Topic 6: Exam Pool (Jul-Aug)
A legacy application is running on an operating system that is no longer supported by the vendor. If the
organization continues to use the current application, which of the following should be the IS auditor’s
GREATEST concern?
A.
Potential exploitation of zero-day vulnerabilities in the system
B.
Inability to update the legacy application database
C.
Increased cost of maintaining the system
D.
Inability to use the operating system due to potential license issues
Inability to use the operating system due to potential license issues
In an online application, which of the following would provide the MOST information about the transaction audit trail?
A.
File layouts
B.
System/process flowchart
C.
Source code documentation
D.
Data architecture
Source code documentation
Which of the following test approaches would utilize data analytics to validate customer authentication
controls for banking transactions?
A.
Evaluate configuration settings for transactions requiring customer identification.
B.
Review the business requirements document for customer identification requirements.
C.
Review transactions completed for one period that have blank customer identification fields.
D.
Attempt to complete a monetary transaction and leave the customer identification fields blank.
Review transactions completed for one period that have blank customer identification fields.
Which of the following is an IS auditor's BEST recommendation for mitigating risk associated with rapid expansion of hosts within a virtual environment?
A.
Limit access to the hypervisor operating system (OS) and administration console
B.
Ensure quick access to updated images of a guest operating system for fast recovery
C.
Consider using a third-party service provider to share the virtual machine (VM) risk
D.
Implement policies and processes to control virtual machine (VM) lifecycle management
Limit access to the hypervisor operating system (OS) and administration console
An organization allows employee use of personal mobile devices for corporate email. Which of the following should be the GREATEST IS audit concern?
A.
Email forwarding to private devices requires excessive network bandwidth
B.
There is no corporate policy for the acceptable use of private devices
C.
There is no adequate tracking of the working time spent out-of-hours
D.
The help desk is not able to fully support different kinds of private devices
There is no corporate policy for the acceptable use of private devices
Which of the following is the KST source of information for assessing the effectiveness of IT process
monitoring?
A.
Real-time audit software
B.
Performance data
C.
Quality assurance (QA) reviews
D.
Participative management techniques
Performance data
An organization with high security requirements is evaluating the effectiveness of biometric systems. Which of the following performance indicators is MOST important?
A.
False-identification rate (FIR)
B.
Equal-error rate (EER)
C.
False-rejection rate (FRR)
D.
False-acceptance rate (FAR)
False-acceptance rate (FAR)
Which of the following is the PRIMARY function of technology-driven enterprise architecture?
A.
To determine how new technologies fit into existing networks and data flows
B.
To re-engineer business processes to make better use of technology
C.
To help develop project documentation and related business process roadmaps
D.
To provide guidance on technological decisions in the context of business strategy
To provide guidance on technological decisions in the context of business strategy
Which of the following is the GREATEST risk associated with in-house program development and
customization?
A.
The lack of secure coding expertise
B.
The lack of a quality assurance function
C.
The lack of a test environment
D.
The lack of documentation for programs developed
The lack of secure coding expertise
An IS audit had identified that default passwords for a newly implemented application were not changed.
During the follow-up audit which of the
following would provide the BEST evidence that the finding was effectively addressed?
A.
Written confirmation from management that the passwords were changed
B.
Screenshots of system parameters requiring password changes on next login
C.
System-generated emails requiring application users to change passwords
D.
Application log files that record the password changes
Application log files that record the password changes
Due to the increasing size of a database, user access times and daily backups continue to increase. Which of
the following would be the BEST way to address this situation?
A.
Data modeling
B.
Data purging
C.
Data visualization
D.
Data mining
Data purging
When reviewing a database supported by a third-party service provider, an IS auditor found minor control deficiencies. The auditor should FIRST discuss recommendations with the:
A.
service provider support team manager
B.
organization’s service level manager
C.
organization’s chief information officer (CIO)
D.
service provider contract liaison
organization’s service level manager
| Page 37 out of 85 Pages |
| 2425262728293031323334353637383940414243444546474849 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved