ExamGecko
Search Search Login
Home Home / Isaca / CISA

Isaca CISA Practice Test - Questions Answers, Page 91

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?
Which of the following poses the GREATEST risk to the use of active RFID tags?
The FIRST step in an incident response plan is to:
An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?
An IS auditor is reviewing the backup procedures in an organization that has high volumes of data with frequent changes to transactions. Which of the following is the BEST backup scheme to recommend given the need for a shorter restoration time in the event of a disruption?
An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, which of the following should present the GREATEST concern to the auditor?

Question 901

Report
Export
Collapse

An IS auditor finds that a number of key patches have not been applied in a timely manner due to re-source constraints. Which of the following is the GREATEST risk to the organization in this situation?

A.
Systems may not be supported by the vendor.
A.
Systems may not be supported by the vendor.
Answers
B.
Known security vulnerabilities may not be mitigated.
B.
Known security vulnerabilities may not be mitigated.
Answers
C.
Different systems may not be compatible.
C.
Different systems may not be compatible.
Answers
D.
The systems may not meet user requirements.
D.
The systems may not meet user requirements.
Answers
Suggested answer: B

Question 902

Report
Export
Collapse

Which of the following should be the PRIMARY purpose of conducting tabletop exercises when re-viewing a security incident response plan?

A.
To provide efficiencies for alignment with incident response test scenarios
A.
To provide efficiencies for alignment with incident response test scenarios
Answers
B.
To determine process improvement options for the incident response plan
B.
To determine process improvement options for the incident response plan
Answers
C.
To gather documentation for responding to security audit inquiries
C.
To gather documentation for responding to security audit inquiries
Answers
D.
To confirm that technology is in place to support the incident response plan
D.
To confirm that technology is in place to support the incident response plan
Answers
Suggested answer: B

Question 903

Report
Export
Collapse

Which of the following BEST enables an IS auditor to confirm the batch processing to post transactions from an input source is successful?

A.
Error log review
A.
Error log review
Answers
B.
Total number of items
B.
Total number of items
Answers
C.
Hash totals
C.
Hash totals
Answers
D.
Aggregate monetary amount
D.
Aggregate monetary amount
Answers
Suggested answer: C

Explanation:

Hash totals are a control technique used to ensure data integrity during batch processing. A hash total is a calculated value based on the data in a batch. This value is compared to a pre-calculated hash total to confirm that all data has been processed correctly and without alteration.

Reference

ISACA CISA Review Manual (27th Edition):Hash totals are discussed within the context of batch processing controls.

Other Auditing Resources:Hash totals are a fundamental control technique discussed in various audit and information security publications.

Question 904

Report
Export
Collapse

A security review focused on data loss prevention (DLP) revealed the organization has no visibility to data stored in the cloud. What is the IS auditor's BEST recommendation to address this issue?

A.
Enhance the firewall at the network perimeter.
A.
Enhance the firewall at the network perimeter.
Answers
B.
Implement a file system scanner to discover data stored in the cloud.
B.
Implement a file system scanner to discover data stored in the cloud.
Answers
C.
Employ a cloud access security broker (CASB).
C.
Employ a cloud access security broker (CASB).
Answers
D.
Utilize a DLP tool on desktops to monitor user activities.
D.
Utilize a DLP tool on desktops to monitor user activities.
Answers
Suggested answer: C

Explanation:

Here's the breakdown, considering the need for DLP visibility in the cloud:

Verified Answer

C . Employ a cloud access security broker (CASB).

Very Short Explanation

CASBs are specifically designed to enhance visibility and control over cloud-based data. They can monitor data flows, enforce security policies, and often have DLP capabilities built-in, making them the ideal solution in this scenario.

Reference

ISACA Resources (Glossary):Definitions of Cloud Access Security Broker (CASB) highlight their role in cloud security and governance.

Industry Research (Gartner, etc.):Research on CASB tools emphasizes their ability to address visibility and control challenges for cloud data.

Question 905

Report
Export
Collapse

Which of the following is MOST important to review during the project initiation phase of developing and deploying a new application?

A.
User requirements
A.
User requirements
Answers
B.
User acceptance testing (UAT) plans
B.
User acceptance testing (UAT) plans
Answers
C.
Deployment plans
C.
Deployment plans
Answers
D.
Architectural design
D.
Architectural design
Answers
Suggested answer: A

Explanation:

User requirements are the foundation of any successful application. Properly defining what the application needs to do and how it should serve users is critical before moving into design or development.

Project Management Methodologies (Agile, Waterfall, etc.):All major methodologies emphasize the criticality of understanding user requirements during the initial project phases.

Software Development Lifecycle (SDLC):Requirements gathering is a cornerstone of the initiation phase within the SDLC.

ISACA Resources:While not explicitly tied to a CISA document, ISACA's emphasis on governance and aligning IT with business objectives reinforces the importance of starting with clear user requirements.

Question 906

Report
Export
Collapse

Which of the following is the MOST appropriate responsibility of an IS auditor involved in a data center renovation project?

A.
Performing independent reviews of responsible parties engaged in the project
A.
Performing independent reviews of responsible parties engaged in the project
Answers
B.
Shortlisting vendors to perform renovations
B.
Shortlisting vendors to perform renovations
Answers
C.
Ensuring the project progresses as scheduled and milestones are achieved
C.
Ensuring the project progresses as scheduled and milestones are achieved
Answers
D.
Implementing data center operational controls
D.
Implementing data center operational controls
Answers
Suggested answer: A

Explanation:

IS auditors primarily provide assurance and oversight. In this context, independent reviews ensure that those responsible for the renovation project are meeting their obligations, following best practices, and managing risks appropriately.

ISACA's Code of Professional Ethics:Emphasizes the IS Auditor's duty to be independent and objective.

The Role of IS Audit:IS Auditors are not project managers but provide objective assessment and guidance regarding controls and risk mitigation within projects.

CISA Review Manual (27th Edition):May have sections discussing the role of IS auditors in infrastructure projects or similar initiatives.

Question 907

Report
Export
Collapse

Which of the following findings would be of GREATEST concern to an IS auditor reviewing firewall security for an organization's corporate network?

A.
The production configuration does not conform to corporate policy.
A.
The production configuration does not conform to corporate policy.
Answers
B.
Responsibility for the firewall administration rests with two different divisions.
B.
Responsibility for the firewall administration rests with two different divisions.
Answers
C.
Industry hardening guidance has not been considered.
C.
Industry hardening guidance has not been considered.
Answers
D.
The firewall configuration file is extremely long and complex.
D.
The firewall configuration file is extremely long and complex.
Answers
Suggested answer: A

Question 908

Report
Export
Collapse

Which of the following is MOST helpful for evaluating benefits realized by IT projects?

A.
Benchmarking IT project management practices with industry peers
A.
Benchmarking IT project management practices with industry peers
Answers
B.
Evaluating compliance with key security controls
B.
Evaluating compliance with key security controls
Answers
C.
Comparing planned versus actual return on investment (ROI)
C.
Comparing planned versus actual return on investment (ROI)
Answers
D.
Reviewing system development life cycle (SDLC) processes
D.
Reviewing system development life cycle (SDLC) processes
Answers
Suggested answer: C

Question 909

Report
Export
Collapse

Which of the following non-audit activities may impair an IS auditor's independence and objectivity?

A.
Evaluating a third-party customer satisfaction survey
A.
Evaluating a third-party customer satisfaction survey
Answers
B.
Providing advice on an IT project management framework
B.
Providing advice on an IT project management framework
Answers
C.
Designing security controls for a new cloud-based workforce management system
C.
Designing security controls for a new cloud-based workforce management system
Answers
D.
Reviewing secure software development guidelines adopted by an organization
D.
Reviewing secure software development guidelines adopted by an organization
Answers
Suggested answer: C

Question 910

Report
Export
Collapse

Management has decided to accept a risk in response to a draft audit recommendation. Which of the following should be the IS auditor's NEXT course of action?

A.
Document management's acceptance in the audit report.
A.
Document management's acceptance in the audit report.
Answers
B.
Escalate the acceptance to the board.
B.
Escalate the acceptance to the board.
Answers
C.
Ensure a follow-up audit is on next year's plan.
C.
Ensure a follow-up audit is on next year's plan.
Answers
D.
Escalate acceptance to the audit committee.
D.
Escalate acceptance to the audit committee.
Answers
Suggested answer: A
Total 1.198 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms