CISA Pre-Exam Practice Tests (Updated 500 Questions) [Q128-Q147]

Share

CISA Pre-Exam Practice Tests | (Updated 500 Questions)

Valid CISA Exam Q&A PDF - One Year Free Update


For more info visit:

ISACA CISA Certification Exam Reference

 

NEW QUESTION 128
Which of the following findings would be of GREATEST concern to an IS auditor reviewing an
organization's newly implemented online security awareness program?

  • A. The timing for program updates has not been determined
  • B. Only new employees are required to attend the program
  • C. Employees do not receive immediate notification of results
  • D. Metrics have not been established to assess training results

Answer: D

Explanation:
Section: The process of Auditing Information System

 

NEW QUESTION 129
The BEST reason for implementing a virtual private network (VPN) is that it:

  • A. allows for private use of public networks.
  • B. enables use of existing hardware platforms.
  • C. allows for public use of private networks.
  • D. eases the implementation of data encryption.

Answer: A

 

NEW QUESTION 130
Which of the following controls BEST ensures appropriate segregation of duties within an accounts payable department?

  • A. Ensuring that audit trails exist for transactions
  • B. Restricting program functionality according to user security profiles
  • C. Restricting access to update programs to accounts payable staff only
  • D. Including the creator's user ID as a field in every transaction record created

Answer: A

 

NEW QUESTION 131
Which of the following is the GREATEST concern when an organization allows personal devices to connect to its network?

  • A. It is difficult to maintain employee privacy.
  • B. IT infrastructure costs will increase.
  • C. It is difficult To enforce the security policy on personal devices
  • D. Help desk employees will require additional training to support devices.

Answer: C

 

NEW QUESTION 132
The most likely error to occur when implementing a firewall is:

  • A. inadequately protecting the network and server from virus attacks.
  • B. connecting a modem to the computers in the network.
  • C. compromising the passwords due to social engineering.
  • D. incorrectly configuring the access lists.

Answer: D

Explanation:
Explanation/Reference:
Explanation:
An updated and flawless access list is a significant challenge and, therefore, has the greatest chance for errors at the time of the initial installation. Passwords do not apply to firewalls, a modem bypasses a firewall and a virus attack is not an element in implementing a firewall.

 

NEW QUESTION 133
When storing data archives off-site, what must be done with the data to ensure data completeness?

  • A. The data must be normalized.
  • B. The data must be synchronized.
  • C. The data must be parallel-tested.
  • D. The data must be validated.

Answer: B

Explanation:
Explanation/Reference:
Explanation:
When storing data archives off-site, data must be synchronized to ensure data completeness

 

NEW QUESTION 134
Which of the following should an IS auditor validate FIRST when reviewing the security of an organization's IT infrastructure as it relates to Internet of Things (loT) devices?

  • A. Strong password protection for loT devices
  • B. Identification and inventory of loT devices
  • C. Physical security of loT devices
  • D. Access control and network segmentation for loT devices

Answer: B

 

NEW QUESTION 135
Which of the following would be MOST time and cost efficient when performing a control self-assessment (CSA) for an organization with a large number of widely dispersed employees?

  • A. Survey questionnaire
  • B. Face-to-face interviews
  • C. Top-down and bottom-up analysis
  • D. Facilitated workshops

Answer: D

 

NEW QUESTION 136
An IS auditor should recommend the use of library control software to provide reasonable assurance that:

  • A. only thoroughly tested programs are released.
  • B. source and executable code integrity is maintained.
  • C. program changes have been authorized.
  • D. modified programs are automatically moved to production.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Library control software should be used to separate test from production libraries in mainframe and/or client server environments. The main objective of library control software is to provide assurance that program changes have been authorized. Library control software is concerned with authorized program changes and would not automatically move modified programs into production and cannot determine whether programs have been thoroughly tested. Library control software provides reasonable assurance that the source code and executable code are matched at the time a source code is moved to production.
However, subsequent events such as a hardware failure can result in a lack of consistency between source and executable code.

 

NEW QUESTION 137
Which of the following would an IS auditor consider the GREATEST risk associated with a mobile workforce environment?

  • A. Lack of compliance with organizational policies
  • B. Inability to access data remotely
  • C. Decrease in employee productivity and accountability
  • D. Loss or damage to the organization's assets

Answer: B

 

NEW QUESTION 138
An IS auditor finds that a system under development has 12 linked modules and each item of data can carry up to 10 definable attribute fields. The system handles several million transactions a year. Which of these techniques could an IS auditor use to estimate the size of the development effort?

  • A. Function point analysis
  • B. Program evaluation review technique (PERT)
  • C. White box testing
  • D. Counting source lines of code (SLOC)

Answer: A

Explanation:
Function point analysis is an indirect method of measuring the size of an application by considering the number and complexity of its inputs, outputs and files. It is useful for evaluating complex applications. PERT is a project management techniquethat helps with both planning and control. SLOC gives a direct measure of program size, but does not allow for the complexity that may be caused by having multiple, linked modules and a variety of inputs and outputs. White box testing involves a detailed review of the behavior of program code, and is a quality assurance technique suited to simpler applications during the design and build stage of development.

 

NEW QUESTION 139
Which of the following Is the BEST way to ensure payment transaction data is restricted to the appropriate users?

  • A. Restricting access to transactions using network security software
  • B. implementing role-based access at the application level
  • C. Implementing two-factor authentication
  • D. Using a single menu tor sensitive application transactions

Answer: B

 

NEW QUESTION 140
Which of the following projects would be MOST important to review in an audit of an organizations financial statements?

  • A. Outsourcing of the payroll system to an external service provider
  • B. Security enhancements to the customer relationship database
  • C. Automation of operational risk management processes
  • D. Resource optimization of the enterprise resource planning (ERP) system

Answer: A

 

NEW QUESTION 141
Which of the following audit procedures would BEST assist an IS auditor in determining the effectiveness of a business continuity plan (BCP)?

  • A. Observing tests of the BCP performed at the alternate processing site
  • B. Performing an assessment of BCP test documentation
  • C. Performing a maturity assessment of BCP methodology against industry standards
  • D. Participating in BCP meetings held with user department managers

Answer: A

 

NEW QUESTION 142
Which of the following would BEST enable effective IT resource management?

  • A. Establishing business priorities
  • B. Assessing the risk associated with IT resources
  • C. Automating business processes
  • D. Outsourcing IT processes and activities

Answer: A

 

NEW QUESTION 143
When conducting a requirements analysis for a project, the BEST approach would be to:

  • A. consult key stakeholders
  • B. conduct a control self-assessment
  • C. test operational deliverable
  • D. prototype the requirements,

Answer: D

 

NEW QUESTION 144
The majority of software vulnerabilities result from a few known kinds of coding defects, such as (choose all that apply):

  • A. buffer overflows
  • B. integer overflow
  • C. code injection
  • D. format string vulnerabilities
  • E. None of the choices.
  • F. command injection

Answer: A,B,C,D,F

Explanation:
Explanation/Reference:
Explanation:
The majority of software vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows, format string vulnerabilities, integer overflow, and code/command injection. Some common languages such as C and C++ are vulnerable to all of these defects. Languages such as Java are immune to some of these defects but are still prone to code/ command injection and other software defects which lead to software vulnerabilities.

 

NEW QUESTION 145
Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness?

  • A. Post test
  • B. Paper test
  • C. Walk-through
  • D. Preparedness test

Answer: D

Explanation:
Explanation/Reference:
Explanation:
A preparedness test is a localized version of a full test, wherein resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost- effective way to gradually obtain evidence about the plan's effectiveness. It also provides a means to improve the plan in increments.
Incorrect answers:
A. A paper test is a walkthrough of the plan, involving major players in the plan's execution who attempt to determine what might happen in a particular type of service disruption. A paper test usually precedes the preparedness test.
B. A post-test is actually a test phase and is comprised of a group of activities, such as returning all resources to their proper place, disconnecting equipment, returning personnel and deleting all company data from third- party systems.
D. A walk-through is a test involving a simulated disaster situation that tests the preparedness and understanding of management and staff, rather than the actual resources.

 

NEW QUESTION 146
An organization has developed its own enterprise risk management (ERM) software and performed a post-Implementation review When evaluating the post-Implementation review, which of the following would be the IS auditor's GREATEST concern?

  • A. External consultants were used to perform the post-implementation review
  • B. User acceptance testing results were not reviewed during the post- implementation review
  • C. Success criteria were not clearly defined
  • D. The project was completed over budget

Answer: C

 

NEW QUESTION 147
......

Certified Information Systems Auditor Free Update Certification Sample Questions: https://www.torrentvce.com/CISA-valid-vce-collection.html

Trend for ISACA CISA pdf dumps before actual exam: https://drive.google.com/open?id=1VK1f1aCYYk4XV37kqh3NYxasLRCKuaEK