Isaca CISA exam dumps in VCE Files with Latest CISA questions. Latest Isaca CISA practice test questions with % verified answers. Download free Isaca CISA practice test questions and answers for passing the ckeybin share, civil engineering reference manual torrent, cism review manual , cisa review manual , cityboy beer and loathing in the. My specific question is “What score should I average before do u mean CISA Practice Question Database v12 Software Download??.

Author: Kazragor Dogul
Country: Peru
Language: English (Spanish)
Genre: Music
Published (Last): 18 February 2016
Pages: 238
PDF File Size: 12.45 Mb
ePub File Size: 4.41 Mb
ISBN: 785-8-99109-563-1
Downloads: 15515
Price: Free* [*Free Regsitration Required]
Uploader: Kiganris

Post on Nov 90 views. An IS auditor is using a statistical sample to inventory the tape library. What type of test would this be considered? AUsing a statistical sample to inventory the tape library is an example of a substantive test.

8439824 100 CISA Questions by ExamCram Practice Test 2

Which of the following would prevent accountability for an action performed, thus allowing nonrepudiation? Proper identification AND authenticationC.

Proper identification, authentication, AND authorization Answer: BIf proper identification and authentication are not performed during access control, no accountability can exist for any action performed. Which of the following is the MOST critical step in planning an audit?

FREE CISA Exam Practice Questions | ITauditSecurity

Identifying high-risk audit targetsD. CIn planning an audit, the most critical step is identifying the areas of high risk. To properly evaluate the collective effect of preventative, detective, or corrective controls within a practicr, an IS auditor should be aware of which of the following? Choose the BEST answer. The business objectives of the organizationB.

The effect of segregation of duties on internal controlsC. The point at which controls are exercised as data flows through the systemD. CWhen evaluating the collective effect of preventive, detective, or corrective controls within a process, an IS auditor should be aware of the point at which controls are exercised as data flows through the system.

What is the recommended initial step for an IS auditor to implement continuous-monitoring systems? Document existing internal controlsB. Perform compliance testing on internal controlsC. Establish a controls-monitoring steering committeeD. Identify high-risk areas within the organization Answer: DWhen implementing continuous-monitoring systems, an IS auditor’s first step is to identify high-risk areas within the organization.

What type of risk is associated with authorized program exits trap doors? DInherent risk is associated with authorized program exits trap doors. Which of the following is best suited for searching for address field duplications? Text search forensic utility softwareB. BGeneralized audit software can be used to search for address field duplications.

Which of the following is of greatest concern to the IS auditor? Failure to report a successful attack on the networkB.

CISA Questions by ExamCram Practice Test 2 – [PDF Document]

Failure to prevent a successful attack on the networkC. Failure to recover from a successful attack on the networkD. Failure to detect a successful attack on the network Answer: ALack of reporting of a successful attack on the network is a great concern to an IS auditor.

  BAJKY BARDA BEEDLEHO PDF

An integrated test facility is not considered a useful audit tool because it cannot compare processing output with independently calculated data. BAn integrated test facility is considered a useful audit tool because dataabase compares processing output with independently calculated data. An advantage of a continuous audit approach is that it can improve system security when used in time-sharing environments that process a large number of transactions.

AIt is true that an advantage of a continuous audit approach is that it can improve system security when used in time-sharing environments that process a large number of transactions.

If an IS auditor finds evidence of risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function, what is the auditor’s primary responsibility?

To advise senior management. To reassign job functions to eliminate potential fraud. To implement compensator controls. Segregation of duties is an administrative control not considered by an IS auditor.

AAn IS auditor’s primary responsibility is to advise senior management of the risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function.

Who is responsible for implementing cost-effective controls in an automated system? BBusiness unit management is responsible for implementing cost-effective controls in an automated system. Why does an IS auditor review an organization chart? To optimize the responsibilities and authority of individualsB. To control the responsibilities and authority of individualsC. To better understand the responsibilities and authority of individualsD.

To identify project sponsorsAnswer: CThe primary reason an IS auditor reviews an organization chart is to better understand the responsibilities and authority of individuals. Ensuring that security and control policies support business and IT objectives is a primary objective of: An IT security policies auditB. AEnsuring that security and control policies support business and IT objectives is a primary objective of an IT security policies audit.

When auditing third-party service providers, an IS auditor should be concerned with which of the following? Ownership of the programs and filesB. A statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disasterC.

A statement of due careD. Ownership of programs and files, a statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disasterAnswer: DWhen auditing third-party service providers, an auditor should be concerned with ownership of programs and files, a statement of due care and confidentiality, and the capability for continued service of the service provider in the event of a disaster. When performing an IS strategy audit, an IS auditor should review both short-term one-year and long-term three- to five-year IS strategies, interview appropriate corporate management personnel, and ensure that the external environment has been considered.

The auditor should especially focus on procedures in an audit of IS strategy. BWhen performing an IS strategy audit, an IS auditor should review both short-term one-year and long-term three- to five-year IS strategies, interview appropriate corporate management personnel, and ensure that the external environment has been considered. What process allows IS management to determine whether the activities of the organization differ from the planned or expected levels?

  13001 TO92 PDF

Key performance indicators KPIs Answer: CIS assessment methods allow IS management to determine whether the activities of the organization differ from the planned or expected levels.

When should reviewing an audit client’s business plan be performed relative to reviewing an organization’s IT strategic plan? Reviewing an audit client’s business plan should be performed before reviewing an organization’s IT strategic plan.

Reviewing an audit client’s business plan should be performed after reviewing an organization’s IT strategic plan. Reviewing an audit client’s business plan should be performed during the review of an organization’s IT strategic plan. Reviewing an audit client’s business plan should be performed without regard to an organization’s IT strategic plan. AReviewing an audit client’s business plan should be performed before reviewing an organization’s IT strategic plan. Allowing application programmers to directly patch or change code in production programs increases risk of fraud.

AAllowing application programmers to directly patch or change code in production programs increases risk of fraud. Who should be responsible for network security operations? BSecurity administrators are usually responsible for network security operations. Proper segregation of duties does not prohibit a quality control administrator from also being responsible for change control and problem management. AProper segregation of duties does not prohibit a quality-control administrator from also being responsible for change control and problem management.

What can be implemented to provide the highest level of protection from external attack?

Layering perimeter network protection by configuring the firewall as a screened host in a screened subnet behind the bastion hostB.

Configuring the firewall as a screened host behind a routerC. Configuring the firewall as the protecting bastion hostD. Configuring two load-sharing firewalls facilitating VPN access from external hosts to internal hosts Answer: ALayering perimeter network protection by configuring the firewall as a screened host in a screened subnet behind the bastion host provides a higher level of protection from external attack than all other answers.

The directory system of a database-management system describes: The access method to the dataB. The location of data AND the access methodC. The location of dataD.

Neither the location of data NOR the access methodAnswer: BThe directory system of a database-management system describes the location of data and the access method. How is the risk of improper file access affected upon implementing a database system? Risk is not affected. DImproper file access becomes a greater risk when implementing a database system.

In order to properly protect against unauthorized disclosure of sensitive data, how should hard disks be sanitized? The data should be deleted and overwritten with binary 0s. The data should be demagnetized. The data should be low-level formatted. The data should be deleted.

Last modified: August 1, 2020