Topic 3: Exam Pool C
An e-commerce enterprise's disaster recovery (DR) site has 30% less processing capability than the primary site. Based on this information, which of the following presents the GREATEST risk?
A.
Network firewalls and database firewalls at the DR site do not provide high availability.
B.
No disaster recovery plan (DRP) testing has been performed during the last six months.
C.
The DR site is in a shared location that hosts multiple other enterprises
D.
The DR site has not undergone testing to confirm its effectiveness
The DR site has not undergone testing to confirm its effectiveness
An IS auditor discovers instances where software with the same license key is depbyed to multiple workstations, in breach of the licensing agreement. Which of the following is the auditor's BEST recommendation?
A.
Evaluate the business case for funding of additional licenses.
B.
Require business owner approval before granting software access
C.
Remove embedded keys from offending packages
D.
Implement software licensing monitoring to manage duplications
Implement software licensing monitoring to manage duplications
Which of the following would be the GREATEST concern to an IS auditor reviewing an IT outsourcing arrangement?
A.
Several IT personnel perform the same functions as the vendor
B.
The contract does not include a renewal option
C.
Development of KPIs that will be used was assigned to the vendor
D.
Some penalties were waived during contract negotiations.
Development of KPIs that will be used was assigned to the vendor
Which of the following is the MOST important factor when an organization is developing information security policies and procedures?
A.
Compliance with relevant regulations
B.
Cross-references between policies and procedures
C.
Inclusion of mission and objectives
D.
Consultation with management
Compliance with relevant regulations
Which of the following tasks should be performed during an organization's business continuity plan (BCP) test?
A.
Evaluate the security at the offsite facility
B.
Review the coverage of insurance
C.
Assess the critical information retrieval capability.
D.
Review the alternate processing site contract
Assess the critical information retrieval capability.
Which of the following is the MOST critical characteristic of a biometric system?
A.
Registration time
B.
Throughput rate
C.
Accuracy
D.
Ease of use
Accuracy
Which of the following is MOST important for an IS auditor to verify when reviewing a critical business application that requires high availability?
A.
Algorithms are reviewed to resolve process ineffictencies.
B.
Users participate in offsite business continuity testing
C.
There is no single point of failure
D.
Service level agreements (SlAs) are monitored.
There is no single point of failure
Which of the following BEST ensures that only authorized software is moved into a production environment?
A.
Restricting read/write access to production code to computer programmers only
B.
Assigning programming managers to transfer tested programs to production
C.
A librarian compiling source code into production after independent testing
D.
Requiring programming staff to move tested code into production
A librarian compiling source code into production after independent testing
Which of the following is the GREATEST concern with conducting penetration testing on an internally developed application in the production environment?
A.
The testing could create application availability issues.
B.
The testing may identify only known operating system vulnerabilities
C.
The issues identified during the testing may require significant remediation efforts
D.
Internal security staff may not be qualified to conduct application penetration testing
The testing could create application availability issues.
Which of the following human resources management practices BEST leads to the detection of fraudulent activity?
A.
Background checks
B.
Time reporting
C.
Employee code of ethics
D.
Mandatory time off
Mandatory time off
Which procedure provides the GREATEST assurance that corrective action to an audit report has been taken?
A.
Performing subsequent audit tests to verify resolution of the deficiencies
B.
Inquiring about the current status of the recommendation
C.
Reporting to the audit committee or the board of directors concerning specific action taken or lack thereof
D.
Requesting a written management reply to the audit report identifying corrective action for each deficiency
Performing subsequent audit tests to verify resolution of the deficiencies
Adopting a service-oriented architecture would MOST likely:
A.
facilitate connectivity between partners
B.
streamline all internal processes.
C.
compromise application software security
D.
inhibit integration with legacy systems
facilitate connectivity between partners
| Page 30 out of 85 Pages |
| 1718192021222324252627282930313233343536373839404142 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved