DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass Your CISA Certification Questions & Practice Tests, Certified Information Systems Auditor | SPOTO

Prepare to pass your CISA certification with confidence by utilizing mock tests as a key part of your exam preparation strategy. Mock exams are invaluable tools that mimic the actual testing environment, allowing you to practice answering exam questions under timed conditions. This hands-on experience helps you familiarize yourself with the exam format, question types, and level of difficulty.The advantages of using mock tests for CISA preparation are manifold. They enable you to assess your readiness, identify areas of improvement through exam questions and sample questions, and enhance your exam-taking skills. Accessing a wide range of exam materials, including practice tests, exam dumps, and exam simulators, through SPOTO's resources ensures a comprehensive preparation journey.Take advantage of mock exams to refine your exam strategy, boost your confidence, and maximize your chances of success in the Certified Information Systems Auditor (CISA) exam.
Take other online exams

Question #1
Which of the following do digital signatures provide?
A. Authentication and integrity of data
B. Authentication and confidentiality of data
C. Confidentiality and integrity of data
D. Authentication and availability of data
View answer
Correct Answer: B

View The Updated CISA Exam Questions

SPOTO Provides 100% Real CISA Exam Questions for You to Pass Your CISA Exam!

Question #2
To develop a successful business continuity plan, end user involvement is critical during which of the following phases?
A. Business recovery strategy
B. Detailed plan development
C. Business impact analysis
D. Testing and maintenance
View answer
Correct Answer: D
Question #3
Which of the following privacy principles ensures data controllers do not use personal data unintended ways that breach protection of data subjects?
A. Data retention
B. Adequacy
C. Accuracy
D. Purpose limitation
View answer
Correct Answer: D
Question #4
Which of the following is MOST likely to result from a business process reengineering (BPR) project?
A. An increased number of people using technology
B. Significant cost savings, through a reduction in the complexity of information technology
C. A weaker organizational structures and less accountability
D. Increased information protection (IP) risk will increase
View answer
Correct Answer: A
Question #5
Which of the following is MOST likely to enable a hacker to successfully penetrate a system?
A. Lack of virus protection
B. Unpatched software
C. Decentralized dialup access
D. Lack of DoS protection
View answer
Correct Answer: A
Question #6
Disaster recovery planning addresses the:
A. technological aspect of business continuity planning
B. operational piece of business continuity planning
C. functional aspect of business continuity planning
D. overall coordination of business continuity planning
View answer
Correct Answer: B
Question #7
A data administrator is responsible for:
A. maintaining database system software
B. defining data elements, data names and their relationship
C. developing physical database structures
D. developing data dictionary system software
View answer
Correct Answer: C
Question #8
Naming conventions for system resources are important for access control because they:
A. ensure that resource names are not ambiguous
B. reduce the number of rules required to adequately protect resources
C. ensure that user access to resources is clearly and uniquely identified
D. ensure that internationally recognized names are used to protect resources
View answer
Correct Answer: C
Question #9
A disaster recovery plan (DRP) for an organization should:
A. reduce the length of the recovery time and the cost of recovery
B. increase the length of the recovery time and the cost of recovery
C. reduce the duration of the recovery time and increase the cost of recovery
D. not affect the recovery time nor the cost of recovery
View answer
Correct Answer: C
Question #10
The technique used to ensure security in virtual private networks (VPNs) is:
A. encapsulation
B. wrapping
C. transform
D. encryption
View answer
Correct Answer: C
Question #11
An IS auditor should be able to identify and evaluate various types of risks and their potential effects. Which of the following risks is associated with authorized program exits (trap doors)?
A. Inherent
B. Detection
C. Audit
D. Error
View answer
Correct Answer: A
Question #12
A probable advantage to an organization that has outsourced its data processing services is that:
A. needed IS expertise can be obtained from the outside
B. greater control can be exercised over processing
C. processing priorities can be established and enforced internally
D. greater user involvement is required to communicate user needs
View answer
Correct Answer: C
Question #13
Transmitting redundant information with each character or frame to facilitate detection and correction of errors is called:
A. feedback error control
B. block sum check
C. forward error control
D. cyclic redundancy check
View answer
Correct Answer: B
Question #14
Birth date and marriage date items were switched while entering data. Which of the following data validation checks could detect this?
A. Logical relationship
B. Sequence
C. Reasonableness
D. Validity
View answer
Correct Answer: C
Question #15
Which of the following normally would be the MOST reliable evidence for an auditor?
A. A confirmation letter received from a third party verifying an account balance
B. Assurance from line management that an application is working as designed
C. Trend data obtained from World Wide Web (Internet) sources
D. Ratio analysis developed by the IS auditor from reports supplied by line management
View answer
Correct Answer: B
Question #16
When reviewing a system development project at the project initiation stage, an IS auditor finds that the project team is following the organization's quality manual. To meet critical deadlines the project team proposes to fast track the validation and verification processes, commencing some elements before the previous deliverable is signed off. Under these circumstances, the IS auditor would MOST likely:
A. report this as a critical finding to senior management
B. accept that different quality processes can be adopted for each project
C. report to IS management the team's failure to follow quality procedures
D. report the risks associated with fast tracking to the project steering committee
View answer
Correct Answer: A
Question #17
Which of the following type of an IDS resides on important systems like database, critical servers and monitors various internal resources of an operating system?
A. Signature based IDS
B. Host based IDS
C. Network based IDS
D. Statistical based IDS
View answer
Correct Answer: D
Question #18
As a business process reengineering (BPR) project takes hold it is expected that:
A. business priorities will remain stable
B. information technologies will not change
C. the process will improve product, service and profitability
D. input from clients and customers will no longer be necessary
View answer
Correct Answer: A
Question #19
Which of the following is a control over component communication failure/errors?
A. Restricting operator access and maintaining audit trails
B. Monitoring and reviewing system engineering activity
C. Providing network redundancy
D. Establishing physical barriers to the data transmitted over the network
View answer
Correct Answer: B
Question #20
Which of the following functions is performed by a virtual private network (VPN)?
A. Hiding information from sniffers on the net
B. Enforcing security policies
C. Detecting misuse or mistakes
D. Regulating access
View answer
Correct Answer: D
Question #21
Which of the following is penetration test where the penetration tester is provided with limited or no knowledge of the target's information systems?
A. External Testing
B. Internal Testing
C. Blind Testing
D. Targeted Testing
View answer
Correct Answer: C
Question #22
The MAJOR concern for an IS auditor when reviewing an organization's business process reengineering (BRP) efforts is:
A. cost overrun of the project
B. employees resistance to change
C. key controls may be removed from a business process
D. lack of documentation of new processes
View answer
Correct Answer: B
Question #23
An independent software program that connects two otherwise separate applications sharing computing resources across heterogeneous technologies is known as:
A. middleware
B. firmware
C. application software
D. embedded systems
View answer
Correct Answer: D
Question #24
Batch control reconciliation is a _____________________ (fill the blank) control for mitigating risk of inadequate segregation of duties.
A. Detective
B. Corrective
C. Preventative
D. Compensatory
View answer
Correct Answer: C
Question #25
Which of the following sampling methods is MOST useful when testing for compliance?
A. Attribute sampling
B. Variable sampling
C. Stratified mean per unit
D. Difference estimation
View answer
Correct Answer: C
Question #26
An IS auditor discovers that programmers have update access to the live environment. In this situation, the IS auditor is LEAST likely to be concerned that programmers can:
A. authorize transactions
B. add transactions directly to the database
C. make modifications to programs directly
D. access data from live environment and provide faster maintenance
View answer
Correct Answer: A
Question #27
When an organization's network is connected to an external network in an Internet client-server model not under that organization's control, security becomes a concern. In providing adequate security in this environment, which of the following assurance levels is LEAST important?
A. Server and client authentication
B. Data integrity
C. Data recovery
D. Data confidentiality
View answer
Correct Answer: A
Question #28
Which of the following risks would be increased by the installation of a database system?
A. Programming errors
B. Data entry errors
C. Improper file access
D. Loss of parity
View answer
Correct Answer: D
Question #29
To affix a digital signature to a message, the sender must first create a message digest by applying a cryptographic hashing algorithm against:
A. the entire message and thereafter enciphering the message digest using the sender's private key
B. any arbitrary part of the message and thereafter enciphering the message digest using the sender's private key
C. the entire message and thereafter enciphering the message using the sender's private key
D. the entire message and thereafter enciphering the message along with the message digest using the sender's private key
View answer
Correct Answer: A
Question #30
Without causing a conflict of interest, a duty compatible with those of a security administrator would be:
A. quality assurance
B. application programming
C. systems programming
D. data entry
View answer
Correct Answer: B
Question #31
A proposed transaction processing application will have many data capture sources and outputs in both paper and electronic form. To ensure that transactions are not lost during processing, the IS auditor should recommend the inclusion of:
A. validation controls
B. internal credibility checks
C. clerical control procedures
D. automated systems balancing
View answer
Correct Answer: C
Question #32
If a database is restored using before-image dumps, where should the process be restarted following an interruption?
A. Before the last transaction
B. After the last transaction
C. The first transaction after the latest checkpoint
D. The last transaction before the latest checkpoint
View answer
Correct Answer: C
Question #33
The phases and deliverables of a systems development life cycle (SDLC) project should be determined:
A. during the initial planning stages of the project
B. after early planning has been completed, but before work has begun
C. through out the work stages based on risks and exposures
D. only after all risks and exposures have been identified and the IS auditor has recommended appropriate controls
View answer
Correct Answer: D
Question #34
Which of the following represents the GREATEST risk created by a reciprocal agreement for disaster recovery made between two companies?
A. Developments may result in hardware and software incompatibility
B. Resources may not be available when needed
C. The recovery plan cannot be tested
D. The security infrastructures in each company may be different
View answer
Correct Answer: C
Question #35
A data warehouse is:
A. object orientated
B. subject orientated
C. departmental specific
D. a volatile databases
View answer
Correct Answer: B
Question #36
Which of the following attack is MOSTLY performed by an attacker to steal the identity information of a user such as credit card number, passwords, etc?
A. Smurf attack
B. Traffic analysis
C. Harming
D. Interrupt attack
View answer
Correct Answer: B
Question #37
An organization establishes an internal document collaboration site. To ensure data confidentiality of each project group, it is MOST important to:
A. conduct a vulnerability assessment
B. enforce document life cycle management
C. prohibit remote access to the site
D. periodically recertify access rights
View answer
Correct Answer: C
Question #38
Which of the following is a feature of an intrusion detection system (IDS)?
A. Gathering evidence on attack attempts
B. Identifying weakness in the policy definition
C. Blocking access to particular sites on the Internet
D. Preventing certain users from accessing specific servers
View answer
Correct Answer: B
Question #39
A programmer managed to gain access to the production library, modified a program that was then used to update a sensitive table in the payroll database and restored the original program. Which of the following methods would MOST effectively detect this type of unauthorized changes?
A. Source code comparison
B. Executable code comparison
C. Integrated test facilities (ITF)
D. Review of transaction log files
View answer
Correct Answer: B
Question #40
The most common problem in the operation of an intrusion detection system (IDS) is:
A. the detection of false positives
B. receiving trap messages
C. reject error rates
D. denial-of-service attacks
View answer
Correct Answer: A
Question #41
Data edits are an example of:
A. preventive controls
B. detective controls
C. corrective controls
D. compensating controls
View answer
Correct Answer: A
Question #42
Which of the following technique is NOT used by a preacher against a Private Branch Exchange (PBX)?
A. Eavesdropping
B. Illegal call forwarding
C. Forwarding a user to an unused or disabled number
D. SYN Flood
View answer
Correct Answer: A
Question #43
Which of the following validation techniques would BEST prevent duplicate electronic vouchers?
A. Cyclic redundancy check
B. Edit check
C. Reasonableness check
D. Sequence check
View answer
Correct Answer: B
Question #44
Disaster recovery planning for a company's computer system usually focuses on:
A. operations turnover procedures
B. strategic long-range planning
C. the probability that a disaster will occur
D. alternative procedures to process transactions
View answer
Correct Answer: A
Question #45
With the help of the security officer, granting access to data is the responsibility of:
A. data owners
B. programmers
C. system analysts
D. librarians
View answer
Correct Answer: A
Question #46
Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation?
A. Multiple cycles of backup files remain available
B. Access controls establish accountability for e-mail activity
C. Data classification regulates what information should be communicated via email
D. Within the enterprise, a clear policy for using e-mail ensures that evidence is available
View answer
Correct Answer: D
Question #47
Which of the following is a management technique that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality?
A. Function point analysis
B. Critical path methodology
C. Rapid application development
D. Program evaluation review technique
View answer
Correct Answer: D
Question #48
An organization wants to enforce data integrity principles and achieve faster performance/execution in a database application. Which of the following design principles should be applied?
A. User (customized) triggers
B. Data validation at the front end
C. Data validation at the back end
D. Referential integrity
View answer
Correct Answer: D
Question #49
The interface that allows access to lower or higher level network services is called:
A. firmware
B. middleware
C. X
D. utilities
View answer
Correct Answer: A
Question #50
Which of the following is the MOST important criterion for the selection of a location for an offsite storage facility for IS backup files? The offsite facility must be:
A. physically separated from the data center and not subject to the same risks
B. given the same level of protection as that of the computer data center
C. outsourced to a reliable third party
D. equipped with surveillance capabilities
View answer
Correct Answer: B
Question #51
A large chain of shops with EFT at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor?
A. Offsite storage of daily backups
B. Alternative standby processor onsite
C. Installation of duplex communication links
D. Alternative standby processor at another network node
View answer
Correct Answer: C
Question #52
Which of the following is a measure of the size of an information system based on the number and complexity of a system's inputs, outputs and files?
A. Program evaluation review technique (PERT)
B. Rapid application development (RAD)
C. Function point analysis (FPA)
D. Critical path method (CPM)
View answer
Correct Answer: A
Question #53
To help mitigate the effects of a denial of service attack, which mechanism can an Internet service provider (ISP) use to identify Internet protocol (IP) packets from unauthorized sources?
A. Inbound traffic filtering
B. Rate limiting
C. Reverse address lookup
D. Network performance monitoring
View answer
Correct Answer: A
Question #54
As compared to understanding an organization's IT process from evidence directly collected, how valuable are prior audit reports as evidence?
A. The same value
B. Greater value
C. Lesser value
D. Prior audit reports are not relevant
View answer
Correct Answer: C
Question #55
Which of the following would be considered a business risk?
A. Former employees
B. Part-time and temporary personnel
C. Loss of competitive edge
D. Hackers
View answer
Correct Answer: D
Question #56
Which of the following would BEST support 24/7 availability?
A. Daily backup
B. Offsite storage
C. Mirroring
D. Periodic testing
View answer
Correct Answer: C
Question #57
During which phase of a system development process should an IS auditor first raise the issue of application controls?
A. Construction
B. System design
C. Acceptance testing
D. Functional specification
View answer
Correct Answer: A
Question #58
Which of the following independent duties is traditionally performed by the data control group?
A. Access to data
B. Authorization tables
C. Custody of assets
D. Reconciliation
View answer
Correct Answer: C
Question #59
An IS auditor intends to accept a management position in the data processing department within the same organization. However, the auditor is currently working on an audit of a major application and has not yet finished the report. Which of the following would be the BEST step for the IS auditor to take?
A. Start in the position and inform the application owner of the job change
B. Start in the position immediately
C. Disclose this issue to the appropriate parties
D. Complete the audit without disclosure and then start in the position
View answer
Correct Answer: C
Question #60
In a data warehouse, data quality is achieved by:
A. cleansing
B. restructuring
C. source data credibility
D. transformation
View answer
Correct Answer: A
Question #61
An organization is considering installing a LAN in a site under construction. If system availability is the main concern, which of the following topologies is MOST appropriate?
A. Ring
B. Line
C. Star
D. Bus
View answer
Correct Answer: B
Question #62
Which of the following statement correctly describes one way SSL authentication between a client (e.g. browser) and a server (e.g. web server)?
A. Only the server is authenticated while client remains unauthenticated
B. Only the client is authenticated while server remains authenticated
C. Client and server are authenticated
D. Client and server are unauthenticated
View answer
Correct Answer: A
Question #63
Which of the following is the MOST critical for the successful implementation and maintenance of a security policy?
A. Assimilation of the framework and intent of a written security policy by all appropriate parties
B. Management support and approval for the implementation and maintenance of a security policy
C. Enforcement of security rules by providing punitive actions for any violation of security rules
D. Stringent implementation, monitoring and enforcing of rules by the security officer through access control software
View answer
Correct Answer: C
Question #64
Which of the following is a form of an Internet attack?
A. Searching for software design errors
B. Guessing user passwords based on their personal information
C. Breaking the deadman's door to gain entry
D. Planting a trojan horse
View answer
Correct Answer: B
Question #65
The responsibilities of a disaster recovery relocation team include:
A. obtaining, packaging and shipping media and records to the recovery facilities, as well as establishing and overseeing an offsite storage schedule
B. locating a recovery site if one has not been predetermined and coordinating the transport of company employees to the recovery site
C. managing the relocation project and conducting a more detailed assessment of the damage to the facilities and equipment
D. coordinating the process of moving from the hot site to a new location or to the restored original location
View answer
Correct Answer: C
Question #66
The MAJOR advantage of the risk assessment approach over the baseline approach to information security management is that it ensures:
A. information assets are over protected
B. a basic level of protection is applied regardless of asset value
C. appropriate levels of protection are applied to information assets
D. an equal proportion of resources are devoted to protecting all information assets
View answer
Correct Answer: A
Question #67
Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity of the transaction processing is best ensured by:
A. database integrity checks
B. validation checks
C. input controls
D. database commits and rollbacks
View answer
Correct Answer: A
Question #68
Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration?
A. Function point analysis
B. PERT chart
C. Rapid application development
D. Object-oriented system development
View answer
Correct Answer: A
Question #69
When a systems development life cycle (SDLC) methodology is inadequate, the MOST serious immediate risk is that the new system will:
A. be completed late
B. exceed the cost estimates
C. not meet business and user needs
D. be incompatible with existing systems
View answer
Correct Answer: C
Question #70
A programmer included a routine into a payroll application to search for his/her own payroll number. As a result, if this payroll number does not appear during the payroll run, a routine will generate and place random numbers onto every paycheck. This routine is known as:
A. scavenging
B. data leakage
C. piggybacking
D. a trojan horse
View answer
Correct Answer: B
Question #71
Which of the following is an advantage of an integrated test facility (ITF)?
A. It uses actual master files or dummies and the IS auditor does not have to review the source of the transaction
B. Periodic testing does not require separate test processes
C. It validates application systems and tests the ongoing operation of the system
D. It eliminates the need to prepare test data
View answer
Correct Answer: D
Question #72
Which of the following is the BEST way to identify the potential impact of a successful attack on an organization’s mission critical applications?
A. Execute regular vulnerability scans
B. Conduct penetration testing
C. Perform an application vulnerability review
D. Perform an independent code review
View answer
Correct Answer: C
Question #73
When performing a data classification project, an information security manager should:
A. assign information critically and sensitivity
B. identify information owners
C. identify information custodians
D. assign information access privileges
View answer
Correct Answer: C
Question #74
In which phase of penetration testing would host detection and domain name system (DNS) interrogation be performed?
A. Reporting
B. Attacks
C. Discovery
D. Planning
View answer
Correct Answer: D
Question #75
Creation of an electronic signature:
A. encrypts the message
B. verifies where the message came from
C. cannot be compromised when using a private key
D. cannot be used with e-mail systems
View answer
Correct Answer: A
Question #76
Which of the following activities is MOST important in determining whether a test of a disaster recovery plan has been successful?
A. Evaluating participation by key personnel
B. Testing at the backup data center
C. Analyzing whether predetermined test objectives were met
D. Testing with offsite backup files
View answer
Correct Answer: D
Question #77
After installing a network, an organization installed a vulnerability assessment tool or security scanner to identify possible weaknesses. Which is the MOST serious risk associated with such tools?
A. Differential reporting
B. False positive reporting
C. False negative reporting
D. Less detail reporting
View answer
Correct Answer: A
Question #78
Automated teller machines (ATMs) are a specialized form of a point-of-sale terminal that:
A. allows for cash withdrawal and financial deposits only
B. are usually located in populous areas to deter theft or vandalism
C. utilizes protected telecommunication lines for data transmissions
D. must include high levels of logical and physical security
View answer
Correct Answer: D
Question #79
Which of the following would be a compensating control to mitigate risks resulting from an inadequate segregation of duties?
A. Sequence check
B. Check digit
C. Source documentation retention
D. Batch control reconciliations
View answer
Correct Answer: C
Question #80
Which of the following should be the FIRST step when conducting an IT risk assessment?
A. Assess vulnerabilities
B. Identify assets to be protected
C. Evaluate controls in place
D. Identify potential threats
View answer
Correct Answer: D
Question #81
The responsibility for designing, implementing and maintaining a system of internal control lies with:
A. the IS auditor
B. management
C. the external auditor
D. the programming staff
View answer
Correct Answer: A
Question #82
An organization is experiencing a growing backlog of undeveloped applications. As part of a plan to eliminate this backlog, end-user computing with prototyping, supported by the acquisition of an interactive application generator system is being introduced. Which of the following areas is MOST critical to the ultimate success of this venture?
A. Data control
B. Systems analysis
C. Systems programming
D. Application programming
View answer
Correct Answer: B
Question #83
A third-party service provider has proposed a data loss prevention (DLP) solution. Which of the following MUST be in place for this solution to be relevant to the organization?
A. An adequate data testing environment
B. Senior management support
C. A business case
D. A data classification
View answer
Correct Answer: B
Question #84
An employee has accidentally posted confidential data to the company’s social media page. Which of the following is the BEST control to prevent this from recurring?
A. Require all updates to be made by the marketing director
B. Implement a moderator approval process
C. Perform periodic audits of social media updates
D. Establish two-factor access control for social media accounts
View answer
Correct Answer: D
Question #85
Corrective action has been taken by an auditee immediately after the identification of a reportable finding. The auditor should:
A. include the finding in the final report because the IS auditor is responsible for an accurate report of all findings
B. not include the finding in the final report because the audit report should include only unresolved findings
C. not include the finding in the final report because corrective action can be verified by the IS auditor during the audit
D. include the finding in the closing meeting for discussion purposes only
View answer
Correct Answer: C
Question #86
Which of the following types of transmission media provide the BEST security against unauthorized access?
A. Copper wire
B. Twisted pair
C. Fiber-optic cables
D. Coaxial cables
View answer
Correct Answer: B
Question #87
While reviewing the business continuity plan of an organization, the IS auditor observed that the organization's data and software files are backed up on a periodic basis. Which characteristic of an effective plan does this demonstrate?
A. Deterrence
B. Mitigation
C. Recovery
D. Response
View answer
Correct Answer: B
Question #88
E-cash is a form of electronic money that:
A. can be used over any computer network
B. utilizes reusable e-cash coins to make payments
C. does not require the use of an Internet digital bank
D. contains unique serial numbering to track the identity of the buyer
View answer
Correct Answer: B
Question #89
Which of the following is MOST likely to be prevented by a firewall connected to the Internet?
A. Dial-in penetration attacks
B. Disclosure of public key infrastructure (PKI) keys
C. Alteration of email message content
D. External spoofing of internal addresses
View answer
Correct Answer: C
Question #90
Peer reviews to detect software errors during a program development activity are called:
A. emulation techniques
B. structured walk-throughs
C. modular program techniques
D. top-down program construction
View answer
Correct Answer: A
Question #91
An information security manager reads a media report of a new type of malware attack. Who should be notified FIRST?
A. Security operations team
B. Data owners
C. Communications department
D. Application owners
View answer
Correct Answer: B
Question #92
Which of the following development methods uses a prototype that can be updated continually to meet changing user or business requirements?
A. Data-oriented development (DOD)
B. Object-oriented development (OOD)
C. Business process reengineering (BPR)
D. Rapid application development (RAD)
View answer
Correct Answer: A
Question #93
Which of the following is MOST relevant for an information security manager to communicate to IT operations?
A. The level of inherent risk
B. Vulnerability assessments
C. Threat assessments
D. The level of exposure
View answer
Correct Answer: A
Question #94
A company performs full backup of data and programs on a regular basis. The primary purpose of this practice is to:
A. maintain data integrity in the applications
B. restore application processing after a disruption
C. prevent unauthorized changes to programs and data
D. ensure recovery of data processing in case of a disaster
View answer
Correct Answer: D
Question #95
The method of routing traffic through split cable facilities or duplicate cable facilities is called:
A. alternative routing
B. diverse routing
C. redundancy
D. circular routing
View answer
Correct Answer: B
Question #96
Which of the following statement is NOT true about Voice-Over IP (VoIP)?
A. VoIP uses circuit switching technology
B. Lower cost per call or even free calls, especially for long distance call
C. Lower infrastructure cost
D. VoIP is a technology where voice traffic is carried on top of existing data infrastructure
View answer
Correct Answer: A
Question #97
An organization has an integrated development environment (IDE), where the program libraries reside on the server, but modification/development and testing are done from PC workstations. Which of the following would be a strength of an integrated development environment?
A. Controls the proliferation of multiple versions of programs
B. Expands the programming resources and aids available
C. Increases program and processing integrity
D. Prevents valid changes from being overwritten by other changes
View answer
Correct Answer: D
Question #98
Which of the following processes is the FIRST step in developing a business continuity and disaster recovery plan for an organization?
A. Alternate site selection
B. Business impact analysis
C. Test procedures and frequency
D. Information classification
View answer
Correct Answer: D
Question #99
What data should be used for regression testing?
A. Different data than used in the previous test
B. The most current production data
C. The data used in previous tests
D. Data produced by a test data generator
View answer
Correct Answer: A
Question #100
Without compensating controls, which of the following functions would represent a risk if combined with that of a system analyst?
A. Application programming
B. Data entry
C. Quality assurance
D. Database administrator
View answer
Correct Answer: B
Question #101
To confirm integrity for a hashed message, the receiver should use:
A. a different hashing algorithm from the sender’s to create a numerical representation of the file
B. a different hashing algorithm from the sender’s to create a binary image of the file
C. the same hashing algorithm as the sender’s to create a binary image of the file
D. the same hashing algorithm as the sender’s to create a numerical representation of the file
View answer
Correct Answer: D
Question #102
To make an electronic funds transfer (EFT), one employee enters the amount field and another employee reenters the same data again, before the money is transferred. The control adopted by the organization in this case is:
A. sequence check
B. key verification
C. check digit
D. completeness check
View answer
Correct Answer: A
Question #103
Reconfiguring which of the following firewall types will prevent inward downloading of files through the file transfer protocol (FTP)?
A. Circuit gateway
B. Application gateway
C. Packet filter
D. Screening router
View answer
Correct Answer: B
Question #104
The BEST defense against network eavesdropping is:
A. encryption
B. moving the defense perimeter outward
C. reducing the amplitude of the communication signal
D. masking the signal with noise
View answer
Correct Answer: B
Question #105
During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be MOST concerned with the:
A. allocation of resources during an emergency
B. maintenance of hardware and software compatibility
C. differences in IS policies and procedures
D. frequency of system testing
View answer
Correct Answer: B
Question #106
While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/back up at an offsite location would be:
A. shadow file processing
B. electronic vaulting
C. hard-disk mirroring
D. hot-site provisioning
View answer
Correct Answer: D
Question #107
Which of the following would be of the LEAST value to an IS auditor attempting to gain an understanding of an organization's IT process?
A. IT planning documents with deliverables and performance results
B. Policies and procedures relating to planning, managing, monitoring and reporting on performance
C. Prior audit reports
D. Reports of IT functional activities
View answer
Correct Answer: C
Question #108
Which of the following is the MOST important objective of data protection?
A. Identifying persons who need access to information
B. Ensuring the integrity of information
C. Denying or authorizing access to the IS system
D. Monitoring logical accesses
View answer
Correct Answer: D
Question #109
Which of the following reports is a measure of telecommunication transmissions and determines whether transmissions are completed accurately?
A. Online monitor reports
B. Downtime reports
C. Help desk reports
D. Response time reports
View answer
Correct Answer: C
Question #110
A single digitally signed instruction was given to a financial institution to credit a customer's account. The financial institution received the instruction three times and credited the account three times. Which of the following would be the MOST appropriate control against such multiple credits?
A. Encrypting the hash of the payment instruction with the public key of the financial institution
B. Affixing a time stamp to the instruction and using it to check for duplicate payments
C. Encrypting the hash of the payment instruction with the private key of the instructor
D. Affixing a time stamp to the hash of the instruction before being digitally signed by the instructor
View answer
Correct Answer: A
Question #111
The use of statistical sampling procedures helps minimize:
A. sampling risk
B. detection risk
C. inherent risk
D. control risk
View answer
Correct Answer: B
Question #112
While evaluating logical access control the IS auditor should follow all of the steps mentioned below EXCEPT one? 1. Obtain general understanding of security risk facing information processing, through a review of relevant documentation, inquiry and observation,etc 2. Document and evaluate controls over potential access paths into the system to assess their adequacy, efficiency and effectiveness 3. Test Control over access paths to determine whether they are functioning and effective by applying appropriate
A. 2
B. 3
C. 1
D. 6
View answer
Correct Answer: A
Question #113
An installed Ethernet cable run in an unshielded twisted pair (UTP) network is more than 100 meters long. Which of the following could be caused by the length of the cable?
A. Electromagnetic interference (EMI)
B. Cross talk
C. Dispersion
D. Attenuation
View answer
Correct Answer: A

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: