DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CISA Certification Exam Questions & Practice Tests, Certified Information Systems Auditor | SPOTO

Master the CISA certification exam with SPOTO's comprehensive exam questions and practice tests. Our meticulously crafted materials cover a wide array of topics, including sample questions, online exam questions, and mock exams, ensuring you're thoroughly prepared for the real test. Identify knowledge gaps and strengths through detailed performance analysis and explanations. Access regularly updated exam materials, including free test dumps and exam questions and answers, to stay aligned with the latest objectives. Simulate the actual testing environment with our realistic exam simulator, featuring timed, full-length practice tests. Unlock your auditing prowess and achieve certification success with SPOTO's proven CISA exam prep resources. Keywords: exam questions, practice tests, online exam questions, exam dumps, exam questions and answers.
Take other online exams

Question #1
Transmitting redundant information with each character or frame to facilitate detection and correction of errors is called a:
A. feedback error control
B. block sum check
C. forward error control
D. cyclic redundancy check
View answer
Correct Answer: B

View The Updated CISA Exam Questions

SPOTO Provides 100% Real CISA Exam Questions for You to Pass Your CISA Exam!

Question #2
Which of the following is a disadvantage of image processing?
A. Verifies signatures
B. Improves service
C. Relatively inexpensive to use
D. Reduces deterioration due to handling
View answer
Correct Answer: B
Question #3
Which of the following would BEST support 24/7 availability?
A. Daily backup
B. offsite storage
C. Mirroring
D. Periodic testing
View answer
Correct Answer: D
Question #4
Which of the following are often considered as the first defensive line in protecting a typical data and information environment?
A. certificates
B. security token
C. password
D. biometrics
E. None of the choices
View answer
Correct Answer: A
Question #5
Due to a recent business divesture, an organization has limited IT resources to deliver critical projects. Reviewing the IT staffing plan against which of the following would BEST guide IT management when estimating resource requirements for future projects?
A. Peer organizational staffing benchmarks
B. Budgeted forecast for the next financial year
C. Human resources sourcing strategy
D. Records of actual time spent on projects
View answer
Correct Answer: D
Question #6
When using public key encryption to secure data being transmitted across a network:
A. both the key used to encrypt and decrypt the data are public
B. the key used to encrypt is private, but the key used to decrypt the data is public
C. the key used to encrypt is public, but the key used to decrypt the data is private
D. both the key used to encrypt and decrypt the data are private
View answer
Correct Answer: C
Question #7
Which of the following controls would BEST detect intrusion?
A. User ids and user privileges are granted through authorized procedures
B. Automatic logoff is used when a workstation is inactive for a particular period of time
C. Automatic logoff of the system after a specified number of unsuccessful attempts
D. Unsuccessful logon attempts are monitored by the security administrator
View answer
Correct Answer: B
Question #8
Which of the following is the BEST way to mitigate the risk of unintentional modifications associated with complex calculations in end-user computing (EUC)?
A. Verify EUC results through manual calculations
B. Operate copies of EUC programs out of a secure library
C. Implement data integrity checks
D. Utilize an independent party to review the source calculations
View answer
Correct Answer: A
Question #9
The knowledge base of an expert system that uses questionnaires to lead the user through a series of choices before a conclusion is reached is known as:
A. rules
B. decision trees
C. semantic nets
D. data flow diagrams
View answer
Correct Answer: A
Question #10
Which of the following is a data validation edit and control?
A. Hash totals
B. Reasonableness checks
C. Online access controls
D. Before and after image reporting
View answer
Correct Answer: B
Question #11
Use of asymmetric encryption in an Internet e-commerce site, where there is one private key for the hosting server and the public key is widely distributed to the customers, is MOST likely to provide comfort to the:
A. customer over the authenticity of the hosting organization
B. hosting organization over the authenticity of the customer
C. customer over the confidentiality of messages from the hosting organization
D. hosting organization over the confidentiality of messages passed to the customer
View answer
Correct Answer: A
Question #12
An organization is disposing of a number of laptop computers. Which of the following data destruction methods would be the MOST effective?
A. Run a low-level data wipe utility on all hard drives
B. Erase all data file directories
C. Format all hard drives
D. Physical destruction of the hard drive
View answer
Correct Answer: D
Question #13
Which of the following virus prevention techniques can be implemented through hardware?
A. Remote booting
B. Heuristic scanners
C. Behavior blockers
D. Immunizers
View answer
Correct Answer: C
Question #14
Machines that operate as a closed system can NEVER be eavesdropped.
A. True
B. False
View answer
Correct Answer: C
Question #15
Which of the following is the MOST effective type of antivirus software?
A. Scanners
B. Active monitors
C. Integrity checkers
D. Vaccines
View answer
Correct Answer: D
Question #16
Which of the following are the characteristics of a good password?
A. It has mixed-case alphabetic characters, numbers, and symbols
B. It has mixed-case alphabetic characters and numbers
C. It has mixed-case alphabetic characters and symbols
D. It has mixed-case alphabetic characters, numbers, and binary codes
E. None of the choices
View answer
Correct Answer: B
Question #17
The performance of an order-processing system can be measured MOST reliably by monitoring:
A. input/request queue length
B. turnaround time of completed transactions
C. application and database servers’ CPU load
D. heartbeats between server systems
View answer
Correct Answer: C
Question #18
An organization’s business continuity plan should be:
A. updated based on changes to personnel and environments
B. updated only after independent audit review by a third party
C. tested whenever new applications are implemented
D. tested after successful intrusions into the organization’s hot site
View answer
Correct Answer: B
Question #19
When developing a business continuity plan (BCP), which of the following tools should be used to gain an understanding of the organization's business processes?
A. Business continuity self-audit
B. Resource recovery analysis
C. Risk assessment
D. Gap analysis
View answer
Correct Answer: D
Question #20
Software is considered malware based on:
A. the intent of the creator
B. its particular features
C. its location
D. its compatibility
E. None of the choices
View answer
Correct Answer: B
Question #21
Which of the following is a detective control?
A. Physical access controls
B. Segregation of duties
C. Backup procedures
D. Audit trails
View answer
Correct Answer: B
Question #22
An integrated test facility is considered a useful audit tool because it:
A. is a cost-efficient approach to auditing application controls
B. enables the financial and IS auditors to integrate their audit tests
C. compares processing output with independently calculated data
D. provides the IS auditor with a tool to analyze a large range of information
View answer
Correct Answer: B
Question #23
A critical function of a firewall is to act as a:
A. special router that connects the Internet to a LAN
B. device for preventing authorized users from accessing the LAN
C. server used to connect authorized users to private trusted network resources
D. proxy server to increase the speed of access to authorized users
View answer
Correct Answer: C
Question #24
A malicious code that changes itself with each file it infects is called a:
A. logic bomb
B. stealth virus
C. trojan horse
D. polymorphic virus
View answer
Correct Answer: A
Question #25
Which of the following is a good tool to use to help enforcing the deployment of good passwords?
A. password cracker
B. local DoS attacker
C. network hacker
D. remote windowing tool
E. None of the choices
View answer
Correct Answer: A
Question #26
During the review of an organization's disaster recovery and business continuity plan, the IS auditor found that a paper test was performed to verify the existence of all necessary procedures and actions within the recovery plan. This is a:
A. preparedness test
B. module test
C. full test
D. walk-through test
View answer
Correct Answer: D
Question #27
The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is called:
A. data integrity
B. authentication
C. non repudiation
D. replay protection
View answer
Correct Answer: A
Question #28
The optimum business continuity strategy for an entity is determined by the:
A. lowest downtime cost and highest recovery cost
B. lowest sum of downtime cost and recovery cost
C. lowest recovery cost and highest downtime cost
D. average of the combined downtime and recovery cost
View answer
Correct Answer: A
Question #29
An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization has discovered the following: -The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization's IT department using transaction flow projections from the operations department. -The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his/her attention. -The plan has never been updated, tested or circulated to key ma
A. take no action as the lack of a current plan is the only significant finding
B. recommend that the hardware configuration at each site is identical
C. perform a review to verify that the second configuration can support live processing
D. report that the financial expenditure on the alternative site is wasted without an effective plan
View answer
Correct Answer: D
Question #30
An IS auditor is performing an audit of a large organization’s operating system maintenance procedures. Which of the following findings presents the GREATEST risk?
A. Some internal servers cannot be patched due to software incompatibility
B. The configuration management database is not up-to-date
C. Vulnerability testing is not performed on the development servers
D. Critical patches are applied immediately while others follow quarterly release cycles
View answer
Correct Answer: A
Question #31
Which of the following types of attack often take advantage of curiosity or greed to deliver malware?
A. Gimmes
B. Tripwire
C. Icing
D. Soft coding
E. Pretexting
F. None of the choices
View answer
Correct Answer: A
Question #32
An IS auditor performing an access controls review should be LEAST concerned if:
A. audit trails were not enabled
B. programmers have access to the live environment
C. group logons are being used for critical functions
D. the same user can initiate transactions and also change related parameters
View answer
Correct Answer: B
Question #33
A company has contracted with an external consulting firm to implement a commercial financial system to replace its existing in-house developed system. In reviewing the proposed development approach, which of the following would be of GREATEST concern?
A. Acceptance testing is to be managed by users
B. A quality plan is not part of the contracted deliverables
C. Not all business functions will be available on initial implementation
D. Prototyping is being used to confirm that the system meets business requirements
View answer
Correct Answer: D
Question #34
In a public key infrastructure (PKI), the authority responsible for the identification and authentication of an applicant for a digital certificate (i.e., certificate subjects) is the:
A. registration authority (RA)
B. issuing certification authority (CA)
C. subject CA
D. policy management authority
View answer
Correct Answer: C
Question #35
In which of the following situations is it MOST appropriate to implement data mirroring as the recovery strategy?
A. Disaster tolerance is high
B. Recovery time objective is high
C. Recovery point objective is low
D. Recovery point objective is high
View answer
Correct Answer: A
Question #36
While performing a risk-based audit, which of the following would BEST enable an IS auditor to identify and categorize risk?
A. Understanding the control framework
B. Developing a comprehensive risk model
C. Understanding the business environment
D. Adopting qualitative risk analysis
View answer
Correct Answer: C
Question #37
IS auditors who have participated in the development of an application system might have their independence impaired if they:
A. perform an application development review
B. recommend control and other system enhancements
C. perform an independent evaluation of the application after its implementation
D. are involved actively in the design and implementation of the application system
View answer
Correct Answer: B
Question #38
Creating which of the following is how a hacker can insure his ability to return to the hacked system at will?
A. rootsec
B. checksum
C. CRC
D. backdoors
E. None of the choices
View answer
Correct Answer: AB
Question #39
E. Which of the following correctly describes the purpose of an Electronic data processing audit?
A. to collect and evaluate evidence of an organization's information systems, practices, and operations
B. to ensure document validity
C. to verify data accuracy
D. to collect and evaluate benefits brought by an organization's information systems to its bottom line
E. None of the choices
View answer
Correct Answer: A
Question #40
Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized?
A. Release-to-release source and object comparison reports
B. Library control software restricting changes to source code
C. Restricted access to source code and object code
D. Date and time-stamp reviews of source and object code
View answer
Correct Answer: B
Question #41
An IS auditor finds that not all employees are aware of the enterprise's information security policy. The IS auditor should conclude that:
A. this lack of knowledge may lead to unintentional disclosure of sensitive information
B. information security is not critical to all functions
C. IS audit should provide security training to the employees
D. the audit finding will cause management to provide continuous training to staff
View answer
Correct Answer: A
Question #42
Which of the following would BEST ensure continuity of a wide area network (WAN) across the organization?
A. Built-in alternative routing
B. Completing full system backup daily
C. A repair contract with a service provider
D. A duplicate machine alongside each server
View answer
Correct Answer: A
Question #43
In a high-volume, real-time system, the MOST effective technique by which to continuously monitor and analyze transaction processing is:
A. integrated test facility (ITF)
B. embedded audit modules
C. parallel simulation
D. transaction tagging
View answer
Correct Answer: A
Question #44
Which of the following components is responsible for the collection of data in an intrusion detection system (IDS)?
A. Analyzer
B. Administration console
C. User interface
D. Sensor
View answer
Correct Answer: A
Question #45
When auditing a software development project, a review of which of the following will BEST verify that project work is adequately subdivided?
A. Work breakdown structure
B. Statement of work
C. Scope statement
D. Functional and technical design documents
View answer
Correct Answer: D
Question #46
A database administrator is responsible for:
A. maintaining the access security of data residing on the computers
B. implementing database definition controls
C. granting access rights to users
D. defining system's data structure
View answer
Correct Answer: A
Question #47
When auditing the requirements phase of a system development project, an IS auditor would:
A. assess the adequacy of audit trails
B. identify and determine the criticality of the need
C. verify cost justifications and anticipated benefits
D. ensure that control specifications have been defined
View answer
Correct Answer: C
Question #48
Which of the following would have the HIGHEST priority in a business continuity plan (BCP)?
A. Resuming critical processes
B. Recovering sensitive processes
C. Restoring the site
D. Relocating operations to an alternative site
View answer
Correct Answer: E
Question #49
Which of the following can be used to verify output results and control totals by matching them against the input data and control totals?
A. Batch header forms
B. Batch balancing
C. Data conversion error corrections
D. Access controls over print spools
View answer
Correct Answer: B
Question #50
A comprehensive IS audit policy should include guidelines detailing what involvement the internal audit team should have?
A. in the development and coding of major OS applications
B. in the acquisition and maintenance of major WEB applications
C. in the human resource management cycle of the application development project
D. in the development, acquisition, conversion, and testing of major applications
E. None of the choices
View answer
Correct Answer: D
Question #51
Which of the following is one most common way that spyware is distributed?
A. as a trojan horse
B. as a virus
C. as an Adware
D. as a device driver
E. as a macro
F. None of the choices
View answer
Correct Answer: ABCD
Question #52
An IS auditor discovers that developers have operator access to the command line of a production environment operating system. Which of the following controls would BEST mitigate the risk of undetected and unauthorized program changes to the production environment?
A. Commands typed on the command line are logged
B. Hash keys are calculated periodically for programs and matched against hash keys calculated for the most recent authorized versions of the programs
C. Access to the operating system command line is granted through an access restriction tool with preapproved rights
D. Software development tools and compilers have been removed from the production environment
View answer
Correct Answer: C
Question #53
A PRIMARY benefit derived from an organization employing control selfassessment (CSA) techniques is that it:
A. can identify high-risk areas that might need a detailed review later
B. allows IS auditors to independently assess risk
C. can be used as a replacement for traditional audits
D. allows management to relinquish responsibility for control
View answer
Correct Answer: C
Question #54
Which of the following is a network architecture configuration that links each station directly to a main hub?
A. Bus
B. Ring
C. Star
D. Completed connected
View answer
Correct Answer: A
Question #55
The MOST important success factor in planning a penetration test is:
A. the documentation of the planned testing procedure
B. scheduling and deciding on the timed length of the test
C. the involvement of the management of the client organization
D. the qualifications and experience of staff involved in the test
D. Section: Protection of Information Assets
View answer
Correct Answer: C
Question #56
You should keep all computer rooms at reasonable humidity levels, which are in between:
A. 20 - 70 percent
B. 10 - 70 percent
C. 10 - 60 percent
D. 70 - 90 percent
E. 60 - 80 percent
F. None of the choices
View answer
Correct Answer: A
Question #57
In a client-server architecture, a domain name service (DNS) is MOST important because it provides the:
A. address of the domain server
B. resolution service for the name/address
C. IP addresses for the Internet
D. domain name system
View answer
Correct Answer: D
Question #58
The MOST appropriate person to chair the steering committee for an enterprise-wide system development should normally be the:
A. project manager
B. IS director
C. executive level manager
D. business analyst
View answer
Correct Answer: D
Question #59
An IS auditor who is participating in a systems development project should:
A. recommend appropriate control mechanisms regardless of cost
B. obtain and read project team meeting minutes to determine the status of the project
C. ensure that adequate and complete documentation exists for all project phases
D. not worry about his/her own ability to meet target dates since work will progress regardless
View answer
Correct Answer: D
Question #60
An IS auditor plans to review all access attempts to a video-monitored and proximity-card controlled communications room. Which of the following would be MOST useful to the auditor?
A. System electronic log
B. Security incident log
C. Manual sign-in and sign-out log
D. Alarm system with CCTV
View answer
Correct Answer: C
Question #61
Screening router inspects traffic through examining:
A. message header
B. virus payload
C. message content
D. attachment type
E. None of the choices
View answer
Correct Answer: B
Question #62
Connection-oriented protocols in the TCP/IP suite are implemented in the:
A. transport layer
B. application layer
C. physical layer
D. network layer
View answer
Correct Answer: D
Question #63
In which of the following phases of the system development life cycle (SDLC) is it the MOST important for the IS auditor to participate?
A. Design
B. Testing
C. Programming
D. Implementation
View answer
Correct Answer: C
Question #64
An IS auditor is assigned to perform a post implementation review of an application system. Which of the following situations may have impaired the independence of the IS auditor? The IS auditor:
A. implemented a specific control during the development of the application system
B. designed an embedded audit module exclusively for auditing the application system
C. participated as a member of the application system project team, but did not have operational responsibilities
D. provided consulting advice concerning application system best practices
View answer
Correct Answer: B
Question #65
What should be done to determine the appropriate level of audit coverage for an organization's IT environment?
A. determine the company's quarterly budget requirement
B. define an effective assessment methodology
C. calculate the company's yearly budget requirement
D. define an effective system upgrade methodology
E. define an effective network implementation methodology
View answer
Correct Answer: A
Question #66
Disaster recovery planning (DRP) for a company's computer system usually focuses on:
A. operations turnover procedures
B. strategic long-range planning
C. the probability that a disaster will occur
D. alternative procedures to process transactions
View answer
Correct Answer: B
Question #67
If inadequate, which of the following would be the MOST likely contributor to a denial-of-service attack?
A. Router configuration and rules
B. Design of the internal network
C. Updates to the router system software
D. Audit testing and review techniques
View answer
Correct Answer: D
Question #68
What is the best defense against Local DoS attacks?
A. patch your systems
B. run a virus checker
C. run an anti-spy software
D. find this program and kill it
E. None of the choices
View answer
Correct Answer: A
Question #69
Which of the following is widely accepted as one of the critical components in networking management?
A. Configuration management
B. Topological mappings
C. Application of monitoring tools
D. Proxy server trouble shooting
View answer
Correct Answer: B
Question #70
Which of the following provides the GREATEST assurance of message authenticity?
A. The pre-hash code is derived mathematically from the message being sent
B. The pre-hash code is encrypted using the sender's private key
C. Encryption of the pre-hash code and the message using the secret key
D. Sender attains the recipient's public key and verifies the authenticity of its digital certificate with a certificate authority
View answer
Correct Answer: A
Question #71
Which of the following refers to the act of creating and using an invented scenario to persuade a target to perform an action?
A. Pretexting
B. Backgrounding
C. Check making
D. Bounce checking
E. None of the choices
View answer
Correct Answer: D
Question #72
During an audit of the tape management system at a data center, an IS auditor discovered that parameters are set to bypass or ignore the labels written on tape header records. The IS auditor also determined that effective staging and job setup procedures were in place. In this situation, the IS auditor should conclude that the:
A. tape headers should be manually logged and checked by the operators
B. staging and job setup procedures are not appropriate compensating controls
C. staging and job setup procedures compensate for the tape label control weakness
D. tape management system parameters must be set to check all labels
View answer
Correct Answer: D
Question #73
Compensating controls are intended to:
A. reduce the risk of an existing or potential control weakness
B. predict potential problems before they occur
C. remedy problems discovered by detective controls
D. report errors or omissions
View answer
Correct Answer: C
Question #74
The most likely error to occur when implementing a firewall is:
A. incorrectly configuring the access lists
B. compromising the passwords due to social engineering
C. connecting a modem to the computers in the network
D. inadequately protecting the network and server from virus attacks
View answer
Correct Answer: A
Question #75
Which of the following would be of MOST concern to an IS auditor reviewing a virtual private network (VPN) implementation? Computers on the network that are located:
A. on the enterprise's internal network
B. at the backup site
C. in employees’ homes
D. at the enterprise’s remote offices
View answer
Correct Answer: C
Question #76
Which of the following is MOST likely to occur when a system development project is in the middle of the programming/coding phase?
A. Unit tests
B. Stress tests
C. Regression tests
D. Acceptance tests
View answer
Correct Answer: A
Question #77
A trojan horse simply cannot operate autonomously.
A. true
B. false
View answer
Correct Answer: D
Question #78
Which of the following should an IS auditor expect to find in an organization’s information security policies?
A. Authentication requirements
B. Asset provisioning lifecycle
C. Security configuration settings
D. Secure coding procedures
View answer
Correct Answer: B
Question #79
Which of the following BEST describes an integrated test facility?
A. A technique that enables the IS auditor to test a computer application for the purpose of verifying correct processing
B. The utilization of hardware and/or software to review and test the functioning of a computer system
C. A method of using special programming options to permit printout of the path through a computer program taken to process a specific transaction
D. A procedure for tagging and extending transactions and master records that are used by an IS auditor for tests
View answer
Correct Answer: C
Question #80
Integrating business continuity planning (BCP) into an IT project aids in:
A. the retrofitting of the business continuity requirements
B. the development of a more comprehensive set of requirements
C. the development of a transaction flowchart
D. ensuring the application meets the user's needs
View answer
Correct Answer: B
Question #81
Relatively speaking, firewalls operated at the physical level of the seven-layer OSI model are:
A. almost always less efficient
B. almost always less effective
C. almost always less secure
D. almost always less costly to setup
E. None of the choices
View answer
Correct Answer: A
Question #82
An offsite information processing facility:
A. should have the same amount of physical access restrictions as the primary processing site
B. should be easily identified from the outside so that in the event of an emergency it can be easily found
C. should be located in proximity to the originating site so that it can quickly be made operational
D. need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive
View answer
Correct Answer: C
Question #83
Phishing attack works primarily through:
A. email and hyperlinks
B. SMS
C. chat
D. email attachment
E. news
E.
F. file download
G. None of the choices
View answer
Correct Answer: AB
Question #84
Which of the following is the MOST critical and contributes the MOST to the quality of data in a data warehouse?
A. Accuracy of the source data
B. Credibility of the data source
C. Accuracy of the extraction process
D. Accuracy of the data transformation
View answer
Correct Answer: C
Question #85
When reviewing a business process reengineering (BPR) project, which of the following is the MOST important for an IS auditor to evaluate?
A. The impact of removed controls
B. The cost of new controls
C. The BPR project plans
D. The continuous improvement and monitoring plans
View answer
Correct Answer: D
Question #86
Which of the following would enable an enterprise to provide access to its intranet (i.e., extranet) across the Internet to its business partners?
A. Virtual private network
B. Client-server
C. Dial-in access
D. Network service provider
View answer
Correct Answer: C
Question #87
Which of the following BEST describes the objectives of following a standard system development methodology?
A. To ensure that appropriate staffing is assigned and to provide a method of controlling costs and schedules
B. To provide a method of controlling costs and schedules and to ensure communication among users, IS auditors, management and IS personnel
C. To provide a method of controlling costs and schedules and an effective means of auditing project development
D. To ensure communication among users, IS auditors, management and personnel and to ensure that appropriate staffing is assigned
View answer
Correct Answer: A
Question #88
Which of the following activities would be MOST important to consider when conducting IS audit planning?
A. Results from previous audits are reviewed
B. Audit scheduling is based on skill set of audit team
C. Resources are allocated to areas of high risk
D. The audit committee agrees on risk rankings
View answer
Correct Answer: A
Question #89
Which of the following is an objective of a control self-assessment (CSA) program?
A. Audit responsibility enhancement
B. Problem identification
C. Solution brainstorming
D. Substitution for an audit
View answer
Correct Answer: B
Question #90
Which of the following would be the MOST significant audit finding when reviewing a point-of-sale (POS) system?
A. invoices recorded on the POS system are manually entered into an accounting application
B. An optical scanner is not used to read bar codes for the generation of sales invoices
C. Frequent power outages occur, resulting in the manual preparation of invoices
D. Customer credit card information is stored unencrypted on the local POS system
View answer
Correct Answer: C
Question #91
The potential for unauthorized system access by way of terminals or workstations within an organization's facility is increased when:
A. connecting points are available in the facility to connect laptops to the network
B. users take precautions to keep their passwords confidential
C. terminals with password protection are located in unsecured locations
D. terminals are located within the facility in small clusters under the supervision of an administrator
View answer
Correct Answer: A
Question #92
A strength of an implemented quality system based on ISO 9001 is that it:
A. guarantees quality solutions to business problems
B. results in improved software life cycle activities
C. provides clear answers to questions concerning cost-effectiveness
D. does not depend on the maturity of the implemented quality system
View answer
Correct Answer: C
Question #93
In a TCP/IP-based network, an IP address specifies a:
A. network connection
B. router/gateway
C. computer in the network
D. device on the network
View answer
Correct Answer: B
Question #94
An internal audit department, that organizationally reports exclusively to the chief financial officer (CFO) rather than to an audit committee, is MOST likely to:
A. have its audit independence questioned
B. report more business-oriented and relevant findings
C. enhance the implementation of the auditor's recommendations
D. result in more effective action being taken on the recommendations
View answer
Correct Answer: C
Question #95
Which of the following provides a mechanism for coding and compiling programs interactively?
A. Firmware
B. Utility programs
C. Online programming facilities
D. Network management software
View answer
Correct Answer: A
Question #96
A company has recently upgraded its purchase system to incorporate EDI transmissions. Which of the following controls should be implemented in the EDI interface in order to provide for efficient data mapping?
A. Key verification
B. One-for-one checking
C. Manual recalculations
D. Functional acknowledgements
View answer
Correct Answer: C
Question #97
An audit charter should:
A. be dynamic and change often to coincide with the changing nature of technology and the audit profession
B. clearly state audit objectives for the delegation of authority for the maintenance and review of internal controls
C. document the audit procedures designed to achieve the planned audit objectives
D. outline the overall authority, scope and responsibilities of the audit function
View answer
Correct Answer: B
Question #98
An IS auditor reviewing operating system access discovers that the system is not secured properly. In this situation, the IS auditor is LEAST likely to be concerned that the user might:
A. create new users
B. delete database and log files
C. access the system utility tools
D. access the system writeable directories
View answer
Correct Answer: B
Question #99
Which of the following forms of evidence for the auditor would be considered the MOST reliable?
A. An oral statement from the auditee
B. The results of a test performed by an IS auditor
C. An internally generated computer accounting report
D. A confirmation letter received from an outside source
View answer
Correct Answer: C
Question #100
An IS auditor doing penetration testing during an audit of internet connections would:
A. evaluate configurations
B. examine security settings
C. ensure virus-scanning software is in use
D. use tools and techniques available to a hacker
View answer
Correct Answer: B
Question #101
The MOST effective method of preventing unauthorized use of data files is:
A. automated file entry
B. tape librarian
C. access control software
D. locked library
View answer
Correct Answer: D
Question #102
With Deep packet inspection, which of the following OSI layers are involved?
A. Layer 2 through Layer 7
B. Layer 3 through Layer 7
C. Layer 2 through Layer 6
D. Layer 3 through Layer 6
E. Layer 2 through Layer 5
F. None of the choices
View answer
Correct Answer: B
Question #103
Which of the following satisfies a two-factor user authentication?
A. Iris scanning plus finger print scanning
B. Terminal ID plus global positioning system (GPS)
C. A smart card requiring the user's PIN
D. User ID along with password
View answer
Correct Answer: A
Question #104
Talking about biometric authentication, which of the following is often considered as a mix of both physical and behavioral characteristics? E.
A. Voice
B. Finger measurement
C. Body measurement
D. Signature
E. None of the choices
View answer
Correct Answer: D
Question #105
As updates to an online order entry system are processed, the updates are recorded on a transaction tape and a hard copy transaction log. At the end of the day, the order entry files are backed up on tape. During the backup procedure, a drive malfunctions and the order entry files are lost. Which of the following is necessary to restore these files?
A. The previous day's backup file and the current transaction tape
B. The previous day's transaction file and the current transaction tape
C. The current transaction tape and the current hard copy transaction log
D. The current hard copy transaction log and the previous day's transaction file
View answer
Correct Answer: D
Question #106
The PRIMARY purpose of implementing Redundant Array of Inexpensive Disks (RAID) level 1 in a file server is to:
A. achieve performance improvement
B. provide user authentication
C. ensure availability of data
D. ensure the confidentiality of data
View answer
Correct Answer: D
Question #107
Which of the following should be seen as one of the most significant factors considered when determining the frequency of IS audits within your organization?
A. The cost of risk analysis
B. The income generated by the business function
C. Resource allocation strategy
D. The nature and level of risk
E. None of the choices
View answer
Correct Answer: B
Question #108
Responsibility and reporting lines cannot always be established when auditing automated systems since:
A. diversified control makes ownership irrelevant
B. staff traditionally change jobs with greater frequency
C. ownership is difficult to establish where resources are shared
D. duties change frequently in the rapid development of technology
View answer
Correct Answer: D
Question #109
A successful risk-based IT audit program should be based on:
A. an effective scoring system
B. an effective PERT diagram
C. an effective departmental brainstorm session
D. an effective organization-wide brainstorm session
F. None of the choices
View answer
Correct Answer: B

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: