Topic 3: Exam Pool C
A CIO has asked an IS auditor to implement several security controls for an organization s
IT processes and systems. The auditor should:
A.
obtain approval from executive management for the implementation
B.
communicate the conflict of interest to audit management
C.
perform the assignment and future audits with due professional care.
D.
refuse due to independence issues.
communicate the conflict of interest to audit management
Which of the following is the MOST effective way to identify anomalous transactions when performing a payroll fraud audit?
A.
Substantive testing of payroll files
B.
Data analytics on payroll data
C.
Observation of payment processing
D.
Sample-based review of pay stubs
Data analytics on payroll data
Which of the following findings would have the GREATEST impact on the objective of a business intelligence system?
A.
Key controls have not been tested in a year.
B.
Decision support queries use database functions proprietary to the vendor.
C.
The hot site for disaster recovery does not include the decision support system.
D.
Management reports have not been evaluated since implementation.
Key controls have not been tested in a year.
An organization has purchased a replacement mainframe computer to cope with the demands of increased business. Which of the following should be the PRIMARY concern of an IS auditor?
A.
The disaster recovery plan has been reviewed and updated.
B.
Application access controls are adequate.
C.
Appropriate tender evaluation processes have been followed
D.
The procurement is within the planned budget for the year.
The procurement is within the planned budget for the year.
A web application is developed in-house by an organization. Which of the following would provide the BEST evidence to an IS auditor that the application is secure from external attack?
A.
Code review by a third party
B.
Web application firewall implementation
C.
Penetration test results
D.
Database application monitoring logs
Web application firewall implementation
An IS auditor finds that confidential company data has been inadvertently leaked through social engineering. The MOST effective way to help prevent a recurrence of this issue is to implement:
A.
penalties to staff for security policy breaches
B.
a third-party intrusion prevention solution
C.
a security awareness program
D.
data loss prevention (DIP) software
a security awareness program
Which of the following controls is MOST appropriate against brute force attacks at login?
A.
Storing password files using one-way encryption
B.
Locking the account after three invalid passwords
C.
Storing passwords under a one-way hash function
D.
Increasing the minimum password length to 10 characters
Locking the account after three invalid passwords
After an external IS audit, which of the following should be IT management's MAIN consideration when determining the prioritization of follow-up activities?
A.
The scheduling of major changes in the control environment
B.
The materiality of the reported findings
C.
The availability of the external auditors
D.
The amount of time since the initial audit was completed
The materiality of the reported findings
Which of the following should be the PRIMARY consideration for IT management when selecting a new information security tool that monitors suspicious file access patterns?
A.
Integration with existing architecture
B.
Ease of support and troubleshooting
C.
Data correlation and visualization capabilities
D.
Ability to contribute to key performance indicator data
Integration with existing architecture
IS audit is asked 10 explain how local area network (LAN) servers can contribute to a rapid dissemination of viruses. The IS auditor's BEST response is that:
A.
the server's software is the prime target and is the first to be infected
B.
the server's operating system exchanges data with each station starting at every log-on.
C.
the server's file sharing function facilitates the distribution of files and applications
D.
users of a given server have similar usage of applications and files.
the server's operating system exchanges data with each station starting at every log-on.
During an audit, which of the following would be MOST helpful in establishing a baseline for measuring data quality?
A.
Built-in data error prevention application controls
B.
Industry standard business definitions
C.
Input from customers
D.
Validation of rules by the business
Input from customers
An IS auditor has observed gaps in the data available to the organization for detecting incidents. Which of the following would be the BEST recommendation to improve the organization's security incident response capability?
A.
Document procedures for incident escalation
B.
Document procedures for incident classification
C.
Correlate security logs collected from multiple source
D.
Centralize alerts and security log information
Correlate security logs collected from multiple source
| Page 28 out of 85 Pages |
| 1516171819202122232425262728293031323334353637383940 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved