Topic 1: Exam Pool A
Which of the following should be the PRIMARY reason to establish a social media policy for all employees?
A.
To raise awareness and provide guidance about social media risks
B.
To restrict access to social media during business hours to maintain productivity
C.
To publish acceptable messages to be used by employees when posting
D.
To prevent negative public social media postings and comments
To raise awareness and provide guidance about social media risks
Which of the following access control situations represents the MOST serious control weakness?
A.
Computer operators have access to system level flowcharts
B.
Programmers have access to development hardware
C.
System developers have access to production data
D.
End users have access to program development tools.
System developers have access to production data
Which of the following would be an IS auditor's GREATEST concern when reviewing an organization s security controls for policy compliance?
A.
End users are not required to acknowledge security policy training.
B.
Security policy documents are available on a public domain website.
C.
Buy-in from system owners to support the policies is inadequate
D.
Security policies are not uniformly applicable across the organization
Buy-in from system owners to support the policies is inadequate
A company has implemented an IT segregation of duties policy In a role-based environment, which of the following roles may be assigned to an application developer?
A.
Database administration
B.
Emergency support
C.
IT operator
D.
System administration
System administration
Which of the following would be an appropriate role of internal audit in helping to establish an organization’s privacy program?
A.
Analyzing risks posed by new regulations
B.
Developing procedures to monitor the use of personal data
C.
Defining roles within the organization related to privacy
D.
Designing controls to protect personal data
Developing procedures to monitor the use of personal data
An IS auditor is examining a front-end sub ledger and a main ledger Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?
A.
Double-posting of a single journal entry
B.
Inaccuracy of financial reporting
C.
Unauthorized alteration of account attributes
D.
inability to support new business Transactions
Inaccuracy of financial reporting
An IS auditor reviewing the acquisition of new equipment would consider which of the following to be a significant weakness?
A.
Evaluation criteria when finalized after the initial assessment of responses
B.
Staff involved in the evaluation were aware of the vendors being evaluated.
C.
Independent consultants prepared the request for proposal (RFP) documents.
D.
The closing date for responses was extended after a request from potential vendors
Evaluation criteria when finalized after the initial assessment of responses
Which of the following types of controls would BEST facilitate a root cause analysis for an information security incident?
A.
Corrective
B.
Preventive
C.
Detective
D.
Directive
Preventive
Which of the following is a passive attack on a network?
A.
Sequence analysis
B.
Traffic analysis
C.
Message service interruption
D.
Message modification
Traffic analysis
When conducting a follow-up audit on an organization s firewall configuration, the IS auditor discovered that the firewall had been integrated into a new system that provides both firewall and intrusion detection capabilities. The IS auditor should:
A.
review the compatibility of the new system with existing network controls
B.
consider the follow-up audit unnecessary since the firewall is no longer being used
C.
assess whether the integrated system addresses the identified risk
D.
evaluate whether current staff is able to support the new system
assess whether the integrated system addresses the identified risk
Spreadsheets are used to calculate project cost estimates Totals for each cost category are then keyed into the job-costing system. What is the BIST control to ensure that data are accurately entered into the system?
A.
Validity checks preventing entry of character data
B.
Reconciliation total amounts by project
C.
Display back of project detail after entry
D.
Reasonableness checks for each cost type
Reconciliation total amounts by project
The objective of using coding standards for systems development is to:
A.
ensure that business needs are met
B.
facilitate user testing
C.
facilitate program maintenance
D.
ensure the completeness of requirements.
facilitate program maintenance
| Page 2 out of 85 Pages |
| 1234567891011121314151617181920212223242526 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved