CISA Best Training Material and Practice Test Q&A from CertLibrary.com

Question 1

An IS auditor is reviewing processes for importing market price data from external data providers. Which of the following findings should the auditor consider
MOST critical?

A. The quality of the data is not monitored.
B. The transfer protocol does not require authentication.
C. Imported data is not disposed frequently.
D. The transfer protocol is not encrypted.

Answer : A

Question 2

In a controlled application development environment, the MOST important segregation of duties should be between the person who implements changes into the production environment and the:

A. application programmer.
B. quality assurance (QA) personnel.
C. computer operator.
D. systems programmer.

Answer : A

Question 3

A small startup organization does not have the resources to implement segregation of duties. Which of the following is the MOST effective compensating control?

A. Rotation of log monitoring and analysis responsibilities
B. Additional management reviews and reconciliations
C. Mandatory vacations
D. Third-party assessments

Answer : B

Question 4

When planning an audit to assess application controls of a cloud-based system, it is MOST important for the IS auditor to understand the:

A. availability reports associated with the cloud-based system.
B. architecture and cloud environment of the system.
C. policies and procedures of the business area being audited.
D. business process supported by the system.

Answer : D

Question 5

Which of the following data would be used when performing a business impact analysis (BIA)?

A. Projected impact of current business on future business
B. Expected costs for recovering the business
C. Cost of regulatory compliance
D. Cost-benefit analysis of running the current business

Answer : A

Question 6

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?

A. Number of successful penetration tests
B. Percentage of protected business applications
C. Number of security vulnerability patches
D. Financial impact per security event

Answer : B

Question 7

An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives.
Which of the following findings should be the IS auditor's GREATEST concern?

A. Mobile devices are not encrypted.
B. Users are not required to sign updated acceptable use agreements.
C. The business continuity plan (BCP) was not updated.
D. Users have not been trained on the new system.

Answer : C

Question 8

Which of the following security measures will reduce the risk of propagation when a cyberattack occurs?

A. Data loss prevention (DLP) system
B. Perimeter firewall
C. Network segmentation O Web application firewall

Answer : C

Question 9

An IS auditor notes that the previous year's disaster recovery test was not completed within the scheduled time frame due to insufficient hardware allocated by a third-party vendor. Which of the following provides the BEST evidence that adequate resources are now allocated to successfully recover the systems?

A. Hardware change management policy
B. An up-to-date RACI chart
C. Vendor memo indicating problem correction
D. Service level agreement (SLA)

Answer : C

Question 10

When implementing Internet Protocol security (IPsec) architecture, the servers involved in application delivery:

A. channel access only through the public-facing firewall.
B. channel access through authentication.
C. communicate via Transport Layer Security (TLS).
D. block authorized users from unauthorized activities.

Answer : C

Question 11

During audit fieldwork, an IS auditor learns that employees are allowed to connect their personal devices to company-owned computers. How can the auditor
BEST validate that appropriate security controls are in place to prevent data loss?

A. Verify the data loss prevention (DLP) tool is properly configured by the organization.
B. Review compliance with data loss and applicable mobile device user acceptance policies.
C. Verify employees have received appropriate mobile device security awareness training.
D. Conduct a walk-through to view results of an employee plugging in a device to transfer confidential data.

Answer : B

Question 12

Management has requested a post-implementation review of a newly implemented purchasing package to determine to what extent business requirements are being met. Which of the following is MOST likely to be assessed?

A. Implementation methodology
B. Test results
C. Purchasing guidelines and policies
D. Results of live processing

Answer : D

Question 13

Which of the following is an advantage of using agile software development methodology over the waterfall methodology?

A. Quicker end user acceptance
B. Clearly defined business expectations
C. Quicker deliverables
D. Less funding required overall

Answer : C

Question 14

In an online application, which of the following would provide the MOST information about the transaction audit trail?

A. File layouts
B. Data architecture
C. System/process flowchart
D. Source code documentation

Answer : B

Question 15

On a public-key cryptosystem when there is no previous knowledge between parties, which of the following will BEST help to prevent one person from using a fictitious key to impersonate someone else?

A. Send a certificate that can be verified by a certification authority with the public key.
B. Encrypt the message containing the sender's public key, using the recipient's public key.
C. Send the public key to the recipient prior to establishing the connection.
D. Encrypt the message containing the sender's public key, using a private-key cryptosystem.

Answer : A

Certified Information Systems Auditor v1.0

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Talk to us!