Topic 3: Exam Pool C
Which of the following will BEST ensure that a proper cutoff has been established to reinstate transactions and records to their condition just prior to a computer system failure?
A.
Maintaining system console logs in electronic format
B.
Ensuring bisynchronous capabilities on all transmission lines
C.
Using a database management system (DBMS) to dynamically back-out partially processed transactions
D.
Rotating backup copies of transaction files off site
Ensuring bisynchronous capabilities on all transmission lines
A bank is selecting a server for its retail accounts application. To ensure that the server can handle a high volume of transactions with the required response times, which test should the IS auditor recommend?
A.
Regression
B.
Acceptance
C.
Benchmark
D.
Integration
Benchmark
An organization is choosing key performance indicators (KPIs) for its information security management. Which of the following KPIs would provide stakeholders with the MOST useful information about whether information security risk is being managed?
A.
Time from initial reporting of an incident to appropriate escalation
B.
Time from identifying a security threat to implementing a solution
C.
The number of security controls implemented
D.
The number of security incidents during the past quarter
Time from identifying a security threat to implementing a solution
Which of the following is the MOST significant risk associated with the use of visualization?
A.
Insufficient network bandwidth
B.
Single point of failure
C.
Inadequate configuration
D.
Performance issues of hosts
Performance issues of hosts
An IS auditor is evaluating a virtual server environment and learns that the production server, development server, and management console are housed in the same physical host. What should be the auditor's PRIMARY concern?
A.
The physical host is a single point of failure
B.
The management console is a single point of failure
C.
The development server and management console share the same host
D.
The development and production servers share the same host
The physical host is a single point of failure
Which of the following is the MOST important reason to use statistical sampling?
A.
The results can reduce error rates
B.
It reduces time required for testing.
C.
The results are more defensible
D.
It ensures that all relevant cases are covered.
It ensures that all relevant cases are covered.
To BEST evaluate the effectiveness of a disaster recovery plan, the IS auditor should review the:
A.
test plan and results of past tests.
B.
plans and procedures in the business continuity plan
C.
capacity of backup facilities
D.
hardware and software inventory.
test plan and results of past tests.
Which of the following is MOST likely to result from compliance testing?
A.
Comparison of data with physical counts
B.
Confirmation of data with outside sources
C.
Identification of errors due to processing mistakes
D.
Discovery of controls that have not been applied
Discovery of controls that have not been applied
Which of the following would an IS auditor consider to be the MOST significant risk associated with a project to reengineer a business process?
A.
The negative impact of change may not be documented.
B.
The project manager is inexperienced in information systems.
C.
Existing controls may be weakened or removed.
D.
Existing baseline processes may not be reported to management.
Existing controls may be weakened or removed.
Following an IS audit recommendation, all Telnet and File Transfer Protocol (FTP) connections have been replaced by Secure Socket Shell (SSH) and Secure File Transfer Protocol (SFTP). Which risk treatment approach has the organization adopted?
A.
Acceptance
B.
Mitigation
C.
Transfer
D.
Avoidance
Mitigation
When reviewing the effectiveness of data center operations, the IS auditor would FIRST - stablish that system performance:
A.
is monitored and reported against agreed service levels
B.
reflects the expected usage levels established at implementation.
C.
meets the expected targets specified by the manufacturer.
D.
is within generally accepted reliability levels for that system.
is monitored and reported against agreed service levels
An audit team has a completed schedule approved by the audit committee. After starting some of the scheduled audits, executive management asked the team to immediately audit an additional process. There are not enough resources available to add the additional audit to the schedule. Which of the following is the BEST course of action?
A.
Revise the scope of scheduled audits
B.
Propose a revised audit schedule
C.
Approve overtime work to ensure the audit is completed.
D.
Consider scheduling the audit for the next period.
Propose a revised audit schedule
| Page 24 out of 85 Pages |
| 1112131415161718192021222324252627282930313233343536 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved