GetCertkey

http://www.getcertkey.com
No help, Full refund!
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

Exam : CISA

Title : Certified Information Systems

Auditor

Vendor : ISACA

Version : DEMO

Get Latest & Valid CISA Exam's Question and Answers 1from Getcertkey.com. 1
http://www.getcertkey.com/cisa_braindumps.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

NO.1 An organization offers an online information security awareness program to employees on an

annual basis.
Which of the following findings from an audit of the program should be the IS auditor's GREATEST
concern?
A. The post-training test content is two years old.
B. New employees are given three months to complete the training.
C. Training completion is not mandatory for staff
D. Employees have complained about the length of the program
Answer: C

NO.2 During a network security review the system log indicates an unusually high number of
unsuccessful login attempts Which of the following sampling techniques is MOST appropriate for
selecting a sample of user IDs for further investigation?
A. Monetary unit
B. Variable
C. Stratified
D. Attribute
Answer: C

NO.3 Which of the following is MOST likely to be prevented by a firewall connected to the Internet?
A. Disclosure of public key infrastructure (PKI) keys
B. Dial-m penetration attacks
C. Alteration of email message content
D. External spoofing of internal addresses
Answer: D

NO.4 An IS auditor learns a server administration team regularly applies work arounds to address
repeated failures of critical data processing services. Which of the following would BEST enable the
organization to resolve the issue?
A. Incident management
B. Service level management
C. Change management
D. Problem management
Answer: A

NO.5 Which of the following is the BCST way to determine the effectiveness of a recently installed
intrusion detection system (IDS)?
A. Conduct attack simulation.
B. inspect IDS configuration
C. Review audit logs.
D. Implement access control.
Answer: A

Get Latest & Valid CISA Exam's Question and Answers 2from Getcertkey.com. 2
http://www.getcertkey.com/cisa_braindumps.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

NO.6 Intrusion detection systems (IDSs) can:

A. provide information to enhance the security infrastructure.
B. compensate for weak authentication mechanisms
C. conduct investigations of attacks from within the network
D. substitute for a firewall.
Answer: A

NO.7 Which of the following is the MOST significant risk associated with peer-to-peer networking
technology?
A. Loss of information during transmission
B. Lack of central monitoring
C. Reduction in staff productivity
D. Lack of reliable internet network connections
Answer: B

NO.8 An airlines online booking system uses an automated script that checks whether fares are
within the defined threshold of what is reasonable before the fares are displayed on the website.
Which type of control is in place?
A. Preventer control
B. Compensating control
C. Corrective control
D. Detective control
Answer: A

NO.9 Which of the following is the PRIMARY advantage of single sign-on (SSO)?
A. Improves security
B. Improves system performance
C. Reduces administrative work load
D. Ensures good password practices
Answer: C

NO.10 Which of the following should be of GREATEST concern to an IS auditor reviewing the controls
for a continuous software release process?
A. Release documentation is not updated to reflect successful deployment
B. Test libraries have not been reviewed in over six months
C. Testing documentation is not attached to production releases.
D. Developers are able to approve their own releases
Answer: D

NO.11 Which of the following is the BEST reason for an organization to develop a business continuity
plan?
A. To develop a detailed desertion of information systems and processes
B. To identify the users of information systems and processes

Get Latest & Valid CISA Exam's Question and Answers 3from Getcertkey.com. 3
http://www.getcertkey.com/cisa_braindumps.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

C. To avoid the costs resulting from the failure of key systems and processes
D. To establish business uns prioritization of systems projects, and strategies
Answer: D

NO.12 Which of the following is the BEST way to address ongoing concerns with the quality and
accuracy of internal audits?
A. Require IS audit management to lead exit meetings.
B. Engage an independent review of the audit function.
C. Require peer reviews of audit workpapers.
D. Implement performance management for IS auditors.
Answer: B

NO.13 Which of the following is the MOST effective mechanism for ensuring that critical IT
operational problems are reported to executive management in a timely manner?
A. Regular meetings
B. Escalation procedures
C. Service level monitoring
D. Periodic status reports
Answer: B

NO.14 During a review of an application system, an IS auditor identifies automated controls

designed to prevent the entry of duplicate transactions. What is the BEST way to verify that the
controls work as designed?
A. Review quality assurance (QA) test results.
B. Enter duplicate transactions in a copy of the live system.
C. Implement periodic reconciliations.
D. Use generalized audit software for seeking data corresponding to duplicate transactions.
Answer: B

NO.15 Which of the following should be an IS auditor's FIRST activity when planning an audit?
A. Create a list of key controls to be reviewed.
B. Identify proper resources for audit activities.
C. Gain an understanding of the area to be audited.
D. Document specific questions in the audit program
Answer: C

NO.16 Which of the following would be the MOST effective method to address software license
violations on employee workstations?
A. Restricting administrative rights on employee workstations
B. Scanning of workstation daily for unauthorized software use
C. Required automated installation of software.
D. Implementing real-time monitoring software on employee workstations
Answer: D

Get Latest & Valid CISA Exam's Question and Answers 4from Getcertkey.com. 4
http://www.getcertkey.com/cisa_braindumps.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

NO.17 Which of the following is the MOST significant concerns when backup tapes are encrypted?
A. Incompatibility with future software versions
B. Inaccurate data due to encryption processing
C. Loss of encryption keys
D. Lack of physical security over the tapes
Answer: C

NO.18 When auditing a quality assurance plan, an IS auditor should be MOST concerned if the:
A. quality assurance function is separate from the programming function
B. SDLC is coupled with the quality assurance plan
C. quality assurance function is periodically reviewed by internal audit
D. scope of quality assurance activities is undefined
Answer: D

NO.19 Which of the following is the PRIMARY advantage of using virtualization technology for
corporate applications?
A. Stronger data security
B. Better utilization of resources
C. Increased application performance
D. Improved disaster recovery
Answer: D

NO.20 The GREATEST benefit of risk-based auditing is that it:

A. identifies problem areas within an organization.
B. enables alignment of resources to significant risk areas.
C. demonstrates compliance with regulatory requirements.
D. allows an organization to identify and eliminate low-risk areas
Answer: B

NO.21 Which of the following should be of GREATEST concern to an IS auditor when auditing an
organization's information security awareness
A. The number of security incidents logged by employees to the help desk has increased in the past
year
B. Training quizzes are designed and run by a third party company under a contract with the
organization
C. Security awareness training is not included as part of the on boarding process for new hires
D. Security awareness training is run via the organization's enterprise wide e-learning portal
Answer: C

NO.22 An organization has installed blade server technology in its data server. To determine
whether higher cooling demands are maintained, which of the following should the IS auditor
review?

Get Latest & Valid CISA Exam's Question and Answers 5from Getcertkey.com. 5
http://www.getcertkey.com/cisa_braindumps.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

A. Uninterruptable power supply (UPS) systems

B. Ventilation systems
C. Duct maintenance
D. Air conditioning capacity
Answer: D

NO.23 Which of the following types of controls would BEST facilitate a root cause analysis for an
information security incident?
A. Detective
B. Directive
C. Corrective
D. Preventive
Answer: D

NO.24 Before concluding that internal controls can be relied upon, the IS auditor should:
A. document application controls.
B. discuss the internal control weaknesses with the auditee
C. document the system of internal control.
D. conduct tests of compliance
Answer: D

NO.25 An IS auditor discovered that a firewall has more services than needed The IS auditor's FIRST
recommendation should be to:
A. ensure logging is turned on.
B. review configurations
C. Eliminate services except for HTTPS.
D. deploy a network penetration team.
Answer: B

NO.26 Which of the following is MOST important when an incident may lead to prosecution?
A. Impact analysis
B. Timely incident detection
C. Independent assessment
D. Preservation of evidence
Answer: D

NO.27 An organization globally distributes a free phone application that includes a module to gather
and report user information. The application includes a privacy notice altering users to the data
gathering. Which of the following presents the GREATEST risk?
A. There may be a backlash among users when the data gathering is revealed
B. There is no framework to delete personal data
C. The data is not properly encrypted on the application server
D. The data gathering notice is available in only one language

Get Latest & Valid CISA Exam's Question and Answers 6from Getcertkey.com. 6
http://www.getcertkey.com/cisa_braindumps.html
 Instant Download - Best Exam Practice Material - 100% Money Back Guarantee!
IT Certification Guaranteed, The Easy Way!

Answer: C

NO.28 During the procurement process which of the following would be the BEST indication that
prospective vendors will meet the organization's needs?
A. Expected service levels are defined
B. The vendor's subcontractors have been identified
C. service catalog is documented.
D. An account transition manager has been identified.
Answer: A

NO.29 During an IS audit, it is discovered that security configurations differ across the organization's
virtual server farm. Which of the following is the IS auditor's BEST recommendation to proving the
control environment?
A. implement a security configuration baseline for virtual servers.
B. Conduct a standard patch management review across the virtual server farm.
C. implement security monitoring controls for high-risk virtual servers
D. Conduct an independent review of each server s security configuration.
Answer: A

NO.30 An IS auditor reviewing an incident management process identifies client information was
lost due to ransomware attacks. Which of the following would MOST effectively minimize the impact
of future occurrences?
A. Improve the ransomware awareness program.
B. Monitor all client data changes.
C. Back up client data more frequently.
D. Change access to client data to read-only.
Answer: C

Get Latest & Valid CISA Exam's Question and Answers 7from Getcertkey.com. 7
http://www.getcertkey.com/cisa_braindumps.html