DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CISA Certification Exam Questions & Answers, Certified Information Systems Auditor | SPOTO

Elevate your CISA certification prep with SPOTO's comprehensive database of exam questions and answers. Our meticulously curated collection covers a wide range of topics, including sample questions, online exam questions, and mock exams, ensuring you're thoroughly prepared for the real test. Gain in-depth insights through detailed explanations and regular updates to stay aligned with the latest exam objectives. Access free test dumps and exam materials to supplement your studies. Simulate the actual exam environment with our realistic exam simulator, complete with timed practice tests. Unlock your auditing potential and achieve certification success with SPOTO's CISA exam questions and answers solutions.
Take other online exams

Question #1
To maintain the confidentiality of information moved between office and home on removable media, which of the following is the MOST effective control?
A. Mandatory file passwords
B. Security awareness training
C. Digitally signed media
D. Data encryption
View answer
Correct Answer: A

View The Updated CISA Exam Questions

SPOTO Provides 100% Real CISA Exam Questions for You to Pass Your CISA Exam!

Question #2
Which of the following components is responsible for the collection of data in an intrusion detection system (IDS)? A. Analyzer
B. Administration console
C. User interface
D. Sensor
View answer
Correct Answer: D
Question #3
Which of the following BEST ensures that only authorized software is moved into a production environment? A.
A. Restricting read/write access to production code to computer programmers only
B. Assigning programming managers to transfer tested programs to production
C. A librarian compiling source code into production after independent testing
D. Requiring programming staff to move tested code into production
View answer
Correct Answer: C
Question #4
When reviewing the configuration of network devices, an IS auditor should FIRST identify:
A. the best practices for the type of network devices deployed
B. whether components of the network are missing
C. the importance of the network device in the topology
D. whether subcomponents of the network are being used appropriately
View answer
Correct Answer: A
Question #5
An IS auditor reviewing an organization's IS disaster recovery plan should verify that it is:
A. tested every six months
B. regularly reviewed and updated
C. approved by the chief executive officer (CEO)
D. communicated to every department head in the organization
View answer
Correct Answer: C
Question #6
Which of the following would prevent unauthorized changes to information stored in a server's log?
A. Write-protecting the directory containing the system log
B. Writing a duplicate log to another server C
D. Storing the system log in write-once media
View answer
Correct Answer: D
Question #7
The BEST overall quantitative measure of the performance of biometric control devices is:
A. false-rejection rate
B. false-acceptance rate
C. equal-error rate
D. estimated-error rate
View answer
Correct Answer: B
Question #8
As part of a mergers and acquisitions activity, an acquiring organization wants to consolidate data and system from the organization being acquired into existing systems. To ensure the data is relevant, the acquiring organization should:
A. obtain data quality software
B. define data quality requirements based on business needs
C. automate the process of data collection and cleaning
D. implement a data warehouse solution
View answer
Correct Answer: ABC
Question #9
The PRIMARY purpose of a business impact analysis (BIA) is to:
A. provide a plan for resuming operations after a disaster
B. identify the events that could impact the continuity of an organization's operations
C. publicize the commitment of the organization to physical and logical security
D. provide the framework for an effective disaster recovery plan
View answer
Correct Answer: C
Question #10
In which of the following WAN message transmission technique does two network nodes establish a dedicated communications channel through the network before the nodes may communicate?
A. Message Switching
B. Packet switching
C. Circuit switchingD
View answer
Correct Answer: C
Question #11
The specific advantage of white box testing is that it:
A. verifies a program can operate successfully with other parts of the system
B. ensures a program's functional operating effectiveness without regard to the internal program structure
C. determines procedural accuracy or conditions of a program's specific logic paths
D. examines a program's functionality by executing it in a tightly controlled or virtual environment with restricted access to the host system
View answer
Correct Answer: D
Question #12
The BEST way to minimize the risk of communication failures in an e-commerce environment would be to use:
A. compression software to minimize transmission duration
B. functional or message acknowledgments
C. a packet-filtering firewall to reroute messages
D. leased asynchronous transfer mode lines
View answer
Correct Answer: A
Question #13
A firewall is being deployed at a new location. Which of the following is the MOST important factor in ensuring a successful deployment?
A. Reviewing logs frequently
B. Testing and validating the rules
C. Training a local administrator at the new location D
View answer
Correct Answer: B
Question #14
Which of the following is the BEST way to help ensure the security of privacy-related data stored by an organization?
A. Encrypt personally identifiable information (PII)
B. Publish the data classification scheme
C. Inform data owners of the purpose of collecting information
D. Classify privacy-related data as confidential
View answer
Correct Answer: B
Question #15
Which of the following would be of MOST concern to an IS auditor reviewing a virtual private network (VPN) implementation? Computers on the network that are located:
A. on the enterprise's internal network
B. at the backup site
C. in employees’ homes
D. at the enterprise’s remote offices
View answer
Correct Answer: A
Question #16
Identify the LAN topology from below diagram presented below: bus topology
A. Bus
B. Star
C. Ring
D. Mesh
View answer
Correct Answer: A
Question #17
With respect to business continuity strategies, an IS auditor interviews key stakeholders in an organization to determine whether they understand their roles and responsibilities. The IS auditor is attempting to evaluate the:
A. clarity and simplicity of the business continuity plans
B. adequacy of the business continuity plans
C. effectiveness of the business continuity plans
D. ability of IS and end-user personnel to respond effectively in emergencies
View answer
Correct Answer: A
Question #18
Which of the following attacks targets the Secure Sockets Layer (SSL)?
A. Man-in-the middle
B. Dictionary
C. Password sniffing
D. Phishing
View answer
Correct Answer: A
Question #19
An organization’s software develops need access to personally identifiable information (PII) stored in a particular data format. Which of the following would be the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments? A. Data masking
B. Data encryption
C. Data tokenization
D. Data abstraction
View answer
Correct Answer: A
Question #20
Which of the following are the characteristics of a good password? A. It has mixed-case alphabetic characters, numbers, and symbols.
B. It has mixed-case alphabetic characters and numbers
C. It has mixed-case alphabetic characters and symbols
D. It has mixed-case alphabetic characters, numbers, and binary codes
E. None of the choices
View answer
Correct Answer: D
Question #21
When reviewing a digital certificate verification process, which of the following findings represents the MOST significant risk? A. There is no registration authority (RA) for reporting key compromises
B. The certificate revocation list(CRL) is not current
C. Digital certificates contain a public key that is used to encrypt messages and verify digital signatures
D. Subscribers report key compromises to the certificate authority (CA)
View answer
Correct Answer: C
Question #22
For application acquisitions with significant impacts, participation of your IS audit team should be encouraged:
A. early in the due diligence stage
B. at the testing stage
C. at the final approval stage
D. at the budget preparation stage
E. None of the choices
View answer
Correct Answer: C
Question #23
An investment advisor e-mails periodic newsletters to clients and wants reasonable assurance that no one has modified the newsletter. This objective can be achieved by:
A. encrypting the hash of the newsletter using the advisor's private key
B. encrypting the hash of the newsletter using the advisor's public key
C. digitally signing the document using the advisor's private key
D. encrypting the newsletter using the advisor's private key
View answer
Correct Answer: C
Question #24
Which of the following would be the BEST overall control for an Internet business looking for confidentiality, reliability and integrity of data?
A. Secure Sockets Layer (SSL)
B. Intrusion detection system (IDS)
C. Public key infrastructure (PKI)
D. Virtual private network (VPN)
View answer
Correct Answer: B
Question #25
Which of the following is the GREATEST risk of single sign-on? Password carelessness by one user may render the entire infrastructure vulnerable
B. Integration of single sign-on with the rest of the infrastructure is complicated
C. It is a single point of failure for an enterprise access control process
D. One administrator maintains the single sign-on solutions without segregation of duty
View answer
Correct Answer: D
Question #26
After implementation of a disaster recovery plan, pre-disaster and post-disaster operational costs for an organization will:
A. decrease
B. not change (remain the same)
C. increase
D. increase or decrease depending upon the nature of the business
View answer
Correct Answer: D
Question #27
Business units are concerned about the performance of a newly implemented system. Which of the following should an IS auditor recommend?
A. Develop a baseline and monitor system usage
B. Define alternate processing procedures
C. Prepare the maintenance manual
D. implement the changes users have suggested
View answer
Correct Answer: A
Question #28
Performance of a biometric measure is usually referred to in terms of (Choose three.):
A. failure to reject rate
B. false accept rate
C. false reject rate
D. failure to enroll rate
E. None of the choices
View answer
Correct Answer: B
Question #29
Which of the following terms refers to systems designed to detect and prevent the unauthorized transmission of information from the computer systems of an organization to outsiders?
A. ILD&P
B. ICT&P
C. ILP&C
D. ILR&D
E. None of the choices
View answer
Correct Answer: B
Question #30
Gimmes often work through:
A. SMS
B. IRC chat
C. email attachment
D. news
E. file download
F. None of the choices
View answer
Correct Answer: C
Question #31
Which of the following types of attack involves a program that creates an infinite loop, makes lots of copies of itself, and continues to open lots of files? A. Local DoS attacks
B. Remote DoS attacks
C. Distributed DoS attacks
D. Local Virus attacks
E. None of the choices
View answer
Correct Answer: A
Question #32
Which of the following is MOST important when an organization contracts for the long-term use of a custom-developed application?
A. Documented coding standards
B. Error correction management
C. Contract renewal provisions
D. Escrow clause
View answer
Correct Answer: E
Question #33
Which of the following methods would be MOST effective in verifying that all changes have been authorized?
A. Reconciling problem tickets with authorized change control entries
B. Reconciling reports of changes in production libraries to authorized change log entries
C. Validating authorized change log entries with individual(s) who promoted into production
D. Reconciling reports of changes in development libraries to supporting documentation
View answer
Correct Answer: A
Question #34
Which of the following append themselves to files as a protection against viruses?
A. Behavior blockers
B. Cyclical redundancy checkers (CRCs)
C. Immunizers
D. Active monitors
View answer
Correct Answer: C
Question #35
Which of the following are valid examples of Malware:
A. viruses
B. worms
C. trojan horses
D. spyware
E. All of the above
View answer
Correct Answer: A
Question #36
The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is called:
A. data integrity
B. authentication
D. replay protection
View answer
Correct Answer: B
Question #37
Which of the following is the BEST indicator of an effective employee information security program?
A. Increased management support for security
B. More efficient and effective incident handling
C. Increased detection and reporting of incidents
D. Reduced operational cost of security
View answer
Correct Answer: D
Question #38
A retailer normally uses a scanner to read product labels and input product codes and prices. The unit is not functioning and staff are keying information manually. With respect to the accuracy of the input, it is likely that: A. audit risk has increased.
B. control risk has increased
C. inherent risk has decreased
D. detection risk has decreased
View answer
Correct Answer: A
Question #39
Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the username and password are the same. The BEST control to mitigate this risk is to:
A. change the company's security policy
B. educate users about the risk of weak passwords
C. build in validations to prevent this during user creation and password change
D. require a periodic review of matching user ID and passwords for detection and correction
View answer
Correct Answer: C
Question #40
An organization is planning to replace its wired networks with wireless networks. Which of the following would BEST secure the wireless network from unauthorized access?
A. Implement Wired Equivalent Privacy (WEP)
B. Permit access to only authorized Media Access Control (MAC) addresses
C. Disable open broadcast of service set identifiers (SSID)
D. Implement Wi-Fi Protected Access (WPA) 2
View answer
Correct Answer: B
Question #41
The BEST way to avoid session hijacking is to use:
A. a reverse lookup
B. a secure protocol
C. a firewall
D. strong password controls
View answer
Correct Answer: A
Question #42
Which of the following is a good tool to use to help enforcing the deployment of good passwords?
A. password cracker
B. local DoS attacker
C. network hackerD
E. None of the choices
View answer
Correct Answer: A
Question #43
Which of the following is MOST likely to prevent social engineering attacks?
A. Security awareness program
B. Employee background checks
C. Implementing positive identification policies
D. Enforcing stronger hiring policies
View answer
Correct Answer: D
Question #44
Which of the following is a passive attack on a network? Message service interruption
B. Message modification
C. Traffic analysis
D. Sequence analysis
View answer
Correct Answer: C
Question #45
Which of the following term related to network performance refers to the maximum rate that information can be transferred over a network?
A. Bandwidth
B. Throughput
C. Latency
D. Jitter
View answer
Correct Answer: C
Question #46
An IS auditor finds multiple situations where the help desk resolved security incidents without notifying IT security as required by policy. Which of the following is the BEST audit recommendation?
A. Display the incident response hotline in common areas
B. Have IT security review problem management policy
C. Reinforce the incident escalation process
D. Redesign the help desk reporting process
View answer
Correct Answer: B
Question #47
Which of the following is the MOST important reason for performing vulnerability assessments periodically?
A. Technology risks must be mitigated
B. Management requires regular reports
C. The environment changes constantly
D. The current threat levels are being assessed
View answer
Correct Answer: C
Question #48
With the help of a security officer, granting access to data is the responsibility of:
A. data owners
B. programmers
C. system analysts
D. librarians
View answer
Correct Answer: A
Question #49
Which of the following refers to an important procedure when evaluating database security?
A. performing vulnerability assessments against the database
B. performing data check against the database
C. performing dictionary check against the database
D. performing capacity check against the database system
E. None of the choices
View answer
Correct Answer: A
Question #50
Data confidentiality is a requirement for an organization’s new web service. Which of the following would provide the BEST protection?
A. Telnet
B. Secure Sockets Layer (SSL)
C. Transport Layer Security (TLS)
D. Secure File Transfer Protocol (SFTP)
View answer
Correct Answer: A
Question #51
Which of the following must be in place before an IS auditor initiates audit follow-up activities?
A. A heat map with the gaps and recommendations displayed in terms of risk
B. A management response in the final report with a committed implementation date
C. Supporting evidence for the gaps and recommendations mentioned in the audit report
D. Available resources for the activities included in the action plan
View answer
Correct Answer: E
Question #52
A new system development project is running late against a critical implementation deadline. Which of the following is the MOST important activity?
A. Document last-minute enhancements
B. Perform user acceptance testing
C. Perform a pre-implementation audit
D. Ensure that code has been reviewed
View answer
Correct Answer: A
Question #53
Electrical surge protectors BEST protect from the impact of:
A. electromagnetic interference
B. power outages
C. sags and spikes
D. reduced voltage
View answer
Correct Answer: A
Question #54
A virus typically consists of what major parts (Choose three.):
A. a mechanism that allows them to infect other files and reproduce" a trigger that activates delivery of a "payload""
B. a payload
C. a signature
D. None of the choices
View answer
Correct Answer: B
Question #55
Disaster recovery planning for network connectivity to a hot site over a public-switched network would be MOST likely to include:
A. minimizing the number of points of presence
B. contracts for acquiring new leased lines
C. reciprocal agreements with customers of that network
D. redirecting private virtual circuits
View answer
Correct Answer: AB
Question #56
Which of the following implementation modes would provide the GREATEST amount of security for outbound data connecting to the internet?
A. Transport mode with authentication header (AH) plus encapsulating security payload (ESP)
B. Secure Sockets Layer (SSL) mode
C. Tunnel mode with AH plus ESP
D. Triple-DES encryption mode
View answer
Correct Answer: C
Question #57
What is the MOST difficult aspect of access control in a multiplatform, multiple-site client/server environment?
A. Creating new user IDs valid only on a few hosts
B. Maintaining consistency throughout all platforms
C. Restricting a local user to necessary resources on a local platform
D. Restricting a local user to necessary resources on the host server
View answer
Correct Answer: AB
Question #58
In a complex IS environment, which of the following tasks should be performed by the data owner?
A. Perform technical database maintenance
B. Perform data restoration when necessary
C. Review data classifications periodically
D. Test the validity of backup data
View answer
Correct Answer: A
Question #59
Which of the following should be the MOST important criterion in evaluating a backup solution for sensitive data that must be retained for a long period of time due to regulatory requirements?
A. Full backup window
B. Media costs
C. Restore window
D. Media reliability
View answer
Correct Answer: A
Question #60
Which of the following term related to network performance refers to the delay that packet may experience on their way to reach the destination from the source?
A. Bandwidth
B. Throughput C
D. Jitter
View answer
Correct Answer: B
Question #61
During a computer forensics investigation, what is the PRIMARY reason for obtaining a bit-for-bit copy of data in storage?
A. To document findings
B. To obtain residual data
C. To obtain data as well as source code details
D. To transfer the data into a controlled location
View answer
Correct Answer: C
Question #62
Which of the following intrusion detection systems (IDSs) monitors the general patterns of activity and traffic on a network and creates a database?
A. Signature-based
B. Neural networks-based
C. Statistical-based
D. Host-based
View answer
Correct Answer: S
Question #63
Which of the following should be the MOST important consideration when deciding areas of priority for IT governance implementation?
A. Process maturity
B. Performance indicators
C. Business risk
D. Assurance reports
View answer
Correct Answer: A
Question #64
For an organization which uses a VoIP telephony system exclusively, the GREATEST concern associated with leaving a connected telephone in an unmonitored public area is the possibility of:
A. connectivity issues when used with an analog local exchange carrier
B. unauthorized use leading to theft of services and financial loss
C. network compromise due to the introduction of malware
D. theft or destruction of an expensive piece of electronic equipment
View answer
Correct Answer: A
Question #65
The PRIMARY purpose of implementing Redundant Array of Inexpensive Disks (RAID) level 1 in a file server is to:
A. achieve performance improvement
C. ensure availability of data
D. ensure the confidentiality of data
View answer
Correct Answer: A
Question #66
Which of the following would be the PRIMARY benefit of replacing physical keys with an electronic entry system for a data center?
A. Creates an audit trail
B. Enables data mining
C. Ensures compliance
D. Reduces cost
View answer
Correct Answer: A
Question #67
Which of the following could be determined by an entity-relationship diagram?
A. Links between data objects
B. How the system behaves as a consequence of external events
C. How data are transformed as they move through the system D
View answer
Correct Answer: E
Question #68
IS management has decided to replace the current single-server-based local area network (LAN) with three interconnected servers running different operating systems. Existing applications and data on the old server have been exclusively distributed on the new servers. This will MOST likely result in:
A. disclosure of information
B. multiple authentication
C. data incompleteness
D. data unavailability
View answer
Correct Answer: A
Question #69
Which of the following should be of MOST concern to an IS auditor during the review of a quality management system?
A. The quality management system includes training records for IT personnel
B. There are no records to document actions for minor business processes
C. Important quality checklists are maintained outside the quality management system
D. Indicators are not fully represented in the quality management system
View answer
Correct Answer: E
Question #70
With Deep packet inspection, which of the following OSI layers are involved?
A. Layer 2 through Layer 7
B. Layer 3 through Layer 7
C. Layer 2 through Layer 6
D. Layer 3 through Layer 6 E
F. None of the choices
View answer
Correct Answer: D
Question #71
One major improvement in WPA over WEP is the use of a protocol which dynamically changes keys as the system is used. What protocol is this?
A. SKIP
B. RKIP C
D. EKIPE
F. None of the choices
View answer
Correct Answer: D
Question #72
Which of the following is the MOST secure and economical method for connecting a private network over the Internet in a small- to medium-sized organization?
A. Virtual private network
B. Dedicated line
C. Leased line D
View answer
Correct Answer: B
Question #73
An organization is implementing a new system to replace a legacy system. Which of the following conversion practices creates the GREATEST risk?
A. Pilot
B. Parallel
C. Direct cutover
D. Phased
View answer
Correct Answer: A
Question #74
Which of the following controls would BEST detect intrusion?
A. User IDs and user privileges are granted through authorized procedures
C. Automatic logoff of the system occurs after a specified number of unsuccessful attempts
D. Unsuccessful logon attempts are monitored by the security administrator
View answer
Correct Answer: C
Question #75
An accuracy measure for a biometric system is:
A. system response time
B. registration time
C. input file size
D. false-acceptance rate
View answer
Correct Answer: A
Question #76
When is the BEST time to commence continuity planning for a new application system?
A. Immediately after implementation
B. Just prior to the handover to the system maintenance group
C. During the design phase
D. Following successful user testing
View answer
Correct Answer: C
Question #77
Which of the following is the MOST important issue for an IS auditor to consider with regard to VoIP communications?
A. Continuity of service
B. Homogeneity of the network
C. Nonrepudiation
D. Identity management
View answer
Correct Answer: C
Question #78
Depending on the complexity of an organization's business continuity plan (BCP), the plan may be developed as a set of more than one plan to address various aspects of business continuity and disaster recovery, in such an environment, it is essential that: A. each plan is consistent with one another.
B. all plans are integrated into a single plan
C. each plan is dependent on one another
D. the sequence for implementation of all plans is defined
View answer
Correct Answer: A
Question #79
Which of the following would be the FIRST step to help ensure the necessary regulatory requirements are addressed in an organization’s cross-border data protection policy?
A. Conduct a risk assessment
B. Perform a gap analysis
C. Conduct stakeholder interviews
D. Perform a business impact analysis
View answer
Correct Answer: A
Question #80
"Nowadays, computer security comprises mainly "preventive"" measures."
A. True
B. True only for trusted networks
C. True only for untrusted networks
D. False
E. None of the choices
View answer
Correct Answer: A
Question #81
Which of the following BEST ensures that effective change management is in place in an IS environment? A. User authorization procedures for application access are well established.
B. User-prepared detailed test criteria for acceptance testing of the software
C. Adequate testing was carried out by the development team
D. Access to production source and object programs is well controlled
View answer
Correct Answer: B
Question #82
E-mail message authenticity and confidentiality is BEST achieved by signing the message using the:
A. sender's private key and encrypting the message using the receiver's public key
B. sender's public key and encrypting the message using the receiver's private key
C. receiver's private key and encrypting the message using the sender's public key
D. receiver's public key and encrypting the message using the sender's private key
View answer
Correct Answer: C
Question #83
Most trojan horse programs are spread through:
A. e-mails
B. MP3
C. MS Office
D. Word template
E. None of the choices
View answer
Correct Answer: B
Question #84
A warehouse employee of a retail company has been able to conceal the theft of inventory items by entering adjustments of either damaged or lost stock items to the inventory system. Which control would have BEST prevented this type of fraud in a retail environment?
A. An edit check for the validity of the inventory transaction
B. Separate authorization for input of transactions
C. Unscheduled audits of lost stock lines
D. Statistical sampling of adjustment transactions
View answer
Correct Answer: D
Question #85
Which of the following encrypt/decrypt steps provides the GREATEST assurance of achieving confidentiality, message integrity and nonrepudiation by either sender or recipient?
A. The recipient uses their private key to decrypt the secret key
B. The encrypted prehash code and the message are encrypted using a secret key
C. The encrypted prehash code is derived mathematically from the message to be sent
D. The recipient uses the sender's public key, verified with a certificate authority, to decrypt the prehash code
View answer
Correct Answer: A
Question #86
In an online banking application, which of the following would BEST protect against identity theft? A. Encryption of personal password
B. Restricting the user to a specific terminal
C. Two-factor authentication
D. Periodic review of access logs
View answer
Correct Answer: A
Question #87
An IS auditor intends to accept a management position in the data processing department within the same organization. However, the auditor is currently working on an audit of a major application and has not yet finished the report. Which of the following would be the BEST step for the IS auditor to take?
A. Start in the position and inform the application owner of the job change
B. Start in the position immediately
C. Disclose this issue to the appropriate parties
D. Complete the audit without disclosure and then start in the position
View answer
Correct Answer: ABC
Question #88
Which of the following strategies BEST optimizes data storage without compromising data retention practices?
A. Limiting the size of the file attachments being sent via email
B. Automatically deleting emails older than one year
C. Moving emails to a virtual email vault after 30 days
D. Allowing employees to store large emails on flash drives
View answer
Correct Answer: D
Question #89
Which of the following is used in providing logical access control to restrict updating or deleting business information in a relational database?
A. Trigger
B. View
C. Join
D. Primary key
View answer
Correct Answer: A
Question #90
Which of the following is the PRIMARY purpose of data classification?
A. To determine access rights to data
B. To provide a basis for protecting data
C. To select encryption technologies
D. To ensure integrity of data
View answer
Correct Answer: A
Question #91
The GREATEST advantage of using web services for the exchange of information between two systems is:
A. secure communications
B. improved performance
D. enhanced documentation
View answer
Correct Answer: A
Question #92
Which of the following should be of MOST concern to an IS auditor reviewing the BCP?
A. The disaster levels are based on scopes of damaged functions, but not on duration
B. The difference between low-level disaster and software incidents is not clear
C. The overall BCP is documented, but detailed recovery steps are not specified
D. The responsibility for declaring a disaster is not identified
View answer
Correct Answer: A
Question #93
The most likely error to occur when implementing a firewall is:
A. incorrectly configuring the access lists
B. compromising the passwords due to social engineering
C. connecting a modem to the computers in the network
View answer
Correct Answer: C
Question #94
Which of the following provides the BEST assurance that security policies are applied across business operations?
A. Organizational standards are required to be formally accepted
B. Organizational standards are enforced by technical controls
C. Organizational standards are included in awareness training
D. Organizational standards are documented in operational procedures
A. Security breach incidents can be identified in early stages
B. Regulatory risk exposures can be identified before they materialize
C. Fewer reviews are needed when updating the IT compliance process
D. Process accountabilities to external stakeholders are improved
View answer
Correct Answer: D
Question #95
If inadequate, which of the following would be the MOST likely contributor to a denial-of- service attack?
A. Router configuration and rules
B. Design of the internal network
C. Updates to the router system software
D. Audit testing and review techniques
View answer
Correct Answer: A
Question #96
Which of the following activities is MOST important in determining whether a test of a disaster recovery plan (DRP) has been successful?
A. Evaluating participation by key personnel
B. Testing at the backup data center
C. Analyzing whether predetermined test objectives were met
D. Testing with offsite backup files
View answer
Correct Answer: A
Question #97
Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist? A. Reviewing program code
B. Reviewing operations documentation
C. Turning off the UPS, then the power
D. Reviewing program documentation
View answer
Correct Answer: A
Question #98
Controls related to authorized modifications to production programs are BEST tested by:
A. testing only the authorizations to implement the new program
B. tracing modifications from the executable program back to the original request for change
C. reviewing only the actual lines of source code changed in the program
D. tracing modifications from the original request for change forward to the executable program
View answer
Correct Answer: A
Question #99
Which of the following should occur EARLIEST in a business continuity management lifecycle?
A. Defining business continuity procedures
B. Identifying critical business processes
C. Developing a training and awareness program
D. Carrying out a threat and risk assessment
View answer
Correct Answer: B
Question #100
Which of the following needs be established FIRST in order to categorize data properly?
A. A data protection policy
B. A data classification framework
C. A data asset inventory
D. A data asset protection standard
View answer
Correct Answer: C
Question #101
An organization can ensure that the recipients of e-mails from its employees can authenticate the identity of the sender by:
A. digitally signing all e-mail messages
B. encrypting all e-mail messages
C. compressing all e-mail messages
View answer
Correct Answer: D
Question #102
An advantage in using a bottom-up vs. a top-down approach to software testing is that:
A. interface errors are detected earlier
B. confidence in the system is achieved earlier
C. errors in critical modules are detected earlier
View answer
Correct Answer: C
Question #103
An IS auditor reviewing digital rights management (DRM) applications should expect to find an extensive use for which of the following technologies?
A. Digitalized signatures
B. Hashing
C. Parsing
D. Steganography
View answer
Correct Answer: C
Question #104
An IS auditor can verify that an organization's business continuity plan (BCP) is effective by reviewing the:
A. alignment of the BCP with industry best practices
B. results of business continuity tests performed by IS and end-user personnel
C. off-site facility, its contents, security and environmental controls
D. annual financial cost of the BCP activities versus the expected benefit of implementation of the plan
View answer
Correct Answer: A
Question #105
Which of the following types of transmission media provide the BEST security against unauthorized access?
A. Copper wire B
C. Fiberoptic cables
D. Coaxial cables
View answer
Correct Answer: C
Question #106
An internet-based attack using password sniffing can:
A. enable one party to act as if they are another party
B. cause modification to the contents of certain transactions
C. be used to gain access to systems containing proprietary information
D. result in major problems with billing systems and transaction processing agreements
View answer
Correct Answer: A
Question #107
A review of wide area network (WAN) usage discovers that traffic on one communication line between sites, synchronously linking the master and standby database, peaks at 96 percent of the line capacity. An IS auditor should conclude that:
A. analysis is required to determine if a pattern emerges that results in a service loss for a short period of time
B. WAN capacity is adequate for the maximum traffic demands since saturation has not been reached
C. the line should immediately be replaced by one with a larger capacity to provide approximately 85 percent saturation
D. users should be instructed to reduce their traffic demands or distribute them across all service hours to flatten bandwidth consumption
View answer
Correct Answer: C
Question #108
When replacing a critical software application, which of the following provides for the LOWEST risk of interruption to business processes?
A. Parallel implementation
B. Pilot implementation
C. Incremental implementation
D. Big-bang implementation
View answer
Correct Answer: B
Question #109
A reduction in which of the following would indicate improved performance in the administration of information security? Explanation Explanation/Reference: IT security awareness training days
B. Number of staff involved in security administration
C. Systems subject to an intrusion detection process
D. Turnaround time for requests for new user access
View answer
Correct Answer: A
Question #110
Which of the following security testing techniques is MOST effective in discovering unknown malicious attacks?
A. Vulnerability testing
B. Reverse engineering
C. Penetration testing
D. Sandboxing
View answer
Correct Answer: A
Question #111
Which of the following ensures confidentiality of information sent over the internet?
A. Digital signature
B. Digital certificate C
D. Private key cryptosystem
View answer
Correct Answer: D
Question #112
A hard disk containing confidential data was damaged beyond repair. What should be done to the hard disk to prevent access to the data residing on it?
A. Rewrite the hard disk with random Os and Is
C. Demagnetize the hard disk
D. Physically destroy the hard disk
View answer
Correct Answer: A
Question #113
An IS auditor finds that a DBA has read and write access to production data. The IS auditor should:
A. accept the DBA access as a common practice
B. assess the controls relevant to the DBA function
C. recommend the immediate revocation of the DBA access to production data
D. review user access authorizations approved by the DBA
View answer
Correct Answer: D
Question #114
To ensure compliance with a security policy requiring that passwords be a combination of letters and numbers, an IS auditor should recommend that:
A. the company policy be changed
B. passwords are periodically changed
C. an automated password management tool be used
D. security awareness training is delivered
View answer
Correct Answer: B
Question #115
An IS auditor is reviewing the performance outcomes of controls in an agile development project. Which of the following would provide the MOST relevant evidence for the auditor to consider?
A. Progress report of outstanding work
B. Product backlog
C. Number of failed builds
D. Composition of the scrum team
View answer
Correct Answer: A
Question #116
Fault-tolerance is a feature particularly sought-after in which of the following kinds of computer systems:
A. desktop systems
B. laptop systems C
D. business-critical systems
E. None of the choices
View answer
Correct Answer: B
Question #117
An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, which of the following should present the GREATEST concern to the auditor?
A. Access control requirements
B. Hardware configurations
C. Perimeter network security diagram D
View answer
Correct Answer: A
Question #118
IS management recently replaced its existing wired local area network (LAN) with a wireless infrastructure to accommodate the increased use of mobile devices within the organization. This will increase the risk of which of the following attacks?
A. Port scanning
B. Back door
C. Man-in-the-middle D
View answer
Correct Answer: A
Question #119
For locations 3a, 1d and 3d, the diagram indicates hubs with lines that appear to be open and active. Assuming that is true, what control, if any, should be recommended to mitigate this weakness?
A. Intelligent hub
B. Physical security over the hubs
C. Physical security and an intelligent hub
D. No controls are necessary since this is not a weakness
View answer
Correct Answer: C
Question #120
Distributed denial-of-service (DDOS) attacks on Internet sites are typically evoked by hackers using which of the following?
A. Logic bombs
B. Phishing
C. Spyware
D. Trojan horses
View answer
Correct Answer: A
Question #121
Which of the following methods of encryption has been proven to be almost unbreakable when correctly used?
A. key pair
B. Oakley
C. certificate
D. 3-DES
E. one-time pad
F. None of the choices
View answer
Correct Answer: B
Question #122
The PRIMARY goal of a web site certificate is:
A. authentication of the web site that will be surfed
C. preventing surfing of the web site by hackers
D. the same purpose as that of a digital certificate
View answer
Correct Answer: A
Question #123
Outsourcing the development of business systems is MOST likely to result in the loss of:
A. control over strategic direction
B. accountability for end products
C. in-house competencies
D. responsibility for IT security
View answer
Correct Answer: B
Question #124
When performing a data classification project, an information security manager should:
A. assign information critically and sensitivity
B. identify information owners
C. identify information custodians
D. assign information access privileges
View answer
Correct Answer: B
Question #125
Which of the following is the FIRST step in initiating a data classification program?
A. Risk appetite assessment
B. Inventory of data assetsAssignment of data ownership Assignment of sensitivity levels
View answer
Correct Answer: C
Question #126
Of the following procedures for testing a disaster recovery plan (DRP), which should be used MOST frequently?
A. Unannounced shutdown of the primary computing facility
B. Review of documented backup and recovery procedures
C. Testing at a secondary site using offsite data backups
D. Preplanned shutdown of the computing facility during an off-peak period B When reviewing a disaster recovery plan (DRP), an IS auditor should examine the:
A. access to the computer site by backup staff
B. offsite data file storage
C. uninterruptible power supply (UPS)
D. fire-fighting equipment
View answer
Correct Answer: C
Question #127
The MOST effective control to detect fraud inside an organization’s network, is to:
A. implement an intrusion detection system (IDS)
B. apply two-factor authentication
C. review access logs
D. segregate duties
View answer
Correct Answer: D
Question #128
To develop a robust data security program, the FIRST course of action should be to:
A. implement monitoring controls
B. implement data loss prevention controls
C. perform an inventory of assets D
View answer
Correct Answer: C
Question #129
The security level of a private key system depends on the number of:
A. encryption key bits
B. messages sent
C. keys
D. channels used
View answer
Correct Answer: C
Question #130
Which of the following term in business continuity determines the maximum tolerable amount of time that is needed to verify the system and/or data integrity? A. RPO
B. RTO
C. WRT
D. MTD
View answer
Correct Answer: C
Question #131
An intruder accesses an application server and makes changes to the system log. Which of the following would enable the identification of the changes?
A. Mirroring the system log on another server
B. Simultaneously duplicating the system log on a write-once disk
C. Write-protecting the directory containing the system log
D. Storing the backup of the system log offsite
View answer
Correct Answer: D
Question #132
What is the MOST important business concern when an organization is about to migrate a mission-critical application to a virtual environment? The organization’s experience with virtual applications
B. Adequacy of the fallback procedures
C. Confidentiality of network traffic
D. Adequacy of the virtual architecture
View answer
Correct Answer: B
Question #133
Which of the following will BEST ensure the successful offshore development of business applications?
A. Stringent contract management practices
B. Detailed and correctly applied specifications
C. Awareness of cultural and political differences
D. Post implementation reviews
View answer
Correct Answer: C
Question #134
Buffer overflow aims primarily at corrupting:
A. system processor
B. network firewall C
D. disk storage
E. None of the choices
View answer
Correct Answer: A
Question #135
An organization has recently converted its infrastructure to a virtualized environment. The GREATEST benefit related to disaster recovery is that virtualized servers:
A. reduce the time it takes to successfully create backups
B. decrease the recovery time objective (RTO)
C. eliminate the manpower necessary to restore the server
D. can be recreated on similar hardware faster than restoring from backups
View answer
Correct Answer: B
Question #136
An offsite information processing facility with electrical wiring, air conditioning and flooring, but no computer or communications equipment, is a:
A. cold site
B. warm site
C. dial-up site
D. duplicate processing facility
View answer
Correct Answer: A
Question #137
Which of the following measures can effectively minimize the possibility of buffer overflows?
A. Sufficient bounds checking
B. Sufficient memory
C. Sufficient processing capability
D. Sufficient code injection
E. None of the choices
View answer
Correct Answer: A
Question #138
Which of the following presents an inherent risk with no distinct identifiable preventive controls?
A. Piggybacking
B. Viruses
C. Data diddling
D. Unauthorized application shutdown
View answer
Correct Answer: B
Question #139
Since data storage of a critical business application is on a redundant array of inexpensive disks (RAID), backups are not considered essential. The IS auditor should recommend proper backups because RAID:
Since data storage of a critical business application is on a redundant array of inexpensive disks (RAID), backups are not considered essential. The IS auditor should recommend proper backups because RAID:
View answer
Correct Answer: A
Question #140
A medium-sized organization, whose IT disaster recovery measures have been in place and regularly tested for years, has just developed a formal business continuity plan (BCP). A basic BCP tabletop exercise has been performed successfully. Which testing should an IS auditor recommend be performed NEXT to verify the adequacy of the new BCP? A. Full-scale test with relocation of all departments, including IT, to the contingency site
B. Walk-through test of a series of predefined scenarios with all critical personnel involved
C. IT disaster recovery test with business departments involved in testing the critical applications
D. Functional test of a scenario with limited IT involvement
View answer
Correct Answer: B
Question #141
After discovering a security vulnerability in a third-party application that interfaces with several external systems, a patch is applied to a significant number of modules. Which of the following tests should an IS auditor recommend?
A. Stress
B. Black box
C. Interface
D. System
View answer
Correct Answer: C
Question #142
In a large organization, IT deadlines on important projects have been missed because IT resources are not prioritized properly. Which of the following is the BEST recommendation to address this problem?
A. Implement project portfolio management
B. Implement an integrated resource management system
C. Implement a comprehensive project scorecard
D. Revisit the IT strategic plan
View answer
Correct Answer: E
Question #143
A digital signature contains a message digest to:
A. show if the message has been altered after transmission
C. confirm the identity of the originator
D. enable message transmission in a digital format
View answer
Correct Answer: A
Question #144
While performing a risk-based audit, which of the following would BEST enable an IS auditor to identify and categorize risk?
A. Understanding the control framework
B. Developing a comprehensive risk model
C. Understanding the business environment D
View answer
Correct Answer: A
Question #145
Which of the following is the GREATEST risk posed by denial-of-service attacks? A. Confidential information leakage
B. Loss of integrity and corruption of databases
C. Loss of reputation and business
D. Unauthorized access to the systems
View answer
Correct Answer: D
Question #146
Which of the following would be an indicator of the effectiveness of a computer security incident response team?
A. Financial impact per security incident
B. Number of security vulnerabilities that were patched C
D. Number of successful penetration tests
View answer
Correct Answer: C
Question #147
During the design of a business continuity plan, the business impact analysis (BIA) identifies critical processes and supporting applications. This will PRIMARILY influence the:
A. responsibility for maintaining the business continuity plan
B. criteria for selecting a recovery site provider
C. recovery strategy
D. responsibilities of key personnel
View answer
Correct Answer: C
Question #148
Which of the following techniques would BEST help an IS auditor gain reasonable assurance that a project can meet its target date?
A. Estimation of the actual end date based on the completion percentages and estimated time to complete, taken from status reports
B. Confirmation of the target date based on interviews with experienced managers and staff involved in the completion of the project deliverables
C. Extrapolation of the overall end date based on completed work packages and current resources
D. Calculation of the expected end date based on current resources and remaining available project budget
View answer
Correct Answer: D
Question #149
An organization has a recovery time objective (RTO) equal to zero and a recovery point objective (RPO) close to 1 minute for a critical system. This implies that the system can tolerate:
A. a data loss of up to 1 minute, but the processing must be continuous
B. a 1-minute processing interruption but cannot tolerate any data loss
C. a processing interruption of 1 minute or more
D. both a data less and processing interruption longer than 1 minute
View answer
Correct Answer: A
Question #150
When building a corporate-wide business continuity plan, it is discovered there are two separate lines of business systems that could be impacted by the same threat. Which of the following is the BEST method to determine the priority of systems recovery in the event of a disaster?
A. Reviewing the business plans of each department
B. Evaluating the cost associated with each system’s outage
C. Reviewing each system’s key performance indicators (KPIs)
D. Comparing the recovery point objectives (RPOs)
View answer
Correct Answer: D
Question #151
E-mail traffic from the Internet is routed via firewall-1 to the mail gateway. Mail is routed from the mail gateway, via firewall-2, to the mail recipients in the internal network. Other traffic is not allowed. For example, the firewalls do not allow direct traffic from the Internet to the internal network. The intrusion detection system (IDS) detects traffic for the internal network that did not originate from the mail gateway. The FIRST action triggered by the IDS should be to:
A. alert the appropriate staff
B. create an entry in the log
C. close firewall-2
D. close firewall-1
View answer
Correct Answer: C
Question #152
Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed as:
A. the likelihood of a given threat attempting to exploit a vulnerability
B. a function of the cost and effectiveness of controls over a vulnerability
C. the magnitude of the impact should a threat exploit a vulnerability
D. a function of the likelihood and impact, should a threat exploit a vulnerability
View answer
Correct Answer: D
Question #153
Which of the following potentially blocks hacking attempts?
A. intrusion detection system
B. Honeypot system
C. Intrusion prevention system
D. Network security scanner
View answer
Correct Answer: A
Question #154
Which of the following is the BEST approach to verify that internal help desk procedures are executed in compliance with policies?
A. Benchmark help desk procedures
B. Interview end users
C. Test a sample of closed tickets
D. Evaluate help desk call metrics
View answer
Correct Answer: A

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: