DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Prepare for CISA Success: Exam Questions 2024 Updated, Certified Information Systems Auditor | SPOTO

The Certified Information Systems Auditor® (CISA®) certification from ISACA is a globally recognized standard of excellence in auditing, monitoring, and assessing IT and business systems. As emerging technologies continue to shape the industry, achieving a CISA certification showcases your expertise and ability to apply a risk-based approach to audit engagements.At SPOTO, we understand the importance of staying ahead of the curve. Our 2024 updated CISA exam questions and preparation materials are meticulously crafted to ensure you are equipped with the latest knowledge and skills required to succeed in the CISA exam. Our exam materials, including practice tests, sample questions, exam dumps, and online exam questions, are regularly reviewed and updated by subject matter experts to reflect the most current exam objectives.Utilize our exam simulator to experience a realistic exam environment, helping you develop effective time management strategies and identify areas that require further attention. Our exam questions and answers, mock exams, and free tests provide valuable practice opportunities, reinforcing your understanding of the CISA exam content and boosting your confidence.
Take other online exams

Question #1
Which of the following is an example of a passive attack, initiated through the Internet?
A. Traffic analysis
B. Masquerading
C. Denial of service
D. E-mail spoofing
View answer
Correct Answer: D
Question #2
Which of the following statement INCORRECTLY describes Asynchronous Transfer Mode (ATM) technique?
A. ATM uses cell switching method
B. ATM is high speed network technology used for LAN, MAN and WAN
C. ATM works at session layer of an OSI model
D. Data are segmented into fixed size cell of 53 bytes
View answer
Correct Answer: C
Question #3
Business Continuity Planning (BCP) is not defined as a preparation that facilitates:
A. the rapid recovery of mission-critical business operations
B. the continuation of critical business functions
C. the monitoring of threat activity for adjustment of technical controls
D. the reduction of the impact of a disaster
View answer
Correct Answer: A
Question #4
Which of the following information valuation methods is LEAST likely to be used during a security review?
A. Processing cost
B. Replacement cost
C. Unavailability cost
D. Disclosure cost
View answer
Correct Answer: A
Question #5
A hacker could obtain passwords without the use of computer tools or programs through the technique of:
A. social engineering
B. sniffers
C. backdoors
D. trojan horses
View answer
Correct Answer: C
Question #6
Which of the following attacks could capture network user passwords?
A. Data diddling
B. Sniffing
C. IP Spoofing
D. Surfing
View answer
Correct Answer: B
Question #7
Which of the following hardware devices relieves the central computer from performing network control, format conversion and message handling tasks?
A. Spool
B. Cluster controller
C. Protocol converter
D. Front end processor
View answer
Correct Answer: A
Question #8
How does the process of systems auditing benefit from using a risk-based approach to audit planning?
A. Controls testing starts earlier
B. Auditing resources are allocated to the areas of highest concern
C. Auditing risk is reduced
D. Controls testing is more thorough
View answer
Correct Answer: C
Question #9
Which of the following is the FIRST thing an IS auditor should do after the discovery of a trojan horse program in a computer system?
A. Investigate the author
B. Remove any underlying threats
C. Establish compensating controls
D. Have the offending code removed
View answer
Correct Answer: A
Question #10
Programs that can run independently and travel from machine to machine across network connections, with the ability to destroy data or utilize tremendous computer and communication resources, are referred to as:
A. trojan horses
B. viruses
C. worms
D. logic bombs
View answer
Correct Answer: C
Question #11
Neural networks are effective in detecting fraud because they can:
A. discover new trends since they are inherently linear
B. solve problems where large and general sets of training data are not obtainable
C. attack problems that require consideration of a large number of input variables
D. make assumptions about the shape of any curve relating variables to the output
View answer
Correct Answer: B
Question #12
Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the user name and password are the same. The BEST control to mitigate this risk is to:
A. change the company's security policy
B. educate users about the risk of weak passwords
C. build in validations to prevent this during user creation and password change
D. require a periodic review of matching user ID and passwords for detection and correction
View answer
Correct Answer: D
Question #13
Many organizations require an employee to take a mandatory vacation (holiday) of a week or more to:
A. ensure the employee maintains a quality of life, which will lead to greater productivity
B. reduce the opportunity for an employee to commit an improper or illegal act
C. provide proper cross training for another employee
D. eliminate the potential disruption caused when an employee takes vacation one day at a time
View answer
Correct Answer: B
Question #14
Which of the following methods of suppressing a fire in a data center is the MOST effective and environmentally friendly?
A. Halon gas
B. Wet-pipe sprinklers
C. Dry-pipe sprinklers
D. Carbon dioxide gas
View answer
Correct Answer: D
Question #15
After a full operational contingency test, the IS auditor performs a review of the recovery steps and concludes that the elapsed time until the technological environment and systems were actually functioning, exceeded the required critical recovery time. Which of the following should the auditor recommend?
A. Perform an integral review of the recovery tasks
B. Broaden the processing capacity to gain recovery time
C. Make improvements in the facility's circulation structure
D. Increase the amount of human resources involved in the recovery
View answer
Correct Answer: B
Question #16
A request for a change to a report format in a module (subsystem) was made. After making the required changes, the programmer should carry out:
A. unit testing
B. unit and module testing
C. unit, module and regression testing
D. module testing
View answer
Correct Answer: C
Question #17
Which of the following type of computer has highest processing speed?
A. Supercomputers
B. Midrange servers
C. Personal computers
D. Thin client computers
View answer
Correct Answer: D
Question #18
Which of the following would be the BEST population to take a sample from when testing program changes?
A. Test library listings
B. Source program listings
C. Program change requests
D. Production library listings
View answer
Correct Answer: A
Question #19
Which of the following is the PRIMARY safeguard for securing software and data within an information processing facility?
A. Security awareness
B. Reading the security policy
C. Security committee
D. Logical access controls
View answer
Correct Answer: A
Question #20
Which of the following goals would you expect to find in an organization's strategic plan?
A. Test a new accounting package
B. Perform an evaluation of information technology needs
C. Implement a new project planning system within the next 12 months
D. Become the supplier of choice within a given time period for the product offered
View answer
Correct Answer: A
Question #21
At the end of a simulation of an operational contingency test, the IS auditor performed a review of the recovery process. The IS auditor concluded that the recovery took more than the critical time frame allows. Which of the following actions should the auditor recommend?
A. Widen the physical capacity to accomplish better mobility in a shorter time
B. Shorten the distance to reach the hot site
C. Perform an integral review of the recovery tasks
D. Increase the number of human resources involved in the recovery process
View answer
Correct Answer: B
Question #22
The PKI element that manages the certificate life cycle, including certificate directory maintenance and certificate revocation list (CRL) maintenance and publication is the:
A. certificate authority
B. digital certificate
C. certification practice statement
D. registration authority
View answer
Correct Answer: D
Question #23
A MAJOR risk of using single sign-on (SSO) is that it:
A. has a single authentication point
B. represents a single point of failure
C. causes an administrative bottleneck
D. leads to a lockout of valid users
View answer
Correct Answer: B
Question #24
Which of the following techniques would provide the BEST assurance that the estimate of program development effort is reliable?
A. Function point analysis
B. Estimates by business area
C. A computer-based project schedule
D. An estimate by experienced programmer
View answer
Correct Answer: A
Question #25
When auditing the proposed acquisition of a new computer system, the IS auditor should FIRST establish that:
A. a clear business case has been approved by management
B. corporate security standards will be met
C. users will be involved in the implementation plan
D. the new system will meet all required user functionality
View answer
Correct Answer: C
Question #26
During an audit of an enterprise that is dedicated to e-commerce, the IS manager states that digital signatures are used in the establishment of its commercial relations. To substantiate this, the IS auditor must prove that which of the following is used?
A. A biometric, digitalized and encrypted parameter with the customer's public key
B. A hash of the data that is transmitted and encrypted with the customer's private key
C. A hash of the data that is transmitted and encrypted with the customer's public key
D. The customer's scanned signature, encrypted with the customer's public key
View answer
Correct Answer: D
Question #27
Which of the following is protocol data unit (PDU) of data at LAN or WAN interface layer in TCP/IP model?
A. Data
B. Segment
C. Packet
D. Frame and bits
View answer
Correct Answer: B
Question #28
The PRIMARY advantage of a continuous audit approach is that it:
A. does not require an IS auditor to collect evidence on system reliability while processing is taking place
B. requires the IS auditor to review and follow up immediately on all information collected
C. can improve system security when used in time-sharing environments that process a large number of transactions
D. does not depend on the complexity of an organization's computer systems
View answer
Correct Answer: A
Question #29
Utilizing audit software to compare the object code of two programs is an audit technique used to test program:
A. logic
B. changes
C. efficiency
D. computations
View answer
Correct Answer: B
Question #30
Which of the following is the operating system mode in which all instructions can be executed?
A. Problem
B. Interrupt
C. Supervisor
D. Standard processing
View answer
Correct Answer: A
Question #31
Congestion control is BEST handled by which OSI layer?
A. Data link
B. Session layer
C. Transport layer
D. Network layer
View answer
Correct Answer: A
Question #32
Which of the following offsite information processing facility conditions would cause an IS auditor the GREATEST concern? The facility
A. is identified clearly on the outside with the company name
B. is located more than an hour driving distance from the originating site
C. does not have any windows to let in natural sunlight
D. entrance is located in the back of the building rather than the front
View answer
Correct Answer: B
Question #33
Private Branch Exchange(PBX) environment involves many security risks, one of which is the people both internal and external to an organization. Which of the following risks are NOT associated with Private Branch Exchange? 1. Theft of service 2. Disclosure of information 3. Data Modifications 4. Denial of service 5. Traffic Analysis
A. 3 and 4
B. 4 and 5
C. 1-4
D. They are ALL risks associated with PBX
View answer
Correct Answer: A
Question #34
Which of the following is a dynamic analysis tool for the purpose of testing software modules?
A. Blackbox test
B. Desk checking
C. Structured walk-through
D. Design and code
View answer
Correct Answer: C
Question #35
Which of the following process consist of identification and selection of data from the imaged data set in computer forensics?
A. Investigation
B. Interrogation
C. Reporting
D. Extraction
View answer
Correct Answer: C
Question #36
The most common reason for the failure of information systems to meet the needs of users is that:
A. user needs are constantly changing
B. the growth of user requirements was forecast inaccurately
C. the hardware system limits the number of concurrent users
D. user participation in defining the system's requirements was inadequate
View answer
Correct Answer: D
Question #37
During the review of a biometrics system operation, the IS auditor should FIRST review the stage of:
A. enrollment
B. identification
C. verification
D. storage
View answer
Correct Answer: B
Question #38
In a web server, a common gateway interface (CGI) is MOST often used as a(n):
A. consistent way for transferring data to the application program and back to the user
B. computer graphics imaging method for movies and TV
C. graphic user interface for web design
D. interface to access the private gateway domain
View answer
Correct Answer: A
Question #39
Which of the following is an environmental issue caused by electric storms or noisy electric equipment and may also cause computer system to hang or crash?
A. Sag
B. Blackout
C. Brownout
D. EMI
View answer
Correct Answer: D
Question #40
The process of using interpersonal communication skills to get unauthorized access to company assets is called:
A. wire tapping
B. trap doors
C. war dialing
D. social engineering
View answer
Correct Answer: B
Question #41
In planning a software development project, which of the following is the MOST difficult to determine?
A. Project slack times
B. The project's critical path
C. Time and resource requirements for individual tasks
D. Relationships that preclude the start of an activity before others are complete
View answer
Correct Answer: B
Question #42
When reviewing the implementation of a LAN the IS auditor should FIRST review the:
A. node list
B. acceptance test report
C. network diagram
D. user's list
View answer
Correct Answer: B
Question #43
In the ISO/OSI model, which of the following protocols is the FIRST to establish security for the user application?
A. Session layer
B. Transport layer
C. Network layer
D. Presentation layer
View answer
Correct Answer: A
Question #44
An organization provides information to its supply-chain partners and customers through an extranet infrastructure. Which of the following should be the GREATEST concern to an IS auditor reviewing the firewall security architecture?
A. A secure socket layer (SSL) has been implemented for user authentication and remote administration of the firewall
B. On the basis of changing requirements, firewall policies are updated
C. Inbound traffic is blocked unless the traffic type and connections have been specifically permitted
D. The firewall is placed on top of the commercial operating system with all installation options
View answer
Correct Answer: D
Question #45
Which of the following BEST describes the necessary documentation for an enterprise product reengineering (EPR) software installation?
A. Specific developments only
B. Business requirements only
C. All phases of the installation must be documented
D. No need to develop a customer specific documentation
View answer
Correct Answer: C
Question #46
The corporate office of a company having branches worldwide, developed a control self-assessment program (CSA) for all its offices. Which of the following is the MOST important requirement for a successful CSA?
A. Skills of the workshop facilitator
B. Simplicity of the questionnaire
C. Support from the audit department
D. Involvement of line managers
View answer
Correct Answer: A
Question #47
How does the digital envelop work? What are the correct steps to follow?
A. You encrypt the data using a session key and then encrypt session key using private key of a sender
B. You encrypt the data using the session key and then you encrypt the session key using sender's public key
C. You encrypt the data using the session key and then you encrypt the session key using the receiver's public key
D. You encrypt the data using the session key and then you encrypt the session key using the receiver's private key
View answer
Correct Answer: A
Question #48
Which of the following is critical to the selection and acquisition of the correct operating system software?
A. Competitive bids
B. User department approval
C. Hardware-configuration analysis
D. Purchasing department approval
View answer
Correct Answer: A
Question #49
Which of the following implementation modes would provide the GREATEST amount of security for outbound data connecting to the Internet?
A. Transport mode with authentication header plus encapsulating security payload (ESP)
B. Secure socket layer (SSL) mode
C. Tunnel mode with AH plus ESP
D. Triple-DES encryption mode
View answer
Correct Answer: A
Question #50
A primary function of risk management is the identification of cost-effective controls. In selecting appropriate controls, which of the following methods is best to study the effectiveness of adding various safeguards in reducing vulnerabilities?
A. "What if" analysis
B. Traditional cost/benefit analysis
C. Screening analysis
D. A "back-of-the-envelope" analysis
View answer
Correct Answer: C
Question #51
Which of the following would be the LEAST important aspect of a business continuity plan?
A. Redundant facilities
B. Relocation procedures
C. Adequate insurance coverage
D. Current and available business continuity manual
View answer
Correct Answer: A
Question #52
Which of the following devices extends the network and has the capacity to store frames and act as a storage and forward device?
A. Router
B. Bridge
C. Repeater
D. Gateway
View answer
Correct Answer: C
Question #53
An IS auditor conducting a review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor take?
A. Personally delete all copies of the unauthorized software
B. Inform auditee of the unauthorized software, and follow up to confirm deletion
C. Report the use of the unauthorized software to auditee management and the need to prevent recurrence
D. Take no action, as it is a commonly accepted practice and operations management is responsible for monitoring such use
View answer
Correct Answer: C
Question #54
An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following:
  • The existing disaster recovery plan was compiled two years ago by a systems analyst in the organization's IT department using transaction flow projections from the operations department.
  • The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his attention.
  • The plan has never been updated, tested or circulated to key ma
A. take no action as the lack of a current plan is the only significant finding
B. recommend that the hardware configuration at each site should be identical
C. perform a review to verify that the second configuration can support live processing
D. report that the financial expenditure on the alternative site is wasted without an effective plan
View answer
Correct Answer: B
Question #55
Which of the following would be the LEAST likely indication that complete or selected outsourcing of IS functions should be considered?
A. The applications development backlog is greater than three years
B. It takes one year to develop and implement a high-priority system
C. More than 60 percent of programming costs are spent on system maintenance
D. Duplicate information systems functions exist at two sites
View answer
Correct Answer: C
Question #56
A referential integrity constraint consists of:
A. ensuring the integrity of transaction processing
B. ensuring that data are updated through triggers
C. ensuring controlled user updates to database
D. rules for designing tables and queries
View answer
Correct Answer: C
Question #57
As an IS auditor it is very important to understand software release management process. Which of the following software release normally contains small enhancements and fixes?
A. Major software Release
B. Minor software Release
C. Emergency software release
D. General software Release
View answer
Correct Answer: A
Question #58
An IS auditor discovers evidence of fraud perpetrated with a manager's user id. The manager had written the password, allocated by the system administrator, inside his/her desk drawer. The IS auditor should conclude that the:
A. manager's assistant perpetrated the fraud
B. perpetrator cannot be established beyond doubt
C. fraud must have been perpetrated by the manager
D. system administrator perpetrated the fraud
View answer
Correct Answer: A
Question #59
An organization has been an Internet user for several years and the business plan now calls for initiating e-commerce via web-based transactions. Which of the following will LEAST impact transactions in e-commerce?
A. Encryption is required
B. Timed authentication is required
C. Firewall architecture hides the internal network
D. Traffic is exchanged through the firewall at the application layer only
View answer
Correct Answer: A
Question #60
Which of the following data entry controls provides the GREATEST assurance that the data is entered correctly?
A. Using key verification
B. Segregating the data entry function from data entry verification
C. Maintaining a log/record detailing the time, date, employee's initials/user id and progress of various data preparation and verification tasks
D. Adding check digits
View answer
Correct Answer: C
Question #61
An IS auditor observed that some data entry operators leave their computers in the midst of data entry without logging off. Which of the following controls should be suggested to prevent unauthorized access?
A. Encryption
B. Switch off the computer when leaving
C. Password control
D. Screen saver password
View answer
Correct Answer: C
Question #62
In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend?
A. Automated logging of changes to development libraries
B. Additional staff to provide separation of duties
C. Procedures that verify that only approved program changes are implemented
D. Access controls to prevent the operator from making program modifications
View answer
Correct Answer: D
Question #63
If the decision has been made to acquire software rather than develop it internally, this decision is normally made during the:
A. requirements definition phase of the project
B. feasibility study phase of the project
C. detailed design phase of the project
D. programming phase of the project
View answer
Correct Answer: C
Question #64
When reviewing a system development project an IS auditor would be PRIMARILY concerned with whether:
A. business objectives are achieved
B. security and control procedures are adequate
C. the system utilizes the strategic technical infrastructure
D. development will comply with the approved quality management processes
View answer
Correct Answer: A
Question #65
Which of the following would help to ensure the portability of an application connected to a database? The:
A. verification of database import and export procedures
B. usage of a structured query language (SQL)
C. analysis of stored procedures/triggers
D. synchronization of the entity-relation model with the database physical schema
View answer
Correct Answer: C
Question #66
An IS auditor conducting a review of disaster recovery planning at a financial processing organization has discovered the following:
  • The existing disaster recovery plan was compiled two years ago by a systems analyst in the organization's IT department using transaction flow projections from the operations department.
  • The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his attention.
  • The plan has never been updated, tested or circulated to key ma
A. the deputy CEO be censured for his failure to approve the plan
B. a board of senior managers be set up to review the existing plan
C. the existing plan be approved and circulated to all key management and staff
D. a manager coordinate the creation of a new or revised plan within a defined time limit
View answer
Correct Answer: A
Question #67
In RFID technology which of the following risk could represent a threat to non-RFID networked or collocated systems, assets, and people?
A. Business Process Risk
B. Business Intelligence Risk
C. Privacy Risk
D. Externality Risk
View answer
Correct Answer: A
Question #68
A control log basic to a real-time application system is a(n):
A. audit log
B. console log
C. terminal log
D. transaction log
View answer
Correct Answer: D
Question #69
Once an organization has finished the business process reengineering (BPR) of all its critical operations, the IS auditor would MOST likely focus on a review of:
A. pre-BPR process flowcharts
B. post-BPR process flowcharts
C. BPR project plans
D. continuous improvement and monitoring plans
View answer
Correct Answer: C
Question #70
Which of the following is LEAST likely to be contained in a digital certificate for the purposes of verification by a trusted third party (TTP)/certification authority (CA)?
A. Name of the TTP/CA
B. Public key of the sender
C. Name of the public key holder
D. Time period for which the key is valid
View answer
Correct Answer: C
Question #71
Identify the INCORRECT statement related to network performance below?
A. Bandwidth - Bandwidth commonly measured in bits/second is the maximum rate that information can be transferred
B. Latency - Latency the actual rate that information is transferred
C. Jitter - Jitter variation in the time of arrival at the receiver of the information
D. Error Rate - Error rate the number of corrupted bits expressed as a percentage or fraction of the total sent
View answer
Correct Answer: C
Question #72
The IS department of an organization wants to ensure that the computer files, used in the information processing facility, are backed up adequately to allow for proper recovery. This is a/an:
A. control procedure
B. control objective
C. corrective control
D. operational control
View answer
Correct Answer: A
Question #73
Which of the following protocol is developed jointly by VISA and Master Card to secure payment transactions among all parties involved in credit card transactions on behalf of cardholders and merchants?
A. S/MIME
B. SSH
C. SET
D. S/HTTP
View answer
Correct Answer: A
Question #74
The primary role of an IS auditor during the system design phase of an application development project is to:
A. advise on specific and detailed control procedures
B. ensure the design accurately reflects the requirement
C. ensure all necessary controls are included in the initial design
D. advise the development manager on adherence to the schedule
View answer
Correct Answer: A
Question #75
Which of the following is the MOST important consideration when developing a business continuity plan for a bank?
A. Antivirus software
B. Naming standards
C. Customer balance list
D. Password policy
View answer
Correct Answer: C
Question #76
When a PC that has been used for the storage of confidential data is sold on the open market the:
A. hard disk should be demagnetized
B. hard disk should be mid-level formatted
C. data on the hard disk should be deleted
D. data on the hard disk should be defragmented
View answer
Correct Answer: C
Question #77
When planning an audit of a network set up, the IS auditor should give highest priority to obtaining which of the following network documentation?
A. Wiring and schematic diagram
B. Users list and responsibilities
C. Applications list and their details
D. Backup and recovery procedures
View answer
Correct Answer: A
Question #78
Which of the following exposures could be caused by a line-grabbing technique?
A. Unauthorized data access
B. Excessive CPU cycle usage
C. Lockout of terminal polling
D. Multiplexor control dysfunction
View answer
Correct Answer: C
Question #79
Which of the following LAN physical layouts is subject to total loss if one device fails?
A. Star
B. Bus
C. Ring
D. Completely connected
View answer
Correct Answer: B
Question #80
Which of the following is the BEST way to handle obsolete magnetic tapes before disposing of them?
A. Overwriting the tapes
B. Initializing the tape labels
C. Degaussing the tapes
D. Erasing the tapes
View answer
Correct Answer: C
Question #81
Which of the following testing methods is MOST effective during the initial phases of prototyping?
A. System
B. Parallel
C. Volume
D. Top-down
View answer
Correct Answer: A
Question #82
Which of the following attack occurs when a malicious action is performed by invoking the operating system to execute a particular system call?
A. Eavesdropping
B. Traffic analysisC
D. Interrupt attack
View answer
Correct Answer: D
Question #83
Which of the following BEST describes the role of a systems analyst?
A. Defines corporate databases
B. Designs systems based on the needs of the user
C. Schedules computer resources
D. Tests and evaluates programmer and optimization tools
View answer
Correct Answer: C
Question #84
Which of the following types of firewalls provide the GREATEST degree and granularity of control?
A. Screening router
B. Packet filter
C. Application gateway
D. Circuit gateway
View answer
Correct Answer: D
Question #85
Which of the following access control functions is LEAST likely to be performed by a database management system (DBMS) software package?
A. User access to field data
B. User sign-on at the network level
C. User authentication at the program level
D. User authentication at the transaction level
View answer
Correct Answer: A
Question #86
The FIRST task an IS auditor should complete when performing an audit in an unfamiliar area is to:
A. design the audit programs for each system or function involved
B. develop a set of compliance tests and substantive tests
C. gather background information pertinent to the new audit
D. assign human and economical resources
View answer
Correct Answer: C
Question #87
Which of the following layer of an OSI model ensures that messages are delivered error-free, in sequence, and with no losses or duplications?
A. Application layer
B. Presentation layer
C. Session layer
D. Transport layer
View answer
Correct Answer:
Question #88
An IS auditor has recently discovered that because of a shortage of skilled operations personnel, the security administrator has agreed to work one late-night shift a month as the senior computer operator. The MOST appropriate course of action for the IS auditor is to:
A. advise senior management of the risk involved
B. agree to work with the security officer on these shifts as a form of preventative control
C. develop a computer-assisted audit technique to detect instances of abuses of this arrangement
D. review the system log for each of the late-night shifts to determine whether any irregular actions occurred
View answer
Correct Answer: C
Question #89
An organization is moving its application maintenance in-house from an outside source. Which of the following should be the main concern of an IS auditor?
A. Regression testing
B. Job scheduling
C. User manuals
D. Change control procedures
View answer
Correct Answer: A
Question #90
Losses can be minimized MOST effectively by using outside storage facilities to do which of the following?
A. Provide current, critical information in backup files
B. Ensure that current documentation is maintained at the backup facility
C. Test backup hardware
D. Train personnel in backup procedures
View answer
Correct Answer: D
Question #91
As an IS auditor it is very important to understand software release management process. Which of the following software release normally contains a significant change or addition of new functionality?
A. Major software Release
B. Minor software Release
C. Emergency software release
D. General software Release
View answer
Correct Answer: A
Question #92
Which of the following describes a difference between unit testing and system testing?
A. Unit testing is more comprehensive
B. Programmers are not involved in system testing
C. System testing relates to interfaces between programs
D. System testing proves user requirements are complete
View answer
Correct Answer: A
Question #93
Which of the following is a threat?
A. Lack of security
B. Loss of goodwill
C. Power outage
D. Information services
View answer
Correct Answer: D
Question #94
An Internet-based attack using password sniffing can:
A. enable one party to act as if they are another party
B. cause modification to the contents of certain transactions
C. be used to gain access to systems containing proprietary information
D. result in major problems with billing systems and transaction processing agreements
View answer
Correct Answer: C
Question #95
Most access violations are:
A. Accidental
B. Caused by internal hackers
C. Caused by external hackers
D. Related to Internet
View answer
Correct Answer: A
Question #96
Which of the following would an IS auditor consider to be the MOST important when evaluating an organization's IS strategy? That it:
A. has been approved by line management
B. does not vary from the IS department's preliminary budget
C. complies with procurement procedures
D. supports the business objectives of the organization
View answer
Correct Answer: D
Question #97
Which of the following statement correctly describes the difference between total flooding and local application extinguishing agent?
A. The local application design contain physical barrier enclosing the fire space where as physical barrier is not present in total flooding extinguisher
B. The total flooding design contain physical barrier enclosing the fire space where as physical barrier is not present in local application design extinguisher
C. The physical barrier enclosing fire space is not present in total flooding and local application extinguisher agent
D. The physical barrier enclosing fire space is present in total flooding and local application extinguisher agent
View answer
Correct Answer: D

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: