Topic 6: Exam Pool (Jul-Aug)
During a post-incident review of a security breach, what type of analysis should an IS auditor expect to be performed by the organization's information security team?
A.
Gap analysis
B.
Business impact analysis (BIA)
C.
Qualitative risk analysis
D.
Root cause analysis
Root cause analysis
During the planning stage of compliance audit, an IS auditor discovers that the bank’s inventory of compliance
requirements does not include recent regulatory changes related to managing data risk. What would the auditor
do FIRST?
A.
Exclude recent regulatory changes from the audit scope
B.
Discuss potential regulatory issues with the legal department
C.
Ask management why the regulatory changes have not been included
D.
Report the missing regulatory updates to the chief information officer (CIO)
Ask management why the regulatory changes have not been included
Reorganization of databases is undertaken PRIMARILY to:
A.
reduce backout and recovery times.
B.
improve data access and retrieval times
C.
reduce simultaneous update time and index validation
D.
eliminate duplicates and perform data backup.
improve data access and retrieval times
Following an acquisition, it was decided that legacy applications subject to compliance requirements will
continue to be used until they can be phased out. The IS auditor needs to determine where there are control
redundancies and where gaps may exist. Which of the following activities would be MOST helpful in making
this determination?
A.
Control self-assessments
B.
Risk assessment
C.
Control testing
D.
Control mapping
Control mapping
Which of the following is MOST likely to be included in a post-implementation review?
A.
Test results
B.
Results of live processing
C.
Development methodology
D.
Current sets of test data
Results of live processing
An organization has outsourced its data processing function to a service provider. Which of the following
would BEST determine whether the
service provider continues to meet the organization s objectives?
A.
Periodic audits of controls by an independent auditor
B.
Assessment of the personnel training processes of the provider
C.
Adequacy of the service provider's insurance
D.
Review of performance against service level agreements (SLAs)
Review of performance against service level agreements (SLAs)
Which of the following controls is MOST effective in detecting spam?
A.
Denying transmission control protocol (TCP) connections in the mail server
B.
Using heuristic filters based on the content of the message
C.
Refusing Internet protocol (IP) connections at the router
D.
Registering the recipient with keepers of spam lists
Using heuristic filters based on the content of the message
Which of the following would BEST deter the theft of corporate information from a laptop?
A.
Install biometric access controls.
B.
Encrypt all data on the hard drive.
C.
Protect files with passwords.
D.
Encrypt the file allocation table (FAT).
Encrypt all data on the hard drive.
Which of the following observations should be of GREATEST concern to an IS auditor performing a review of an organization’s IT governance structure?
A.
The chief risk officer is also the chief information officer.
B.
The chief information officer is prohibited from making capital decisions regarding IT.
C.
The IT steering committee has oversight of the IT budget.
D.
There are no IT subject matter expects on the board of directors.
D18912E1457D5D1DDCBD40AB3BF70D5D
The chief risk officer is also the chief information officer.
Internal audit reports should be PRIMARILY written for and communicated to:
A.
audit management as they are responsible for the quality of the audit.
B.
external auditors, as they provide an opinion on the financial statements.
C.
auditees, as they will eventually have to implement the recommendations
D.
senior management as they should be informed about the identified risks.
senior management as they should be informed about the identified risks.
Which of the following should be an IS auditor's GREATEST consideration when scheduling follow-up
activities for agreed-upon management responses to remediate audit observations?
A.
Business interruption due to remediation
B.
IT budgeting constraints
C.
Risk rating of original findings
D.
Availability of responsible IT personnel
Risk rating of original findings
An IS auditor determines that a business impact analysis (BIA) was not conducted during the development of a business continuity plan (BCP). What is the MOST significant risk that could result from this situation?
A.
Responsibilities are not property defined.
B.
Recovery time objectives (RTOs) are not correctly determined.
C.
Key performance indicators (KPIs) are not aligned.
D.
Critical business applications are not covered.
Critical business applications are not covered.
| Page 41 out of 85 Pages |
| 2829303132333435363738394041424344454647484950515253 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved