Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home ISACA CISA

ISACA CISA Exam Practice Questions (P. 5)

  • Full Access (1824 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #41
During audit fieldwork, an IS auditor learns that employees are allowed to connect their personal devices to company-owned computers. How can the auditor
BEST validate that appropriate security controls are in place to prevent data loss?
  1. A
    Verify the data loss prevention (DLP) tool is properly configured by the organization.
  2. B
    Review compliance with data loss and applicable mobile device user acceptance policies.
  3. C
    Verify employees have received appropriate mobile device security awareness training.
  4. D
    Conduct a walk-through to view results of an employee plugging in a device to transfer confidential data.

Correct Answer:
B

Question #42
Management has requested a post-implementation review of a newly implemented purchasing package to determine to what extent business requirements are being met. Which of the following is MOST likely to be assessed?
  1. A
    Implementation methodology
  2. B
    Test results
  3. C
    Purchasing guidelines and policies
  4. D
    Results of live processing

Correct Answer:
D

Question #43
Which of the following is an advantage of using agile software development methodology over the waterfall methodology?
  1. A
    Quicker end user acceptance
  2. B
    Clearly defined business expectations
  3. C
    Quicker deliverables
  4. D
    Less funding required overall

Correct Answer:
C

Question #44
In an online application, which of the following would provide the MOST information about the transaction audit trail?
  1. A
    File layouts
  2. B
    Data architecture
  3. C
    System/process flowchart
  4. D
    Source code documentation

Correct Answer:
B

Question #45
On a public-key cryptosystem when there is no previous knowledge between parties, which of the following will BEST help to prevent one person from using a fictitious key to impersonate someone else?
  1. A
    Send a certificate that can be verified by a certification authority with the public key.
  2. B
    Encrypt the message containing the sender's public key, using the recipient's public key.
  3. C
    Send the public key to the recipient prior to establishing the connection.
  4. D
    Encrypt the message containing the sender's public key, using a private-key cryptosystem.

Correct Answer:
A

Question #46
The IS quality assurance (QA) group is responsible for:
  1. A
    monitoring the execution of computer processing tasks.
  2. B
    designing procedures to protect data against accidental disclosure.
  3. C
    ensuring that program changes adhere to established standards.
  4. D
    ensuring that the output received from system processing is complete.

Correct Answer:
C

Question #47
Which of the following approaches will ensure recovery time objectives (RTOs) are met for an organization's disaster recovery plan (DRP)?
  1. A
    Performing a full interruption test
  2. B
    Performing a parallel test
  3. C
    Performing a tabletop test
  4. D
    Performing a cyber-resilience test

Correct Answer:
A

Question #48
Which audit approach is MOST helpful in optimizing the use of IS audit resources?
  1. A
    Agile auditing
  2. B
    Continuous auditing
  3. C
    Risk-based auditing
  4. D
    Outsourced auditing

Correct Answer:
C

Question #49
Which of the following would provide the MOST important input during the planning phase for an audit on the implementation of a bring your own device (BYOD) program?
  1. A
    Results of a risk assessment
  2. B
    Policies including BYOD acceptable use statements
  3. C
    Findings from prior audits
  4. D
    An inventory of personal devices to be connected to the corporate network

Correct Answer:
A

Question #50
An IS auditor concludes that logging and monitoring mechanisms within an organization are ineffective because central servers are not included within the central log repository. Which of the following audit procedures would have MOST likely identified this exception?
  1. A
    Comparing all servers included in the current central log repository with the listing used for the prior-year audit
  2. B
    Inspecting a sample of alerts generated from the central log repository
  3. C
    Comparing a list of all servers from the directory server against a list of all servers present in the central log repository
  4. D
    Inspecting a sample of alert settings configured in the central log repository

Correct Answer:
C

Previous Questions Next Questions

All Pages