DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Success Secrets: CISA Exam Questions & Mock Tests, Certified Information Systems Auditor | SPOTO

The Certified Information Systems Auditor® (CISA®) certification from ISACA is a globally recognized credential that validates your expertise in auditing, monitoring, and assessing IT and business systems. Achieving this certification showcases your ability to apply a risk-based approach to audit engagements and your knowledge of emerging technologies in the field.At SPOTO, we understand the importance of thorough preparation for the CISA exam. Our comprehensive range of CISA practice questions and exam preparation resources are designed to help you unlock success and achieve your certification goals. Our exam materials, including practice tests, sample questions, exam dumps, and online exam questions, are meticulously crafted by subject matter experts to ensure accuracy and alignment with the latest exam objectives.Utilize our exam simulator to experience a realistic exam environment, allowing you to develop effective time management strategies and identify areas that require further attention. Our exam questions and answers, mock exams, and free tests provide valuable practice opportunities, reinforcing your understanding of the CISA exam content and boosting your confidence.
Take other online exams

Question #1
Which of the following duties would be a concern if performed along with systems administration?
A. Maintenance of access rules
B. Review of system audit trail
C. Data librarian
D. Performance monitoring
View answer
Correct Answer: C
Question #2
The objective of IT governance is to ensure that the IT strategy is aligned with the objectives of (the):
A. enterprise
B. IT
C. audit
D. finance
View answer
Correct Answer: B
Question #3
The planning and monitoring of computer resources to ensure that they are being used efficiently and effectively is:
A. hardware monitoring
B. capacity management
C. network management
D. job scheduling
View answer
Correct Answer: A
Question #4
Using test data as part of a comprehensive test of program controls in a continuous online manner is called a/an:
A. test data/deck
B. base case system evaluation
C. integrated test facility (ITF)
D. parallel simulation
View answer
Correct Answer: A
Question #5
Analysis of which of the following would MOST likely enable the IS auditor to determine if a non-approved program attempted to access sensitive data?
A. Abnormal job termination reports
B. Operator problem reports
C. System logs
D. Operator work schedules
View answer
Correct Answer: B
Question #6
The BEST overall quantitative measure of the performance of biometric control devices is:
A. false rejection rate
B. false acceptance rate
C. equal error rate
D. estimated error rate
View answer
Correct Answer: D
Question #7
Which of the following has the LEAST effect on controlling physical access?
A. Access to the work area is restricted through a swipe card
B. All physical assets have an identification tag and are properly recorded
C. Access to the premises is restricted and all visitors authorized for entry
D. Visitors are issued a pass and escorted in and out by a concerned employee
View answer
Correct Answer: D
Question #8
Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness?
A. Paper test
B. Post test
C. Preparedness test
D. Walk-through
View answer
Correct Answer: D
Question #9
Which of the following is the MOST effective control over visitor access to a data center?
A. Visitors are escorted
B. Visitor badges are required
C. Visitors sign in
D. Visitors are spot-checked by operators
View answer
Correct Answer: B
Question #10
The review of router access control lists should be conducted during a/an:
A. environmental review
B. network security review
C. business continuity review
D. data integrity review
View answer
Correct Answer: D
Question #11
During which of the following phases in systems development would user acceptance test plans normally be prepared?
A. Feasibility study
B. Requirements definition
C. Implementation planning
D. Post-implementation review
View answer
Correct Answer: A
Question #12
Which of the following audit procedures would an IS auditor be LEAST likely to include in a security audit?
A. Review the effectiveness and utilization of assets
B. Test to determine that access to assets is adequate
C. Validate physical, environmental and logical access policies per job profiles
D. Evaluate asset safeguards and procedures that prevent unauthorized access to the assets
View answer
Correct Answer: C
Question #13
Which of the following is the PRIMARY reason for involving an IS auditor in the definition of a system's requirements?
A. Post-application reviews do not need to be performed
B. Total budgeted system development costs can be reduced
C. It is costly to institute controls after a system becomes operational
D. The extent of user involvement in design activities is reduced
View answer
Correct Answer: D
Question #14
Detection risk refers to:
A. concluding that material errors do not exist, when in fact they do
B. controls that fail to detect an error
C. controls that detect high-risk errors
D. detecting an error but failing to report it
View answer
Correct Answer: A
Question #15
Which of the following imaging technologies captures handwriting from a preprinted form and converts it into an electronic format?
A. Magnetic ink character recognition (MICR)
B. Intelligent voice recognition (IVR)
C. Bar code recognition (BCR)
D. Optical character recognition (OCR)
View answer
Correct Answer: B
Question #16
Which of the following is the MOST fundamental step in effectively preventing a virus attack?
A. Executing updated antivirus software in the background on a periodic basis
B. Buying standard antivirus software, which is installed on all servers and workstations
C. Ensuring that all software is checked for a virus in a separate PC before being loaded into the production environment
D. Adopting a comprehensive antivirus policy and communicating it to all users
View answer
Correct Answer: D
Question #17
Which of the following protocols would be involved in the implementation of a router and interconnectivity device monitoring system?
A. Simple network management
B. File transfer
C. Simple Mail Transfer Protocol
D. Telnet
View answer
Correct Answer: A
Question #18
Which of the following methods of providing telecommunication continuity involves routing traffic through split- or duplicate-cable facilities?
A. Diverse routing
B. Alternative routing
C. Redundancy
D. Long haul network diversity
View answer
Correct Answer: D
Question #19
Which of the following are data file controls?
A. Internal and external labeling
B. Limit check and logical relationship checks
C. Total items and hash totals
D. Report distribution procedures
View answer
Correct Answer: C
Question #20
Which of the following provisions in a contract for external information systems services would an IS auditor consider to be LEAST significant?
A. Ownership of program and files
B. Statement of due care and confidentiality
C. Continued service of outsourcer in the event of a disaster
D. Detailed description of computer hardware used by the vendor
View answer
Correct Answer: D
Question #21
An IS auditor reviews an organization chart PRIMARILY for:
A. an understanding of workflows
B. investigating various communication channels
C. understanding the responsibilities and authority of individuals
D. investigating the network connected to different employees
View answer
Correct Answer: D
Question #22
The MOST likely explanation for the use of applets in an Internet application is that:
A. it is sent over the network from the server
B. the server does not run the program and the output is not sent over the network
C. they improve the performance of both the web server and network
D. it is a JAVA program downloaded through the web browser and executed by the web server of the client machine
View answer
Correct Answer: C
Question #23
The PRIMARY reason for separating the test and development environments is to:
A. restrict access to systems under test
B. segregate user and development staff
C. control the stability of the test environment
D. secure access to systems under development
View answer
Correct Answer: B
Question #24
To determine which users can gain access to the privileged supervisory state, which of the following should an IS auditor review?
A. System access log files
B. Enabled access control software parameters
C. Logs of access control violations
D. System configuration files for control options used
View answer
Correct Answer: A
Question #25
Passwords should be:
A. assigned by the security administrator
B. changed every 30 days at the discretion of the user
C. reused often to ensure the user does not forget the password
D. displayed on the screen so that the user can ensure that it has been entered properly
View answer
Correct Answer: A
Question #26
The general ledger setup function in an enterprise resource package (ERP) allows for setting accounting periods. Access to this function has been permitted to users in finance, the warehouse and order entry. The MOST likely reason for such broad access is the:
A. need to change accounting periods on a regular basis
B. requirement to post entries for a closed accounting period
C. lack of policies and procedures for the proper segregation of duties
D. need to create/modify the chart of accounts and its allocations
View answer
Correct Answer: A
Question #27
Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance with an organization's security policy?
A. Review the parameter settings
B. Interview the firewall administrator
C. Review the actual procedures
D. Review the device's log file for recent attacks
View answer
Correct Answer: A
Question #28
The IS auditor learns that when equipment was brought into the data center by a vendor, the emergency power shutoff switch was accidentally pressed and the UPS was engaged. Which of the following audit recommendations should the IS auditor suggest?
A. Relocate the shut off switch
B. Install protective covers
C. Escort visitors
D. Log environmental failures
View answer
Correct Answer: C
Question #29
Confidential data residing on a PC is BEST protected by:
A. a password
B. file encryption
C. removable diskettes
D. a key operated power source
View answer
Correct Answer: A
Question #30
Good quality software is BEST achieved:
A. through thorough testing
B. by finding and quickly correcting programming errors
C. determining the amount of testing by the available time and budget
D. by applying well-defined processes and structured reviews throughout the project
View answer
Correct Answer: A
Question #31
Which of the following is a role of an IS steering committee?
A. Initiate computer applications
B. Ensure efficient use of data processing resources
C. Prepare and monitor system implementation plans
D. Review the performance of the systems department
View answer
Correct Answer: A
Question #32
Which of the following is a benefit of a risk-based approach to audit planning? Audit:
A. scheduling may be performed months in advance
B. budgets are more likely to be met by the IS audit staff
C. staff will be exposed to a variety of technologies
D. resources are allocated to the areas of highest concern
View answer
Correct Answer: A
Question #33
An IS auditor is performing an audit of a network operating system. Which of the following is a user feature the IS auditor should review?
A. Availability of online network documentation
B. Support of terminal access to remote hosts
C. Handling file transfer between hosts and inter-user communications
D. Performance management, audit and control
View answer
Correct Answer: B
Question #34
Which of the following user profiles should be of MOST concern to the IS auditor, when performing an audit of an EFT system?
A. Three users with the ability to capture and verifiy their own messages
B. Five users with the ability to capturr and send their own messages
C. Five users with the ability to verificy other users and to send of their own messages
D. Three users with the ability to capture and verifiy the messages of other users and to send their own messages
View answer
Correct Answer: D
Question #35
When performing a review of the structure of an electronic funds transfer (EFT) system, an IS auditor observes that the technological infrastructure is based on a centralized processing scheme that has been outsourced to a provider in another country. Based on this information, which of the following conclusions should be the main concern of the IS auditor?
A. There could be a question with regards to the legal jurisdiction
B. Having a provider abroad will cause excesive costs in future audits
C. The auditing process will be difficult because of the distances
D. There could be different auditing norms
View answer
Correct Answer: A
Question #36
An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking?
A. An application-level gateway
B. A remote access server
C. A proxy server
D. Port scanning
View answer
Correct Answer: C
Question #37
Which of the following is a function of an IS steering committee?
A. Monitoring vendor controlled change control and testing
B. Ensuring a separation of duties within the information's processing environment
C. Approving and monitoring major projects, the status of IS plans and budgets
D. Responsible for liaison between the IS department and the end users
View answer
Correct Answer: B
Question #38
Receiving an EDI transaction and passing it through the communications interface stage usually requires:
A. translating and unbundling transactions
B. routing verification procedures
C. passing data to the appropriate application system
D. creating a point of receipt audit log
View answer
Correct Answer: B
Question #39
If an application program is modified and proper system maintenance procedures are in place, which of the following should be tested? The:
A. integrity of the database
B. access controls for the applications programmer
C. complete program, including any interface systems
D. segment of the program containing the revised code
View answer
Correct Answer: S
Question #40
The reliability of an application system's audit trail may be questionable if:
A. user IDs are recorded in the audit trail
B. the security administrator has read-only rights to the audit file
C. date time stamps record when an action occurs
D. users can amend audit trail records when correcting system errors
View answer
Correct Answer: C
Question #41
Which of the following encrypt/decrypt steps provides the GREATEST assurance in achieving confidentiality, message integrity and nonrepudiation by either sender or recipient?
A. The recipient uses his/her private key to decrypt the secret key
B. The encrypted pre-hash code and the message are encrypted using a secret key
C. The encrypted pre-hash code is derived mathematically from the message to be sent
D. The recipient uses the sender's public key, verified with a certificate authority, to decrypt the pre-hash code
View answer
Correct Answer: C
Question #42
Which of the following can identify attacks and penetration attempts to a network?
A. Firewall
B. Packet filters
C. Stateful inspection
D. Intrusion detection system (IDs)
View answer
Correct Answer: A
Question #43
Which of the following reports should an IS auditor use to check compliance with a service level agreement (SLA) requirement for uptime?
A. Utilization reports
B. Hardware error reports
C. System logs
D. Availability reports
View answer
Correct Answer: A
Question #44
Security administration procedures require read-only access to:
A. access control tables
B. security log files
C. logging options
D. user profiles
View answer
Correct Answer: A
Question #45
Requiring passwords to be changed on a regular basis, assigning a new onetime password when a user forgets his/hers, and requiring users not to write down their passwords are all examples of:
A. audit objectives
B. audit procedures
C. controls objectives
D. control procedures
View answer
Correct Answer: D
Question #46
Which of the following procedures can a biometric system perform?
A. Measure airborne contamination
B. Provide security over physical access
C. Monitor temperature and humidity levels
D. Detect hazardous electromagnetic fields in an area
View answer
Correct Answer: A
Question #47
A control for a company that wants to prevent virus-infected programs (or other type of unauthorized modified programs) would be to:
A. utilize integrity checkers
B. verify program's lengths
C. backup the source and object code
D. implement segregation of duties
View answer
Correct Answer: D
Question #48
The PRIMARY reason for replacing checks (cheques) with EFT systems in the accounts payable area is to:
A. make the payment process more efficient
B. comply with international EFT banking standards
C. decrease the number of paper-based payment forms
D. reduce the risk of unauthorized changes to payment transactions
View answer
Correct Answer: C
Question #49
Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data?
A. Inheritance
B. Dynamic warehousing
C. Encapsulation
D. Polymorphism
View answer
Correct Answer: C
Question #50
Which of the following would an IS auditor consider the MOST relevant to short-term planning for the IS department?
A. Allocating resources
B. Keeping current with technology advances
C. Conducting control self-assessment
D. Evaluating hardware needs
View answer
Correct Answer: D
Question #51
Various standards have emerged to assist IS organizations in achieving an operational environment that is predictable, measurable and repeatable. The standard that provides the definition of the characteristics and the associated quality evaluation process to be used when specifying the requirements for and evaluating the quality of software products throughout their life cycle is:
A. ISO 9001
B. ISO 9002
C. ISO 9126
D. ISO 9003
View answer
Correct Answer: A
Question #52
The difference between a vulnerability assessment and a penetration test is that a vulnerability assessment:
A. searches and checks the infrastructure to detect vulnerabilities, whereas penetration testing intends to exploit the vulnerabilities to probe the damage that could result from the vulnerabilities
B. and penetration tests are different names for the same activity
C. is executed by automated tools, whereas penetration testing is a totally manual process
D. is executed by commercial tools, whereas penetration testing is executed by public processes
View answer
Correct Answer: A
Question #53
An IS auditor reviewing back-up procedures for software need only determine that:
A. object code libraries are backed up
B. source code libraries are backed up
C. both object and source codes libraries are backed up
D. program patches are maintained at the originating site
View answer
Correct Answer: A
Question #54
During an audit of a telecommunications system the IS auditor finds that the risk of intercepting data transmitted to and from remote sites is very high. The MOST effective control for reducing this exposure is:
A. encryption
B. callback modems
C. message authentication
D. dedicated leased lines
View answer
Correct Answer: B
Question #55
Confidential data stored on a laptop is BEST protected by:
A. storage on optical disks
B. logon ID and password
C. data encryption
D. physical locks
View answer
Correct Answer: C
Question #56
The PRIMARY objective of a business continuity and disaster recovery plan should be to:
A. safeguard critical IS assets
B. provide for continuity of operations
C. minimize the loss to an organization
D. protect human life
View answer
Correct Answer: D
Question #57
When developing a risk management program, the FIRST activity to be performed is a/an:
A. threats assessment
B. classification of data
C. inventory of assets
D. criticality analysis
View answer
Correct Answer: C
Question #58
Which of the following techniques or tools would assist an IS auditor when performing a statistical sampling of financial transactions maintained in a financial management information system?
A. Spreadsheets
B. Parallel simulation
C. Generalized audit software
D. Regression testing
View answer
Correct Answer: C
Question #59
Which of the following is MOST directly affected by network performance monitoring tools?
A. Integrity
B. Availability
C. Completeness
D. Confidentiality
View answer
Correct Answer: D
Question #60
Which of the following would be the LEAST helpful in restoring service from an incident currently underway?
A. Developing a database repository of past incidents and actions to facilitate future corrective actions
B. Declaring the incident, which not only helps to carry out corrective measures, but also improves the awareness level
C. Developing a detailed operations plan that outlines specific actions to be taken to recover from an incident
D. Establishing multidisciplinary teams consisting of executive management, security staff, information systems staff, legal counsel, public relations, etc
View answer
Correct Answer: A
Question #61
There are several methods of providing telecommunications continuity. The method of routing traffic through split cable or duplicate cable facilities is:
A. alternative routing
B. diverse routing
C. long-haul network diversity
D. last mile circuit protection
View answer
Correct Answer: A
Question #62
Which of the following logical access exposures involves changing data before, or as it is entered into the computer?
A. Data diddling
B. Trojan horse
C. Worm
D. Salami technique
View answer
Correct Answer: B
Question #63
A decision support system (DSS):
A. is aimed at solving highly structured problems
B. combines the use of models with nontraditional data access and retrieval functions
C. emphasizes flexibility in the decision making approach of users
D. supports only structured decision-making tasks
View answer
Correct Answer: B
Question #64
An IS auditor reviewing an organization's IS disaster recovery plan should verify that it is:
A. tested every 6 months
B. regularly reviewed and updated
C. approved by the chief executive officer (CEO)
D. communicated to every departmental head in the organization
View answer
Correct Answer: C
Question #65
In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced by:
A. the availability of CAATs
B. management's representation
C. organizational structure and job responsibilities
D. the existence of internal and operational controls
View answer
Correct Answer: D
Question #66
An enterprise has established a steering committee to oversee its e-business program. The steering committee would MOST likely be involved in the:
A. documentation of requirements
B. escalation of project issues
C. design of interface controls
D. specification of reports
View answer
Correct Answer: B
Question #67
The extent to which data will be collected during an IS audit should be determined, based on the:
A. availability of critical and required information
B. auditor's familiarity with the circumstances
C. auditee's ability to find relevant evidence
D. purpose and scope of the audit being done
View answer
Correct Answer: D
Question #68
Which of the following functions would be acceptable for the security administrator to perform in addition to his/her normal functions?
A. Systems analyst
B. Quality assurance
C. Computer operator
D. Systems programmer
View answer
Correct Answer: D
Question #69
Which of the following would BEST ensure continuity of a wide area network (WAN) across the organization?
A. Built-in alternative routing
B. Full system backup taken daily
C. A repair contract with a service provider
D. A duplicate machine alongside each server
View answer
Correct Answer: B
Question #70
An IS auditor's MAJOR concern as a result of reviewing a business process reengineering (BPR) project should be whether the:
A. newly designed business process has key controls in place
B. changed process will affect organization structure, finances and personnel
C. roles for suppliers have been redefined
D. process has been documented before and after reengineering
View answer
Correct Answer: B
Question #71
The quality assurance group is typically responsible for:
A. ensuring that the output received from system processing is complete
B. monitoring the execution of computer processing tasks
C. ensuring that programs and program changes and documentation adhere to established standards
D. designing procedures to protect data against accidental disclosure, modification or destruction
View answer
Correct Answer: C
Question #72
Prices are charged on the basis of a standard master file rate that changes as volume increases. Any exceptions must be manually approved. What is the MOST effective automated control to help ensure that all price exceptions are approved?
A. All amounts are displayed back to the data entry clerk, who must verify them visually
B. Prices outside the normal range should be entered twice to verify data entry accuracy
C. The system beeps when price exceptions are entered and prints such occurrences on a report
D. A second-level password must be entered before a price exception can be processed
View answer
Correct Answer: D
Question #73
A debugging tool, which reports on the sequence of steps executed by a program, is called a/an:
A. output analyzer
B. memory dump
C. compiler
D. logic path monitor
View answer
Correct Answer: A
Question #74
Which of the following integrity tests examines the accuracy, completeness, consistency and authorization of data?
A. Data
B. Relational
C. Domain
D. Referential
View answer
Correct Answer: B
Question #75
Antivirus software should be used as a:
A. detective control
B. preventive control
C. corrective control
D. compensating control
View answer
Correct Answer: A
Question #76
When an IS auditor obtains a list of current users with access to a WAN/LAN and verifies that those listed are active associates, the IS auditor is performing a:
A. compliance test
B. substantive test
C. statistical sample
D. risk assessment
View answer
Correct Answer: B
Question #77
Which of the following should be the FIRST step of an IS audit?
A. Create a flowchart of the decision branches
B. Gain an understanding of the environment under review
C. Perform a risk assessment
D. Develop the audit plan
View answer
Correct Answer: D
Question #78
The key difference between a microwave radio system and a satellite radiolink system is that:
A. microwave uses line-of-sight and satellite uses transponders during transmission
B. microwave operates through transponders placed on the earth's orbit
C. satellite uses line-of-sight during transmission
D. microwave uses fiber optic cables
View answer
Correct Answer: C
Question #79
Which of the following would contribute MOST to an effective business continuity plan (BCP)? The BCP:
A. document was circulated to all interested parties
B. planning involved all user departments
C. was approved by senior management
D. was audited by an external IS auditor
View answer
Correct Answer: C
Question #80
Which of the following line media would provide the BEST security for a telecommunication network?
A. Broad band network digital transmission
B. Baseband network
C. Dial-up
D. Dedicated lines
View answer
Correct Answer: A
Question #81
Which of the following will help detect changes made by an intruder to the system log of a server?
A. Mirroring of the system log on another server
B. Simultaneously duplicating the system log on a write-once disk
C. Write protecting the directory containing the system log
D. Storing the backup of the system log offsite
View answer
Correct Answer: A
Question #82
The act that describes a computer intruder capturing a stream of data packets and inserting these packets into the network as if it were another genuine message stream is called:
A. eavesdropping
B. message modification
C. a brute-force attack
D. packet replay
View answer
Correct Answer: D
Question #83
Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-to-consumer transactions via the Internet?
A. Customers are widely dispersed geographically, but not the certificate authorities
B. Customers can make their transactions from any computer or mobile device
C. The certificate authority has several data processing subcenters to administrate certificates
D. The organization is the owner of the certificate authority
View answer
Correct Answer: C
Question #84
In reviewing the IS short-range (tactical) plan, the IS auditor should determine whether:
A. there is an integration of IS and business staffs within projects
B. there is a clear definition of the IS mission and vision
C. there is a strategic information technology planning methodology in place
D. the plan correlates business objectives to IS goals and objectives
View answer
Correct Answer: D
Question #85
Which of the following is intended to detect the loss or duplication of input?
A. Hash totals
B. Check digits
C. Echo checks
D. Transaction codes
View answer
Correct Answer: C
Question #86
A sequence of bits appended to a digital document that is used to secure an email sent through the Internet is called a:
A. digest signature
B. electronic signature
C. digital signature
D. hash signature
View answer
Correct Answer: B
Question #87
An IS auditor is reviewing the database administration function to ascertain whether adequate provision has been made for controlling data. The IS auditor should determine that the:
A. function reports to data processing operations
B. responsibilities of the function are well defined
C. database administrator is a competent systems programmer
D. audit software has the capability of efficiently accessing the database
View answer
Correct Answer: C
Question #88
In addition to the backup considerations for all systems, which of the following is an important consideration in providing backup for online systems?
A. Maintaining system software parameters
B. Ensuring periodic dumps of transaction logs
C. Ensuring grandfather-father-son file backups
D. Maintaining important data at an off-site location
View answer
Correct Answer: A
Question #89
Controls designed to ensure that unauthorized changes are not made to information residing in a computer file are known as:
A. data security controls
B. implementation controls
C. program security controls
D. computer operations controls
View answer
Correct Answer: D
Question #90
The secure socket layer (SSL) protocol addresses the confidentiality of a message through:
A. symmetric encryption
B. message authentication code
C. hash function
D. digital signature certificates
View answer
Correct Answer: D
Question #91
Which of the following is the primary purpose for conducting parallel testing?
A. To determine if the system is cost-effective
B. To enable comprehensive unit and system testing
C. To highlight errors in the program interfaces with files
D. To ensure the new system meets user requirements
View answer
Correct Answer: A
Question #92
Large-scale systems development efforts:
A. are not affected by the use of prototyping tools
B. can be carried out independent of other organizational practices
C. require that business requirements be defined before the project begins
D. require that project phases and deliverables be defined during the duration of the project
View answer
Correct Answer: A
Question #93
When selecting software, which of the following business and technical issues is the MOST important to be considered?
A. Vendor reputation
B. Requirements of the organization
C. Cost factors
D. Installed base
View answer
Correct Answer: D
Question #94
A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses the team should:
A. compute the amortization of the related assets
B. calculate a return on investment (ROI)
C. apply a qualitative approach
D. spend the time needed to define exactly the loss amount
View answer
Correct Answer: B
Question #95
Which of the following controls will detect MOST effectively the presence of bursts of errors in network transmissions?
A. Parity check
B. Echo check
C. Block sum check
D. Cyclic redundancy check
View answer
Correct Answer: D
Question #96
What is a risk associated with attempting to control physical access to sensitive areas, such as computer rooms, through card keys, locks, etc.?
A. Unauthorized individuals wait for controlled doors to open and walk in behind those authorized
B. The contingency plan for the organization cannot effectively test controlled access practices
C. Access cards, keys, and pads can be easily duplicated allowing easy compromise of the control
D. Removing access for people no longer authorized is complex
View answer
Correct Answer: A
Question #97
During an audit, an IS auditor learns that lengthy and complex passwords are required to reach the network via modem. These passwords were established by an outside provider. The communications software allows users to select a ?remember password? option. What should the IS auditor's PRIMARY recommendation be?
A. Disable the save password option and have users record them elsewhere
B. Request that the provider change the dial-in password to a group password
C. Establish and enforce a process to have users change their passwords
D. Allow users to change their passwords to something less complex
View answer
Correct Answer: A
Question #98
Which of the following functions, if performed by scheduling and operations personnel, would be in conflict with a policy requiring a proper segregation of duties?
A. Job submission
B. Resource management
C. Code correction
D. Output distribution
View answer
Correct Answer: D
Question #99
Which of the following would be a MAJOR disadvantage of using prototyping as a systems development methodology?
A. User expectations of project timescales may be overly optimistic
B. Effective change control and management is impossible to implement
C. User participation in day-to-day project management may be too extensive
D. Users usually are not sufficiently knowledgeable to assist in system development
View answer
Correct Answer: A
Question #100
The purpose for requiring source code escrow in a contractual agreement is to:
A. ensure the source code is available if the vendor ceases to exist
B. permit customization of the software to meet specified business requirements
C. review the source code for adequacy of controls
D. ensure the vendor has complied with legal requirements
View answer
Correct Answer: C
Question #101
The impact of EDI on internal controls will be:
A. that fewer opportunities for review and authorization will exist
B. an inherent authentication
C. a proper distribution of EDI transactions while in the possession of third parties
D. that IPF management will have increased responsibilities over data center controls
View answer
Correct Answer: A
Question #102
The primary purpose of an audit charter is to:
A. document the audit process used by the enterprise
B. formally document the audit department's plan of action
C. document a code of professional conduct for the auditor
D. describe the authority and responsibilities of the audit department
View answer
Correct Answer: A
Question #103
A digital signature contains a message digest to:
A. show if the message has been altered after transmission
B. define the encryption algorithm
C. confirm the identity of the originator
D. enable message transmission in a digital format
View answer
Correct Answer: B
Question #104
Which of the following tasks is normally performed by a clerk in the control group?
A. Maintenance of an error log
B. Authorization of transactions
C. Control of noninformation systems assets
D. Origination of changes to master files
View answer
Correct Answer: B
Question #105
Which of the following is the MOST effective control procedure for security of a stand-alone small business computer environment?
A. Supervision of computer usage
B. Daily management review of the trouble log
C. Storage of computer media in a locked cabinet
D. Independent review of an application system design
View answer
Correct Answer: C
Question #106
Of the following who is MOST likely to be responsible for network security operations?
A. Users
B. Security administrators
C. Line managers
D. Security officers
View answer
Correct Answer: A

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: