Which of the following should an IS auditor use to detect duplicate invoice records within an invoice master file?
A. Attribute sampling C
B. Generalized audit software (GAS)
C. Test data
D. Integrated test facility (ITF)
View answer
Correct Answer: B
Question #95
Which of the following ensures the availability of transactions in the event of a disaster?
A. Send tapes hourly containing transactions offsite,
B. Send tapes daily containing transactions offsite
C. Capture transactions to multiple storage devices
D. Transmit transactions offsite in real time
View answer
Correct Answer: D
Question #96
When reviewing a hardware maintenance program, an IS auditor should assess whether:
A. the schedule of all unplanned maintenance is maintained
B. it is in line with historical trends
C. it has been approved by the IS steering committee
D. the program is validated against vendor specifications
View answer
Correct Answer: D
Question #97
Which of the following is MOST critical for the successful implementation and maintenance of a security policy?
A. Assimilation of the framework and intent of a written security policy by all appropriate parties
B. Management support and approval for the implementation and maintenance of a security policy
C. Enforcement of security rules by providing punitive actions for any violation of security rules
D. Stringent implementation, monitoring and enforcing of rules by the security officer through access control software
View answer
Correct Answer: A
Question #98
An organization is planning to replace its wired networks with wireless networks. Which of the following would BEST secure the wireless network from unauthorized access?
A. Implement Wired Equivalent Privacy (WEP)
B. Permit access to only authorized Media Access Control (MAC) addresses
C. Disable open broadcast of service set identifiers (SSID)
D. Implement Wi-Fi Protected Access (WPA) 2
View answer
Correct Answer: D
Question #99
Which of the following could lead to an unintentional loss of confidentiality?
A. Lack of employee awareness of a company's information security policy
B. Failure to comply with a company's information security policy
C. A momentary lapse of reason
D. Lack of security policy enforcement procedures
View answer
Correct Answer: A
Question #100
When reviewing an organization's logical access security, which of the following should be of MOST concern to an IS auditor?
A. Passwords are not shared
B. Password files are not encrypted
C. Redundant logon IDs are deleted
D. The allocation of logon IDs is controlled
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: