
Updated Mar-2024 Test Engine to Practice Test for CISA Exam Questions and Answers!
Certified Information Systems Auditor Certification Sample Questions and Practice Exam
The CISA exam is offered by the Information Systems Audit and Control Association (ISACA), a nonprofit organization that provides guidance and education to IT professionals involved in governance, risk management, and compliance. CISA exam is designed to test the candidate's knowledge and understanding of IT audit, control, and security practices based on globally accepted standards and best practices.
The CISA certification exam is a comprehensive exam that consists of multiple-choice questions and is administered by ISACA. CISA exam is four hours long and consists of 150 questions. In order to pass the exam, candidates must score a minimum of 450 out of a possible 800 points.
NEW QUESTION # 220
Which of the following help(s) prevent an organization's systems from participating in a distributed denial- of-service (DDoS) attack? Choose the BEST answer.
- A. Outbound traffic filtering
- B. Recentralizing distributed systems
- C. Inbound traffic filtering
- D. Using access control lists (ACLs) to restrict inbound connection attempts
Answer: A
Explanation:
Explanation/Reference:
Outbound traffic filtering can help prevent an organization's systems from participating in a distributed denial-of-service (DDoS) attack.
NEW QUESTION # 221
The members of an emergency incident response team should be:
- A. assigned at the time of each incident.
- B. appointed by the CISO.
- C. selected from multiple departments.
- D. restricted to IT personnel.
Answer: C
NEW QUESTION # 222
An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives Which of the following findings should be the IS auditor's GREATEST concern?
- A. Users have not been trained on the new system.
- B. Users are not required to sign updated acceptable
- C. Mobile devices are not encrypted.
- D. The business continuity plan (BCP) was not updated.
Answer: D
NEW QUESTION # 223
Which of the following data would be used when performing a business impact analysis (BIA)?
- A. Projected impact of current business on future business
- B. Cost-benefit analysis of running the current business
- C. Cost of regulatory compliance
- D. Expected costs for recovering the business
Answer: A
NEW QUESTION # 224
Which of the following is the MOST effective control to ensure electronic records beyond their retention periods are deleted from IT systems?
- A. Review the record retention register regularly to initiate data deletion.
- B. Perform a sample check of current data against the retention schedule.
- C. Build in system logic to trigger data deletion at predefined times.
- D. Execute all data deletions at a predefined month during the year.
Answer: C
NEW QUESTION # 225
Which of the following is widely accepted as one of the critical components in networking management?
- A. Topological mappings
- B. Configuration management
- C. Application of monitoring tools
- D. Proxy server troubleshooting
Answer: B
Explanation:
Section: Protection of Information Assets
Explanation:
Configuration management is widely accepted as one of the key components of any network, since it
establishes how the network will function internally and externally, it also deals with the management of
configuration and monitoring performance. Topological mappings provide outlines of the components of the
network and its connectivity. Application monitoring is not essential and proxy server troubleshooting is
used for troubleshooting purposes.
NEW QUESTION # 226
Fault-tolerance is a feature particularly sought-after in which of the following kinds of computer systems (choose all that apply):
- A. None of the choices.
- B. laptop systems
- C. desktop systems
- D. handheld PDAs
- E. business-critical systems
Answer: E
Explanation:
Fault-tolerance enables a system to continue operating properly in the event of the failure of some parts of it. It avoids total breakdown, and is particularly sought-after in high-availability environment full of businesscritical systems.
NEW QUESTION # 227
An advantage of using sanitized live transactions in test data is that:
- A. all transaction types will be included.
- B. test transactions are representative of live processing.
- C. no special routines are required to assess the results.
- D. every error condition is likely to be tested.
Answer: B
Explanation:
Section: Protection of Information Assets
Explanation:
Test data will be representative of live processing; however, it is unlikely that all transaction types or error conditions will be tested in this way.
NEW QUESTION # 228
Which of the following provides nonrepudiation services for e-commerce transactions?
- A. Personal identification number (PIN)
- B. Public key infrastructure (PKI)
- C. Data Encryption Standard (DES)
- D. Message authentication code (MAC)
Answer: B
Explanation:
PKl is the administrative infrastructure for digital certificates and encryption key pairs. The qualities of an acceptable digital signature are: it is unique to the person using it; it is capable of verification; it is under the sole control of theperson using it; and it is linked to data in such a manner that if data are changed, the digital signature is invalidated. PKl meets these tests. The Data Encryption Standard (DES) is the most common private key cryptographic system. DES does not address nonrepudiation . A MAC is a cryptographic value calculated by passing an entire message through a cipher system. The sender attaches the MAC before transmission and the receiver recalculates the MAC and compares it to the sent MAC. If the two MACs are not equal, this indicates that the message has been altered during transmission; it has nothing to do with nonrepudiation . A PIN is a type of password, a secret number assigned to an individual that, in conjunction with some other means of identification, serves to verify the authenticity of the individual.
NEW QUESTION # 229
When developing a business continuity plan (BCP), which of the following steps should be completed FIRST?
- A. Ensure that offsite backups can be efficiently restored.
- B. Review the business continuity insurance policy.
- C. Carry out a risk assessment.
- D. Identify alternatives to critical applications.
Answer: C
NEW QUESTION # 230
Which of the following would have the HIGHEST priority in a business continuity plan (BCP)?
- A. Resuming critical processes
- B. Recovering sensitive processes
- C. Relocating operations to an alternative site
- D. Restoring the site
Answer: A
Explanation:
Section: Protection of Information Assets
Explanation:
The resumption of critical processes has the highest priority as it enables business processes to begin
immediately after the interruption and not later than the declared mean time between failure (MTBF).
Recovery of sensitive processes refers to recovering the vital and sensitive processes that can be
performed manually at a tolerable cost for an extended period of time and those that are not marked as
high priority. Repairing and restoring the site to original status and resuming the business operations are
time consuming operations and are not the highest priority. Relocating operations to an alternative site,
either temporarily or permanently depending on the interruption, is a time consuming process; moreover,
relocation may not be required.
NEW QUESTION # 231
In an online application, which of the following would provide the MOST information about the transaction audit trail?
- A. File layouts
- B. Source code documentation
- C. System/process flowchart
- D. Data architecture
Answer: D
Explanation:
Explanation
In an online application, data architecture provides the most information about the transaction audit trail, as it describes how data are created, stored, processed, accessed and exchanged among different components of the application. Data architecture includes data models, schemas, dictionaries, metadata, standards and policies that define the structure, quality, integrity, security and governance of data. Data architecture can help the IS auditor to trace the origin, flow, transformation and destination of data in an online transaction, and to identify the key data elements, attributes and relationships that are relevant for audit purposes. A system/process flowchart is a graphical representation of the sequence of steps or activities that are performed by a system or process. A system/process flowchart can provide some information about the transaction audit trail, but it is not as detailed or comprehensive as data architecture. A system/process flowchart shows the inputs, outputs, decisions and actions of a system or process, but it does not show the data elements, attributes and relationships that are involved in each step or activity. A file layout is a specification of the format and structure of a data file. A file layout can provide some information about the transaction audit trail, but it is not as detailed or comprehensive as data architecture. A file layout shows the fields, types, lengths and positions of data in a file, but it does not show the origin, flow, transformation and destination of data in an online transaction. Source code documentation is a description of the logic, functionality and purpose of a program or module written in a programming language. Source code documentation can provide some information about the transaction audit trail, but it is not as detailed or comprehensive as data architecture. Source code documentation shows the instructions, variables and parameters that are used to perform calculations and operations on data, but it does not show the data elements, attributes and relationships that are involved in each instruction or operation. References: CISA Review Manual (Digital Version) 1, Chapter 4: Information Systems Operations and Business Resilience, Section 4.2: Data Administration Practices.
NEW QUESTION # 232
The MAIN purpose of a transaction audit trail is to:
- A. reduce the use of storage media.
- B. provide useful information for capacity planning.
- C. determine accountability and responsibility for processed transactions.
- D. help an IS auditor trace transactions.
Answer: C
Explanation:
Enabling audit trails aids in establishing the accountability and responsibility for processed transactions by tracing them through the information system. Enabling audit trails increases the use of disk space. A transaction log file would be used totrace transactions, but would not aid in determining accountability and responsibility. The objective of capacity planning is the efficient and effective use of IT resources and requires information such as CPU utilization, bandwidth, number of users, etc.
NEW QUESTION # 233
Which of the following is MOST important for an IS auditor to consider when planning an assessment of the organization's end-user computing (EUC) program?
- A. Identification of IT owners for each end user tool
- B. The integrity of data processed by end user tools
- C. The training program curriculum for key end users
- D. The inclusion of end user tools in the IT balanced scorecard
Answer: B
NEW QUESTION # 234
Electrical surge protectors BEST protect from the impact of:
- A. reduced voltage.
- B. power outages.
- C. electromagnetic interference.
- D. sags and spikes
Answer: D
Explanation:
Section: Protection of Information Assets
NEW QUESTION # 235
The PRIMARY purpose of a business impact analysis (BIA) is to:
- A. identify the events that could impact the continuity of an organization's operations.
- B. provide a plan for resuming operations after a disaster.
- C. publicize the commitment of the organization to physical and logical security.
- D. provide the framework for an effective disaster recovery plan.
Answer: A
Explanation:
Section: Protection of Information Assets
Explanation:
A business impact analysis (BIA) is one of the key steps in the development of a business continuity plan
(BCP). A BIA will identify the diverse events that could impact the continuity of the operations of an
organization.
NEW QUESTION # 236
Which of the following would BEST manage the risk of changes in requirements after the analysis phase of a business application development project?
- A. Ongoing participation by relevant stakeholders
- B. Expected deliverables meeting project deadlines
- C. Quality assurance (OA) review
- D. Sign-off from the IT team
Answer: A
NEW QUESTION # 237
......
Certification dumps Certified Information Systems Auditor CISA guides - 100% valid: https://www.dumpsreview.com/CISA-exam-dumps-review.html
100% Pass Your CISA Certified Information Systems Auditor at First Attempt with DumpsReview: https://drive.google.com/open?id=1YBXp0rBbsgo94RdbDQfwLrEh-TLa8SgB

