Topic 3: Exam Pool C
Which of the following factors will BEST promote effective information security management?
A.
Senior management commitment
B.
Identification and risk assessment of sensitive resources
C.
Security awareness training
D.
Security policy framework
Senior management commitment
Which of the following is the MOST effective way to minimize the risk of a SQL injection attack?
A.
Reconfiguring content filtering settings
B.
Performing activity monitoring
C.
Using secure coding practices
D.
Implementing an intrusion detection tool
Using secure coding practices
An organization is using a single account shared by personnel for its social networking marketing page. Which of the following is the BEST method to maintain accountability over the account?
A.
Reviewing access rights on a periodic basis
B.
Integrating the account with single sign-on
C.
Regular monitoring of proxy server logs
D.
Implementing an account password check-out process
Reviewing access rights on a periodic basis
Which of the following BEST helps to identify errors during data transfer?
A.
Decrease the size of data transfer packets.
B.
Test the integrity of the data transfer.
C.
Review and verify the data transfer sequence numbers.
D.
Enable a logging process for data transfer.
Review and verify the data transfer sequence numbers.
To maintain the confidentiality of information moved between office and home on removable media, which of the following is the MOST effective control?
A.
Mandatory file passwords
B.
Security awareness training
C.
Data encryption
D.
Digitally signed media
Data encryption
Which of the following would be considered the BEST compensating control to use when an emergency process, rather than the established control procedures, is used for database changes?
A.
Using an emergency user account with the access to make changes to the database
B.
Using the administrator's own account to make out-of-hours changes
C.
Logging detailed before-and-after images for later review by the administrator
D.
Logging user's ID and change details for later review by the administrator
Logging user's ID and change details for later review by the administrator
Which of ihe following should be done FIRST to effectively define the IT audit universe for an entity with multiple business lines?
A.
Identify aggregate residual IT risk for each business line.
B.
Obtain a complete listing of the entity's IT processes
C.
Obtain a complete listing of assets fundamental to the entity's businesses
D.
Identify key control objectives for each business line's core processes
Obtain a complete listing of assets fundamental to the entity's businesses
Which of the following is the BEST physical security solution for granting and restricting access to individuals based on their unique access needs?
A.
Bolting door locks
B.
Cipher locks
C.
Closed-circuit television (CCTV)
D.
Electronic badge system
Electronic badge system
During an audit of an organization s incident management process, an IS auditor teams that the security operations team includes detailed reports of recent attacks in its communications to employees. Which of the following is the GREATEST concern with this situation?
A.
Employees may fail to understand the seventy of the threats
B.
The reports may be too complex for a nontechnical audience
C.
Employees may misuse the information in the reports
D.
There is not a documented procedure to communicate the reports
Employees may misuse the information in the reports
Which of the following is a detective control that can be used to uncover unauthorized access to information systems?
A.
Requiring long and complex passwords for system access
B.
Implementing a security information and event management (SIEM) system
C.
Requiring internal audit to perform penodic reviews of system access logs
D.
Protecting access to the data center with multif actor authentication
Implementing a security information and event management (SIEM) system
Which of the following is MOST important to ensure when planning a black box penetration test?
A.
The test results will be documented and communicated to management
B.
Diagrams of the organization s network architecture are available.
C.
The environment and penetration test scope have been determined
D.
The management of the client organization is aware of the testing.
The environment and penetration test scope have been determined
During an audit of a mission-critical system hosted in an outsourced data center, an IS auditor discovers that contracted routine maintenance for the alternate power generator was not performed. Which of the following should be the auditor's MAIN concern?
A.
Fraudulent behavior by the outsourcer charging for work not performed
B.
Failure of the alternate power generator during a power outage
C.
High repair costs if faulty generator parts are not detected in a timely manner
D.
Loss of warranty due to lack of system maintenance
Failure of the alternate power generator during a power outage
| Page 27 out of 85 Pages |
| 1415161718192021222324252627282930313233343536373839 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved