DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Prepare for CISA Exams Questions & Study Materials, Certified Information Systems Auditor | SPOTO

Prepare comprehensively for CISA exams with SPOTO's extensive study materials and practice tests for Certified Information Systems Auditors. Incorporating mock tests into your study routine offers numerous advantages for effective certification exam preparation.Mock exams create a simulated exam environment, allowing you to practice with a variety of exam questions, sample questions, and online exam simulations under timed conditions. This practice helps you become familiar with the exam format, improve your speed and accuracy in answering questions, and identify areas that require further attention.Access SPOTO's diverse exam materials, including practice tests, exam dumps, and exam simulators, to enhance your exam readiness. Utilize mock exams to refine your exam strategy, assess your strengths and weaknesses, and maximize your chances of success in the CISA exam.
Take other online exams

Question #1
The rate of change in technology increases the importance of:
A. outsourcing the IS function
B. implementing and enforcing good processes
C. hiring personnel willing to make a career within the organization
D. meeting user requirements
View answer
Correct Answer: C

View The Updated CISA Exam Questions

SPOTO Provides 100% Real CISA Exam Questions for You to Pass Your CISA Exam!

Question #2
Everything not explicitly permitted is forbidden has which of the following kinds of tradeoff?
A. it improves security at a cost in functionality
B. it improves functionality at a cost in security
C. it improves security at a cost in system performance
D. it improves performance at a cost in functionality
E. None of the choices
View answer
Correct Answer: A
Question #3
Which audit technique provides the BEST evidence of the segregation of duties in an IS department?
A. Discussion with management
B. Review of the organization chart
C. Observation and interviews
D. Testing of user access rights
View answer
Correct Answer: A
Question #4
What is used to provide authentication of the website and can also be used to successfully authenticate keys used for data encryption?
A. An organizational certificate
B. A user certificate
C. A website certificate
D. Authenticode
View answer
Correct Answer: D
Question #5
When using a digital signature, the message digest is computed:
A. only by the sender
B. only by the receiver
C. by both the sender and the receiver
D. by the certificate authority (CA)
View answer
Correct Answer: A
Question #6
When installing an intrusion detection system (IDS), which of the following is MOST important?
A. Properly locating it in the network architecture
B. Preventing denial-of-service (DoS) attacks
C. Identifying messages that need to be quarantined
D. Minimizing the rejection errors
View answer
Correct Answer: C
Question #7
The PRIMARY objective of performing a postincident review is that it presents an opportunity to:
A. improve internal control procedures
B. harden the network to industry best practices
C. highlight the importance of incident response management to management
D. improve employee awareness of the incident response process
View answer
Correct Answer: D
Question #8
An IS auditor reviewing a proposed application software acquisition should ensure that the:
A. operating system (OS) being used is compatible with the existing hardware platform
B. planned OS updates have been scheduled to minimize negative impacts on company needs
C. OS has the latest versions and updates
D. products are compatible with the current or planned OS
View answer
Correct Answer: C
Question #9
The MOST important reason for an IS auditor to obtain sufficient and appropriate audit evidence is to:
A. comply with regulatory requirements
B. provide a basis for drawing reasonable conclusions
C. ensure complete audit coverage
D. perform the audit according to the defined scope
View answer
Correct Answer: D
Question #10
Which of the following would impair the independence of a quality assurance team?
A. Ensuring compliance with development methods
B. Checking the testing assumptions
C. Correcting coding errors during the testing process
D. Checking the code to ensure proper documentation
View answer
Correct Answer: D
Question #11
An audit charter should:
A. be dynamic and change often to coincide with the changing nature of technology and the audit profession
B. clearly state audit objectives for, and the delegation of, authority to the maintenance and review of internal controls
C. document the audit procedures designed to achieve the planned audit objectives
D. outline the overall authority, scope and responsibilities of the audit function
View answer
Correct Answer: C
Question #12
While evaluating software development practices in an organization, an IS auditor notes that the quality assurance (QA) function reports to project management. The MOST important concern for an IS auditor is the:
A. effectiveness of the QA function because it should interact between project management and user management
B. efficiency of the QA function because it should interact with the project implementation team
C. effectiveness of the project manager because the project manager should interact with the QA function
D. efficiency of the project manager because the QA function will need to communicate with the project implementation team
View answer
Correct Answer: B
Question #13
An IS auditor evaluating the resilience of a high-availability network should be MOST concerned if:
A. the setup is geographically dispersed
B. the network servers are clustered in a site
C. a hot site is ready for activation
D. diverse routing is implemented for the network
View answer
Correct Answer: B
Question #14
Which of the following is a feature of Wi-Fi Protected Access (WPA) in wireless networks?
A. Session keys are dynamic
B. Private symmetric keys are used
C. Keys are static and shared Source addresses are not encrypted or authenticated
View answer
Correct Answer: A
Question #15
Reconfiguring which of the following firewall types will prevent inward downloading of files through the File Transfer Protocol (FTP)?
A. Circuit gateway
B. Application gateway
C. Packet filter
D. Screening router
View answer
Correct Answer: C
Question #16
Which of the following is a substantive test?
A. Checking a list of exception reports
B. Ensuring approval for parameter changes
C. Using a statistical sample to inventory the tape library
D. Reviewing password history reports
View answer
Correct Answer: A
Question #17
Which of the following should an IS auditor review FIRST when planning a customer data privacy audit?
A. Legal and compliance requirements
B. Customer agreements
C. Organizational policies and procedures
D. Data classification
View answer
Correct Answer: A
Question #18
IT control objectives are useful to IS auditors, as they provide the basis for understanding the:
A. desired result or purpose of implementing specific control procedures
B. best IT security control practices relevant to a specific entity
C. techniques for securing information
D. security policy
View answer
Correct Answer: B
Question #19
Which of the following IT governance best practices improves strategic alignment?
A. Supplier and partner risks are managed
B. A knowledge base on customers, products, markets and processes is in place
C. A structure is provided that facilitates the creation and sharing of business information
D. Top management mediate between the imperatives of business and technology
View answer
Correct Answer: B
Question #20
Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things?
A. Governing
B. Culture
C. Enabling and support
D. Emergence
View answer
Correct Answer: B
Question #21
Which of the following provide(s) near-immediate recoverability for time-sensitive systems and transaction processing?
A. Automated electronic journaling and parallel processing
B. Data mirroring and parallel processing
C. Data mirroring
D. Parallel processing
View answer
Correct Answer: A
Question #22
During an implementation review of a multiuser distributed application, an IS auditor finds minor weaknesses in three areas-the initial setting of parameters is improperly installed, weak passwords are being used and some vital reports are not being checked properly. While preparing the audit report, the IS auditor should:
A. record the observations separately with the impact of each of them marked against each respective finding
B. advise the manager of probable risks without recording the observations, as the control weaknesses are minor ones
C. record the observations and the risk arising from the collective weaknesses
D. apprise the departmental heads concerned with each observation and properly document it in the report
View answer
Correct Answer: B
Question #23
Which of the following is the PRIMARY advantage of using computer forensic software for investigations?
A. The preservation of the chain of custody for electronic evidence
B. Time and cost savings
C. Efficiency and effectiveness Ability to search for violations of intellectual property rights
D.
View answer
Correct Answer: A
Question #24
TEMPEST is a hardware for which of the following purposes?
A. Eavedropping
B. Social engineering
C. Virus scanning
D. Firewalling
E. None of the choices
View answer
Correct Answer: C
Question #25
Which of the following would be BEST prevented by a raised floor in the computer machine room?
A. Damage of wires around computers and servers
B. A power failure from static electricityC
D. Water flood damage
View answer
Correct Answer: A
Question #26
An IS auditor has audited a business continuity plan (BCP). Which of the following findings is the MOST critical?
A. Nonavailability of an alternate private branch exchange (PBX) system
B. Absence of a backup for the network backbone
C. Lack of backup systems for the users' PCs
D. Failure of the access card system
View answer
Correct Answer: C
Question #27
An organization provides information to its supply chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?
A. A Secure Sockets Layer (SSL) has been implemented for user authentication and remote administration of the firewall
B. Firewall policies are updated on the basis of changing requirements
C. inbound traffic is blocked unless the traffic type and connections have been specifically permitted
D. The firewall is placed on top of the commercial operating system with all installation options
View answer
Correct Answer: C
Question #28
An advantage in using a bottom-up vs. a top-down approach to software testing is that:
A. interface errors are detected earlier
B. confidence in the system is achieved earlier
C. errors in critical modules are detected earlier
D. major functions and processing are tested earlier
View answer
Correct Answer: C
Question #29
Validated digital signatures in an e-mail software application will:
A. help detect spam
B. provide confidentiality
C. add to the workload of gateway servers
D. significantly reduce available bandwidth
View answer
Correct Answer: A
Question #30
"Under the concept of ""defense in depth"", subsystems should be designed to:"
A. ""fail insecure"""
B. ""fail secure"""
C. ""react to attack"""
D. ""react to failure"""
E. None of the choices
View answer
Correct Answer: A
Question #31
Which of the following is the key benefit of control self-assessment (CSA)?
A. Management ownership of the internal controls supporting business objectives is reinforced
B. Audit expenses are reduced when the assessment results are an input to external audit work
C. Improved fraud detection since internal business staff are engaged in testing controls
D. Internal auditors can shift to a consultative approach by using the results of the assessment
View answer
Correct Answer: C
Question #32
An IS auditor should be MOST concerned with what aspect of an authorized honeypot?
A. The data collected on attack methods
B. The information offered to outsiders on the honeypot
C. The risk that the honeypot could be used to launch further attacks on the organization's infrastructure
D. The risk that the honeypot would be subject to a distributed denial-of-service attack
View answer
Correct Answer: C
Question #33
The IS auditor has identified a potential fraud perpetrated by the network administrator. The IS auditor should:
A. issue a report to ensure a timely resolution
B. review the audit finding with the audit committee prior to any other discussions
C. perform more detailed tests prior to disclosing the audit results
D. share the potential audit finding with the security administrator
View answer
Correct Answer: B
Question #34
When preparing an audit report, the IS auditor should ensure that the results are supported by:
A. statements from IS management
B. workpapers of other auditors
C. an organizational control self-assessment
D. sufficient and appropriate audit evidence
View answer
Correct Answer: D
Question #35
A penetration test performed as part of evaluating network security:
A. provides assurance that all vulnerabilities are discovered
B. should be performed without warning the organization's management
C. exploits the existing vulnerabilities to gain unauthorized access
D. would not damage the information assets when performed at network perimeters
View answer
Correct Answer: D
Question #36
Machines that operate as a closed system can NEVER be eavesdropped.
A. True
B. False
View answer
Correct Answer: A
Question #37
Two servers are deployed in a cluster to run a mission-critical application. To determine whether the system has been designed for optimal efficiency, the IS auditor should verify that:
A. the security features in the operating system are all enabled Explanation/Reference:
B. the number of disks in the cluster meets minimum requirements
C. the two servers are of exactly the same configuration
D. load balancing between the servers has been implemented
View answer
Correct Answer: D
Question #38
An organization has a recovery time objective (RTO) equal to zero and a recovery point objective (RPO) close to 1 minute for a critical system. This implies that the system can tolerate:
A. a data loss of up to 1 minute, but the processing must be continuous
B. a 1-minute processing interruption but cannot tolerate any data loss
C. a processing interruption of 1 minute or more
D. both a data less and processing interruption longer than 1 minute
View answer
Correct Answer: A
Question #39
Which of the following is a passive attack to a network?
A. Message modification
B. Masquerading
C. Denial of service
D. Traffic analysis
View answer
Correct Answer: D
Question #40
When performing a computer forensic investigation, in regard to the evidence gathered, an IS auditor should be MOST concerned with:
A. analysis
B. evaluation
C. preservation
D. disclosure
View answer
Correct Answer: D
Question #41
Which of the following types of attack almost always requires physical access to the targets?
A. Direct access attack
B. Wireless attack
C. Port attack
D. Window attack
E. System attack
F. None of the choices
View answer
Correct Answer: C
Question #42
To protect a VoIP infrastructure against a denial-of-service (DoS) attack, it is MOST important to secure the:
A. access control servers
B. session border controllers
C. backbone gateways
D. intrusion detection system (IDS)
View answer
Correct Answer: C
Question #43
When performing an IS strategy audit, an IS auditor should review both short-term (one- year) and long-term (three-to five-year) IS strategies, interview appropriate corporate management personnel, and ensure that the external environment has been considered. The auditor should especially focus on procedures in an audit of IS strategy. True or false?
A. True
B. False
View answer
Correct Answer: C
Question #44
The BEST way to validate whether a malicious act has actually occurred in an application is to review:
A. segregation of duties
B. access controls
C. activity logs
D. change management logs
View answer
Correct Answer: C
Question #45
Which of the following would be an indicator of the effectiveness of a computer security incident response team?
A. Financial impact per security incident
B. Number of security vulnerabilities that were patched
C. Percentage of business applications that are being protected
D. Number of successful penetration tests
View answer
Correct Answer: A
Question #46
During the requirements definition phase of a software development project, the aspects of software testing that should be addressed are developing:
A. test data covering critical applications
B. detailed test plans
C. quality assurance test specifications
D. user acceptance testing specifications
View answer
Correct Answer: A
Question #47
Which of the following provides the MOST relevant information for proactively strengthening security settings?
A. Bastion host
B. Intrusion detection system
C. Honeypot
D. Intrusion prevention system
View answer
Correct Answer: C
Question #48
Disabling which of the following would make wireless local area networks more secure against unauthorized access?
A. MAC (Media Access Control) address filtering
B. WPA (Wi-Fi Protected Access Protocol)
C. LEAP (Lightweight Extensible Authentication Protocol)
D. SSID (service set identifier) broadcasting
View answer
Correct Answer: A
Question #49
An IS auditor has discovered that a cloud-based application was not included in an application inventory that was used to confirm the scope of an audit. The business process owner explained that the application will be audited by a third party in the next year. The auditor’s NEXT step should be to:
A. evaluate the impact of the cloud application on the audit scope
B. revise the audit scope to include the cloud-based application
C. review the audit report when performed by the third party
D. report the control deficiency to senior management
View answer
Correct Answer: D
Question #50
During a review of a customer master file, an IS auditor discovered numerous customer name duplications arising from variations in customer first names. To determine the extent of the duplication, the IS auditor would use:
A. test data to validate data input
B. test data to determine system sort capabilities
C. generalized audit software to search for address field duplications
D. generalized audit software to search for account field duplications
View answer
Correct Answer: D
Question #51
During a business continuity audit an IS auditor found that the business continuity plan (BCP) covered only critical processes. The IS auditor should:
A. recommend that the BCP cover all business processes
B. assess the impact of the processes not covered
C. report the findings to the IT manager
D. redefine critical processes
View answer
Correct Answer: A
Question #52
Which of the following is the BEST way to evaluate the effectiveness of access controls to an internal network?
A. Perform a system penetration test
B. Test compliance with operating procedures
C. Review access rights
D. Review router configuration tables
View answer
Correct Answer: A
Question #53
A benefit of open system architecture is that it:
A. facilitates interoperability
B. facilitates the integration of proprietary components
C. will be a basis for volume discounts from equipment vendors
D. allows for the achievement of more economies of scale for equipment
View answer
Correct Answer: A
Question #54
Which of the following systems or tools can recognize that a credit card transaction is more likely to have resulted from a stolen credit card than from the holder of the credit card?
A. Intrusion detection systems
B. Data mining techniques
C. Firewalls
D. Packet filtering routers
View answer
Correct Answer: D
Question #55
The MOST likely explanation for the use of applets in an Internet application is that:
A. it is sent over the network from the server
B. the server does not run the program and the output is not sent over the network
C. they improve the performance of the web server and network
D. it is a JAVA program downloaded through the web browser and executed by the web server of the client machine
View answer
Correct Answer: D
Question #56
The MOST effective control for addressing the risk of piggybacking is:
A. a single entry point with a receptionist
B. the use of smart cards
C. a biometric door lock
D. a deadman door
View answer
Correct Answer: B
Question #57
Which of the following is the PRIMARY advantage of having an established information security governance framework in place when an organization is adopting emerging technologies?
A. An emerging technologies strategy would be in place
B. A cost-benefit analysis process would be easier to perform
C. An effective security risk management process is established
D. End-user acceptance of emerging technologies has been established
View answer
Correct Answer: C
Question #58
A data center has a badge-entry system. Which of the following is MOST important to protect the computing assets in the center?
A. Badge readers are installed in locations where tampering would be noticed
B. The computer that controls the badge system is backed up frequently
C. A process for promptly deactivating lost or stolen badges exists
D. All badge entry attempts are logged
View answer
Correct Answer: B
Question #59
What method might an IS auditor utilize to test wireless security at branch office locations?
A. War dialing
B. Social engineering
C. War driving
D. Password cracking
View answer
Correct Answer: C
Question #60
Default permit is only a good approach in an environment where:
A. security threats are non-existent or negligible
B. security threats are non-negligible
C. security threats are serious and severe
D. users are trained
E. None of the choices
View answer
Correct Answer: D
Question #61
To install backdoors, hackers generally prefer to use:
A. either Trojan horse or computer worm
B. either Tripwire or computer virus
C. either eavedropper or computer worm
D. either Trojan horse or eavedropper
E. None of the choices
View answer
Correct Answer: B
Question #62
Which of the following refers to a method of bypassing normal system authentication procedures?
A. virus
B. worm
C. trojan horse
D. spyware
E. rootkits
F. backdoor
G. None of the choices
View answer
Correct Answer: A
Question #63
The GREATEST benefit in implementing an expert system is the:
A. capturing of the knowledge and experience of individuals in an organization
B. sharing of knowledge in a central repository
C. enhancement of personnel productivity and performance
D. reduction of employee turnover in key departments
View answer
Correct Answer: C
Question #64
A comprehensive and effective e-mail policy should address the issues of e-mail structure, policy enforcement, monitoring and:
A. recovery
B. retention
C. rebuilding
D. reuse
View answer
Correct Answer: D
Question #65
Which of the following should be established FIRST when initiating a control self-assessment program in a small organization?
A. Control baselines
B. Client questionnaires
C. External consultants
D. Facilitated workshops
View answer
Correct Answer: B
Question #66
A vulnerability in which of the following virtual systems would be of GREATEST concern to the IS auditor?
A. The virtual machine management server
B. The virtual file server
C. The virtual application server
D. The virtual antivirus server
View answer
Correct Answer: A
Question #67
During the planning stage of an IS audit, the PRIMARY goal of an IS auditor is to:
A. address audit objectives
B. collect sufficient evidence
C. specify appropriate tests
D. minimize audit resources
View answer
Correct Answer: D
Question #68
An audit of the quality management system (QMS) begins with an evaluation of the:
A. organization’s QMS policy
B. sequence and interaction of QMS processes
C. QMS processes and their application
D. QMS document control procedures
View answer
Correct Answer: A
Question #69
An IS auditor reviewing wireless network security determines that the Dynamic Host Configuration Protocol is disabled at all wireless access points. This practice:
A. reduces the risk of unauthorized access to the network
B. is not suitable for small networks
C. automatically provides an IP address to anyone
D. increases the risks associated with Wireless Encryption Protocol (WEP)
View answer
Correct Answer: C
Question #70
An IS auditor considering the risks associated with spooling sensitive reports for off-line printing will be the MOST concerned that:
A. data can easily be read by operators
B. data can more easily be amended by unauthorized persons
C. unauthorized copies of reports can be printed
D. output will be lost if the system should fail
View answer
Correct Answer: C
Question #71
Which of the following refers to the proving of mathematical theorems by a computer program?
A. Analytical theorem proving
B. Automated technology proving
C. Automated theorem processingD
E. None of the choices
View answer
Correct Answer: C
Question #72
Which of the following should MOST concern an IS auditor reviewing an intrusion detection system (IDS)?
A. Number of false-negatives
B. Number of false-positives
C. Legitimate traffic blocked by the system
D. Reliability of IDS logs
View answer
Correct Answer: A
Question #73
The role of the certificate authority (CA) as a third party is to:
A. provide secured communication and networking services based on certificates
B. host a repository of certificates with the corresponding public and secret keys issued by that CA
C. act as a trusted intermediary between two communication partners
D. confirm the identity of the entity owning a certificate issued by that CA
View answer
Correct Answer: B
Question #74
In auditing a web server, an IS auditor should be concerned about the risk of individuals gaining unauthorized access to confidential information through:
A. common gateway interface (CGI) scripts
B. enterprise Java beans (EJBs)
C. applets
D. web services
View answer
Correct Answer: A
Question #75
An IS auditor is reviewing the physical security measures of an organization. Regarding the access card system, the IS auditor should be MOST concerned that: nonpersonalized access cards are given to the cleaning staff, who use a sign-in sheet but show no proof of identity.
B. access cards are not labeled with the organization's name and address to facilitate easy return of a lost card
C. card issuance and rights administration for the cards are done by different departments, causing unnecessary lead time for new cards
D. the computer system used for programming the cards can only be replaced after three weeks in the event of a system failure
View answer
Correct Answer: D
Question #76
Which of the following public key infrastructure (PKI) elements provides detailed descriptions for dealing with a compromised private key?
A. Certificate revocation list (CRL)
B. Certification practice statement (CPS)
C. Certificate policy (CP)
D. PKI disclosure statement (PDS)
View answer
Correct Answer: C
Question #77
To address a maintenance problem, a vendor needs remote access to a critical network. The MOST secure and effective solution is to provide the vendor with a:
A. Secure Shell (SSH-2) tunnel for the duration of the problem
B. two-factor authentication mechanism for network access
C. dial-in access
D. virtual private network (VPN) account for the duration of the vendor support contract
View answer
Correct Answer: A
Question #78
D. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)?
A. A user from within could send a file to an unauthorized person
B. FTP services could allow a user to download files from unauthorized sources
C. A hacker may be able to use the FTP service to bypass the firewall
D. FTP could significantly reduce the performance of a DMZ server
View answer
Correct Answer: D
Question #79
Which of the following is the MOST important requirement for the successful implementation of security governance?
A. Aligning to an international security framework
B. Mapping to organizational strategies
C. Implementing a security balanced scorecard
D. Performing an enterprise-wide risk assessment
View answer
Correct Answer: B
Question #80
Which of the following fire suppression systems is MOST appropriate to use in a data center environment?
A. Wet-pipe sprinkler system
B. Dry-pipe sprinkler system
C. FM-200system
D. Carbon dioxide-based fire extinguishers
View answer
Correct Answer: A
Question #81
Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a place to introduce possible solutions such as feedback loops; alignment with process improvement; and consideration of emergent issues in system design life cycle, change control, and risk management?
A. Governing
B. Culture
C. Enabling and support
D. Emergence
View answer
Correct Answer: D
Question #82
To preserve chain-of-custody following an internal server compromise, which of the following should be the FIRST step?
A. Take a system image including memory dump
B. Safely shut down the server
C. Replicate the attack using the remaining evidence
D. Trace the attacking route
View answer
Correct Answer: A
Question #83
B. Talking about the different approaches to security in computing, the principle of regarding the computer system itself as largely an untrusted system emphasizes:
A. most privilege full privilege
C. least privilege
D. null privilege
E. None of the choices
View answer
Correct Answer: A
Question #84
Security should ALWAYS be an all or nothing issue.
A. True
B. True for trusted systems only
C. True for untrusted systems only
D. False
E. None of the choices
View answer
Correct Answer: D
Question #85
An organization's IS audit charter should specify the:
A. short- and long-term plans for IS audit engagements
B. objectives and scope of IS audit engagements
C. detailed training plan for the IS audit staff
D. role of the IS audit function
View answer
Correct Answer: A
Question #86
The MOST effective biometric control system is the one:
A. which has the highest equal-error rate (EER)
B. which has the lowest EER
C. for which the false-rejection rate (FRR) is equal to the false-acceptance rate (FAR)
D. for which the FRR is equal to the failure-to-enroll rate (FER)
View answer
Correct Answer: C
Question #87
When an information security manager presents an information security program status report to senior management, the MAIN focus should be:
A. key performance indicators (KPIs)
B. critical risks indicators
C. net present value (NPV)
D. key controls evaluation
View answer
Correct Answer: A
Question #88
Buffer overflow aims primarily at corrupting:
A. system processor
B. network firewall
C. system memory
D. disk storage
E. None of the choices
View answer
Correct Answer: B
Question #89
You may reduce a cracker's chances of success by (choose all that apply):
A. keeping your systems up to date using a security scanner
B. hiring competent people responsible for security to scan and update your systems
C. using multiple firewalls
D. using multiple firewalls and IDS
E. None of the choices
View answer
Correct Answer: A
Question #90
Which of the following would be best suited to oversee the development of an information security policy?
A. System Administrators
B. End User
C. Security Officers
D. Security administrators
View answer
Correct Answer: C
Question #91
Which of the following is the MOST important role of the information security manager when the organization is in the process of adopting emerging technologies?
A. Understanding the impact on existing resources
B. Assessing how peer organizations using the same technologies have been impacted
C. Developing training for end users to familiarize them with the new technology
D. Reviewing vendor documentation and service levels agreements
View answer
Correct Answer: A
Question #92
Which of the following is a function of an IS steering committee?
A. Monitoring vendor-controlled change control and testing
B. Ensuring a separation of duties within the information's processing environment
C. Approving and monitoring major projects, the status of IS plans and budgets
D. Liaising between the IS department and the end users
View answer
Correct Answer: A
Question #93
A maturity model can be used to aid the implementation of IT governance by identifying:
A. critical success factors
B. performance drivers
C. improvement opportunities
D. accountabilities
View answer
Correct Answer: C
Question #94
Which of the following is the MOST important advantage of participating in beta testing of software products?
A. It improves vendor support and training
B. It enables an organization to gain familiarity with new products and their functionality
C. It increases an organization’s ability to retain staff who prefer to work with new technology
D. It enhances security and confidentiality
View answer
Correct Answer: B
Question #95
Which of the following is the MOST likely reason why e-mail systems have become a useful source of evidence for litigation?
A. Multiple cycles of backup files remain available
B. Access controls establish accountability for e-mail activity
C. Data classification regulates what information should be communicated via e-mail
D. Within the enterprise, a clear policy for using e-mail ensures that evidence is available
View answer
Correct Answer: A
Question #96
The majority of software vulnerabilities result from a few known kinds of coding defects, such as (choose all that apply):
A. buffer overflows
B. format string vulnerabilities
C. integer overflow
D. code injection
E. command injectionF
View answer
Correct Answer: C
Question #97
An IS auditor notes that IDS log entries related to port scanning are not being analyzed. This lack of analysis will MOST likely increase the risk of success of which of the following attacks?
A. Denial-of-service
B. Replay
C. Social engineering
D. Buffer overflow
View answer
Correct Answer: C
Question #98
An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review?
A. Availability of online network documentation
B. Support of terminal access to remote hosts
C. Handling file transfer between hosts and interuser communications
D. Performance management, audit and control
View answer
Correct Answer: D

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: