Topic 1: Exam Pool A
To develop a robust data security program, the FIRST course of action should be to:
A.
perform an inventory of assets.
B.
implement data loss prevention controls.
C.
interview IT senior management.
D.
implement monitoring, controls
perform an inventory of assets.
To confirm integrity for a hashed message, the receiver should use
A.
a different hashing algorithm from me sender s to create a binary image of the file
B.
the same hashing algorithm as the tender s to create a numerical representation of the file.
C.
a different hashing algorithm from the sender s to create a numerical representation of the file
D.
the same hashing algorithm as the sender’s to create a binary image of the file.
the same hashing algorithm as the sender’s to create a binary image of the file.
An organization is considering replacing physical backup tapes stored offsite with real-time on-line backup to a storage area network (SAN) located in the primary data center. Which of the following is the GREATEST risk?
A.
Backups may require excessive storage space.
B.
Implementation could cause significant cost increases.
C.
Archived data may not satisfy data retention requirements.
D.
A single disaster could cause significant data loss
A single disaster could cause significant data loss
An organization offers an online information security awareness program to employees on an annual basis. Which of the following findings from an audit of the program should be the IS auditor's GREATEST concern?
A.
Training completion is not mandatory for staff
B.
New employees are given three months to complete the training.
C.
The post-training test content is two years old.
D.
Employees have complained about the length of the program
Training completion is not mandatory for staff
A bank is relocating its servers to a vendor that provides data center hosting services to multiple clients. Which of the following controls would restrict other clients from physical access to the bank servers?
A.
Locking server cages
B.
Biometric access at all data center entrances
C.
24-hour security guards
D.
Closed-circuit television camera
Locking server cages
Which of the following will enable a customer to authenticate an online Internet vendor?
A.
Customer verifies the vendor is certificate with a certificate authority (CA).
B.
Vendor signs a reply using a hash function and the customer s public key.
C.
Vendor decrypts incoming orders using its own private key.
D.
Customer encrypts an order using the vendor s public key.
Customer verifies the vendor is certificate with a certificate authority (CA).
During a business process re-engineering (BPR) program, IT can assist with:
A.
segregation of duties
B.
streamlining of tasks
C.
total cost of ownership,
D.
focusing on value-added tasks.
focusing on value-added tasks.
Which of the following entities is BEST suited to define the data classification levels within an organization?
A.
Business owner responsible for the respective data
B.
Database administrator based on the data schema
C.
System administrate responsible for data security controls
D.
Legal compliance team based on the applicable regulations
Business owner responsible for the respective data
An IS auditor has been asked to advise on the design and implementation of IT management best practices Which of the following actions would impair the auditor's independence?
A.
Implementing risk response on management’s behalf
B.
Evaluating the risk management process
C.
Providing consulting advice for managing applications
D.
Designing an embedded audit module
Implementing risk response on management’s behalf
When auditing a quality assurance plan, an IS auditor should be MOST concerned if the:
A.
SDLC is coupled with the quality assurance plan
B.
quality assurance function is periodically reviewed by internal audit
C.
scope of quality assurance activities is undefined
D.
quality assurance function is separate from the programming function
scope of quality assurance activities is undefined
During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed The auditor should FIRST.
A.
evaluate the impact on current disaster recovery capability.
B.
issue an intermediate report to management
C.
conduct additional compliance testing
D.
perform business impact analysis
issue an intermediate report to management
Which of the following is the BEST type of backup to minimize the associated time and media/
A.
Compressed full
B.
Mirror
C.
Incremental
D.
Differential
Incremental
| Page 7 out of 85 Pages |
| 1234567891011121314151617181920212223242526 |
| CISA Practice Test Home |
Real-World Scenario Mastery: Our CISA practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CISA practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved