ExamGecko
Search Search Login
Home Home / Isaca / CISA

Isaca CISA Practice Test - Questions Answers, Page 84

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?
Which of the following poses the GREATEST risk to the use of active RFID tags?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
The FIRST step in an incident response plan is to:
An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?
An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, which of the following should present the GREATEST concern to the auditor?
Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?
An IS auditor is reviewing the backup procedures in an organization that has high volumes of data with frequent changes to transactions. Which of the following is the BEST backup scheme to recommend given the need for a shorter restoration time in the event of a disruption?

Question 831

Report
Export
Collapse

Which of the following is the PRIMARY objective of enterprise architecture (EA)?

A.
Maintaining detailed system documentation
A.
Maintaining detailed system documentation
Answers
B.
Managing and planning for IT investments
B.
Managing and planning for IT investments
Answers
C.
Executing customized development and delivery of projects
C.
Executing customized development and delivery of projects
Answers
D.
Enforcing the IT policy across the organization
D.
Enforcing the IT policy across the organization
Answers
Suggested answer: B

Question 832

Report
Export
Collapse

Who is PRIMARILY responsible for the design of IT controls to meet control objectives?

A.
Business management
A.
Business management
Answers
B.
Internal auditor
B.
Internal auditor
Answers
C.
Risk management
C.
Risk management
Answers
D.
ITC manager
D.
ITC manager
Answers
Suggested answer: D

Question 833

Report
Export
Collapse

Which of the following should be an IS auditor's GREATEST concern when reviewing an organization's security controls for policy compliance?

A.
The security policy has not been reviewed within the past year.
A.
The security policy has not been reviewed within the past year.
Answers
B.
Security policy documents are available on a public domain website.
B.
Security policy documents are available on a public domain website.
Answers
C.
Security policies are not applicable across all business units.
C.
Security policies are not applicable across all business units.
Answers
D.
End users are not required to acknowledge security policy training.
D.
End users are not required to acknowledge security policy training.
Answers
Suggested answer: B

Question 834

Report
Export
Collapse

An IT governance body wants to determine whether IT service delivery is based on consistently effective processes. Which of the following is the BEST approach?

A.
Evaluate key performance indicators (KPIs).
A.
Evaluate key performance indicators (KPIs).
Answers
B.
Conduct a gap analysis.
B.
Conduct a gap analysis.
Answers
C.
Develop a maturity model.
C.
Develop a maturity model.
Answers
D.
Implement a control self-assessment (CSA).
D.
Implement a control self-assessment (CSA).
Answers
Suggested answer: C

Question 835

Report
Export
Collapse

Which type of review is MOST important to conduct when an IS auditor is informed that a recent internal exploitation of a bug has been discovered in a business application?

A.
Penetration testing
A.
Penetration testing
Answers
B.
Application security testing
B.
Application security testing
Answers
C.
Forensic audit
C.
Forensic audit
Answers
D.
Server security audit
D.
Server security audit
Answers
Suggested answer: C

Question 836

Report
Export
Collapse

Which of the following is an analytical review procedure for a payroll system?

A.
Performing reasonableness tests by multiplying the number of employees by the average wage rate
A.
Performing reasonableness tests by multiplying the number of employees by the average wage rate
Answers
B.
Evaluating the performance of the payroll system using benchmarking software
B.
Evaluating the performance of the payroll system using benchmarking software
Answers
C.
Performing penetration attempts on the payroll system
C.
Performing penetration attempts on the payroll system
Answers
D.
Testing hours reported on time sheets
D.
Testing hours reported on time sheets
Answers
Suggested answer: A

Question 837

Report
Export
Collapse

Which of the following provides the BEST evidence that system requirements are met when evaluating a project before implementation?

A.
Integration testing results
A.
Integration testing results
Answers
B.
Sign-off from senior management
B.
Sign-off from senior management
Answers
C.
User acceptance testing (UAT) results
C.
User acceptance testing (UAT) results
Answers
D.
Regression testing results
D.
Regression testing results
Answers
Suggested answer: C

Question 838

Report
Export
Collapse

Which of the following should be of GREATEST concern to an IS auditor assessing an organization's patch management program?

A.
Patches are deployed from multiple deployment servers.
A.
Patches are deployed from multiple deployment servers.
Answers
B.
There is no process in place to scan the network to identify missing patches.
B.
There is no process in place to scan the network to identify missing patches.
Answers
C.
Patches for medium- and low-risk vulnerabilities are omitted.
C.
Patches for medium- and low-risk vulnerabilities are omitted.
Answers
D.
There is no process in place to quarantine servers that have not been patched.
D.
There is no process in place to quarantine servers that have not been patched.
Answers
Suggested answer: B

Question 839

Report
Export
Collapse

Which of the following should be done FIRST when creating a data protection program?

A.
Implement data loss prevention (DLP) controls.
A.
Implement data loss prevention (DLP) controls.
Answers
B.
Perform classification based on standards.
B.
Perform classification based on standards.
Answers
C.
Deploy intrusion detection systems (IDS).
C.
Deploy intrusion detection systems (IDS).
Answers
D.
Test logical access controls for effectiveness.
D.
Test logical access controls for effectiveness.
Answers
Suggested answer: B

Question 840

Report
Export
Collapse

A checksum is classified as which type of control?

A.
Corrective control
A.
Corrective control
Answers
B.
Administrative control
B.
Administrative control
Answers
C.
Detective control
C.
Detective control
Answers
D.
Preventive control
D.
Preventive control
Answers
Suggested answer: C
Total 1.198 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms