Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home ISACA CISA

ISACA CISA Exam Practice Questions (P. 4)

  • Full Access (1824 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #31
An IS auditor is reviewing processes for importing market price data from external data providers. Which of the following findings should the auditor consider
MOST critical?
  1. A
    The quality of the data is not monitored.
  2. B
    The transfer protocol does not require authentication.
  3. C
    Imported data is not disposed frequently.
  4. D
    The transfer protocol is not encrypted.

Correct Answer:
A

Question #32
In a controlled application development environment, the MOST important segregation of duties should be between the person who implements changes into the production environment and the:
  1. A
    application programmer.
  2. B
    quality assurance (QA) personnel.
  3. C
    computer operator.
  4. D
    systems programmer.

Correct Answer:
A

Question #33
A small startup organization does not have the resources to implement segregation of duties. Which of the following is the MOST effective compensating control?
  1. A
    Rotation of log monitoring and analysis responsibilities
  2. B
    Additional management reviews and reconciliations
  3. C
    Mandatory vacations
  4. D
    Third-party assessments

Correct Answer:
B

Question #34
When planning an audit to assess application controls of a cloud-based system, it is MOST important for the IS auditor to understand the:
  1. A
    availability reports associated with the cloud-based system.
  2. B
    architecture and cloud environment of the system.
  3. C
    policies and procedures of the business area being audited.
  4. D
    business process supported by the system.

Correct Answer:
D

Question #35
Which of the following data would be used when performing a business impact analysis (BIA)?
  1. A
    Projected impact of current business on future business
  2. B
    Expected costs for recovering the business
  3. C
    Cost of regulatory compliance
  4. D
    Cost-benefit analysis of running the current business

Correct Answer:
A

Question #36
Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
  1. A
    Number of successful penetration tests
  2. B
    Percentage of protected business applications
  3. C
    Number of security vulnerability patches
  4. D
    Financial impact per security event

Correct Answer:
B

Question #37
An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives.
Which of the following findings should be the IS auditor's GREATEST concern?
  1. A
    Mobile devices are not encrypted.
  2. B
    Users are not required to sign updated acceptable use agreements.
  3. C
    The business continuity plan (BCP) was not updated.
  4. D
    Users have not been trained on the new system.

Correct Answer:
C

Question #38
Which of the following security measures will reduce the risk of propagation when a cyberattack occurs?
  1. A
    Data loss prevention (DLP) system
  2. B
    Perimeter firewall
  3. C
    Network segmentation O Web application firewall

Correct Answer:
C

Question #39
An IS auditor notes that the previous year's disaster recovery test was not completed within the scheduled time frame due to insufficient hardware allocated by a third-party vendor. Which of the following provides the BEST evidence that adequate resources are now allocated to successfully recover the systems?
  1. A
    Hardware change management policy
  2. B
    An up-to-date RACI chart
  3. C
    Vendor memo indicating problem correction
  4. D
    Service level agreement (SLA)

Correct Answer:
C

Question #40
When implementing Internet Protocol security (IPsec) architecture, the servers involved in application delivery:
  1. A
    channel access only through the public-facing firewall.
  2. B
    channel access through authentication.
  3. C
    communicate via Transport Layer Security (TLS).
  4. D
    block authorized users from unauthorized activities.

Correct Answer:
C

Previous Questions Next Questions

All Pages