DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Unlock Success with CISA Pracatice Questions, Certified Information Systems Auditor | SPOTO

Earning the Certified Information Systems Auditor (CISA) certification from ISACA is a prestigious achievement that validates your expertise in auditing, controlling, and assuring information systems. However, passing the CISA exam requires rigorous preparation and practice. At SPOTO, we provide a comprehensive range of CISA practice questions and exam preparation resources to help you unlock success.Our CISA practice tests and exam questions are meticulously crafted by subject matter experts, ensuring accuracy and alignment with the latest exam objectives. These resources cover a wide range of topics, from auditing information systems to governance and management practices. Utilize our exam materials, including sample questions, exam dumps, and online exam questions, to identify your strengths and weaknesses, allowing you to focus your preparation efforts effectively.Our exam simulator replicates the real exam environment, providing you with a realistic experience and helping you develop time management strategies. Additionally, our exam questions and answers, mock exams, and free tests offer valuable practice opportunities, reinforcing your understanding of the CISA exam content and boosting your confidence.
Take other online exams

Question #1
Which of the following findings would be of MOST concern to an IS auditor performing a review of an end-user developed application that generates financial statements?
A. The application is not sufficiently supported by the IT department
B. There is not adequate training in the use of the application
C. There is no adequate user license for the application
D. There is no control to ensure accuracy of the processed data
View answer
Correct Answer: D

View The Updated CISA Exam Questions

SPOTO Provides 100% Real CISA Exam Questions for You to Pass Your CISA Exam!

Question #2
Which of the following best characterizes "worms"?
A. Malicious programs that can run independently and can propagate without the aid of a carrier program such as email
B. Programming code errors that cause a program to repeatedly dump data
C. Malicious programs that require the aid of a carrier program such as email
D. Malicious programs that masquerade as common applications such as screensavers or macro-enabled Word documents
View answer
Correct Answer: B
Question #3
Reconfiguring which of the following firewall types will prevent inward downloading of files through the File Transfer Protocol (FTP)?
A. Circuit gateway
B. Application gateway
C. Packet filter
D. Screening router
View answer
Correct Answer: C
Question #4
An intentional or unintentional disclosure of a password is likely to be evident within control logs. True or false?
A. True
B. False
View answer
Correct Answer: B
Question #5
After discovering a security vulnerability in a third-party application that interfaces with several external systems, a patch is applied to a significant number of modules. Which of the following tests should an IS auditor recommend?
A. Stress
B. Black box
C. Interface
D. System
View answer
Correct Answer: D
Question #6
What type of risk is associated with authorized program exits (trap doors)? Choose the BEST answer.
A. Business risk
B. Audit risk
C. Detective risk
D. Inherent risk
View answer
Correct Answer: B
Question #7
An IS auditor issues an audit report pointing out the lack of firewall protection features at the perimeter network gateway and recommends a vendor product to address this vulnerability. The IS auditor has failed to exercise:
A. professional independence
B. organizational independenc
C. technical competenc
D. professional competenc
View answer
Correct Answer: D
Question #8
The ultimate purpose of IT governance is to:
A. encourage optimal use of I
B. reduce IT cost
C. decentralize IT resources across the organizatio
D. centralize control of I
View answer
Correct Answer: A
Question #9
Which of the following risks could result from inadequate software baselining?
A. Scope creep
B. Sign-off delays
C. Software integrity violations
D. inadequate controls
View answer
Correct Answer: D
Question #10
When an employee is terminated from service, the MOST important action is to:
A. hand over all of the employee's files to another designated employe
B. complete a backup of the employee's wor
C. notify other employees of the terminatio
D. disable the employee's logical acces
View answer
Correct Answer: A
Question #11
An IS auditor finds that user acceptance testing of a new system is being repeatedly interrupted as defect fixes are implemented by developers. Which of the following would be the BEST recommendation for an IS auditor to make?
A. Consider feasibility of a separate user acceptance environment
B. Schedule user testing to occur at a given time each day
C. implement a source code version control tool
D. Only retest high priority defects
View answer
Correct Answer: B
Question #12
During the planning stage of an IS audit, the PRIMARY goal of an IS auditor is to:
A. address audit objective
B. collect sufficient evidenc
C. specify appropriate test
D. minimize audit resource
View answer
Correct Answer: B
Question #13
Which of the following typically focuses on making alternative processes and resources available for transaction processing?
A. Cold-site facilities
B. Disaster recovery for networks
C. Diverse processing
D. Disaster recovery for systems
View answer
Correct Answer: B
Question #14
When selecting audit procedures, an IS auditor should use professional judgment to ensure that:
A. sufficient evidence will be collecte
B. all significant deficiencies identified will be corrected within a reasonable perio
C. all material weaknesses will be identifie
D. audit costs will be kept at a minimum leve
View answer
Correct Answer: A
Question #15
Documentation of a business case used in an IT development project should be retained until:
A. the end of the system's life cycl
B. the project is approve
C. user acceptance of the syste
D. the system is in productio
View answer
Correct Answer: D
Question #16
An IS auditor should expect which of the following items to be included in the request for proposal (RFP) when IS is procuring services from an independent service provider (ISP)?
A. References from other customers
B. Service level agreement (SLA) template
C. Maintenance agreement
D. Conversion plan
View answer
Correct Answer: A
Question #17
Management disagrees with a finding in a draft audit report and provides supporting documentation. Which of the following should be the IS auditor’s NEXT course of action?
A. Document management’s disagreement in the final report
B. Evaluate the supporting documentation
C. Escalate the issue with supporting documentation to senior management
D. Finalize the draft audit report without changes
View answer
Correct Answer: B
Question #18
How is risk affected if users have direct access to a database at the system level?
A. Risk of unauthorized access increases, but risk of untraceable changes to the database decrease
B. Risk of unauthorized and untraceable changes to the database increase
C. Risk of unauthorized access decreases, but risk of untraceable changes to the database increase
D. Risk of unauthorized and untraceable changes to the database decrease
View answer
Correct Answer: C
Question #19
The output of the risk management process is an input for making:
A. business plan
B. audit charter
C. security policy decision
D. software design decision
View answer
Correct Answer: B
Question #20
What is the key distinction between encryption and hashing algorithms?
A. Hashing algorithms ensure data confidentialit
B. Hashing algorithms are irreversibl
C. Encryption algorithms ensure data integrit
D. Encryption algorithms are not irreversibl
View answer
Correct Answer: B
Question #21
Which of the following translates e-mail formats from one network to another so that the message can travel through all the networks?
A. Gateway
B. Protocol converter
C. Front-end communication processor
D. Concentrator/multiplexor
View answer
Correct Answer: C
Question #22
One advantage of monetary unit sampling is the fact that:
A. results are stated in terms of the frequency of items in error
B. it can easily be applied manually when computer resources are not available
C. it increases the likelihood of selecting material items from the population
D. large-value population items are segregated and audited separately
View answer
Correct Answer: D
Question #23
In the context of effective information security governance, the primary objective of value delivery is to:
A. optimize security investments in support of business objective
B. implement a standard set of security practice
C. institute a standards-based solutio
D. implement a continuous improvement cultur
View answer
Correct Answer: A
Question #24
Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks?
A. Check digit
B. Existence check
C. Completeness check
D. Reasonableness check
View answer
Correct Answer: A
Question #25
If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST:
A. transfer risk to a third party to avoid cost of impact
B. implement controls to mitigate the risk to an acceptable level
C. recommend that management avoids the business activity
D. assess the gap between current and acceptable level of risk
View answer
Correct Answer: D
Question #26
Which of the following would an IS auditor consider to be the MOST important when evaluating an organization's IS strategy? That it:
A. has been approved by line managemen
B. does not vary from the IS department's preliminary budge
C. complies with procurement procedure
D. supports the business objectives of the organizatio
View answer
Correct Answer: C
Question #27
What type of risk results when an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when errors actually exist?
A. Business risk
B. Detection risk
C. Residual risk
D. Inherent risk
View answer
Correct Answer: A
Question #28
The development of an IS security policy is ultimately the responsibility of the:
A. IS departmen
B. security committe
C. security administrato
D. board of director
View answer
Correct Answer: A
Question #29
Which of the following layer of an OSI model responsible for routing and forwarding of a network packets?
A. Transport Layer
B. Network Layer
C. Data Link Layer
D. Physical Layer
View answer
Correct Answer: C
Question #30
Which of the following layer of an OSI model controls dialog between computers?
A. Application layer
B. Presentation layer
C. Session layer
D. Transport layer
View answer
Correct Answer: A
Question #31
An IS auditor is reviewing an organization’s incident management processes and procedures. which of the following observations should be the auditor’s GREATEST concern?
A. Ineffective incident classification
B. Ineffective incident prioritization
C. Ineffective incident detection
D. Ineffective post-incident review
View answer
Correct Answer: C
Question #32
Which of the following is a management technique that enables organizations to develop strategically important systems faster, while reducing development costs and maintaining quality?
A. Function point analysis
B. Critical path methodology
C. Rapid application development
D. Program evaluation review technique
View answer
Correct Answer: C
Question #33
Which of the following is a guiding best practice for implementing logical access controls?
A. Implementing the Biba Integrity Model
B. Access is granted on a least-privilege basis, per the organization's data owners
C. Implementing the Take-Grant access control model
D. Classifying data according to the subject's requirements
View answer
Correct Answer: B
Question #34
What is an initial step in creating a proper firewall policy?
A. Assigning access to users according to the principle of least privilege
B. Determining appropriate firewall hardware and software
C. Identifying network applications such as mail, web, or FTP servers
D. Configuring firewall access rules
View answer
Correct Answer: D
Question #35
Which of the following provides the BEST single-factor authentication?
A. Biometrics
B. Password
C. Token
D. PIN
View answer
Correct Answer: B
Question #36
A company is using a software developer for a project. At which of the following points should the software quality assurance (QA) plan be developed?
A. As part of software definition
B. During the feasibility phase
C. Prior to acceptance testing
D. As part of the design phase
View answer
Correct Answer: B
Question #37
When implementing a new risk assessment methodology, which of the following is the MOST important requirement?
A. The methodology must be approved by the chief executive officer
B. Risk assessments must be reviewed annually
C. Risk assessments must be conducted by certified staff
D. The methodology used must be consistent across the organization
View answer
Correct Answer: D
Question #38
An IS auditor is reviewing access to an application to determine whether the 10 most recent "new user" forms were correctly authorized. This is an example of:
A. variable samplin
B. substantive testin
C. compliance testin
D. stop-or-go samplin
View answer
Correct Answer: B
Question #39
The quality of the metadata produced from a data warehouse is _______________ in the warehouse's design. Choose the BEST answer.
A. Often hard to determine because the data is derived from a heterogeneous data environment
B. The most important consideration
C. Independent of the quality of the warehoused databases
D. Of secondary importance to data warehouse content
View answer
Correct Answer: C
Question #40
When segregation of duties concerns exist between IT support staff and end users, what would be a suitable compensating control?
A. Restricting physical access to computing equipment
B. Reviewing transaction and application logs
C. Performing background checks prior to hiring IT staff
D. Locking user sessions after a specified period of inactivity
View answer
Correct Answer: D
Question #41
An IS auditor has been asked to participate in project initiation meetings for a critical project. The IS auditor's MAIN concern should be that the:
A. complexity and risks associated with the project have been analyze
B. resources needed throughout the project have been determine
C. project deliverables have been identifie
D. a contract for external parties involved in the project has been complete
View answer
Correct Answer: C
Question #42
Topic 5Which of the following ensures the availability of transactions in the event of a disaster?
A. Send tapes hourly containing transactions offsite,
B. Send tapes daily containing transactions offsite
C. Capture transactions to multiple storage devices
D. Transmit transactions offsite in real time
View answer
Correct Answer: D
Question #43
Which of the following protocol uses serial interface for communication between two computers in WAN technology?
A. Point-to-point protocol
B. X
C. Frame Relay
D. ISDN
View answer
Correct Answer: B
Question #44
An IS auditor conducting audit follow-up activities learns that some previously agreed-upon corrective actions have not been taken and that the associated risk has been accepted by senior management. If the auditor disagrees with management’s decision, what is the BEST way to address the situation?
A. Repeat the audit with audit scope only covering areas with accepted risks
B. Report the issue to the chief audit executive for resolution
C. Recommend new corrective actions to mitigate the accepted risk
D. Take no action since management’s decision has been made
View answer
Correct Answer: B
Question #45
Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures?
A. Review software migration records and verify approval
B. identify changes that have occurred and verify approval
C. Review change control documentation and verify approval
D. Ensure that only appropriate staff can migrate changes into productio
View answer
Correct Answer: D
Question #46
Which of the following is an advantage of an integrated test facility (ITF)?
A. It uses actual master files or dummies and the IS auditor does not have to review the source of the transactio
B. Periodic testing does not require separate test processe
C. It validates application systems and tests the ongoing operation of the syste
D. The need to prepare test data is eliminate
View answer
Correct Answer: A
Question #47
An employee of an organization has reported losing a smartphone that contains sensitive information. The BEST step to address this situation should be to:
A. terminate the device connectivity
B. escalated to the user’s management
C. disable the user’s access to corporate resources
D. remotely wipe the device
View answer
Correct Answer: A
Question #48
Which of the following is a network diagnostic tool that monitors and records network information?
A. Online monitor
B. Downtime report
C. Help desk report
D. Protocol analyzer
View answer
Correct Answer: C
Question #49
An IS auditor reviewing an organization that uses cross-training practices should assess the risk of:
A. dependency on a single perso
B. inadequate succession plannin
C. one person knowing all parts of a syste
D. a disruption of operation
View answer
Correct Answer: C
Question #50
Which of the following is a dynamic analysis tool for the purpose of testing software modules?
A. Black box test
B. Desk checking
C. Structured walkthrough
D. Design and code
View answer
Correct Answer: A
Question #51
Functionality is a characteristic associated with evaluating the quality of software products throughout their life cycle, and is BEST described as the set of attributes that bear on the:
A. existence of a set of functions and their specified propertie
B. ability of the software to be transferred from one environment to anothe
C. capability of software to maintain its level of performance under stated condition
D. relationship between the performance of the software and the amount of resources use
View answer
Correct Answer: C
Question #52
To ensure that audit resources deliver the best value to the organization, the FIRST step would be to:
A. schedule the audits and monitor the time spent on each audi
B. train the IS audit staff on current technology used in the compan
C. develop the audit plan on the basis of a detailed risk assessmen
D. monitor progress of audits and initiate cost control measure
View answer
Correct Answer: C
Question #53
During a follow-up audit, an IS auditor learns the organization implemented an automated process instead of the originally agreed upon enhancement of the manual process. The auditor should:
A. report the finding that recommendations were not acted upon
B. perform a cost-benefit analysis on the new process
C. verify that the new process satisfies control objectives
D. report the recommendation as implemented
View answer
Correct Answer: C
Question #54
An IT steering committee should review information systems PRIMARILY to assess:
A. whether IT processes support business requirement
B. if proposed system functionality is adequat
C. the stability of existing softwar
D. the complexity of installed technolog
View answer
Correct Answer: C
Question #55
Topic 5At a hospital, medical personal carry handheld computers which contain patient health data. These handheld computers aresynchronized with PCs which transfer data from a hospital database. Which of the following would be of the mostimportance?
A. The handheld computers are properly protected to prevent loss of data confidentiality, in case of theft or loss
B. The employee who deletes temporary files from the local PC, after usage, is authorized to maintain PCs
C. Timely synchronization is ensured by policies and procedures
D. The usage of the handheld computers is allowed by the hospital policy
View answer
Correct Answer: A
Question #56
Which of the following would BEST provide an information security manager with sufficient assurance that a service provider complies with organization’s information security requirements?
A. A live demonstration of the third-party supplier’s security capabilities
B. Third-party security control self-assessment results
C. An independent review report indicating compliance with industry standards
D. The ability to audit the third-party supplier’s IT systems and processes
View answer
Correct Answer: S
Question #57
A business has requested an IS audit to determine whether information stored in an application system is adequately protected. Which of the following is the MOST important action before the audit work begins?
A. Establish control objectives
B. Conduct a vulnerability analysis
C. Perform penetration testing
D. Review remediation reports
View answer
Correct Answer: A
Question #58
The PRIMARY objective of value delivery in reference to IT governance is to:
A. increase efficiency
B. promote best practices
C. optimize investments
D. ensure compliance
View answer
Correct Answer: D
Question #59
When should an application-level edit check to verify that availability of funds was completed at the electronic funds transfer (EFT) interface?
A. Before transaction completion
B. Immediately after an EFT is initiated
C. During run-to-run total testing
D. Before an EFT is initiated
View answer
Correct Answer: A
Question #60
Which of the following is necessary for the effective risk management in IT governance?
A. Risk evaluation is embedded in management processes
B. Risk management strategy is approved by the audit committee
C. Local managers are solely responsible for risk evaluation
D. IT risk management is separate from corporate risk management
View answer
Correct Answer: C
Question #61
An organization has recently incorporated robotic process automation. Which of the following would be of GREATEST concern to an IS auditor?
A. Controls have not been tested
B. A governance structure has not been implemented
C. A risk assessment has not been conducted
D. The adoption rate for the new technology has been low
View answer
Correct Answer: C
Question #62
Topic 5As updates to an online order entry system are processed, the updates are recorded on a transaction tape and a hard copytransaction log. At the end of the day, the order entry files are backed up on tape. During the backup procedure, a drivemalfunctions and the order entry files are lost. Which of the following is necessary to restore these files?
A. The previous day's backup file and the current transaction tape
B. The previous day's transaction file and the current transaction tape
C. The current transaction tape and the current hard copy transaction log
D. The current hard copy transaction log and the previous day's transaction file
View answer
Correct Answer: A
Question #63
An online retailer is receiving customer about receiving different items from what they ordered on the organization’s website. The root cause has been traced to poor data quality. Despite efforts to clean erroneous data from the system, multiple data quality issues continue to occur. Which of the following recommendations would be the BEST way to reduce the likelihood of future occurrences?
A. Implement business rules to validate employee data entry
B. Invest in additional employee training for data entry
C. Assign responsibility for improving data quality
A. Project plan
B. Requirements analysis
C. Implementation plan
D. Project budget provisions
View answer
Correct Answer: B
Question #64
Which of the following is MOST important for an information security manager to ensure is included in a business case for a new system?
A. Intangible benefits of the system
B. Risk associated with the system
C. Effectiveness of controls
D. Audit-logging capabilities
View answer
Correct Answer: A
Question #65
A benefit of quality of service (QoS) is that the:
A. entire network's availability and performance will be significantly improve
B. telecom carrier will provide the company with accurate service-level compliance report
C. participating applications will have guaranteed service level
D. communications link will be supported by security controls to perform secure online transaction
View answer
Correct Answer: A
Question #66
During a review of the IT strategic plan, an IS auditor finds several IT initiatives focused on delivering new systems and technology are not aligned with the organization’s strategy. Witch of the following would be the IS auditor’s BEST recommendation?
A. Reassess the return on investment for the IT initiatives
B. Modify IT initiatives that do not map to business strategies
C. Utilize a balanced scorecard to align IT initiatives to business strategies
D. Reassess IT initiatives that do not map business strategies
View answer
Correct Answer: D
Question #67
Which of the following would be the MOST effective audit technique for identifying segregation of duties violations in a new enterprise resource planning (ERP) implementation?
A. Reviewing a report of security rights in the system
B. Reviewing the complexities of authorization objects
C. Building a program to identify conflicts in authorization
D. Examining recent access rights violation cases
View answer
Correct Answer: C
Question #68
The FIRST step in establishing an information security program is to:
A. secure organizational commitment and support
B. assess the organization’s compliance with regulatory requirements
C. determine the level of risk that is acceptable to senior management
D. define policies and standards that mitigate the organization’s risks
View answer
Correct Answer: D
Question #69
Which of the following MUST be included in emergency change control procedures?
A. Obtaining user management approval before implementing the changes
B. Updating production source libraries to reflect the changes
C. Using an emergency ID to move production programs into development
D. Requesting that the help desk makes the changes
View answer
Correct Answer: C
Question #70
During development of an information security policy, which of the following would BEST ensure alignment to business objectives?
A. Incorporation of industry best practices
B. Linkage between policy and procedures
C. Use of a balanced scorecard
D. Input from relevant stakeholders
View answer
Correct Answer: B
Question #71
Topic 5Which of the following findings should an IS auditor be MOST concerned about when performing an audit of backup andrecovery and the offsite storage vault?
A. There are three individuals with a key to enter the area
B. Paper documents are also stored in the offsite vault
C. Data files that are stored in the vault are synchronized
D. The offsite vault is located in a separate facility
View answer
Correct Answer: C
Question #72
A finance department director has decided to outsource the organization’s budget application and has identified potential providers. Which of the following actions should be initiated FIRST by the information security manager?
A. Validate that connectivity to the service provider can be made securely
B. Obtain audit reports on the service providers hosting environment
C. Review the disaster recovery plans (DRP) of the providers
D. Align the roles of the organization’s and the service providers’ staffs
View answer
Correct Answer: D
Question #73
An information security manager has identified and implemented migrating controls according to industry best practices. Which of the following is the GREATEST risk associated with this approach?
A. Important security controls may be missed without senior management input
B. The cost of control implementation may be too high
C. The migration measures may not be updated in a timely manner
D. The security program may not be aligned with organizational objectives
View answer
Correct Answer: C
Question #74
When evaluating the ability of a disaster recovery plan to enable the recovery of IT processing capabilities, it is MOST important for the IS auditor to verify the plan is:
A. stored at an offsite location
B. communicated to department heads
C. regularly reviewed
D. periodically tested
View answer
Correct Answer: C
Question #75
When considering whether to adopt bring your own device (BYOD), it is MOST important for the information security manager to ensure that:
A. security controls are applied to each device when joining the network
B. business leaders have an understanding of security risks
C. users have read and signed acceptable use agreements
D. the applications are tested prior to implementation
View answer
Correct Answer: D
Question #76
Which of the following would BEST demonstrate that an effective disaster recovery plan (DRP) is in place?
A. Periodic risk assessment
B. Full operational test
C. Frequent testing of backups
D. Annual walk-through testing
View answer
Correct Answer: C
Question #77
An IS auditor attempting to determine whether access to program documentation is restricted to authorized persons would MOST likely:
A. evaluate the record retention plans for off-premises storag
B. interview programmers about the procedures currently being followe
C. compare utilization records to operations schedule
D. review data file access records to test the librarian functio
View answer
Correct Answer: C
Question #78
IT best practices for the availability and continuity of IT services should:
A. minimize costs associated with disaster-resilient component
B. provide for sufficient capacity to meet the agreed upon demands of the busines
C. provide reasonable assurance that agreed upon obligations to customers can be me
D. produce timely performance metric report
View answer
Correct Answer: C
Question #79
Which of the following is an attribute of the control self-assessment (CSA) approach?
A. Broad stakeholder involvement
B. Auditors are the primary control analysts
C. Limited employee participation
D. Policy driven
View answer
Correct Answer: B
Question #80
To address the issue that performance pressures on IT may conflict with information security controls, it is MOST important that:
A. the security policy is changed to accommodate IT performance pressure
B. noncompliance issues are reported senior management
C. senior management provides guidance and dispute resolution
D. information security management understands business performance issues
View answer
Correct Answer: D
Question #81
Which of the following database controls would ensure that the integrity of transactions is maintained in an online transaction processing system's database?
A. Authentication controls
B. Data normalization controls
C. Read/write access log controls
D. Commitment and rollback controls
View answer
Correct Answer: C
Question #82
Topic 5An offsite information processing facility:
A. should have the same amount of physical access restrictions as the primary processing site
B. should be easily identified from the outside so that, in the event of an emergency, it can be easily found
C. should be located in proximity to the originating site, so it can quickly be made operational
D. need not have the same level of environmental monitoring as the originating site
View answer
Correct Answer: A
Question #83
The PRIMARY responsibility of a project steering committee is to:
A. ensure that each project deadline is met
B. undertake final acceptance of the system for implementation
C. ensure that systems developed meet business needs
D. provide day-to-day guidance and oversight
View answer
Correct Answer: A
Question #84
Neural networks are effective in detecting fraud because they can:
A. discover new trends since they are inherently linea
B. solve problems where large and general sets of training data are not obtainabl
C. attack problems that require consideration of a large number of input variable
D. make assumptions about the shape of any curve relating variables to the outpu
View answer
Correct Answer: D
Question #85
Proper segregation of duties prevents a computer operator (user) from performing security administration duties. True or false?
A. True
B. False
View answer
Correct Answer: B
Question #86
Topic 5To provide protection for media backup stored at an offsite location, the storage site should be:
A. located on a different floor of the building
B. easily accessible by everyone
C. clearly labeled for emergency access
D. protected from unauthorized access
View answer
Correct Answer: D
Question #87
Which of the following devices extends the network and has the capacity to store frames and act as a storage and forward device?
A. Router
B. Bridge
C. Repeater
D. Gateway
View answer
Correct Answer: B
Question #88
An organization is replacing a mission-critical system. Which of the following is the BEST implementation strategy to mitigate and reduce the risk of system failure?
A. Stage
B. Phase
C. Parallel
D. Big-bang
View answer
Correct Answer: B
Question #89
What type of cryptosystem is characterized by data being encrypted by the sender using the recipient's public key, and the data then being decrypted using the recipient's private key?
A. With public-key encryption, or symmetric encryption
B. With public-key encryption, or asymmetric encryption
C. With shared-key encryption, or symmetric encryption
D. With shared-key encryption, or asymmetric encryption
View answer
Correct Answer: B
Question #90
Topic 5The PRIMARY purpose of implementing Redundant Array of Inexpensive Disks (RAID) level 1 in a file server is to:
A. achieve performance improvement
B. provide user authentication
C. ensure availability of data
D. ensure the confidentiality of data
View answer
Correct Answer: C
Question #91
The PRIMARY objective of service-level management (SLM) is to:
A. define, agree, record and manage the required levels of servic
B. ensure that services are managed to deliver the highest achievable level of availabilit
C. keep the costs associated with any service at a minimu
D. monitor and report any legal noncompliance to business managemen
View answer
Correct Answer: A
Question #92
Which of the following is the PRIMARY purpose for conducting parallel testing?
A. To determine if the system is cost-effective
B. To enable comprehensive unit and system testing
C. To highlight errors in the program interfaces with files
D. To ensure the new system meets user requirements
View answer
Correct Answer: A
Question #93
An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance. Which of the following would provide the MOST useful information for planning purposes?
A. Results from a business impact analysis
B. Results from a gap analysis
C. An inventory of security controls currently in place
D. Deadline and penalties for noncompliance B The MOST important objective of security awareness training for business staff is to:
A. understand intrusion methods
B. reduce negative audit findings
C. increase compliance
D. modify behavior
View answer
Correct Answer: B
Question #94
When auditing the effectiveness of a biometric system, which of the following indicators would be MOST important to review?
A. False negatives
B. False acceptance rate
C. Failure to enroll rate
D. System response time
View answer
Correct Answer: B
Question #95
The success of an IT projects is measured PRIMARILY by the:
A. translation of business vision to function vision
B. implementation of current technology
D.
View answer
Correct Answer: C
Question #96
What can be very helpful to an IS auditor when determining the efficacy of a systems maintenance program? Choose the BEST answer.
A. Network-monitoring software
B. A system downtime log
C. Administration activity reports
D. Help-desk utilization trend reports
View answer
Correct Answer: B
Question #97
An IS auditor should be concerned when a telecommunication analyst:
A. monitors systems performance and tracks problems resulting from program change
B. reviews network load requirements in terms of current and future transaction volume
C. assesses the impact of the network load on terminal response times and network data transfer rate
D. recommends network balancing procedures and improvement
View answer
Correct Answer: B
Question #98
A project manager of a project that is scheduled to take 18 months to complete announces that the project is in a healthy financial position because, after 6 months, only one-sixth of the budget has been spent. The IS auditor should FIRST determine:
A. what amount of progress against schedule has been achieve
B. if the project budget can be reduce
C. if the project could be brought in ahead of schedul
D. if the budget savings can be applied to increase the project scop
View answer
Correct Answer: A
Question #99
Which of the following is the PRIMARY objective of implementing privacy-related controls within an organization?
A. To identify data at rest and data in transit for encryption
B. To prevent confidential data loss
C. To comply with legal and regulatory requirements
D. To provide options to individuals regarding use of their data
View answer
Correct Answer: B
Question #100
Which of the following BEST limits the impact of server failures in a distributed environment?
A. Redundant pathways
B. Clustering
C. Dial backup lines
D. Standby power
View answer
Correct Answer: A
Question #101
Which of the following is an object-oriented technology characteristic that permits an enhanced degree of security over data?
A. inheritance
B. Dynamic warehousing
C. Encapsulation
D. Polymorphism
View answer
Correct Answer: C
Question #102
Topic 5Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity ofthe transaction processing is BEST ensured by:
A. database integrity checks
B. validation checks
C. input controls
D. database commits and rollbacks
View answer
Correct Answer: D
Question #103
What would be an IS auditor’s BEST recommendation upon finding that a third-party IT service provider hosts the organization’s human resources (HR) system in a foreign country?
A. Conduct a privacy impact analysis
B. Implement change management review
C. Review third-party audit reports
D. Perform background verification checks
View answer
Correct Answer: A
Question #104
Which of the following is the PRIMARY objective of implementing IT governance?
A. Resource management
B. Performance measurement
C. Value delivery
D. Strategic planning
View answer
Correct Answer: C
Question #105
When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned with the risk of:
A. excessive transaction turnaround tim
B. application interface failur
C. improper transaction authorizatio
D. nonvalidated batch total
View answer
Correct Answer: D
Question #106
Which of the following should be included in a feasibility study for a project to implement an EDI process?
A. The encryption algorithm format
B. The detailed internal control procedures
C. The necessary communication protocols
D. The proposed trusted third-party agreement
View answer
Correct Answer: C
Question #107
In a relational database with referential integrity, the use of which of the following keys would prevent deletion of a row from a customer table as long as the customer number of that row is stored with live orders on the orders table?
A. Foreign key
B. Primary key
C. Secondary key
D. Public key
View answer
Correct Answer: B
Question #108
The objectives of business process improvement should PRIMARILY include:
A. minimal impact on staff
B. incremental changes in productivity
C. changes of organizational boundaries
D. performance optimization
View answer
Correct Answer: D
Question #109
An organization plans to receive an automated data feed into its enterprise data warehouse from a third-party service provider. Which of the following would be the BEST way to prevent accepting bad data?
A. Appoint data quality champions across the organization
B. Obtain error codes indicating failed data feeds
C. Purchase data cleansing tools from a reputable vendor
D. Implement business rules to reject invalid data
View answer
Correct Answer: B
Question #110
A core tenant of an IS strategy is that it must:
A. Be inexpensive
B. Be protected as sensitive confidential information
C. Protect information confidentiality, integrity, and availability
D. Support the business objectives of the organization
View answer
Correct Answer: B
Question #111
The MOST likely explanation for the use of applets in an Internet application is that:
A. it is sent over the network from the serve
B. the server does not run the program and the output is not sent over the networ
C. they improve the performance of the web server and networ
D. it is a JAVA program downloaded through the web browser and executed by the web server of the client machin
View answer
Correct Answer: A
Question #112
To minimize the cost of a software project, quality management techniques should be applied:
A. as close to their writing (i
B. primarily at project start-up to ensure that the project is established in accordance with organizational governance standard
C. continuously throughout the project with an emphasis on finding and fixing defects primarily during testing to maximize the defect detection rat
D. mainly at project close-down to capture lessons learned that can be applied to future project
View answer
Correct Answer: A
Question #113
A core business unit relies on an effective legacy system that does not meet the current standards and threatens the enterprise network. Which of the following is the BEST course of action to address the situation?
A. Require the new systems that can meet the standards be implemented
View answer
Correct Answer: S
Question #114
An existing system is being replaced with a new application package. User acceptance testing should ensure that:
A. data from the old system has been converted correctly
B. the new system functions as expected
C. the new system is better that the old system
D. there is a business need for the new system
View answer
Correct Answer: C
Question #115
Which of the following is the MOST likely reason an organization would use Platform as a Service (PaaS)?
A. To operate third-party hosted applications
B. To install and manage operating systems
C. To establish a network and security architecture To develop and integrate its applications
View answer
Correct Answer: A
Question #116
The MAIN criterion for determining the severity level of a service disruption incident is:
A. cost of recover
B. negative public opinio
C. geographic locatio
D. downtim
View answer
Correct Answer: C
Question #117
An organization plans to deploy Wi-Fi location analytics to count the number of shoppers per day across its various retail outlets. What should the IS auditor recommend as the FIRST course of action by IT management?
A. Conduct a privacy impact assessment
B. Mask media access control (MAC) addresses
C. Survey shoppers for feedback
D. Develop a privacy notice to be displayed to shoppers
View answer
Correct Answer: A
Question #118
A senior auditor is reviewing work papers prepared by a junior auditor indicating that a finding was removed after the auditee said they corrected the problem. Which of the following would be the MOST appropriate course of action for the senior auditor?
A. Approve the work papers as written
B. Refer the issue to the audit director
C. Have the finding reinstated
D. Ask the auditee to retest
View answer
Correct Answer: C

View The Updated ISACA Exam Questions

SPOTO Provides 100% Real ISACA Exam Questions for You to Pass Your ISACA Exam!

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: