Updated Jan-2022 CISA Exam Practice Test Questions [Q119-Q138]

Share

Updated Jan-2022 CISA Exam Practice Test Questions

Verified CISA dumps Q&As 100% Pass in First Attempt Guaranteed Updated Dump

NEW QUESTION 119
Which type of testing is MOST important to perform during a project audit to help ensure business objectives are met?

  • A. Functional testing
  • B. Pilot testing
  • C. System testing
  • D. Regression testing

Answer: A

 

NEW QUESTION 120
A firewall is being deployed at a new location. Which of the following is the MOST important factor in ensuring a successful deployment?

  • A. Sharing firewall administrative duties
  • B. Training a local administrator at the new location
  • C. Reviewing logs frequently
  • D. Testing and validating the rules

Answer: D

Explanation:
Explanation/Reference:
Explanation:
A mistake in the rule set can render a firewall insecure. Therefore, testing and validating the rules is the most important factor in ensuring a successful deployment. A regular review of log files would not start until the deployment has been completed. Training a local administrator may not be necessary if the firewalls are managed from a central location. Having multiple administrators is a good idea, but not the most important.

 

NEW QUESTION 121
An external audit team is deciding whether to rely on internal audits work for an annual compliance audit Which of the following Is the GREATEST consideration when making this decision?

  • A. The level of documentation maintained by internal audit and the collect evidence
  • B. Independence of the internal audit department from management's influence
  • C. Years of experience each of the internal auditors have in performing compliance audits
  • D. Professional certifications held by the internal audit learn members

Answer: B

 

NEW QUESTION 122
The purpose of data migration testing is to validate data:

  • A. retention.
  • B. confidentiality.
  • C. availability.
  • D. completeness.

Answer: D

 

NEW QUESTION 123
Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (IDSs)?

  • A. An increase in the number of unfamiliar sources of intruders
  • B. An increase in the number of detected incidents not previously identified
  • C. An increase in the number of internally reported critical incidents
  • D. An increase in the number of identified false positives

Answer: C

 

NEW QUESTION 124
As an outcome of information security governance, strategic alignment provides:

  • A. an understanding of risk exposure.
  • B. institutionalized and commoditized solutions.
  • C. baseline security following best practices.
  • D. security requirements driven by enterprise requirements.

Answer: D

Explanation:
Information security governance, when properly implemented, should provide four basic outcomes: strategic alignment, value delivery, risk management and performance measurement. Strategic alignment provides input for security requirements driven by enterprise requirements. Value delivery provides a standard set of security practices, i.e., baseline security following best practices or institutionalized and commoditized solutions. Risk management provides an understanding of risk exposure.

 

NEW QUESTION 125
An IS auditor has imported data from the client's database. The next step-confirming whether the imported
data are complete-is performed by:

  • A. matching control totals of the imported data to control totals of the original data.
  • B. reviewing the printout of the first 100 records of original data with the first 100 records of imported data.
  • C. sorting the data to confirm whether the data are in the same order as the original data.
  • D. filtering data for different categories and matching them to the original data.

Answer: A

Explanation:
Section: Protection of Information Assets
Explanation:
Matching control totals of the imported data with control totals of the original data is the next logical step, as
this confirms the completeness of the imported datA. It is not possible to confirm completeness by sorting
the imported data, because the original data may not be in sorted order. Further, sorting does not provide
control totals for verifying completeness. Reviewing a printout of 100 records of original data with 100
records of imported data is a process of physical verification and confirms the accuracy of only these
records. Filtering data for different categories and matching them to original data would still require that
control totals be developed to confirm the completeness of the data.

 

NEW QUESTION 126
Which of the following metrics is MOST useful to an IS auditor when evaluating whether IT investments are meeting business objectives?

  • A. Realized return on investment (ROI) versus projected ROI
  • B. Actual versus projected customer satisfaction
  • C. Actual return on investment (ROI) versus industry average ROI.
  • D. Budgeted spend versus actual spend

Answer: B

 

NEW QUESTION 127
Which of the following is the BEST indicator of a mature quality management system (QMS)?

  • A. Continuous improvement has been integrated into business processes.
  • B. Most IT projects have been completed on time and within budget.
  • C. Projects are showing continuous improvement.
  • D. End users are satisfied with the outcome of IT projects.

Answer: B

Explanation:
Section: Information System Operations, Maintenance and Support

 

NEW QUESTION 128
"Under the concept of ""defense in depth"", subsystems should be designed to:"

  • A. ""fail secure"""
  • B. ""fail insecure"""
  • C. ""react to failure"""
  • D. ""react to attack"""
  • E. None of the choices.

Answer: A

Explanation:
"With 0""defense in depth"", more than one subsystem needs to be compromised to compromise the security of the system and the information it holds. Subsystems should default to secure settings, and wherever possible should be designed to ""fail secure"" rather than ""fail insecure""."

 

NEW QUESTION 129
The security level of a private key system depends on the number of:

  • A. messages sent.
  • B. keys.
  • C. encryption key bits.
  • D. channels used.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
The security level of a private key system depends on the number of encryption key bits. The larger the number of bits, the more difficult it would be to understand or determine the algorithm. The security of the message will depend on the encryption key bits used. More than keys by themselves, the algorithm and its complexity make the content more secured. Channels, which could be open or secure, are the mode for sending the message.

 

NEW QUESTION 130
Which of the following are valid choices for the Apache/SSL combination (Choose three.):

  • A. third-party SSL patches
  • B. the mod_css module
  • C. the Apache-SSL project
  • D. the mod_ssl module
  • E. None of the choices.

Answer: A,C,D

Explanation:
Section: Protection of Information Assets
Explanation/Reference:
Explanation:
On Linux you have Apache which is supposed to be a safer choice of web service. In fact you have several
choices for the Apache/SSL combination, such as the Apache-SSL project (www.apache-ssl.org) using
third-party SSL patches, or have Apache compiled with the mod_ssl module.

 

NEW QUESTION 131
The drives of a tile server are backed up at a hot site. Which of the following is the BEST way to duplicate the files stored on the server for forensic analysis?

  • A. Capture a bit-by-bit image of the file server's drives.
  • B. Run forensic analysis software on the backup drive.
  • C. Replicate the server's volatile data to another drive.
  • D. Create a logical copy of the file server's drives.

Answer: A

Explanation:
Section: Protection of Information Assets

 

NEW QUESTION 132
Which of the following is the MOST important determining factor when establishing appropriate timeframes
for follow-up activities related to audit findings?

  • A. Availability of IS audit resources
  • B. Remediation dates included in management responses
  • C. Peak activity periods for the business
  • D. Complexity of business processes identified in the audit

Answer: D

Explanation:
Section: The process of Auditing Information System

 

NEW QUESTION 133
Which of the following encryption methods uses a matching pair of key-codes, securely distributed, which are used once-and-only-once to encode and decode a single message?

  • A. Blowfish
  • B. Tripwire
  • C. one-time pad
  • D. certificate
  • E. None of the choices.
  • F. DES

Answer: C

Explanation:
Explanation/Reference:
Explanation:
It's possible to protect messages in transit by means of cryptography.
One method of encryption --the one-time pad --has been proven to be unbreakable when correctly used.
This method uses a matching pair of key- codes, securely distributed, which are used once-and-only-once to encode and decode a single message. Note that this method is difficult to use securely, and is highly inconvenient as well.

 

NEW QUESTION 134
A database administrator is responsible for:

  • A. defining data ownership.
  • B. establishing ground rules for ensuring data integrity and security.
  • C. creating the logical and physical database.
  • D. establishing operational standards for the data dictionary.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
A database administrator is responsible for creating and controlling the logical and physical database.
Defining data ownership resides with the head of the user department or top management if the data is common to the organization. IS management and the data administrator are responsible for establishing operational standards for the data dictionary. Establishing ground rules for ensuring data integrity and security in line with the corporate security policy is a function of the security administrator.

 

NEW QUESTION 135
Which of the following is the BEST method for preventing the leakage of confidential information in a laptop computer?

  • A. Use a biometric authentication device.
  • B. Enable the boot password (hardware-based password).
  • C. Use two-factor authentication to logon to the notebook.
  • D. Encrypt the hard disk with the owner's public key.

Answer: D

Explanation:
Only encryption of the data with a secure key will prevent the loss of confidential information. In such a case, confidential information can be accessed only with knowledge of the owner's private key, which should never be shared. Choices B, C and Ddeal with authentication and not with confidentiality of information. An individual can remove the hard drive from the secured laptop and install it on an unsecured computer, gaining access to the data.

 

NEW QUESTION 136
What is an IS auditor's BEST course of action when provided with a status update indicating audit recommendations related to segregation of duties for financial staff have been implemented?

  • A. Request documentation of the segregation of duties policy and procedures.
  • B. Note the department's response in the audit workpapers and records.
  • C. Verify sufficient segregation of duties controls are in place.
  • D. Confirm with the business that the recommendations are implemented.

Answer: C

Explanation:
Section: The process of Auditing Information System

 

NEW QUESTION 137
Which of the following is the PRIMARY criterion for identifying an incident severity level?

  • A. Time to recognition
  • B. Speed of recovery
  • C. Data integrity
  • D. Impact on business

Answer: D

 

NEW QUESTION 138
......

Ultimate Guide to Prepare Free CISA Exam Questions & Answer: https://drive.google.com/open?id=1IVQXYjZCXKVUAreaCTaXKmAvWL9vvK2y

Pass Isaca Certification CISA Exam With  440 Questions: https://www.newpassleader.com/ISACA/CISA-exam-preparation-materials.html