Topic 6: Exam Pool (Jul-Aug)
An organization’s audit charter should:
A.
set the enterprise strategic direction.
B.
detail the audit objectives.
C.
define the auditors’ right to access information.
D.
include the IS audit plan.
detail the audit objectives.
During audit planning, an IS auditor walked through the design of controls related to a new data loss
prevention tool. It was noted that the tool will be configured to alert. IT management when large files are sent
outside of the organization via email. What type of control will be tested?
A.
Detective
B.
Corrective
C.
Directive
D.
Preventive
Detective
A potential risk of executing a program on an Internet site is that it may:
A.
install executable code on the computer.
B.
lack version control, which may result in the use of an older program.
C.
overwrite system files with older versions
D.
be browser-dependent, and therefore abort.
lack version control, which may result in the use of an older program.
A company has located its computer center on a moderate earthquake fault. Which of the following is the MOST important consideration in establishing a contingency plan and an alternate processing site?
A.
The alternative site does not reside on the same fault no matter how far the distance apart.
B.
The alternative site is a hot site with equipment ready to resume processing immediately
C.
The contingency plan for high priority applications does not involve a shared cold site.
D.
The contingency plan provides for backup tapes to be taken to the alternative site.
The alternative site does not reside on the same fault no matter how far the distance apart.
Which of the following would provide the BEST evidence for an IS auditor to determine whether segregation
of duties is in place?
A.
A walk-through of job functions
B.
An analysis of user access requests
C.
A review of the organizational chart
D.
A review of personnel files
An analysis of user access requests
An IS auditor s role in privacy and security is to:
A.
implement risk management methodologies
B.
verify compliance with applicable laws.
C.
assist in developing an IS security strategy.
D.
assist the governance steering committee with implementing a security policy.
verify compliance with applicable laws.
During an audit of a mission-critical system hosted in an outsourced data center, an IS auditor discovers that
contracted routine maintenance for the alternate power generator was not performed. Which of the following
should be the auditor's MAIN concern?
A.
Fraudulent behavior by the outsourcer charging for work not performed
B.
Failure of the alternate power generator during a power outage
C.
High repair costs if faulty generator parts are not detected in a timely manner
D.
Loss of warranty due to lack of system maintenance
Failure of the alternate power generator during a power outage
An IS auditor is reviewing the upgrading of an operating system. Which of the following would be the
GREATEST audit concern?
A.
The lack of change control
B.
The lack of malware protection
C.
The lack of release notes
D.
The lack of activity logging
The lack of change control
Which of the following is the BEST method to assess the adequacy of security awareness in an organization?
A.
Confirming a security awareness program exists
B.
Interviewing employees about security responsibility
C.
Administering security survey questionnaires
D.
Observing employee security behaviors
Observing employee security behaviors
When implementing a software product (middleware) to pass data between local area network (LAN) servers
and the mainframe, the MOST critical control consideration is:
A.
cross-platform authentication
B.
time synchronization of databases
C.
network traffic levels between platforms
D.
time-stamping of transactions to facilitate recovery
time-stamping of transactions to facilitate recovery
An IT governance framework provides an organization with:
A.
assurance that there are surplus IT investments
B.
assurance that there will be IT cost reductions
C.
a basis for directing and controlling IT.
D.
organizational structures to enlarge the market share through IT
a basis for directing and controlling IT.
An organization is moving its on-site application servers to a service provider that operates a virtualized
environment shared by multiple
customers. Which of the following is the MOST significant risk to the organization?
A.
Service provider access to organizational data
B.
Competing workloads from other clients
C.
Account hacking from other clients
D.
Service provider limiting the right to audit
Competing workloads from other clients
| Page 33 out of 85 Pages |
| 2021222324252627282930313233343536373839404142434445 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved