Free preview mode
Enjoy the free questions and consider upgrading to gain full access!
CISA
Free trial
Verified
Question 101
Which of the following is the BEST way to reduce the risk of vulnerabilities introduced by rapid deployment of applications?
- A: Review a sample of historical production changes to identify abnormalities.
- B: Perform security audits during the development life cycle.
- C: Review change management policies and procedures.
- D: Conduct a post-deployment security audit to identify vulnerabilities.
Question 102
An organization has assigned two new IS auditors to audit a new system implementation. One of the auditors has an IT-related degree, and one has a business degree. Which of the following is MOST important to meet the IS audit standard for proficiency?
- A: The standard is met as long as a supervisor reviews the new auditors' work.
- B: The standard is met as long as one member has a globally recognized audit certification.
- C: Team member assignments must be based on individual competencies.
- D: Technical co-sourcing must be used to help the new staff.
Question 103
Which of the following is the ULTIMATE objective of performing a phishing simulation test?
- A: To improve the level of security awareness
- B: To remove the need to install spam filtering
- C: To reduce the likelihood of cyber incidents
- D: To identify the occurrence of cyber events
Question 104
Which of the following is MOST important to include in a data retention policy to reduce legal liabilities associated with information life cycle management?
- A: Ensuring that unnecessary data is not stored.
- B: Reducing the cost of data storage through media sanitization.
- C: Ensuring that personal information is destroyed.
- D: Requiring that data be securely wiped so it cannot be restored for legal discovery.
Question 105
An IS auditor is performing an integrated audit covering payment processing activities using point-of-sale (POS) systems. Which of the following findings related to personal identification numbers (PINs) should be of GREATEST concern?
- A: Cardholder PINs are encrypted and stored on the local POS terminal.
- B: Cardholders are not required to enter their PINs.
- C: Cardholders may select any 4-digit PIN without restrictions.
- D: Cardholder PINs are not encrypted on the central computer.
Question 106
Data from a revenue collection system is uploaded into an enterprise data warehouse to be used for reporting purposes. An IS audit identifies that some revenue transactions were uploaded into the warehouse twice. Which of the following is the GREATEST risk in this situation?
- A: Data in the warehouse may not be secure.
- B: Reports generated from the data warehouse may lead to incorrect, decisions.
- C: Data in the revenue collection system may not match data in the warehouse.
- D: Significant time may be required to identify double-counted transactions
Question 107
Which of the following is an IS auditor's BEST recommendation to protect an organization from attacks when its file server needs to be accessible to external users?
- A: Enhance internal firewalls.
- B: Enforce a secure tunnel connection.
- C: Set up a demilitarized zone (DMZ).
- D: Implement a secure protocol.
Question 108
Which of the following is the BEST evidence that a project is ready for production?
- A: A parallel test over a full processing cycle has been successful.
- B: A pilot implementation with reduced scope has been tested and approved.
- C: A detailed conversion plan has been rehearsed in two desktop exercises.
- D: Rollback procedures have been successfully tested.
Question 109
An IS auditor has been tasked to review the processes that prevent fraud within a business expense claim system. Which of the following stakeholders is MOST important to involve in this review?
- A: Quality assurance (QA) manager
- B: Business department executive
- C: Information security manager
- D: Business process owner
Question 110
Which of the following is the MOST likely reason that local area network (LAN) servers can contribute to the rapid distribution of viruses?
- A: Users of a server often load the same programs.
- B: Server software is the first to be infected.
- C: The server exchanges data with each workstation at logon time.
- D: The server's file-sharing function facilitates distribution of files.
Question 111
Which of the following is an example of a preventive control for physical access?
- A: Implementing a fingerprint-based access control system for the building
- B: Installing closed-circuit television (CCTV) cameras for all ingress and egress points
- C: Keeping log entries for all visitors to the building
- D: Implementing a centralized logging server to record instances of staff logging into workstations
Question 112
Which of the following should be considered when examining fire suppression systems as part of a data center environmental controls review?
- A: Maintenance procedures
- B: Onsite replacement availability
- C: Installation manuals
- D: Insurance coverage
Question 113
Which of the following would be MOST effective to protect information assets in a data center from theft by a vendor?
- A: Conceal data devices and information labels.
- B: Issue an access card to the vendor.
- C: Monitor and restrict vendor activities.
- D: Restrict use of portable and wireless devices.
Question 114
Which of the following is a social engineering attack method?
- A: A hacker walks around an office building using scanning tools to search for a wireless network to gain access.
- B: An employee is induced to reveal confidential IP addresses and passwords by answering questions over the phone.
- C: An unauthorized person attempts to gain access to secure premises by following an authorized person through a secure door.
- D: An intruder eavesdrops and collects sensitive information flowing through the network and sells it to third parties.
Question 115
A new system development project is running late against a critical implementation deadline. Which of the following is the MOST important activity?
- A: Ensure that code has been reviewed.
- B: Perform user acceptance testing (UAT).
- C: Document last-minute enhancements.
- D: Perform a pre-implementation audit.
Question 116
A finance department has a multi-year project to upgrade the enterprise resource planning (ERP) system hosting the general ledger, and in year one, the system version upgrade will be applied. Which of the following should be the PRIMARY focus of the IS auditor reviewing the first year of the project?
- A: Network performance testing
- B: User acceptance testing (UAT)
- C: Unit testing
- D: Regression testing
Question 117
Which of the following provides the MOST useful information to an IS auditor when selecting projects for inclusion in an IT audit plan?
- A: Project charter
- B: Project business case
- C: Project issue log
- D: Project plan
Question 118
Which type of device sits on the perimeter of a corporate or home network, where it obtains a public IP address and then generates private IP addresses internally?
- A: Gateway
- B: Switch
- C: Intrusion prevention system (IPS)
- D: Router
Question 119
An IS auditor observes that a large number of departed employees have not been removed from the accounts payable system. Which of the following is MOST important to determine in order to assess the risk?
- A: The ability of departed employees to actually access the system
- B: The frequency of user access reviews performed by management
- C: The process for terminating access of departed employees
- D: The frequency of intrusion attempts associated with the accounts payable
Question 120
Which of the following audit findings should be given the HIGHEST priority?
- A: IT key risk indicators (KRIs) are calculated internally by the IT team.
- B: The organization's IT investment exceeds industry benchmarks.
- C: IT key risk indicators (KRIs) are not periodically reviewed.
- D: The board’s agenda does not include the progress of IT projects.
Question 121
Which of the following provides the MOST useful information for performing a business impact analysis (BIA)?
- A: Policies for business procurement
- B: Inventory of relevant business processes
- C: Results of business resumption planning efforts
- D: Documentation of application configurations
Question 122
When auditing the feasibility study of a system development project, the IS auditor should:
- A: review the request for proposal (RFP) to ensure that it covers the scope of work.
- B: ensure that vendor contracts are reviewed by legal counsel.
- C: review cost-benefit documentation for reasonableness.
- D: review qualifications of key members of the project team.
Question 123
Which of the following observations should be of GREATEST concern to an IS auditor when auditing web application security control as part of an IT general controls audit?
- A: The application control configuration is not available.
- B: An application control assessment has not been performed.
- C: An application control matrix has not been established.
- D: Application control is not aligned with an IT framework.
Question 124
Transaction records from a business database were inadvertently deleted, and system operators decided to restore from a snapshot copy. Which of the following provides the BEST assurance that the transactions were recovered successfully?
- A: Recount the transaction records to ensure no records are missing.
- B: Compare transaction values against external statements to verify accuracy.
- C: Rerun the process on a backup machine to verify the results are the same.
- D: Review transaction recovery logs to ensure no errors were recorded.
Question 125
Which of the following will BEST ensure that a proper cutoff has been established to reinstate transactions and records to their condition just prior to a computer system failure?
- A: Rotating backup copies of transaction files offsite
- B: Ensuring bisynchronous capabilities on all transmission lines
- C: Maintaining system console logs in electronic format
- D: Using a database management system (DBMS) to dynamically back-out partially processed transactions
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!