ExamGecko
Search Search Login
Home Home / Isaca / CISA

Isaca CISA Practice Test - Questions Answers, Page 35

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?
Which of the following poses the GREATEST risk to the use of active RFID tags?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
The FIRST step in an incident response plan is to:
An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?
Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?
An IS auditor is reviewing the backup procedures in an organization that has high volumes of data with frequent changes to transactions. Which of the following is the BEST backup scheme to recommend given the need for a shorter restoration time in the event of a disruption?
An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, which of the following should present the GREATEST concern to the auditor?

Question 341

Report
Export
Collapse

Which of the following will BEST ensure that a proper cutoff has been established to reinstate transactions and records to their condition just prior to a computer system failure?

A.
Rotating backup copies of transaction files offsite
A.
Rotating backup copies of transaction files offsite
Answers
B.
Using a database management system (DBMS) to dynamically back-out partially processed transactions
B.
Using a database management system (DBMS) to dynamically back-out partially processed transactions
Answers
C.
Maintaining system console logs in electronic formal
C.
Maintaining system console logs in electronic formal
Answers
D.
Ensuring bisynchronous capabilities on all transmission lines
D.
Ensuring bisynchronous capabilities on all transmission lines
Answers
Suggested answer: B

Explanation:

The best way to ensure that a proper cutoff has been established to reinstate transactions and records to their condition just prior to a computer system failure is to use a database management system (DBMS) to dynamically back-out partially processed transactions. A DBMS is a software system that manages the creation, manipulation, retrieval, and security of data stored in a database. A DBMS can provide features such as transaction management, concurrency control, recovery management, and integrity management. A DBMS can dynamically back-out partially processed transactions by using mechanisms such as rollback segments, undo logs, or write-ahead logs. These mechanisms allow the DBMS to restore the database to a consistent state before the failure occurred.Reference:

CISA Review Manual (Digital Version)

CISA Questions, Answers & Explanations Database

Question 342

Report
Export
Collapse

Which of the following is MOST important when planning a network audit?

A.
Determination of IP range in use
A.
Determination of IP range in use
Answers
B.
Analysis of traffic content
B.
Analysis of traffic content
Answers
C.
Isolation of rogue access points
C.
Isolation of rogue access points
Answers
D.
Identification of existing nodes
D.
Identification of existing nodes
Answers
Suggested answer: D

Explanation:

The most important factor when planning a network audit is to identify the existing nodes on the network. Nodes are devices or systems that are connected to the network and can communicate with each other. Nodes can include servers, workstations, routers, switches, firewalls, printers, scanners, cameras, etc. Identifying the existing nodes on the network will help the auditor to determine the scope, objectives, and methodology of the audit. It will also help the auditor to assess the network topology, architecture, performance, security, and compliance.Reference:

CISA Review Manual (Digital Version)

CISA Questions, Answers & Explanations Database

Question 343

Report
Export
Collapse

Which of the following BEST describes an audit risk?

A.
The company is being sued for false accusations.
A.
The company is being sued for false accusations.
Answers
B.
The financial report may contain undetected material errors.
B.
The financial report may contain undetected material errors.
Answers
C.
Employees have been misappropriating funds.
C.
Employees have been misappropriating funds.
Answers
D.
Key employees have not taken vacation for 2 years.
D.
Key employees have not taken vacation for 2 years.
Answers
Suggested answer: B

Explanation:

The best description of an audit risk is that the financial report may contain undetected material errors. Audit risk is the risk that the auditor expresses an inappropriate opinion on the financial report when it contains material misstatements or errors. Audit risk consists of three components: inherent risk, control risk, and detection risk. Inherent risk is the susceptibility of an assertion or a control to a material misstatement or error due to factors such as complexity, volatility, fraud, or human error. Control risk is the risk that a material misstatement or error will not be prevented or detected by the internal controls. Detection risk is the risk that the auditor's procedures will not detect a material misstatement or error that exists in an assertion or a control.Reference:

CISA Review Manual (Digital Version)

CISA Questions, Answers & Explanations Database

Question 344

Report
Export
Collapse

An IS auditor notes that the previous year's disaster recovery test was not completed within the scheduled time frame due to insufficient hardware allocated by a third-party vendor. Which of the following provides the BEST evidence that adequate resources are now allocated to successfully recover the systems?

A.
Service level agreement (SLA)
A.
Service level agreement (SLA)
Answers
B.
Hardware change management policy
B.
Hardware change management policy
Answers
C.
Vendor memo indicating problem correction
C.
Vendor memo indicating problem correction
Answers
D.
An up-to-date RACI chart
D.
An up-to-date RACI chart
Answers
Suggested answer: A

Explanation:

The best evidence that adequate resources are now allocated to successfully recover the systems is a service level agreement (SLA). An SLA is a contract between a service provider and a customer that defines the scope, quality, and terms of the service delivery. An SLA should include measurable and verifiable indicators of the service performance, such as availability, reliability, capacity, security, and recovery. An SLA should also specify the roles, responsibilities, and expectations of both parties, as well as the remedies and penalties for non-compliance. An SLA can help to ensure that the third-party vendor has allocated sufficient hardware and other resources to meet the recovery objectives and requirements of the organization.Reference:

CISA Review Manual (Digital Version)

CISA Questions, Answers & Explanations Database

Question 345

Report
Export
Collapse

Which of the following BEST helps to ensure data integrity across system interfaces?

A.
Environment segregation
A.
Environment segregation
Answers
B.
Reconciliation
B.
Reconciliation
Answers
C.
System backups
C.
System backups
Answers
D.
Access controls
D.
Access controls
Answers
Suggested answer: B

Explanation:

The best way to ensure data integrity across system interfaces is to perform reconciliation. Reconciliation is the process of comparing and verifying the data from different sources or systems to ensure that they are consistent, accurate, and complete. Reconciliation can help to identify and resolve any discrepancies, errors, or anomalies in the data that could affect the quality, reliability, or validity of the information. Reconciliation can also help to detect and prevent any unauthorized or fraudulent data manipulation or modification.Reference:

CISA Review Manual (Digital Version)

CISA Questions, Answers & Explanations Database

Question 346

Report
Export
Collapse

An organization is disposing of a system containing sensitive data and has deleted all files from the hard disk. An IS auditor should be concerned because:

A.
deleted data cannot easily be retrieved.
A.
deleted data cannot easily be retrieved.
Answers
B.
deleting the files logically does not overwrite the files' physical data.
B.
deleting the files logically does not overwrite the files' physical data.
Answers
C.
backup copies of files were not deleted as well.
C.
backup copies of files were not deleted as well.
Answers
D.
deleting all files separately is not as efficient as formatting the hard disk.
D.
deleting all files separately is not as efficient as formatting the hard disk.
Answers
Suggested answer: B

Explanation:

An IS auditor should be concerned because deleting the files logically does not overwrite the files' physical data. Deleting a file from a hard disk only removes the reference or pointer to the file from the file system, but does not erase the actual data stored on the disk sectors. The deleted data can still be recovered using special tools or techniques until it is overwritten by new data. This poses a risk of data leakage, theft, or misuse if the hard disk falls into the wrong hands. To securely dispose of a system containing sensitive data, the hard disk should be wiped or sanitized using methods that overwrite or destroy the physical data beyond recovery.Reference:

CISA Review Manual (Digital Version)

CISA Questions, Answers & Explanations Database

Question 347

Report
Export
Collapse

An IS auditor finds that the process for removing access for terminated employees is not documented What is the MOST significant risk from this observation?

A.
Procedures may not align with best practices
A.
Procedures may not align with best practices
Answers
B.
Human resources (HR) records may not match system access.
B.
Human resources (HR) records may not match system access.
Answers
C.
Unauthorized access cannot he identified.
C.
Unauthorized access cannot he identified.
Answers
D.
Access rights may not be removed in a timely manner.
D.
Access rights may not be removed in a timely manner.
Answers
Suggested answer: D

Explanation:

The most significant risk from this observation is that access rights may not be removed in a timely manner. If the process for removing access for terminated employees is not documented, there is no clear guidance or accountability for who, how, when, and what actions should be taken to revoke the access rights of the employees who leave the organization. This could result in delays, inconsistencies, or omissions in removing access rights, which could allow terminated employees to retain unauthorized access to the organization's systems and data. This could compromise the security, confidentiality, integrity, and availability of the information assets.Reference:

CISA Review Manual (Digital Version)

CISA Questions, Answers & Explanations Database

Question 348

Report
Export
Collapse

The PRIMARY objective of value delivery in reference to IT governance is to:

A.
promote best practices
A.
promote best practices
Answers
B.
increase efficiency.
B.
increase efficiency.
Answers
C.
optimize investments.
C.
optimize investments.
Answers
D.
ensure compliance.
D.
ensure compliance.
Answers
Suggested answer: C

Explanation:

The primary objective of value delivery in reference to IT governance is to optimize investments. Value delivery is one of the five focus areas of IT governance that aims to ensure that IT delivers expected benefits to stakeholders and enables business value creation. Value delivery involves aligning IT investments with business objectives and strategies, managing IT performance and benefits realization, optimizing IT costs and risks, and enhancing IT innovation and agility. Value delivery helps to maximize the return on investment (ROI) and value for money (VFM) of IT resources and capabilities.Reference:

CISA Review Manual (Digital Version)

CISA Questions, Answers & Explanations Database

Question 349

Report
Export
Collapse

What should an IS auditor do FIRST upon discovering that a service provider did not notify its customers of a security breach?

A.
Notify law enforcement of the finding.
A.
Notify law enforcement of the finding.
Answers
B.
Require the third party to notify customers.
B.
Require the third party to notify customers.
Answers
C.
The audit report with a significant finding.
C.
The audit report with a significant finding.
Answers
D.
Notify audit management of the finding.
D.
Notify audit management of the finding.
Answers
Suggested answer: D

Explanation:

The IS auditor should notify audit management of the finding first, as this is a significant issue that may affect the audit scope and objectives. The IS auditor should not notify law enforcement or require the third party to notify customers without consulting audit management first. The audit report with a significant finding should be issued after the audit is completed and the findings are validated.Reference:ISACA, CISA Review Manual, 27th Edition, 2018, page 247

Question 350

Report
Export
Collapse

Which of the following is a challenge in developing a service level agreement (SLA) for network services?

A.
Establishing a well-designed framework for network servirces.
A.
Establishing a well-designed framework for network servirces.
Answers
B.
Finding performance metrics that can be measured properly
B.
Finding performance metrics that can be measured properly
Answers
C.
Ensuring that network components are not modified by the client
C.
Ensuring that network components are not modified by the client
Answers
D.
Reducing the number of entry points into the network
D.
Reducing the number of entry points into the network
Answers
Suggested answer: B

Explanation:

One of the challenges in developing a SLA for network services is finding performance metrics that can be measured properly and reflect the quality of service expected by the customer. Establishing a well-designed framework for network services is not a challenge, but a good practice. Ensuring that network components are not modified by the client or reducing the number of entry points into the network are security issues, not SLA issues.Reference:ISACA, CISA Review Manual, 27th Edition, 2018, page 333

Total 1.198 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms