Topic 3: Exam Pool C
Which of the following should be of MOST concern to an IS auditor during the review of a quality management system?
A.
The quality management system includes training records for IT personnel.
B.
Indicators are not fully represented in the quality management system.
C.
There are no records to document actions for minor business processes.
D.
Important quality checklists are maintained outside the quality management system.
Indicators are not fully represented in the quality management system.
An organization performs nightly backups but does not have a formal policy. An IS auditor should FIRST
A.
evaluate current backup procedures.
B.
document a policy for the organization.
C.
recommend automated backup.
D.
escalate to senior management.
evaluate current backup procedures.
An organization has performance metrics to track how well IT resources are being used, but there has been little progress on meeting the organization's goals. Which of the following would be MOST helpful to determine the underlying reason?
A.
Conducting a root cause analysis
B.
Re-evaluating organizational goals
C.
Re-evaluating key performance indicators (KPls)
D.
Conducting a business impact analysis (BIA)
Re-evaluating key performance indicators (KPls)
The independence of an IS auditor auditing an application is maintained if the auditor's role is limited to:
A.
creating system specifications.
B.
defining user requirements.
C.
recommending system enhancements
D.
designing access control rules.
recommending system enhancements
When auditing the IT governance of an organization planning to outsource a critical financial application to a cloud vendor, the MOST important consideration for the auditor should be:
A.
the cost of the outsourced system.
B.
the inclusion of a service termination clause.
C.
alignment with industry standards.
D.
alignment with business requirements.
alignment with business requirements.
During a review of an application system, an IS auditor identifies automated controls designed to prevent the entry of duplicate transactions. What is the BEST way to verify that the controls work as designed?
A.
Implement periodic reconciliations.
B.
Review quality assurance (QA) test results.
C.
Use generalized audit software for seeking data corresponding to duplicate transactions.
D.
Enter duplicate transactions in a copy of the live system.
Enter duplicate transactions in a copy of the live system.
An IS auditor reviewing an incident management process identifies client information was lost due to ransomware attacks. Which of the following would MOST effectively minimize the impact of future occurrences?
A.
Change access to client data to read-only.
B.
Improve the ransomware awareness program.
C.
Back up client data more frequently.
D.
Monitor all client data changes.
Back up client data more frequently.
What is the purpose of a hypervisor?
A.
Monitoring the performance of virtual machines
B.
Cloning virtual machines
C.
Deploying settings to multiple machines simultaneously
D.
Running the virtual machine environment
Running the virtual machine environment
An IS auditor is conducting a pre-implementation review to determine a new system's production readiness. The auditor's PRIMARY concern should be whether:
A.
benefits realization has been evidenced
B.
there are unresolved high-risk items
C.
the project adhered to the budget and target date.
D.
users were involved in the quality assurance (QA) testing.
there are unresolved high-risk items
Which of the following would BEST enable alignment of IT with business objectives?
A.
Leveraging an IT framework
B.
Completing an IT risk assessment
C.
Adopting industry best practices
D.
Monitoring key performance indicators (KPls)
Monitoring key performance indicators (KPls)
An organization's IT security policy requires annual security awareness training for all employees. Which of the following would provide the BEST evidence of the training's effectiveness?
A.
Results of a social engineering lest
B.
Interviews with employees
C.
Decreased calls to the incident response team
D.
Surveys completed by randomly selected employees
Results of a social engineering lest
An IS auditor determines that a business continuity plan has not been reviewed and approved by management. Which of the following is the MOST significant risk associated with this situation?
A.
Continuity planning may be subject to resource constraints.
B.
The plan may not be aligned with industry best practice.
C.
Critical business processes may not be addressed adequate.
D.
The plan has not been reviewed by risk management
Critical business processes may not be addressed adequate.
| Page 22 out of 85 Pages |
| 910111213141516171819202122232425262728293031323334 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved