DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Prepare CISA Exam Questions & Practice Tests, Certified Information Systems Auditor | SPOTO

Get ready to tackle CISA exam questions with SPOTO's comprehensive study materials and practice tests for Certified Information Systems Auditors. Utilizing mock tests is a smart strategy for boosting your readiness for certification exams.Mock exams replicate the actual testing environment, allowing you to practice exam questions and sample questions under realistic time constraints. This practice helps you become comfortable with the exam format, improve your speed and accuracy in answering questions, and pinpoint areas for further study.Access SPOTO's exam materials, including practice tests, exam dumps, and exam simulators, to strengthen your exam preparation. Leverage mock exams to refine your exam-taking strategy, assess your knowledge gaps, and increase your chances of passing the CISA exam with confidence.

Take other online exams

Question #1
Which of the following would provide the highest degree of server access control?
A. A mantrap-monitored entryway to the server room
B. Host-based intrusion detection combined with CCTV
C. Network-based intrusion detection
D. A fingerprint scanner facilitating biometric access control
View answer
Correct Answer: C

View The Updated CISA Exam Questions

SPOTO Provides 100% Real CISA Exam Questions for You to Pass Your CISA Exam!

Question #2
Which of the following can consume valuable network bandwidth?
A. Trojan horses
B. Trap doors
C. Worms
D. Vaccines
View answer
Correct Answer: C
Question #3
There are many types of audit logs analysis tools available in the market. Which of the following audit logs analysis tools will look for anomalies in user or system behavior?
A. Attack Signature detection tool
B. Variance detection tool
C. Audit Reduction tool
D. Heuristic detection tool
View answer
Correct Answer: B
Question #4
A long-term IS employee with a strong technical background and broad managerial experience has applied for a vacant position in the IS audit department. Determining whether to hire this individual for this position should be based on the individual’s experience and:
A. length of service, since this will help ensure technical competence
B. age, as training in audit techniques may be impractical
C. IS knowledge, since this will bring enhanced credibility to the audit function
D. ability, as an IS auditor, to be independent of existing IS relationships
View answer
Correct Answer: D
Question #5
Involvement of senior management is MOST important in the development of:
A. strategic plans
B. IS policies
C. IS procedures
D. standards and guidelines
View answer
Correct Answer: C
Question #6
An IS auditor who was involved in designing an organization’s business continuity plan(BCP) has been assigned to audit the plan. The IS auditor should:
A. decline the assignment
B. inform management of the possible conflict of interest after completing the audit assignment
C. inform the business continuity planning (BCP) team of the possible conflict of interest prior to beginning the assignment
D. communicate the possibility of conflict of interest to management prior to starting the assignment
View answer
Correct Answer: B
Question #7
To minimize costs and improve service levels an outsourcer should seek which of the following contract clauses?
A. O/S and hardware refresh frequencies
B. Gain-sharing performance bonuses
C. Penalties for noncompliance
D. Charges tied to variable cost metrics
View answer
Correct Answer: C
Question #8
Which of the following activities performed by a database administrator (DBA) should be performed by a different person?
A. Deleting database activity logs
B. Implementing database optimization tools
C. Monitoring database usage
D. Defining backup and recovery procedures
View answer
Correct Answer: C
Question #9
An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:
A. security requirements for the process being outsourced
B. security metrics
C. service level agreements (SLAs)
D. risk-reporting methodologies
View answer
Correct Answer: A
Question #10
Who is mainly responsible for protecting information assets they have been entrusted with on a daily basis by defining who can access the data, it's sensitivity level, type of access, and adhering to corporate information security policies?
A. Data Owner
B. Security Officer
C. Senior Management
D. End User
View answer
Correct Answer: C
Question #11
While reviewing sensitive electronic work papers, the IS auditor noticed that they were not encrypted. This could compromise the:
A. audit trail of the versioning of the work papers
B. approval of the audit phases
C. access rights to the work papers
D. confidentiality of the work papers
View answer
Correct Answer: B
Question #12
Which of the following would impair the independence of a quality assurance team?
A. Ensuring compliance with development methods
B. Checking the testing assumptions
C. Correcting coding errors during the testing process
D. Checking the code to ensure proper documentation
View answer
Correct Answer: C
Question #13
An IS auditor conducting a review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor take?
A. Personally delete all copies of the unauthorized software
B. Inform the auditee of the unauthorized software, and follow up to confirm deletion
C. Report the use of the unauthorized software and the need to prevent recurrence to auditee management
D. Take no action, as it is a commonly accepted practice and operations management is responsible for monitoring such use
View answer
Correct Answer: B
Question #14
An organization has replaced all of the storage devices at its primary data center with new, higher capacity units. The replaced devices have been installed at the disaster recovery site to replace older units. An IS auditor’s PRIMARY concern would be whether:
A. the procurement was in accordance with corporate policies and procedures
B. the relocation plan has been communicated to all concerned parties
C. a hardware maintenance contract is in place for both old and new storage devices
D. the recovery site devices can handle the storage requirements
View answer
Correct Answer: A
Question #15
A review of an organization’s IT portfolio revealed several applications that are not in use. The BEST way to prevent this situation from recurring would be to implement:
A. a formal request for proposal (RFP) process
B. an information asset acquisition policy
C. asset life cycle management
D. business development procedures
View answer
Correct Answer: C
Question #16
Which of the following should MOST concern an IS auditor reviewing an intrusion detection system (IDS)?
A. Number of false-negatives
B. Number of false-positives
C. Legitimate traffic blocked by the system
D. Reliability of IDS logs
View answer
Correct Answer: A
Question #17
Following the development of an application system, it is determined that several design objectives have not been achieved. This is MOST likely to have been caused by:
A. insufficient user involvement
B. early dismissal of the project manager
C. inadequate quality assurance (QA) tools
D. noncompliance with defined approval points
View answer
Correct Answer: B
Question #18
When an employee is terminated from service, the MOST important action is to:
A. hand over all of the employee's files to another designated employee
B. take a back up of the employee's work
C. notify other employees of the termination
D. disable the employee's logical access
View answer
Correct Answer: C
Question #19
A retail company recently installed data warehousing client software at geographically diverse sites. Due to time zone differences between the sites, updates to the warehouse are not synchronized. Which of the following will be affected the MOST?
A. Data availability
B. Data completeness
C. Data redundancy
D. Data inaccuracy
View answer
Correct Answer: C
Question #20
Which of the following transmission media is MOST difficult to tap?
A. Copper cable
B. Fiber Optics
C. Satellite Radio Link
D. Radio System
View answer
Correct Answer: C
Question #21
Which of the following is MOST likely to reduce the effectiveness of a signature-based intrusion detection system (IDS)?
A. The activities being monitored deviate from what is considered normal
B. The environment is complex
C. The pattern of normal behavior changes quickly and dramatically
D. The information regarding monitored activities becomes state
View answer
Correct Answer: C
Question #22
A number of system failures are occurring when corrections to previously detected errors are resubmitted for acceptance testing. This would indicate that the maintenance team is probably not adequately performing which of the following types of testing?
A. Unit testing
B. Integration testing
C. Design walk-throughs
D. Configuration management
View answer
Correct Answer: B
Question #23
Which of the following level in CMMI model focuses on process definition and process deployment?
A. Level 4
B. Level 5
C. Level 3
D. Level 2
View answer
Correct Answer: A
Question #24
Which of the following is the MOST important factor when an organization is developing information security policies and procedures?
A. Cross-references between policies and procedures
B. Inclusion of mission and objectives
C. Compliance with relevant regulations
D. Consultation with management
View answer
Correct Answer: C
Question #25
Which of the following should be of MOST concern to an IS auditor reviewing the public key infrastructure (PKI) for enterprise e-mail?
A. The private key certificate has not been updated
B. The certificate revocation list has not been updated
C. The certificate practice statement has not been published
D. The PKI policy has not been updated within the last year
View answer
Correct Answer: B
Question #26
How is the time required for transaction processing review usually affected by properly implemented Electronic Data Interface (EDI)?
A. EDI usually decreases the time necessary for review
B. EDI usually increases the time necessary for review
C. Cannot be determined
D. EDI does not affect the time necessary for review
View answer
Correct Answer: B
Question #27
Which of the following layer from an enterprise data flow architecture captures all data of interest to an organization and organize it to assist in reporting and analysis?
A. Desktop access layer
B. Data preparation layer
C. Core data warehouse
D. Data access layer
View answer
Correct Answer: A
Question #28
Which of the following is MOST effective in controlling application maintenance?
A. Informing users of the status of changes
B. Establishing priorities on program changes
C. Obtaining user approval of program changes
D. Requiring documented user specifications for changes
View answer
Correct Answer: C
Question #29
In an audit of an inventory application, which approach would provide the BEST evidence that purchase orders are valid?
A. Testing whether inappropriate personnel can change application parameters
B. Tracing purchase orders to a computer listing
C. Comparing receiving reports to purchase order details
D. Reviewing the application documentation
View answer
Correct Answer: B
Question #30
An organization acquiring other businesses continues using its legacy EDI systems, and uses three separate value added network (VAN) providers. No written VAN agreements exist. The IS auditor should recommend that management:
A. obtain independent assurance of the third party service providers
B. set up a process for monitoring the service delivery of the third party
C. ensure that formal contracts are in place
D. consider agreements with third party service providers in the development of continuity plans
View answer
Correct Answer: A
Question #31
During an application audit, an IS auditor finds several problems related to corrupted data in the database. Which of the following is a corrective control that the IS auditor should recommend?
A. implement data backup and recovery procedures
B. Define standards and closely monitor for compliance
C. Ensure that only authorized personnel can update the database
D. Establish controls to handle concurrent access problems
View answer
Correct Answer: A
Question #32
Before concluding that internal controls can be relied upon, the IS auditor should:
A. discuss the internal control weakness with the auditee
B. document application controls
C. conduct tests of compliance
D. document the system of internal control
View answer
Correct Answer: D
Question #33
Which of the following is the MOST important reason for logging firewall activity?
A. Intrusion detection
B. Auditing purposes
C. Firewall tuning
D. Incident investigation
View answer
Correct Answer: C
Question #34
Which of the following would an IS auditor consider to be the MOST important when evaluating an organization's IS strategy? That it:
A. has been approved by line management
B. does not vary from the IS department's preliminary budget
C. complies with procurement procedures
D. supports the business objectives of the organization
View answer
Correct Answer: A
Question #35
The MOST significant reason for using key performance indicators (KPIs) to track the progress of IT projects against initial targets is that they:
A. influence management decisions to outsource IT projects
B. identify which projects may require additional funding
C. provide timely indication of when corrective actions need to be taken
D. identify instances where increased stakeholder engagement is required
View answer
Correct Answer: C
Question #36
In an EDI process, the device which transmits and receives electronic documents is the:
A. communications handler
B. EDI translator
C. application interface
D. EDI interface
View answer
Correct Answer: B
Question #37
What should be the MAIN goal of an organization’s incident response plan?
A. Keep stakeholders notified of incident status
B. Enable appropriate response according to criticality
C. Correlate incidents from different systems
D. Identify the root cause of the incident
View answer
Correct Answer: A
Question #38
The PRIMARY purpose of a security information and event management (SIEM) system is to:
A. identify potential incidents
B. provide status of incidents
C. resolve incidents
D. track ongoing incidents
View answer
Correct Answer: B
Question #39
An organization that has outsourced its incident management capabilities just discovered a significant privacy breach by an unknown attacker. Which of the following is the MOST important action of the security manager?
A. Follow the outsourcer’s response plan
B. Refer to the organization’s response plan
C. Notify the outsourcer of the privacy breach
D. Alert the appropriate law enforcement authorities
View answer
Correct Answer: D
Question #40
There are many firewall implementations provided by firewall manufacturers. Which of the following implementation utilize two packet filtering routers and a bastion host? This approach creates the most secure firewall system since it supports network and application level security while defining a separate DMZ.
A. Dual Homed firewall
B. Screened subnet firewall
C. Screened host firewall
D. Anomaly based firewall
View answer
Correct Answer: B
Question #41
Which of the following is the MOST important outcome of effective risk treatment?
A. Timely reporting of incidents
B. Elimination of risk
C. Implementation of corrective actions
D. Reduced cost of maintaining controls
View answer
Correct Answer: B
Question #42
When developing an incident response plan, the information manager should:
A. allow IT to decide which systems can be removed from the infrastructure
B. include response scenarios that have been approved previously by business management
C. require IT to invoke the business continuity plan
D. determine recovery time objectives (RTOs)
View answer
Correct Answer: A
Question #43
Which of the following is the MOST important incident management consideration for an organization subscribing to a cloud service?
A. Decision on the classification of cloud-hosted data
B. Expertise of personnel providing incident response
C. Implementation of a SIEM in the organization
D. An agreement on the definition of a security incident
View answer
Correct Answer: B
Question #44
A retail outlet has introduced radio frequency identification (RFID) tags to create unique serial numbers for all products. Which of the following is the PRIMARY concern associated with this initiative?
A. Issues of privacy
B. Wavelength can be absorbed by the human body
C. RFID tags may not be removable
D. RFID eliminates line-of-sight reading
View answer
Correct Answer: C
Question #45
Which of the following is an implementation risk within the process of decision support systems?
A. Management control
B. Semistructured dimensions
C. inability to specify purpose and usage patterns
D. Changes in decision processes
View answer
Correct Answer: A
Question #46
An IS auditor should be concerned when a telecommunication analyst:
A. monitors systems performance and tracks problems resulting from program changes
B. reviews network load requirements in terms of current and future transaction volumes
C. assesses the impact of the network load on terminal response times and network data transfer rates
D. recommends network balancing procedures and improvements
View answer
Correct Answer: B
Question #47
Which of the following Confidentiality, Integrity, Availability (CIA) attribute supports the principle of least privilege by providing access to information only to authorized and intended users?
A. Confidentiality
B. Integrity
C. Availability
D. Accuracy
View answer
Correct Answer: C
Question #48
A reduction in which of the following would indicate improved performance in the administration of information security?
A. IT security awareness training days
B. Number of staff involved in security administration
C. Systems subject to an intrusion detection process
D. Turnaround time for requests for new user access
View answer
Correct Answer: C
Question #49
Which of the following protocol is PRIMARILY used to provide confidentiality in a web based application thus protecting data sent across a client machine and a server?
A. SSL
B. FTP
C. SSH
D. S/MIME
View answer
Correct Answer: A
Question #50
At the end of the testing phase of software development, an IS auditor observes that an intermittent software error has not been corrected. No action has been taken to resolve the error. The IS auditor should:
A. report the error as a finding and leave further exploration to the auditee's discretion
B. attempt to resolve the error
C. recommend that problem resolution be escalated
D. ignore the error, as it is not possible to get objective evidence for the software error
View answer
Correct Answer: D
Question #51
The MOST useful technique for maintaining management support for the information security program is:
A. identifying the risks and consequences of failure to comply with standards
B. benchmarking the security programs of comparable organizations
C. implementing a comprehensive security awareness and training program
D. informing management about the security of business operations
View answer
Correct Answer: B
Question #52
When conducting a post-incident review, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:
A. reduce the costs of future preventive controls
B. provide metrics for reporting to senior management
C. verify compliance with the service level agreement (SLA)
D. learn of potential areas of improvement
View answer
Correct Answer: C
Question #53
Which of the following online auditing techniques is most effective for the early detection of errors or irregularities?
A. Embedded audit module
B. Integrated test facility
C. Snapshots
D. Audit hooks
View answer
Correct Answer: C
Question #54
An organization is in the process of acquiring a competitor. The information security manager has been asked to report on the security posture of the target acquisition. Which of the following should be the security manager’s FIRST course of action?
A. Implement a security dashboard
B. Quantity the potential risk
C. Perform a gap analysis
D. Perform a vulnerability assessment
View answer
Correct Answer: C
Question #55
An organization which uses external cloud services extensively is concerned with risk monitoring and timely response. The BEST way to address this concern is to ensure:
A. the availability of continuous technical support
B. internal security standards are in place
C. a right-to-audit clause is included in contracts
D. appropriate service level agreements (SLAs) are in place
View answer
Correct Answer: B
Question #56
Which of the following is an analytical review procedure for a payroll system?
A. Performing penetration attempts on the payroll system
B. Evaluating the performance of the payroll system, using benchmarking software
C. Performing reasonableness tests by multiplying the number of employees by the average wage rate
D. Testing hours reported on time sheets C An IS auditor observes that the CEO has full access to the enterprise resource planning (ERP) system
A. accept the level of access provided as appropriate
B. recommend that the privilege be removed
C. ignore the observation as not being material to the review
D. document the finding as a potential risk
View answer
Correct Answer: D
Question #57
The maturity level of an organization’s problem management support function is optimized when the function:
A. proactively provides solutions
B. has formally documented the escalation process
C. analyzes critical incidents to identify root cause
D. resolves requests in a timely manner
View answer
Correct Answer: B
Question #58
Which of the following attack involves sending forged ICMP Echo Request packets to the broadcast address on multiple gateways in order to illicit responses from the computers behind the gateway where they all respond back with ICMP Echo Reply packets to the source IP address of the ICMP Echo Request packets?
A. Reflected attack
B. Brute force attack
C. Buffer overflow
D. Pulsing Zombie
View answer
Correct Answer: A
Question #59
Which of the following is the MOST important element when developing an information security strategy?
A. Identifying applicable laws and regulations
B. Identifying information assets
C. Determining the risk management methodology
D. Aligning security activities with organizational goals
View answer
Correct Answer: D
Question #60
An information security manager has discovered a potential security breach in a server that supports a critical business process. Which of the following should be the information security manager’s FIRST course of action?
A. Validate that there has been an incident
B. Notify the business process owner
C. Shut down the server in an organized manner
D. Inform senior management of the incident
View answer
Correct Answer: A
Question #61
The risk that an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when, in fact, they do, is an example of:
A. inherent risk
B. control risk
C. detection risk
D. audit risk
View answer
Correct Answer: C
Question #62
Which of the following requires a consensus by key stakeholders on IT strategic goals and objectives?
A. Balanced scorecards
B. Benchmarking
C. Maturity models
D. Peer reviews
View answer
Correct Answer: B
Question #63
When reviewing an organization's logical access security, which of the following would be of the MOST concern to an IS auditor?
A. Passwords are not shared
B. Password files are encrypted
C. Redundant logon IDs are deleted
D. The allocation of logon IDs is controlled
View answer
Correct Answer: C
Question #64
An IS auditor is a member of an application development team that is selecting software. Which of the following would impair the auditor’s independence?
A. Verifying the weighting of each selection criteria
B. Approving the vendor selection methodology
C. Reviewing the request for proposal (RFP)
D. Witnessing the vendor selection process
View answer
Correct Answer: D
Question #65
Which of the following is the MAIN purpose of an information security management system?
A. To enhance the impact of reports used to monitor information security incidents
B. To reduce the frequency and impact of information security incidents
C. To identify and eliminate the root causes of information security incidents
D. To keep information security policies and procedures up-to-date
View answer
Correct Answer: B
Question #66
Two servers are deployed in a cluster to run a mission-critical application. To determine whether the system has been designed for optimal efficiency, the IS auditor should verify that:
A. the security features in the operating system are all enabled
B. the number of disks in the cluster meets minimum requirements
C. the two servers are of exactly the same configuration
D. load balancing between the servers has been implemented
View answer
Correct Answer: D
Question #67
Which of the following should be done FIRST when handling multiple confirmed incidents raised at the same time?
A. Categorize incidents by the value of the affected asset
B. Inform senior management
C. Update the business impact assessment
D. Activate the business continuity plan
View answer
Correct Answer: A
Question #68
Which of the following ACID property in DBMS means that once a transaction has been committed, it will remain so, even in the event of power loss, crashes, or errors?
A. Atomicity
B. Consistency
C. Isolation
D. Durability
View answer
Correct Answer: C
Question #69
Which of the following is the BEST way to evaluate the effectiveness of access controls to an internal network?
A. Perform a system penetration test
B. Test compliance with operating procedures
C. Review access rights
D. Review router configuration tables A An IS auditor finds a number of system accounts that do not have documented approvals
A. Have the accounts removed immediately
B. Obtain sign-off on the accounts from the application owner
C. Document a finding and report an ineffective account provisioning control
D. Determine the purpose and risk of the accounts
View answer
Correct Answer: A
Question #70
An IS auditor has completed an audit of an organization’s accounts payable system. Which of the following should be rated as the HIGHEST risk in the audit report and requires immediate remediation?
A. Lack of segregation of duty controls for reconciliation of payment transactions
B. Lack of segregation of duty controls for removal of vendor records
C. Lack of segregation of duty controls for updating the vendor master file
D. Lack of segregation of duty controls for reversing payment transactions
View answer
Correct Answer: A
Question #71
Which of the following is the MOST important advantage of participating in beta testing of software products?
A. It improves vendor support and training
B. It enables an organization to gain familiarity with new products and their functionality
C. It increases an organization’s ability to retain staff who prefer to work with new technology
D. It enhances security and confidentiality
View answer
Correct Answer: A
Question #72
Which of the following should be established FIRST when initiating a control self-assessment program in a small organization?
A. Control baselines
B. Client questionnaires
C. External consultants
D. Facilitated workshops B What is an IS auditor’s BEST course of action if informed by a business unit’s representatives that they are too busy to cooperate with a scheduled audit?
A. Reschedule the audit for a time more convenient to the business unit
B. Notify the chief audit executive who can negotiate with the head of the business unit
C. Begin the audit regardless and insist on cooperation from the business unit
D. Notify the audit committee immediately and request they direct the audit begin on schedule
View answer
Correct Answer: B

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: