DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CISA Exam Prep: Study Materials & Mock Tests, Certified Information Systems Auditor | SPOTO

Elevate your CISA exam readiness with SPOTO's comprehensive study materials and mock tests. Our exhaustive resources include exam questions, sample questions, online exam questions, and full-length practice tests meticulously aligned with the latest exam objectives. Reinforce key concepts through detailed explanations and performance analysis. Access regularly updated exam materials, including free test dumps and exam questions and answers, to ensure you're thoroughly prepared. Simulate the real testing environment with our realistic exam simulator, featuring timed mock exams. Leverage SPOTO's proven CISA exam prep resources to identify knowledge gaps, build confidence, and unlock your auditing potential for certification success.
Take other online exams

Question #1
What are often the primary safeguards for systems software and data?
A. Administrative access controls
B. Logical access controls
C. Physical access controls
D. Detective access controls
View answer
Correct Answer: A

View The Updated CISA Exam Questions

SPOTO Provides 100% Real CISA Exam Questions for You to Pass Your CISA Exam!

Question #2
Which of the following protocol does NOT work at the Application layer of the TCP/IP Models?
A. HTTP
B. FTP
C. NTP
D. TCP
View answer
Correct Answer: B
Question #3
During a post-implementation review of an enterprise resource management system, an IS auditor would MOST likely:
A. review access control configuration
B. evaluate interface testing
C. review detailed design documentation
D. evaluate system testing
View answer
Correct Answer: A
Question #4
Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures?
A. Review software migration records and verify approvals
B. Identify changes that have occurred and verify approvals
C. Review change control documentation and verify approvals
D. Ensure that only appropriate staff can migrate changes into production
View answer
Correct Answer: D
Question #5
Which of the following exposures associated with the spooling of sensitive reports for offline printing would an IS auditor consider to be the MOST serious?
A. Sensitive data can be read by operators
B. Data can be amended without authorization
C. Unauthorized report copies can be printed
D. Output can be lost in the event of system failure
View answer
Correct Answer: C
Question #6
To prevent unauthorized entry to the data maintained in a dial-up fast response system, an IS auditor should recommend:
A. online terminals be placed in restricted areas
B. online terminals be equipped with key locks
C. ID cards be required to gain access to online terminals
D. online access be terminated after three unsuccessful attempts
View answer
Correct Answer: D
Question #7
Which of the following is a software application that pretend to be a server on the Internet and is not set up purposely to actively protect against break-ins?
A. Bastion host
B. Honey pot
C. Dual Homed
D. Demilitarize Zone (DMZ)
View answer
Correct Answer: C
Question #8
An IS auditor's primary concern when application developers wish to use a copy of yesterday's production transaction file for volume tests is that:
A. users may prefer to use contrived data for testing
B. unauthorized access to sensitive data may result
C. error handling and credibility checks may not be fully proven
D. full functionality of the new process is not necessarily tested
View answer
Correct Answer: B
Question #9
Which of the following attack occurs when a malicious action is performed by invoking the operating system to execute a particular system call?
A. Eavesdropping
B. Traffic analysis
C. Masquerading
D. Interrupt attack
View answer
Correct Answer: A
Question #10
Utility programs that assemble software modules needed to execute a machine instruction application program version are:
A. text editors
B. program library managers
C. linkage editors and loaders
D. debuggers and development aids
View answer
Correct Answer: B
Question #11
An organization developed a comprehensive three-year IT strategic plan. Halfway into the plan, a major legislative change impacting the organization is enacted. Which of the following should be management’s NEXT course of action?
A. Develop specific procedural documentation related to the changed legislation
B. Assess the legislation to determine whether are required to the strategic IT plan
C. Perform a risk management of the legislative changes
D. Develop a new IT strategic plan that encompasses the new legislation
View answer
Correct Answer: D
Question #12
Which of the following statement correctly describes the difference between symmetric key encryption and asymmetric key encryption?
A. In symmetric key encryption the same key is used for encryption and decryption where as asymmetric key uses private key for encryption and decryption
B. In symmetric key encryption the public key is used for encryption and the symmetric key for decryption
C. In symmetric key encryption the same key is used for encryption and decryption where as in asymmetric key encryption the public key is used for encryption and private key is used for decryption
D. Both uses private key for encryption and the decryption process can be done using public key
View answer
Correct Answer: B
Question #13
When an information security policy has been designed, it is MOST important that the information security policy be:
A. stored offsite
B. written by IS management
C. circulated to users
D. updated frequently
View answer
Correct Answer: A
Question #14
Which of the following is a control over database administration activities?
A. A database checkpoint to restart processing after a system failure
B. Database compression to reduce unused space
C. Supervisory review of access logs
D. Backup and recovery procedures to ensure database availability
View answer
Correct Answer: C
Question #15
Which of the following is a control to compensate for a programmer having access to accounts payable production data?
A. Processing controls such as range checks and logic edits
B. Reviewing accounts payable output reports by data entry
C. Reviewing system-produced reports for checks (cheques) over a stated amount
D. Having the accounts payable supervisor match all checks (cheques) to approved invoices
View answer
Correct Answer: D
Question #16
When assessing the portability of a database application, the IS auditor should verify that:
A. a structured query language (SQL) is used
B. information import and export procedures with other systems exist
C. indexes are used
D. all entities have a significant name and identified primary and foreign keys
View answer
Correct Answer: D
Question #17
From a risk management perspective, which of the following is MOST important to be tracked in continuous monitoring?
A. Number of prevented attacks
B. Changes in the threat environment
C. Changes in user privileges
D. Number of failed logins
View answer
Correct Answer: B
Question #18
Which of the following are effective controls for detecting duplicate transactions such as payments made or received?
A. Concurrency controls
B. Reasonableness checks
C. Time stamps
D. Referential integrity controls
View answer
Correct Answer: B
Question #19
Senior management has allocated funding to each of the organization’s divisions to address information security vulnerabilities. The funding is based on each division’s technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?
A. Redundant controls may be implemented across divisions
B. Information security governance could be decentralized by divisions
C. Areas of highest risk may not be adequately prioritized for treatment
D. Return on investment may be inconsistently reported to senior management
View answer
Correct Answer: D
Question #20
Which of the following is an objective of a control self-assessment (CSA) program?
A. Concentration on areas of high risk
B. Replacement of audit responsibilities
C. Completion of control questionnaires
D. Collaborative facilitative workshops
View answer
Correct Answer: A
Question #21
What is the key distinction between encryption and hashing algorithms?
A. Hashing algorithms ensure data confidentiality
B. Hashing algorithms are irreversible
C. Encryption algorithms ensure data integrity
D. Encryption algorithms are not irreversible
View answer
Correct Answer: D
Question #22
Which of the following answer specifies the correct sequence of levels within the Capability Maturity Model (CMM)?
A. Initial, Managed, Defined, Quantitatively managed, optimized
B. Initial, Managed, Defined, optimized, Quantitatively managed
C. Initial, Defined, Managed, Quantitatively managed, optimized
D. Initial, Managed, Quantitatively managed, Defined, optimized
View answer
Correct Answer: B
Question #23
A month after a company purchased and implemented system and performance monitoring software, reports were too large and therefore were not reviewed or acted upon. The MOST effective plan of action would be to:
A. use analytical tools to produce exception reports from the system and performance monitoring software
B. re-install the system and performance monitoring software
C. evaluate replacement systems and performance monitoring software
D. restrict functionality of system monitoring software to security-related events
View answer
Correct Answer: A
Question #24
A tax calculation program maintains several hundred tax rates. The BEST control to ensure that tax rates entered into the program are accurate is:
A. an independent review of the transaction listing
B. a programmed edit check to prevent entry of invalid data
C. programmed reasonableness checks with 20 percent data entry range
D. a visual verification of data entered by the processing department
View answer
Correct Answer: B
Question #25
When an organization and its IT-hosting service provider are establishing a contract with each other, it is MOST important that the contract includes:
A. each party’s security responsibilities
B. details of expected security metrics
C. penalties for noncompliance with security policy
D. recovery time objectives (RTOs)
View answer
Correct Answer: C
Question #26
Reevaluation of risk is MOST critical when there is:
A. resistance to the implementation of mitigating controls
B. a change in security policy
C. a management request for updated security reports
D. a change in the threat landscape
View answer
Correct Answer: A
Question #27
Which of the following is the MOST important aspect relating to employee termination?
A. The details of employee have been removed from active payroll files
B. Company property provided to the employee has been returned
C. User ID and passwords of the employee have been deleted
D. The appropriate company staff are notified about the termination
View answer
Correct Answer: B
Question #28
Section: The process of Auditing Information System Explanation Explanation/Reference: Which of the following should an IS auditor review FIRST when planning a customer data privacy audit?
A. Legal and compliance requirements
B. Customer agreements
C. Organizational policies and procedures
D. Data classification
View answer
Correct Answer: A
Question #29
Which of the following is a guiding best practice for implementing logical access controls?
A. Implementing the Biba Integrity Model
B. Access is granted on a least-privilege basis, per the organization's data owners
C. Implementing the Take-Grant access control model
D. Classifying data according to the subject’s requirements
View answer
Correct Answer: A
Question #30
What type of transmission requires modems?
A. Encrypted
B. Digital
C. Analog
D. Modulated
View answer
Correct Answer: C
Question #31
Which of the following could lead to an unintentional loss of confidentiality?
A. Lack of employee awareness of a company's information security policy
B. Failure to comply with a company's information security policy
C. A momentary lapse of reason
D. Lack of security policy enforcement procedures
View answer
Correct Answer: D
Question #32
An IS auditor performing an application maintenance audit would review the log of program changes for the:
A. authorization for program changes
B. creation date of a current object module
C. number of program changes actually made
D. creation date of a current source program
View answer
Correct Answer: A
Question #33
Business continuity/disaster recovery is PRIMARILY the responsibility of:
A. IS management
B. business unit managers
C. the security administrator
D. the board of directors
View answer
Correct Answer: D
Question #34
When performing a general controls review, an IS auditor checks the relative location of the computer room inside the building. What potential threat is the IS auditor trying to identify?
A. Social engineering
B. Windstorm
C. Earthquake
D. Flooding
View answer
Correct Answer: B
Question #35
A key element in a risk analysis is/are:
A. audit planning
B. controls
C. vulnerabilities
D. liabilities
View answer
Correct Answer: B
Question #36
An organization is introducing a single sign-on (SSO) system. Under the SSO system, users will be required to enter only one user ID and password for access to all application systems. Under the SSO system, unauthorized access:
A. is less likely
B. is more likely
C. will have a greater impact
D. will have a smaller impact
View answer
Correct Answer: A
Question #37
Regarding digital signature implementation, which of the following answers is correct?
A. A digital signature is created by the sender to prove message integrity by encrypting the message with the sender's private key
B. A digital signature is created by the sender to prove message integrity by encrypting the message with the recipient's public key
C. A digital signature is created by the sender to prove message integrity by initially using a hashing algorithm to produce a hash value or message digest from the entire message contents
D. A digital signature is created by the sender to prove message integrity by encrypting the message with the sender's public key
View answer
Correct Answer: B
Question #38
Which of the following is the PRIMARY benefit of using an integrated audit approach?
A. Higher acceptance of the findings from the audited business areas
B. The avoidance of duplicated work and redundant recommendations
C. Enhanced allocation of resources and reduced audit costs
D. A holistic perspective of overall risk and a better understanding of controls
View answer
Correct Answer: A
Question #39
An organization has implemented an automated match between purchase orders, good receipts, and invoices. Which of the following risks will this control BEST mitigate?
A. Customer discounts not being applied
B. A legitimate transaction being paid multiple times
C. Invalid payments being processed by the system
D. Delay of purchase orders
View answer
Correct Answer: A
Question #40
Which of the following is the BEST way to increase the effectiveness of security incident detection?
A. Educating end users on identifying suspicious activity
B. Establishing service level agreements (SLAs) with appropriate forensic service providers
C. Determining containment activities based on the type of incident
D. Documenting root cause analysis procedures
View answer
Correct Answer: C
Question #41
If senior management is not committed to strategic planning, how likely is it that a company's implementation of IT will be successful?
A. IT cannot be implemented if senior management is not committed to strategic planning
B. More likely
C. Less likely
D. Strategic planning does not affect the success of a company's implementation of IT
View answer
Correct Answer: C
Question #42
An IS auditor has found that a vendor has gone out of business and the escrow has an older version of the source code. What is the auditor’s BEST recommendation for the organization?
A. Continue using the existing application since it meets the current requirements
B. Prepare a maintenance plan that will support the application using the existing code
C. Bring the escrow version up to date
D. Undertake an analysis to determine the business risk
View answer
Correct Answer: S
Question #43
Which of the following ACID property ensures that transaction will bring the database from one valid state to another?
A. Atomicity
B. Consistency
C. Isolation
D. Durability
View answer
Correct Answer: B
Question #44
Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?
A. A substantive test of program library controls
B. A compliance test of program library controls
C. A compliance test of the program compiler controls
D. A substantive test of the program compiler controls
View answer
Correct Answer: D
Question #45
Which of the following transmission media is LEAST vulnerable to cross talk?
A. Copper cable
B. Fiber Optics
C. Satellite Radio Link
D. Coaxial cable
View answer
Correct Answer: A
Question #46
Which of the following attack could be avoided by creating more security awareness in the organization and provide adequate security knowledge to all employees?
A. surf attack
B. Traffic analysis
C. Phishing
D. Interrupt attack
View answer
Correct Answer: C
Question #47
Which of the following data validation edits is effective in detecting transposition and transcription errors?
A. Range check
B. Check digit
C. Validity check
D. Duplicate check
View answer
Correct Answer: A
Question #48
Which of the following is MOST is critical during the business impact assessment phase of business continuity planning?
A. End-user involvement
B. Senior management involvement
C. Security administration involvement
D. IS auditing involvement
View answer
Correct Answer: B
Question #49
What is the PRIMARY objective of performing a vulnerability assessment following a business system update?
A. Update the threat landscape
B. Review the effectiveness of controlsC
D. Improve the change control process
View answer
Correct Answer: B
Question #50
For an online transaction processing system, transactions per second is a measure of:
A. throughput
B. response time
C. turnaround time
D. uptime
View answer
Correct Answer: B
Question #51
In which of the following network configurations would problem resolution be the easiest?
A. Bus
B. Ring
C. Star
D. Mesh
View answer
Correct Answer: B
Question #52
Facilitating telecommunications continuity by providing redundant combinations of local carrier T-1 lines, microwaves and/or coaxial cables to access the local communication loop is:
A. last mile circuit protection
B. long haul network diversity
C. diverse routing
D. alternative routing
View answer
Correct Answer: A
Question #53
In regard to moving an application program from the test environment to the production environment, the BEST control would be provided by having the:
A. application programmer copy the source program and compiled object module to the production libraries
B. as paul says,
C. production control group compile the object module to the production libraries using the source program in the test environment
D. production control group copy the source program to the production libraries and then compile the program
View answer
Correct Answer: D
Question #54
What type of BCP test uses actual resources to simulate a system crash and validate the plan's effectiveness?
A. Paper
B. Preparedness
C. Walk-through
D. Parallel
View answer
Correct Answer: C
Question #55
Which of the following is a passive attack on a network?
A. Message service interruption
B. Message modification
C. Traffic analysis
D. Sequence analysis
View answer
Correct Answer: B
Question #56
Which of the following would be best suited to oversee the development of an information security policy?
A. System Administrators
B. End User
C. Security Officers
D. Security administrators
View answer
Correct Answer: A
Question #57
Which of the following is a technique that could be used to capture network user passwords?
A. Encryption
B. Sniffing
C. Spoofing
D. A signed document cannot be altered
View answer
Correct Answer: C
Question #58
Which of the following attack redirects outgoing message from the client back onto the client, preventing outside access as well as flooding the client with the sent packets?
A. Banana attack
B. Brute force attack
C. Buffer overflow
D. Pulsing Zombie
View answer
Correct Answer: B
Question #59
The MAIN purpose of documenting information security guidelines for use within a large, international organization is to:
A. ensure that all business units have the same strategic security goals
B. provide evidence for auditors that security practices are adequate
C. explain the organization’s preferred practices for security
D. ensure that all business units implement identical security procedures
View answer
Correct Answer: D
Question #60
Management has decided to include a compliance manager in the approval process for a new business that may require changes to the IT infrastructure. Which of the following is the GREATEST benefit of this approach?
A. Security breach incidents can be identified in early stages
B. Regulatory risk exposures can be identified before they materialize
C. Fewer reviews are needed when updating the IT compliance process
D. Process accountabilities to external stakeholders are improved
View answer
Correct Answer: D
Question #61
Which of the following types of controls would be MOST important to implement when digitizing human resource (HR) records?
A. Change management controls
B. Software development controls
C. Project management controls
D. Access management controls
View answer
Correct Answer: C
Question #62
When choosing the best controls to mitigate risk to acceptable levels, the information security manager’s decision should be MAINLY driven by:
A. cost-benefit analysis
B. regulatory requirements
C. best practices
D. control framework
View answer
Correct Answer: A
Question #63
An advantage in using a bottom-up versus a top-down approach to software testing is that:
A. interface errors are detected earlier
B. confidence in the system is achieved earlier
C. errors in critical modules are detected earlier
D. major functions and processing are tested earlier
View answer
Correct Answer: B
Question #64
During an IS audit, one of your auditor has observed that some of the critical servers in your organization can be accessed ONLY by using shared/common user name and password. What should be the auditor's PRIMARY concern be with this approach?
A. Password sharing
B. Accountability
C. Shared account management
D. Difficulty in auditing shared account
View answer
Correct Answer: C
Question #65
A client/server configuration will:
A. optimize system performance by having a server on a front-end and clients on a host
B. enhance system performance through the separation of front-end and back-end processes
C. keep track of all the clients using the IS facilities of a service organization
D. limit the clients and servers’ relationship by limiting the IS facilities to a single hardware system
View answer
Correct Answer: A
Question #66
Adding security requirements late in the software development life cycle would MOST likely result in:
A. cost savings
B. clearer understanding of requirements
C. operational efficiency
D. compensating controls
View answer
Correct Answer: D
Question #67
When implementing continuous monitoring systems an IS auditor's first step is to identify:
A. reasonable target thresholds
B. high-risk areas within the organization
C. the location and format of output files
D. applications that provide the highest potential payback
View answer
Correct Answer: A
Question #68
An IS auditor finds that a company is using a payroll provider hosted in a foreign country. Of the following, the MOST important audit consideration is whether the provider’s operations:
A. meet industry best practice and standards
B. comply with applicable laws and regulations
C. are shared with other companies using the provider
D. are aligned with the company’s culture
View answer
Correct Answer: A
Question #69
Which of the following BEST contributes to the successful management of security incidents?
A. Tested controls
B. Established procedures
C. Established policies
D. Current technologies
View answer
Correct Answer: B
Question #70
Which of the following would an IS auditor consider to be the MOST important to review when conducting a business continuity audit?
A. A hot site is contracted for and available as needed
B. A business continuity manual is available and current
C. Insurance coverage is adequate and premiums are current
D. Media backups are performed on a timely basis and stored offsite
View answer
Correct Answer: D
Question #71
Which of the following is a concern when data is transmitted through secure socket layer (SSL) encryption implemented on a trading partner's server?
A. Organization does not have control over encryption
B. Messages are subjected to wire tapping
C. Data might not reach the intended recipient
D. The communication may not be secure
View answer
Correct Answer: A
Question #72
Which of the following technique is used for speeding up network traffic flow and making it easier to manage?
A. Point-to-point protocol
B. X
C. MPLS
D. ISDN
View answer
Correct Answer: A
Question #73
Which of the following provides the BEST assurance that security policies are applied across business operations?
A. Organizational standards are required to be formally accepted
B. Organizational standards are enforced by technical controls
C. Organizational standards are included in awareness training
D. Organizational standards are documented in operational procedures
View answer
Correct Answer: B
Question #74
During a review of a customer master file an IS auditor discovered numerous customer name duplications arising from variations in customer first names. To determine the extent of the duplication the IS auditor would use:
A. test data to validate data input
B. test data to determine system sort capabilities
C. generalized audit software to search for address field duplications
D. generalized audit software to search for account field duplications
View answer
Correct Answer: B
Question #75
To prevent an organization's computer systems from becoming part of a distributed denial-of-service attack, IP packets containing addresses that are listed as unroutable can be isolated by:
A. establishing outbound traffic filtering
B. enabling broadcast blocking
C. limiting allowable services
D. network performance monitoring
View answer
Correct Answer: C
Question #76
Which of the following layer of an enterprise data flow architecture is responsible for data copying, transformation in Data Warehouse (DW) format and quality control?
A. Data Staging and quality layer
B. Desktop Access Layer
C. Data Mart layer
D. Data access layer
View answer
Correct Answer: C
Question #77
The effectiveness of an incident response team will be GREATEST when:
A. the incident response process is updated based on lessons learned
B. incidents are identified using a security information and event monitoring (SIEM) system
C. the incident response team members are trained security personnel
D. the incident response team meets on a regular basis to review log files
View answer
Correct Answer: B
Question #78
Which of the following audit procedures would an IS auditor normally perform FIRST when reviewing an organization's systems development methodology?
A. Determine procedural adequacy
B. Analyze procedural effectiveness
C. Evaluate level of compliance with procedures
D. Compare established standards to observed procedures
View answer
Correct Answer: C
Question #79
When logging on to an online system, which of the following processes would the system perform FIRST?
A. Initiation
B. Verification
C. Authorization
D. Authentication
View answer
Correct Answer: C
Question #80
Following a reorganization of a company's legacy database, it was discovered that records were accidentally deleted. Which of the following controls would have MOST effectively detected this occurrence?
A. Range check
B. Table lookups
C. Run-to-run totals
D. One-for-one checking
View answer
Correct Answer: C
Question #81
Sales orders are automatically numbered sequentially at each of a retailer's multiple outlets. Small orders are processed directly at the outlets, with large orders sent to a central production facility. The MOST appropriate control to ensure that all orders transmitted to production are received and processed would be to:
A. send and reconcile transaction counts and totals
B. have data transmitted back to the local site for comparison
C. compare data communications protocols with parity checking
D. track and account for the numerical sequence of sales orders at the production facility
View answer
Correct Answer: C
Question #82
Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network?
A. The use of diskless workstations
B. Periodic checking of hard drives
C. The use of current antivirus software
D. Policies that result in instant dismissal if violated
View answer
Correct Answer: C
Question #83
Which of the following BEST describes a common risk in implementing a new application software package?
A. Parameter settings are incorrect
B. Transaction volume is excessive
C. Sensitivity of transactions is high
D. The application lacks audit trails
View answer
Correct Answer: C
Question #84
Which of the following manages the digital certificate life cycle to ensure adequate security and controls exist in digital signature applications related to e-commerce?
A. Registration authority
B. Certification authority
C. Certification relocation list
D. Certification practice statement
View answer
Correct Answer: A
Question #85
Which of the following is the MOST important role of the information security manager when the organization is in the process of adopting emerging technologies?
A. Understanding the impact on existing resources
B. Assessing how peer organizations using the same technologies have been impacted
C. Developing training for end users to familiarize them with the new technology
D. Reviewing vendor documentation and service levels agreements
View answer
Correct Answer: C
Question #86
Who is ultimately responsible and accountable for reviewing user access to systems?
A. Systems security administrators
B. Data custodians
C. Data owners
D. Information systems auditors
View answer
Correct Answer: B
Question #87
The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program?
A. Utilization of an intrusion detection system to report incidents
B. Mandating the use of passwords to access all software
C. Installing an efficient user log system to track the actions of each user
D. Provide training on a regular basis to all current and new employees
View answer
Correct Answer: C
Question #88
Which of the following cloud deployment model is formed by the composition of two or more cloud deployment mode?
A. Private Cloud
B. Community Cloud
C. Public Cloud
D. Hybrid Cloud
View answer
Correct Answer: A
Question #89
Which of the following is the MOST important outcome of testing incident response plans?
A. Internal procedures are improved
B. An action plan is available for senior management
C. Staff is educated about current threats
D. Areas requiring investment are identified
View answer
Correct Answer: C
Question #90
With reference to the risk management process, which of the following statements is correct?
A. Vulnerabilities can be exploited by a threat
B. Vulnerabilities are events with the potential to cause harm to IS resources
C. Vulnerability exists because of threats associated with use of information resources
D. Lack of user knowledge is an example of a threat
View answer
Correct Answer: C
Question #91
During an implementation review of a multiuser distributed application, the IS auditor finds minor weaknesses in three areas-the initial setting of parameters is improperly installed, weak passwords are being used and some vital reports are not being checked properly. While preparing the audit report, the IS auditor should:
A. record the observations separately with the impact of each of them marked against each respective finding
B. advise the manager of probable risks without recording the observations, as the control weaknesses are minor ones
C. record the observations and the risk arising from the collective weaknesses
D. apprise the departmental heads concerned with each observation and properly document it in the report
View answer
Correct Answer: B
Question #92
In a data center audit, an IS auditor finds that the humidity level is very low. The IS auditor would be MOST concerned because of an expected increase in:
A. employee discomfort
B. risk of fire
C. static electricity problems
D. backup tape failures
View answer
Correct Answer: C
Question #93
An internal control audit has revealed a control deficiency related to a legacy system where the compensating controls no longer appear to be effective. Which of the following would BEST help the information security manager determine the security requirements to resolve the control deficiency?
View answer
Correct Answer: D
Question #94
Which of the following findings would be of GREATEST concern to an IS auditor performing an information security audit of critical server log management activities?
A. Log records can be overwritten before being reviewed
B. Logging procedures are insufficiently documented
C. Log records are dynamically into different servers
D. Logs are monitored using manual processes
View answer
Correct Answer: B
Question #95
The PRIMARY objective of an IS audit function is to:
A. determine whether everyone uses IS resources according to their job description
B. determine whether information systems safeguard assets, and maintain data integrity
C. examine books of accounts and relative documentary evidence for the computerized system
D. determine the ability of the organization to detect fraud
View answer
Correct Answer: C
Question #96
Which of the following is the MOST secure and economical method for connecting a private network over the Internet in a small- to medium-sized organization?
A. Virtual private network
B. Dedicated line
C. Leased line
D. Integrated services digital network
View answer
Correct Answer: C

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: