ExamGecko
Search Search Login
Home Home / Isaca / CISA

Isaca CISA Practice Test - Questions Answers, Page 9

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?
Which of the following poses the GREATEST risk to the use of active RFID tags?
The FIRST step in an incident response plan is to:
An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?
Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?
Which of the following findings from a database security audit presents the GREATEST risk of critical security exposures?

Question 81

Report
Export
Collapse

Which of the following is MOST important to ensure when planning a black box penetration test?

A.
The management of the client organization is aware of the testing.
A.
The management of the client organization is aware of the testing.
Answers
B.
The test results will be documented and communicated to management.
B.
The test results will be documented and communicated to management.
Answers
C.
The environment and penetration test scope have been determined.
C.
The environment and penetration test scope have been determined.
Answers
D.
Diagrams of the organization's network architecture are available.
D.
Diagrams of the organization's network architecture are available.
Answers
Suggested answer: C

Explanation:

A black box penetration test is a type of security assessment that simulates an attack on a system or network without any prior knowledge of its configuration or architecture. The main objective of this test is to identify vulnerabilities and weaknesses that can be exploited by external or internal threat actors. To plan a black box penetration test, it is most important to ensure that the environment and penetration test scope have been determined. This means that the tester and the client organization have agreed on the boundaries, objectives, methods, and deliverables of the test, as well as the legal and ethical aspects of the engagement. Without a clear definition of the environment and scope, the test may not be effective, efficient, or compliant with relevant standards and regulations. Additionally, the tester may cause unintended damage or disruption to the client's systems or networks, or violate their privacy or security policies.

What are black box, grey box, and white box penetration testing?

What Is Black-Box Penetration Testing and Why Should You Choose It?

Question 82

Report
Export
Collapse

Which of the following is the BEST method to safeguard data on an organization's laptop computers?

A.
Disabled USB ports
A.
Disabled USB ports
Answers
B.
Full disk encryption
B.
Full disk encryption
Answers
C.
Biometric access control
C.
Biometric access control
Answers
D.
Two-factor authentication
D.
Two-factor authentication
Answers
Suggested answer: B

Explanation:

The best method to safeguard data on an organization's laptop computers is full disk encryption. Full disk encryption is a technique that encrypts all the data stored on a hard drive, including the operating system, applications, files, and folders. This means that if the laptop is lost, stolen, or accessed by an unauthorized person, they will not be able to read or modify any data without knowing the encryption key or password. Full disk encryption provides a strong level of protection for data at rest, as it prevents data leakage or exposure in case of physical theft or loss of the device.

How to Protect the Data on Your Laptop

6 Steps to Practice Strong Laptop Security

Question 83

Report
Export
Collapse

An IS auditor is planning an audit of an organization's accounts payable processes. Which of the following controls is MOST important to assess in the audit?

A.
Segregation of duties between issuing purchase orders and making payments.
A.
Segregation of duties between issuing purchase orders and making payments.
Answers
B.
Segregation of duties between receiving invoices and setting authorization limits
B.
Segregation of duties between receiving invoices and setting authorization limits
Answers
C.
Management review and approval of authorization tiers
C.
Management review and approval of authorization tiers
Answers
D.
Management review and approval of purchase orders
D.
Management review and approval of purchase orders
Answers
Suggested answer: A

Explanation:

The most important control to assess in an audit of an organization's accounts payable processes is segregation of duties between issuing purchase orders and making payments. Segregation of duties is a principle that requires different individuals or departments to perform different tasks or functions within a process, in order to prevent fraud, errors, or conflicts of interest. In the accounts payable process, segregation of duties between issuing purchase orders and making payments ensures that no one person can initiate and complete a transaction without proper authorization and verification. This reduces the risk of duplicate payments, overpayments, unauthorized payments, or payments to fictitious vendors.

Accounts payable controls

Accounts Payable Internal Controls: A Simple Checklist

Question 84

Report
Export
Collapse

When evaluating the design of controls related to network monitoring, which of the following is MOST important for an IS auditor to review?

A.
Incident monitoring togs
A.
Incident monitoring togs
Answers
B.
The ISP service level agreement
B.
The ISP service level agreement
Answers
C.
Reports of network traffic analysis
C.
Reports of network traffic analysis
Answers
D.
Network topology diagrams
D.
Network topology diagrams
Answers
Suggested answer: D

Explanation:

Network topology diagrams are the most important for an IS auditor to review when evaluating the design of controls related to network monitoring, because they show how the network components are connected and configured, and what security measures are in place to protect the network from unauthorized access or attacks.Incident monitoring logs, the ISP service level agreement, and reports of network traffic analysis are useful for evaluating the effectiveness and performance of network monitoring, but not the design of controls.Reference:CISA Review Manual (Digital Version), Chapter 5, Section 5.3.3

Question 85

Report
Export
Collapse

An organization has recently acquired and implemented intelligent-agent software for granting loans to customers. During the post-implementation review, which of the following is the MOST important procedure for the IS auditor to perform?

A.
Review system and error logs to verify transaction accuracy.
A.
Review system and error logs to verify transaction accuracy.
Answers
B.
Review input and output control reports to verify the accuracy of the system decisions.
B.
Review input and output control reports to verify the accuracy of the system decisions.
Answers
C.
Review signed approvals to ensure responsibilities for decisions of the system are well defined.
C.
Review signed approvals to ensure responsibilities for decisions of the system are well defined.
Answers
D.
Review system documentation to ensure completeness.
D.
Review system documentation to ensure completeness.
Answers
Suggested answer: B

Explanation:

Reviewing input and output control reports to verify the accuracy of the system decisions is the most important procedure for the IS auditor to perform during the post-implementation review of intelligent-agent software for granting loans to customers, because it can help identify any errors or anomalies in the system logic or data that may affect the quality and reliability of the system outcomes.Reviewing system and error logs, signed approvals, and system documentation are also important procedures, but they are not as critical as verifying the accuracy of the system decisions.Reference:CISA Review Manual (Digital Version), Chapter 4, Section 4.2.21

Question 86

Report
Export
Collapse

What is the BEST control to address SQL injection vulnerabilities?

A.
Unicode translation
A.
Unicode translation
Answers
B.
Secure Sockets Layer (SSL) encryption
B.
Secure Sockets Layer (SSL) encryption
Answers
C.
Input validation
C.
Input validation
Answers
D.
Digital signatures
D.
Digital signatures
Answers
Suggested answer: C

Explanation:

Input validation is the best control to address SQL injection vulnerabilities, because it can prevent malicious users from entering SQL commands or statements into input fields that are intended for data entry, such as usernames or passwords. SQL injection is a technique that exploits a security vulnerability in an application's software by inserting SQL code into a query string that can execute commands on a database server.Unicode translation, SSL encryption, and digital signatures are not effective controls against SQL injection, because they do not prevent or detect SQL code injection into input fields.Reference:CISA Review Manual (Digital Version), Chapter 5, Section 5.4.2

Question 87

Report
Export
Collapse

An online retailer is receiving customer complaints about receiving different items from what they ordered on the organization's website. The root cause has been traced to poor data quality. Despite efforts to clean erroneous data from the system, multiple data quality issues continue to occur. Which of the following recommendations would be the BEST way to reduce the likelihood of future occurrences?

A.
Assign responsibility for improving data quality.
A.
Assign responsibility for improving data quality.
Answers
B.
Invest in additional employee training for data entry.
B.
Invest in additional employee training for data entry.
Answers
C.
Outsource data cleansing activities to reliable third parties.
C.
Outsource data cleansing activities to reliable third parties.
Answers
D.
Implement business rules to validate employee data entry.
D.
Implement business rules to validate employee data entry.
Answers
Suggested answer: D

Explanation:

Implementing business rules to validate employee data entry is the best way to reduce the likelihood of future occurrences of poor data quality that cause customer complaints about receiving different items from what they ordered on the organization's website. Business rules are logical statements that define the conditions and actions for data validation, such as checking for data completeness, accuracy, consistency, and integrity.Assigning responsibility for improving data quality, investing in additional employee training for data entry, and outsourcing data cleansing activities to reliable third parties are also possible ways to improve data quality, but they are not as effective as implementing business rules to validate employee data entry.Reference:CISA Review Manual (Digital Version), Chapter 4, Section 4.3.1

Question 88

Report
Export
Collapse

Which of the following components of a risk assessment is MOST helpful to management in determining the level of risk mitigation to apply?

A.
Risk identification
A.
Risk identification
Answers
B.
Risk classification
B.
Risk classification
Answers
C.
Control self-assessment (CSA)
C.
Control self-assessment (CSA)
Answers
D.
Impact assessment
D.
Impact assessment
Answers
Suggested answer: D

Question 89

Report
Export
Collapse

Which of the following would BEST facilitate the successful implementation of an IT-related framework?

A.
Aligning the framework to industry best practices
A.
Aligning the framework to industry best practices
Answers
B.
Establishing committees to support and oversee framework activities
B.
Establishing committees to support and oversee framework activities
Answers
C.
Involving appropriate business representation within the framework
C.
Involving appropriate business representation within the framework
Answers
D.
Documenting IT-related policies and procedures
D.
Documenting IT-related policies and procedures
Answers
Suggested answer: C

Question 90

Report
Export
Collapse

During a review of a production schedule, an IS auditor observes that a staff member is not complying with mandatory operational procedures. The auditor's NEXT step should be to:

A.
note the noncompliance in the audit working papers.
A.
note the noncompliance in the audit working papers.
Answers
B.
issue an audit memorandum identifying the noncompliance.
B.
issue an audit memorandum identifying the noncompliance.
Answers
C.
include the noncompliance in the audit report.
C.
include the noncompliance in the audit report.
Answers
D.
determine why the procedures were not followed.
D.
determine why the procedures were not followed.
Answers
Suggested answer: D
Total 1.198 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms