Topic 2: Exam Pool B
During an audit of information security procedures of a large retailer s online store, an IS auditor notes that operating system (OS) patches are automatically deployed upon -. Which of the following should be of GREATEST concern to the auditor?
A.
Patches are not reflected in the configuration management database
B.
Patches are in conflict with current licensing agreements
C.
Patches are not tested before installation on critical servers.
D.
Patches are pushed from the vendor increasing Internet traffic
Patches are not tested before installation on critical servers.
The BEST way to prevent fraudulent payments is to implement segregation of duties between payment processing and:
A.
payment approval
B.
requisition creation
C.
vendor setup
D.
check creation
payment approval
Which of the following controls will BEST ensure that the board of directors receives sufficient information about IT?
A.
The CIO reports on performance and corrective actions in a timely manner.
B.
Board members are knowledgeable about IT and the CIO is consulted on IT issues.
C.
The CIO regularly sends IT trend reports to the board.
D.
Regular meetings occur between the board the CIO and a technology committee
Board members are knowledgeable about IT and the CIO is consulted on IT issues.
Which of the following observations noted during a review of the organization s social media practices should be of MOST concern to the IS auditor?
A.
The organization does not require approval for social media posts.
B.
Not all employees using social media have attended the security awareness program.
C.
The organization does not have a documented social media policy.
D.
More than one employee is authorized to publish on social media on behalf of the organization
The organization does not have a documented social media policy.
An IS auditor reviews change control tickets and finds an emergency change request where an IT manager approved the change, modified the code on the production platform, an solved the ticket Which of the following should be the auditor’s GREATEST concern?
A.
There was no follow-up approval from the business
B.
There was no testing prior to making the change in production
C.
The IT manager performed the change and resolved the ticket
D.
The change was made less than an hour after the request
There was no testing prior to making the change in production
Which of the following is the MOST important activity to undertake to avoid rework later in a project?
A.
Acceptance testing
B.
Risk assessment
C.
Control review
D.
Phase review
Phase review
Which of the following is the BEST way to help ensure the security of privacy-related data stored by an organization?
A.
Encrypt personally identifiable information.
B.
Publish the data classification scheme.
C.
Inform data owners of the purpose of collecting information.
D.
Classify privacy-related data as confidential
Classify privacy-related data as confidential
Which of the following would be the MOST effective control to mitigate unintentional misuse of authorized access?
A.
Regular monitoring of user access logs
B.
Annual sign-off of acceptable use policy
C.
Security awareness training
D.
Formalized disciplinary action
Security awareness training
Which of the following is the PRIMARY reason for database optimization in an environment with a high volume of transactions?
A.
Improving availability
B.
Maintaining integrity
C.
Preventing data leakage
D.
Improving performance
Improving performance
To ensure confidentiality through the use of asymmetric encryption, a message is encrypted with which of the following?
A.
Sender's private key
B.
Recipient's private key
C.
Sender's public key
D.
Recipient's public key
Sender's private key
An accounting department uses a spreadsheet to calculate sensitive financial transactions. Which of the following is the MOST important control for maintaining the security of data in the spreadsheet?
A.
There is a reconciliation process between the spreadsheet and the finance system.
B.
The spreadsheet is locked down to avoid inadvertent changes.
C.
A separate copy of the spreadsheet is routinely backed up.
D.
Access to the spreadsheet is given only to those who require access
The spreadsheet is locked down to avoid inadvertent changes.
An IS auditor is assigned to review the development of a specific application. Which of the following would be the MOST significant step following the feasibility study?
A.
Attend project progress meetings to monitor timely implementation of the application.
B.
Assist users in the design of proper acceptance-testing procedures.
C.
Follow up with project sponsor for project's budgets and actual costs.
D.
Review functional design to determine that appropriate controls are planned.
Review functional design to determine that appropriate controls are planned.
| Page 21 out of 85 Pages |
| 89101112131415161718192021222324252627282930313233 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved