DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

CISA Exam Questions & Mock Exams, Certified Information Systems Auditor | SPOTO

Welcome to SPOTO's CISA Exam Questions & Mock Exams for 2024! The Certified Information Systems Auditor® (CISA®) certification is esteemed worldwide for its rigorous standards in auditing, IT systems assessment, and risk-based audit methodologies. Our mock exams, coupled with exam questions, offer a comprehensive preparation strategy for aspiring CISA professionals. Mock tests provide invaluable advantages, including simulating real exam conditions, identifying strengths and areas for improvement, and building confidence for exam day. Join SPOTO to access high-quality exam materials, including sample questions and practice tests, and embark on a successful journey towards achieving your CISA certification. Elevate your expertise and demonstrate your ability to apply a risk-based approach to audit engagements with SPOTO's CISA Exam Preparation.

Take other online exams
Question #1
Which of the following would be considered an essential feature of a network management system?
A. A graphical interface to map the network topology
B. Capacity to interact with the Internet to solve the problems
C. Connectivity to a help desk for advice on difficult issues
D. An export facility for piping data to spreadsheets
View answer
Correct Answer: A
Question #2
Which of the following goals would you expect to find in an organization's strategic plan?
A. Test a new accounting package
B. Perform an evaluation of information technology needs
C. Implement a new project planning system within the next 12 months
D. Become the supplier of choice for the product offered
View answer
Correct Answer: D
Question #3
An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a:
A. cold site
B. warm site
C. dial-up site
D. duplicate processing facility
View answer
Correct Answer: A
Question #4
The advantage of a bottom-up approach to the development of organizational policies is that the policies:
A. are developed for the organization as a whole
B. are more likely to be derived as a result of a risk assessment
C. will not conflict with overall corporate policy
D. ensure consistency across the organization
View answer
Correct Answer: B
Question #5
A company has implemented a new client-server enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following would BEST ensure that the orders are entered accurately and the corresponding products are produced?
A. Verifying production to customer orders
B. Logging all customer orders in the ERP system
C. Using hash totals in the order transmitting process
D. Approving (production supervisor) orders prior to production
View answer
Correct Answer: A
Question #6
What influences decisions regarding criticality of assets?
A. The business criticality of the data to be protected
B. Internal corporate politics
C. The business criticality of the data to be protected, and the scope of the impact upon the organization as a whole
D. The business impact analysis
View answer
Correct Answer: C
Question #7
Which of the following is the BEST indication of a successful information security culture?
A. Penetration testing is done regularly and findings remediated
B. End users know how to identify and report incidents
C. Individuals are given access based on job functions
D. The budget allocated for information security is sufficient
View answer
Correct Answer: B
Question #8
Which of the following programs would a sound information security policy MOST likely include to handle suspected intrusions?
A. Response
B. Correction
C. Detection
D. Monitoring
View answer
Correct Answer: A
Question #9
An IS auditor should be concerned when a telecommunication analyst:
A. monitors systems performance and tracks problems resulting from program changes
B. reviews network load requirements in terms of current and future transaction volumes
C. assesses the impact of the network load on terminal response times and network data transfer rates
D. recommends network balancing procedures and improvements
View answer
Correct Answer: A
Question #10
The PRIMARY objective of conducting a post-implementation review is to:
A. determine if project management methodology was applied consistently
B. verify that the information system meets the intended objectives
C. determine if testing documentation was sufficient
D. allow employees to provide feedback on the information system
View answer
Correct Answer: B
Question #11
Once an organization has finished the business process reengineering (BPR) of all its critical operations, an IS auditor would MOST likely focus on a review of:
A. pre-BPR process flowcharts
B. post-BPR process flowcharts
C. BPR project plans
D. continuous improvement and monitoring plans
View answer
Correct Answer: B
Question #12
The MOST significant reason for using key performance indicators (KPIs) to track the progress of IT projects against initial targets is that they: D.
A. influence management decisions to outsource IT projects
B. identify which projects may require additional funding
C. provide timely indication of when corrective actions need to be taken
D. identify instances where increased stakeholder engagement is required
View answer
Correct Answer: D
Question #13
In regard to moving an application program from the test environment to the production environment, the BEST control would be to have the:
A. application programmer copy the source program and compiled object module to the production libraries
B. application programmer copy the source program to the production libraries and then have the production control group compile the program
C. production control group compile the object module to the production libraries using the source program in the test environment
D. production control group copy the source program to the production libraries and then compile the program
View answer
Correct Answer: D
Question #14
An external penetration test identified a serious security vulnerability in a critical business application. Before reporting the vulnerability to senior management, the information security manager’s BEST course of action should be to:
A. determine the potential impact with the business owner
B. initiate the incident response process
C. block access to the vulnerable business application
D. report the vulnerability to IT for remediation
View answer
Correct Answer: A
Question #15
Which of the following transmission media uses a transponder to send information?
A. Copper cable
B. Fiber Optics
C. Satellite Radio Link
D. Coaxial cable
View answer
Correct Answer: C
Question #16
Which of the following statement correctly describes difference between packet filtering firewall and stateful inspection firewall?
A. Packet filtering firewall do not maintain client session whereas Stateful firewall maintains client session
B. Packet filtering firewall and Stateful firewall both maintain session of client
C. Packet filtering firewall is a second generation firewall whereas Stateful is a first generation of firewall
D. Packet filtering firewall and Stateful firewall do not maintain any session of client
View answer
Correct Answer: A
Question #17
Following request for proposal (RFP) responses, a project seeking to acquire a new application system has identified a short list of vendors. At this point, the IS auditor should:
A. encourage contact with current users of the vendor’s products
B. perform a detailed cost-benefit exercise on the proposed application
C. require that contract terms include a right-to-audit clause
D. recommend performing system integration tests
View answer
Correct Answer: C
Question #18
Which of the following BEST reduces the ability of one device to capture the packets that are meant for another device?
A. Filters
B. Switches
C. Routers
D. Firewalls
View answer
Correct Answer: B
Question #19
While conducting an audit, an IS auditor detects the presence of a virus. What should be the IS auditor’s next step?
A. Observe the response mechanism
B. Clear the virus from the network
C. Inform appropriate personnel immediately
D. Ensure deletion of the virus
View answer
Correct Answer: C
Question #20
In a relational database with referential integrity, the use of which of the following keys would prevent deletion of a row from a customer table as long as the customer number of that row is stored with live orders on the orders table?
A. Foreign key
B. Primary key
C. Secondary key
D. Public key
View answer
Correct Answer: A
Question #21
During the audit of a database server, which of the following would be considered the GREATEST exposure?
A. The password does not expire on the administrator account
B. Default global security settings for the database remain unchanged
C. Old data have not been purged
D. Database activity is not fully logged
View answer
Correct Answer: B
Question #22
Which of the following do digital signatures provide?
A. Authentication and integrity of data
B. Authentication and confidentiality of data
C. Confidentiality and integrity of data
D. Authentication and availability of data
View answer
Correct Answer: A
Question #23
The objective of concurrency control in a database system is to:
A. restrict updating of the database to authorized users
B. prevent integrity problems when two processes attempt to update the same data at the same time
C. prevent inadvertent or unauthorized disclosure of data in the database
D. ensure the accuracy, completeness and consistency of data
View answer
Correct Answer: B
Question #24
The FIRST step in managing the risk of a cyber-attack is to:
A. assess the vulnerability impact
B. evaluate the likelihood of threats
C. identify critical information assets
D. estimate potential damage
View answer
Correct Answer: C
Question #25
Which of the following type of lock uses a numeric keypad or dial to gain entry?
A. Bolting door locks
B. Cipher lock
C. Electronic door lock
D. Biometric door lock
View answer
Correct Answer: B
Question #26
Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?
A. User management coordination does not exist
B. Specific user accountability cannot be established
C. Unauthorized users may have access to originate, modify or delete data
D. Audit recommendations may not be implemented
View answer
Correct Answer: C
Question #27
Which of the following is the INCORRECT Layer to Protocol mapping used in the DOD TCP/IP model?
A. Application layer – Telnet
B. Transport layer – ICMP
C. Internet layer – IP
D. Network Access layer – Ethernet
View answer
Correct Answer: B
Question #28
When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next:
A. recommend that the database be normalized
B. review the conceptual data model
C. review the stored procedures
D. review the justification
View answer
Correct Answer: D
Question #29
A company undertakes a business process reengineering (BPR) project in support of a new and direct marketing approach to its customers. Which of the following would be an IS auditor's main concern about the new process?
A. Whether key controls are in place to protect assets and information resources
B. If the system addresses corporate customer requirements
C. Whether the system can meet the performance goals (time and resources)
D. Whether owners have been identified who will be responsible for the process
View answer
Correct Answer: A
Question #30
What would an IS auditor expect to find in the console log?
A. Evidence of password spoofing
B. System errors
C. Evidence of data copy activities
D. Evidence of password sharing
View answer
Correct Answer: B
Question #31
During the collection of forensic evidence, which of the following actions would MOST likely result in the destruction or corruption of evidence on a compromised system?
A. Dumping the memory content to a file
B. Generating disk images of the compromised system
C. Rebooting the system
D. Removing the system from the network
View answer
Correct Answer: C
Question #32
Atomicity enforces data integrity by ensuring that a transaction is either completed in its entirely or not at all. Atomicity is part of the ACID test reference for transaction processing. True or false?
A. True
B. False
View answer
Correct Answer: A
Question #33
To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:
A. rely on senior management to enforce security
B. promote the relevance and contribution of security
C. reiterate the necessity of security
D. focus on compliance
View answer
Correct Answer: B
Question #34
An IS auditor who has discovered unauthorized transactions during a review of EDI transactions is likely to recommend improving the:
A. EDI trading partner agreements
B. physical controls for terminals
C. authentication techniques for sending and receiving messages
D. program change control procedures
View answer
Correct Answer: C
Question #35
Which of the following software development methodology is a reuse-based approach to defining, implementing and composing loosely coupled independent components into systems?
A. Agile Developments
B. Software prototyping
C. Rapid application development
D. Component based development
View answer
Correct Answer: D
Question #36
What is a primary high-level goal for an auditor who is reviewing a system development project?
A. To ensure that programming and processing environments are segregated
B. To ensure that proper approval for the project has been obtained
C. To ensure that business objectives are achieved
D. To ensure that projects are monitored and administrated effectively
View answer
Correct Answer: C
Question #37
Which of the following ACID property in DBMS means that once a transaction has been committed, it will remain so, even in the event of power loss, crashes, or errors?
A. Atomicity
B. Consistency
C. Isolation
D. Durability
View answer
Correct Answer: D
Question #38
Which of the following typically focuses on making alternative processes and resources available for transaction processing?
A. Cold-site facilities
B. Disaster recovery for networks
C. Diverse processing
D. Disaster recovery for systems
View answer
Correct Answer: D
Question #39
During maintenance of a relational database, several values of the foreign key in a transaction table of a relational database have been corrupted. The consequence is that:
A. the detail of involved transactions may no longer be associated with master data, causing errors when these transactions are processed
B. there is no way of reconstructing the lost information, except by deleting the dangling tuples and reentering the transactions
C. the database will immediately stop execution and lose more information
D. the database will no longer accept input data
View answer
Correct Answer: A
Question #40
Which of the following layer in in an enterprise data flow architecture is directly death with by end user with information?
A. Desktop access layer
B. Data preparation layer
C. Data mart layer
D. Data access layer
View answer
Correct Answer: A
Question #41
How is risk affected if users have direct access to a database at the system level?
A. Risk of unauthorized access increases, but risk of untraceable changes to the database decreases
B. Risk of unauthorized and untraceable changes to the database increases
C. Risk of unauthorized access decreases, but risk of untraceable changes to the database increases
D. Risk of unauthorized and untraceable changes to the database decreases
View answer
Correct Answer: B
Question #42
Which of the following would be MOST useful to an information security manager when conducting a post-incident review of an attack?
A. Details from intrusion detection system logs
B. Method of operation used by the attacker
C. Cost of the attack to the organization
D. Location of the attacker
View answer
Correct Answer: B
Question #43
Which policy helps an auditor to gain a better understanding of biometrics system in an organization?
A. BIMS Policy
B. BOMS Policy
C. BMS Policy
D. BOS Policy
View answer
Correct Answer: A
Question #44
Which of the following would be the MOST effective audit technique for identifying segregation of duties violations in a new enterprise resource planning (ERP) implementation?
A. Reviewing a report of security rights in the system
B. Reviewing the complexities of authorization objects
C. Building a program to identify conflicts in authorization
D. Examining recent access rights violation cases
View answer
Correct Answer: C
Question #45
Though management has stated otherwise, an IS auditor has reasons to believe that the organization is using software that is not licensed. In this situation, the IS auditor should:
A. include the statement of management in the audit report
B. identify whether such software is, indeed, being used by the organization
C. reconfirm with management the usage of the software
D. discuss the issue with senior management since reporting this could have a negative impact on the organization
View answer
Correct Answer: B
Question #46
Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance with an organization's security policy?
A. Review the parameter settings
B. Interview the firewall administrator
C. Review the actual procedures
D. Review the device's log file for recent attacks
View answer
Correct Answer: A
Question #47
IS management has decided to rewrite a legacy customer relations system using fourth generation languages (4GLs). Which of the following risks is MOST often associated with system development using 4GLs?
A. Inadequate screen/report design facilities
B. Complex programming language subsets
C. Lack of portability across operating systems
D. Inability to perform data intensive operations
View answer
Correct Answer: D
Question #48
Information security awareness programs are MOST effective when they are:
A. customized for each target audience
B. conducted at employee orientation
C. reinforced by computer-based training
D. sponsored by senior management
View answer
Correct Answer: A
Question #49
To determine if unauthorized changes have been made to production code the BEST audit procedure is to:
A. examine the change control system records and trace them forward to object code files
B. review access control permissions operating within the production program libraries
C. examine object code to find instances of changes and trace them back to change control records
D. review change approved designations established within the change control system
View answer
Correct Answer: C
Question #50
An organization has suffered a number of incidents in which USB flash drives with sensitive data have been lost. Which of the following be MOST effective in preventing loss of sensitive data?
A. Modifying the disciplinary policy to be more stringent
B. Implementing a check-in/check-out process for USB flash drives
C. Issuing encrypted USB flash drives to staff
D. Increasing the frequency of security awareness training
View answer
Correct Answer: C
Question #51
Which of the following testing method examines the functionality of an application without peering into its internal structure or knowing the details of it's internals?
A. Black-box testing
B. Parallel Test
C. Regression Testing
D. Pilot Testing
View answer
Correct Answer: A
Question #52
Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions?
A. Parity check
B. Echo check
C. Block sum check
D. Cyclic redundancy check
View answer
Correct Answer: D
Question #53
Which of the following attack includes social engineering, link manipulation or web site forgery techniques?
A. surf attack
B. Traffic analysis
C. Phishing
D. Interrupt attack
View answer
Correct Answer: C
Question #54
Receiving an EDI transaction and passing it through the communication's interface stage usually requires:
A. translating and unbundling transactions
B.
C. passing data to the appropriate application system
D. creating a point of receipt audit log
View answer
Correct Answer: B
Question #55
An IS auditor finds that, at certain times of the day, the data warehouse query performance decreases significantly. Which of the following controls would it be relevant for the IS auditor to review?
A. Permanent table-space allocation
B. Commitment and rollback controls
C. User spool and database limit controls
D. Read/write access log controls
View answer
Correct Answer: C
Question #56
The most likely error to occur when implementing a firewall is:
A. incorrectly configuring the access lists
B. compromising the passwords due to social engineering
C. connecting a modem to the computers in the network
D. inadequately protecting the network and server from virus attacks
View answer
Correct Answer: A
Question #57
Doing which of the following during peak production hours could result in unexpected downtime?
A. Performing data migration or tape backup
B. Performing preventive maintenance on electrical systems
C. Promoting applications from development to the staging environment
D. Replacing a failed power supply in the core router of the data center
View answer
Correct Answer: B
Question #58
Which of the following device in Frame Relay WAN technique is generally customer owned device that provides a connectivity between company's own network and the frame relays network?
A. DTE
B. DCE
C. DME DLE
View answer
Correct Answer: A
Question #59
A review of wide area network (WAN) usage discovers that traffic on one communication line between sites, synchronously linking the master and standby database, peaks at 96 percent of the line capacity. An IS auditor should conclude that:
A. analysis is required to determine if a pattern emerges that results in a service loss for a short period of time
B. WAN capacity is adequate for the maximum traffic demands since saturation has not been reached
C. the line should immediately be replaced by one with a larger capacity to provide approximately 85 percent saturation
D. users should be instructed to reduce their traffic demands or distribute them across all service hours to flatten bandwidth consumption
View answer
Correct Answer: A
Question #60
Which of the following is the MOST important reason for logging firewall activity?
A. Intrusion detection
B. Auditing purposes
C. Firewall tuning
D. Incident investigation
View answer
Correct Answer: B
Question #61
When two or more systems are integrated, input/output controls must be reviewed by an IS auditor in the:
A. systems receiving the output of other systems
B. systems sending output to other systems
C. systems sending and receiving data
D. interfaces between the two systems
View answer
Correct Answer: C
Question #62
Which of the following weaknesses would have the GREATEST impact on the effective operation of a perimeter firewall?
A. Ad-hoc monitoring of firewall activity
B. Potential back doors to the firewall software
C. Misconfiguration on the firewall rules
D. Use of stateful firewalls with default configuration
View answer
Correct Answer: C
Question #63
Which of the following process consist of identification and selection of data from the imaged data set in computer forensics?
A. Investigation
B. Interrogation
C. Reporting
D. Extraction
View answer
Correct Answer: D
Question #64
Library control software restricts source code to:
A. Read-only access
B. Write-only access
C. Full access
D. Read-write access
View answer
Correct Answer: A
Question #65
During the due diligence phase of an acquisition, the MOST important course of action for an information security manager would be to:
A. review the state of security awareness
B. perform a gap analysis
C. perform a risk assessment
D. review information security policies
View answer
Correct Answer: C
Question #66
Which of the following would provide the highest degree of server access control?
A. A mantrap-monitored entryway to the server room
B. Host-based intrusion detection combined with CCTV
C. Network-based intrusion detection
D. A fingerprint scanner facilitating biometric access control
View answer
Correct Answer: D
Question #67
What are used as the framework for developing logical access controls?
A. Information systems security policies
B. Organizational security policies
C. Access Control Lists (ACL)
D. Organizational charts for identifying roles and responsibilities
View answer
Correct Answer: A
Question #68
For locations 3a, 1d and 3d, the diagram indicates hubs with lines that appear to be open and active. Assuming that is true, what control, if any, should be recommended to mitigate this weakness?
A. Intelligent hub
B. Physical security over the hubs
C. Physical security and an intelligent hub
D. No controls are necessary since this is not a weakness
View answer
Correct Answer: C
Question #69
Web and e-mail filtering tools are PRIMARILY valuable to an organization because they:
A. protect the organization from viruses and nonbusiness materials
B. maximize employee performance
C. safeguard the organization's image
D. assist the organization in preventing legal issues
View answer
Correct Answer: A
Question #70
D. An organization has replaced all of the storage devices at its primary data center with new, higher capacity units. The replaced devices have been installed at the disaster recovery site to replace older units. An IS auditor’s PRIMARY concern would be whether:A. the procurement was in accordance with corporate policies and proceduresB. the relocation plan has been communicated to all concerned partiesC. a hardware maintenance contract is in place for both old and new storage devicesD. the recovery site devices can handle the storage requirements
View answer
Correct Answer: A
Question #71
Which of the following controls would provide the GREATEST assurance of database integrity?
A. Audit log procedures
B. Table link/reference checks
C. Query/table access time checks
D. Rollback and roll forward database features
View answer
Correct Answer: B
Question #72
Adding security requirements late in the software development life cycle would MOST likely result in:
A. cost savings
B. clearer understanding of requirements
C. operational efficiency
D. compensating controls
View answer
Correct Answer: D
Question #73
Which of the following software development methods is based on iterative and incremental development, where requirements and solutions evolve through collaboration between self-organizing, cross-functional teams?
A. Agile Development
B. Software prototyping
C. Rapid application development
D. Component based development
View answer
Correct Answer: A
Question #74
What can ISPs use to implement inbound traffic filtering as a control to identify IP packets transmitted from unauthorized sources?
A. OSI Layer 2 switches with packet filtering enabled
B. Virtual Private Networks
C. Access Control Lists (ACL)
D. Point-to-Point Tunneling Protocol
View answer
Correct Answer: C
Question #75
When reviewing an implementation of a VoIP system over a corporate WAN, an IS auditor should expect to find:
A. an integrated services digital network (ISDN) data link
B. traffic engineering
C. wired equivalent privacy (WEP) encryption of data
D. analog phone terminals
View answer
Correct Answer: B
Question #76
An IS auditor should review the configuration of which of the following protocols to detect unauthorized mappings between the IP address and the media access control (MAC) address?
A. Simple Object Access Protocol (SOAP)
B. Address Resolution Protocol (ARP)
C. Routing Information Protocol (RIP)
D. Transmission Control Protocol (TCP)
View answer
Correct Answer: B
Question #77
In an organization, the responsibilities for IT security are clearly assigned and enforced and an IT security risk and impact analysis is consistently performed. This represents which level of ranking in the information security governance maturity model?
A. Optimized
B. Managed
C. Defined
D. Repeatable
View answer
Correct Answer: B
Question #78
Which of the following is the protocol data unit (PDU) of application layer in TCP/IP model?
A. Data
B. Segment
C. Packet
D. Frame
View answer
Correct Answer: A
Question #79
Which of the following transmission media is MOST difficult to tap?
A. Copper cable
B. Fiber Optics
C. Satellite Radio Link
D. Radio System
View answer
Correct Answer: B
Question #80
Establishing the level of acceptable risk is the responsibility of:
A. quality assurance management
B. senior business management
C. the chief information officer
D. the chief security officer
View answer
Correct Answer: B
Question #81
Establishing data ownership is an important first step for which of the following processes?
A. Assigning user access privileges
B. Developing organizational security policies
C. Creating roles and responsibilities
D. Classifying data
View answer
Correct Answer: D
Question #82
The MAIN reason for requiring that all computer clocks across an organization be synchronized is to:
A. prevent omission or duplication of transactions
B. ensure smooth data transition from client machines to servers
C. ensure that e-mail messages have accurate time stamps
D. support the incident investigation process
View answer
Correct Answer: D
Question #83
Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks?
A. Check digit
B. Existence check
C. Completeness check
D. Reasonableness check
View answer
Correct Answer: C
Question #84
In a client-server architecture, a domain name service (DNS) is MOST important because it provides the:
A. address of the domain server
D. domain name system
View answer
Correct Answer: B
Question #85
As an outcome of information security governance, strategic alignment provides:
A. security requirements driven by enterprise requirements
B. baseline security following best practices
C. institutionalized and commoditized solutions
D. an understanding of risk exposure
View answer
Correct Answer: A
Question #86
Which of the following is the MOST important outcome of effective risk treatment?
A. Timely reporting of incidents
B. Elimination of risk
C. Implementation of corrective actions
D. Reduced cost of maintaining controls
View answer
Correct Answer: C
Question #87
An organization that has outsourced its incident management capabilities just discovered a significant privacy breach by an unknown attacker. Which of the following is the MOST important action of the security manager?
A. Follow the outsourcer’s response plan
B. Refer to the organization’s response plan
C. Notify the outsourcer of the privacy breach
D. Alert the appropriate law enforcement authorities
View answer
Correct Answer: C
Question #88
The logical exposure associated with the use of a checkpoint restart procedure is:
C.
A. denial of service
B. an asynchronous attackwire tapping
D. computer shutdown
View answer
Correct Answer: B
Question #89
At the end of the testing phase of software development, an IS auditor observes that an intermittent software error has not been corrected. No action has been taken to resolve the error. The IS auditor should:
A. report the error as a finding and leave further exploration to the auditee's discretion
B. attempt to resolve the error
C. recommend that problem resolution be escalated
D. ignore the error, as it is not possible to get objective evidence for the software error
View answer
Correct Answer: C
Question #90
Which of the following is the BEST evidence of the maturity of an organization’s information security program?
A. The number of reported incidents has increased
B. The information security department actively monitors security operations
C. The number of reported incidents has decreased
D. IT security staff implements strict technical security controls
View answer
Correct Answer: B
Question #91
In the 2c area of the diagram, there are three hubs connected to each other. What potential risk might this indicate?
B. C
A. Virus attack Performance degradation Poor management controls
D. Vulnerability to external hackers
View answer
Correct Answer: B
Question #92
Which of the following would an IS auditor use to determine if unauthorized modifications were made to production programs?
A. System log analysis
B. Compliance testing Forensic analysis
D. Analytical review
View answer
Correct Answer: B
Question #93
What can be very helpful to an IS auditor when determining the efficacy of a systems maintenance program?
A. Network-monitoring software
B. A system downtime log
C. Administration activity reports
D. Help-desk utilization trend reports
View answer
Correct Answer: B
Question #94
Which of the following protocol does NOT work at Network interface layer in TCP/IP model?
A. ICMP
B. DNS
C. ARP
D. Internet protocol
View answer
Correct Answer: B
Question #95
In an organization where an IT security baseline has been defined, an IS auditor should FIRST ensure:
A. implementation
B. compliance
C. documentation
D. sufficiency
View answer
Correct Answer: D
Question #96
Which of the following will prevent dangling tuples in a database?
A. Cyclic integrity
B. Domain integrity
C. Relational integrity
D. Referential integrity
View answer
Correct Answer: D
Question #97
A top-down approach to the development of operational policies will help ensure:
A. that they are consistent across the organization
B. that they are implemented as a part of risk assessment
C. compliance with all policies
D. that they are reviewed periodically
View answer
Correct Answer: A
Question #98
Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST accepted by users?
A. Palm Scan
B. Hand Geometry
C. Fingerprint
D. Retina scan
View answer
Correct Answer: D
Question #99
Which of the following types of transmission media provide the BEST security against unauthorized access?
A. Copper wire
B. Twisted pair
C. Fiberoptic cables
D. Coaxial cables
View answer
Correct Answer: C

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.