Topic 2: Exam Pool B
Which of the following would be the MOST effective method to identify high risk areas in the business to be included in the audit plan?
A.
Review external audit reports of the business
B.
Review industry reports to identify common risk areas
C.
Validate current risk from poor internal audit findings
D.
Engage with management to understand the business
Engage with management to understand the business
An IS auditor has been asked to perform a post-implementation assessment of a new corporate human resources (HR) system. Which of the following control areas would be OST important to review for the protection of employee information?
A.
Authentication mechanisms
B.
Logging capabilities
C.
System architecture
D.
Data retention practices
Authentication mechanisms
Which of the following is the GREATEST concern when an organization allows personal devices to connect to its network?
A.
It is difficult To enforce the security policy on personal devices
B.
It is difficult to maintain employee privacy.
C.
IT infrastructure costs will increase.
D.
Help desk employees will require additional training to support devices.
It is difficult To enforce the security policy on personal devices
An organization has outsourced its data leakage monitoring to an Internet service provider (ISP). Which of the following is the BEST way for an IS auditor to determine the effectiveness of this service?
A.
Review the data leakage clause in the SLA.
B.
verify the ISP has staff to deal with data leakage.
C.
Simulate a data leakage incident.
D.
Review the ISP's external audit report
Simulate a data leakage incident.
An organization that has suffered a cyber attack is performing a forensic analysis of the affected users' computers Which of the following should be of GREATEST concern for the IS editor reviewing this process?
A.
Audit was only involved during extraction of the information.
B.
The legal department has not been engaged.
C.
The chain of custody has not been documented
D.
An imaging process was used to obtain a copy of the data from each computer.
Audit was only involved during extraction of the information.
Which of the following would be MOST helpful in ensuring security procedures are followed by employees in a multinational organization?
A.
Comprehensive end-user training
B.
Security architecture review
C.
Regular clean desk reviews
D.
Regular policy updates by management
Comprehensive end-user training
An IS auditor is a member of an application development team that is selecting software. Which of the following would impair the auditor's independence?
A.
Approving the vendor selection methodology
B.
verifying the weighting of each selection criteria
C.
Reviewing the request for proposal (RFP)
D.
Witnessing the vendor selection process
Approving the vendor selection methodology
Which of the following could be determined by an entity-relationship diagram?
A.
Links between data objects
B.
How data are transformed at they move through the system
C.
Modes of behavior of data objects
D.
How the system behaves as a consequence of external events
Links between data objects
Which of the following presents the GREATEST concern when implementing data flow across borders?
A.
Equipment incompatibilities
B.
National privacy laws
C.
Political unrest
D.
Software piracy laws
National privacy laws
Which of the following is a substantive test procedure?
A.
Test of invoice calculation process
B.
verifying that appropriate approvals are documented m a sample of program changes
C.
Using audit software to verify The total of an accounts receivable file
D.
Observing that user IDs and passwords are required to sign on to the online system
Test of invoice calculation process
An IS auditor is involved in the user testing phase of a development project. The developers wish to use a copy of a peak volume transaction file from the production process to should that the development can cope with the required volume What is the auditor s PRIMARY concern?
A.
Users may not wish for production data to be made available for testing.
B.
All functionality of the new process may not be tested.
C.
Sensitive production data may be read by unauthorized persons.
D.
The error-handling and credibility checks may not be fully proven
Sensitive production data may be read by unauthorized persons.
An IT management group has developed a standardized security control checklist and distributed it to the control self-assessors in each organizational unit. Which of the following would be the GREATEST risk m this approach?
A.
Business-specific vulnerabilities may be overlooked.
B.
Delayed feedback may increase exposures
C.
Assessors may manipulate the results
D.
Over time the checklist may become outdated.
Business-specific vulnerabilities may be overlooked.
| Page 13 out of 85 Pages |
| 1234567891011121314151617181920212223242526 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved