Topic 3: Exam Pool C
For an organization which uses a VoIP telephony system exclusively, the GREATEST concern associated with leaving a connected telephone in an unmonitored public area is the possibility of:
A.
theft of destruction of an expensive piece of electronic equipment.
B.
unauthorized use leading to theft of services and financial loss,
C.
network compromise due to the introduction of malware.
D.
connectivity issues when used with an analog local exchange earner.
unauthorized use leading to theft of services and financial loss,
Which of the following would BEST assist senior management in evaluating IT performance as well as the alignment between corporate and IT strategic objectives?
A.
Control self-assessment
B.
IT project value analysis
C.
Enterprise architecture
D.
Balanced scorecard
Balanced scorecard
Which of the following provides the BEST evidence that network filters are functioning?
D18912E1457D5D1DDCBD40AB3BF70D5D
A.
Reviewing network configuration rules
B.
Reviewing network filtering policy
C.
Performing network port scans
D.
Analyzing network performance
Performing network port scans
An IS auditor notes that due to the small size of the organization, human resources staff can create new
employees in the payroll system as well
as process payroll. Which of the following is the BEST recommendation to address this situation?
A.
Implement a periodic user access review over the payroll system
B.
Outsource the processing of payroll to a third party
C.
Hire additional staff so that access for the two functions can be segregated.
D.
Implement periodic reviews of employees in the payroll system.
Implement a periodic user access review over the payroll system
Which of the following is a prerequisite to help ensure that IS hardware and software support the delivery of
mission-critical functions?
A.
Control over IS infrastructure expenditure
B.
A comprehensive IS applications architecture
C.
Documented emergency change procedures
D.
An independent audit of the process
An independent audit of the process
The PRIMARY purpose for an IS auditor to review previous audit reports during the planning phase of a
current audit is to:
A.
identify applicable regulatory requirements for the current audit.
B.
adjust audit scope to reduce testing in areas related to previous findings.
C.
become informed about the auditee s business processes.
D.
ensure that previously identified risks are addressed in the audit program.
ensure that previously identified risks are addressed in the audit program.
The MOST important reason for documenting all aspects of a digital forensic investigation is that
documentation:
A.
provides traceability for independent investigation by third parties.
B.
ensures compliance with corporate incident response policies.
C.
ensures the process will be repeatable in future investigations.
D.
meets IT audit documentation standards.
provides traceability for independent investigation by third parties.
IS audit is asked 10 explain how local area network (LAN) servers can contribute to a rapid dissemination of
viruses. The IS auditor's BEST response is that:
A.
the server's software is the prime target and is the first to be infected
B.
the server's operating system exchanges data with each station starting at every logon.
C.
the server's file sharing function facilitates the distribution of files and applications.
D.
users of a given server have similar usage of applications and files.
the server's operating system exchanges data with each station starting at every logon.
After discussing findings with an auditee, an IS auditor is required to obtain approval of the report from the
CEO before issuing it to the audit committee. This requirement PRIMARILY affects the IS auditor's:
A.
judgment
B.
effectiveness
C.
independence
D.
integrity
independence
An organization has suffered a number of incidents in which USB flash drives with sensitive data have been
lost. Which of the following would be
MOST effective in preventing loss of sensitive data?
A.
Issuing encrypted USB flash drives to staff
B.
Implementing a check-m/check-out process for USB flash drives
C.
Increasing the frequency of security awareness training
D.
Modifying the disciplinary policy to be more stringent
Issuing encrypted USB flash drives to staff
Which of the following firewall technologies involves examining the header of every packet of data traveling
between the Internet and the corporate network without examining the previous packets?
A.
Stateful filtering
B.
Stateless filtering
C.
Proxy servers
D.
Bastion host
Stateless filtering
When migrating critical systems to a cloud provider, the GREATEST data security concern for an
organization would be that data from different clients may be:
A.
subject to different service level agreements (SLAs) for disaster recovery.
B.
subject to varying government compliance regulations.
C.
requested during a legal discovery process
D.
improperly separated from each other.
improperly separated from each other.
| Page 31 out of 85 Pages |
| 1819202122232425262728293031323334353637383940414243 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved