Jan 05, 2022 Step by Step Guide to Prepare for CISA Exam BrainDumps
Isaca Certification CISA Real Exam Questions and Answers FREE Updated on 2022
Salient Features of CISA That You Need to Know Ahead
Completion of the Isaca CISA signifies that you can expertly work with the aspects related to an organization’s business systems and information technology. With the nature of its certification coverage, such a test is highly recommended to specialists with at least 5 years of background in IT/IS audit, security, assurance, and control. Your prior experience will help in achieving a success rate in the 240-minute evaluation that contains a total of 150 multiple-choice questions.
The benefits of Obtaining the ISACA CISA Exam Certification
ISACA CISA certification is often preferred by employers. You can have many benefits of obtaining the ISACA CISA exam by doing preparation from ISACA CISA Dumps. Candidates who have obtained any of the following certifications are eligible to apply for the CISA credential: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC), Certified Software Development Asset Manager(CSDAM), International Information Systems Security Certification Consortium's Certified Internet Webmaster.
NEW QUESTION 131
When reviewing an active project, an IS auditor observed that, because of a reduction in anticipated benefits and increased costs, the business case was no longer valid. The IS auditor should recommend that the:
- A. business case be updated and possible corrective actions be identified.
- B. project be completed and the business case be updated later.
- C. project be discontinued.
- D. project be returned to the project sponsor for reapproval.
Answer: A
Explanation:
Explanation/Reference:
Explanation: An IS auditor should not recommend discontinuing or completing the project before reviewing an updated business case. The IS auditor should recommend that the business case be kept current throughout the project since it is a key input to decisions made throughout the life of any project.
NEW QUESTION 132
During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would
be MOST concerned with the:
- A. frequency of system testing.
- B. maintenance of hardware and software compatibility.
- C. differences in IS policies and procedures.
- D. allocation of resources during an emergency.
Answer: B
Explanation:
Section: Protection of Information Assets
NEW QUESTION 133
Which of the following IS functions can be performed by the same group or individual while still providing the proper segregation of duties?
- A. Database administration and computer operations
- B. Security administration and application programming
- C. Computer operations and application programming
- D. Application programming and systems analysis
Answer: C
Explanation:
Section: Protection of Information Assets
Explanation
Explanation/Reference: https://www.isaca.org/Journal/archives/2016/volume-3/Pages/implementing-segregation-of- duties.aspx
NEW QUESTION 134
Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness?
- A. Preparedness test
- B. Post test
- C. Paper test
- D. Walk-through
Answer: A
Explanation:
A preparedness test is a localized version of a full test, wherein resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence about the plan's effectiveness. It also provides a means to improve the plan in increments. Incorrect answers:
A. A paper test is a walkthrough of the plan, involving major players in the plan's execution who attempt to determine what might happen in a particular type of service disruption. A paper test usually precedes the preparedness test.
B. A post-test is actually a test phase and is comprised of a group of activities, such as returning all resources to their proper place, disconnecting equipment, returning personnel and deleting all company data from third- party systems.
D. A walk-through is a test involving a simulated disaster situation that tests the preparedness and understanding of management and staff, rather than the actual resources.
NEW QUESTION 135
An IS auditor notes that IDS log entries related to port scanning are not being analyzed. This lack of analysis will MOST likely increase the risk of success of which of the following attacks?
- A. Social engineering
- B. Denial-of-service
- C. Replay
- D. Buffer overflow
Answer: B
Explanation:
Explanation/Reference:
Explanation:
Prior to launching a denial-of-service attack, hackers often use automatic port scanning software to acquire information about the subject of their attack. A replay attack is simply sending the same packet again.
Social engineering exploits end-user vulnerabilities, and buffer overflow attacks exploit poorly written code.
NEW QUESTION 136
A long-term IS employee with a strong technical background and broad managerial experience has applied for a vacant position in the IS audit department. Determining whether to hire this individual for this position should be based on the individual's experience and:
- A. IS knowledge, since this will bring enhanced credibility to the audit function.
- B. length of service, since this will help ensure technical competence.
- C. age, as training in audit techniques may be impractical.
- D. ability, as an IS auditor, to be independent of existing IS relationships.
Answer: D
Explanation:
Explanation/Reference:
Explanation:
Independence should be continually assessed by the auditor and management. This assessment should consider such factors as changes in personal relationships, financial interests, and prior job assignments and responsibilities. The fact that the employee has worked in IS for many years may not in itself ensure credibility. The audit department's needs should be defined and any candidate should be evaluated against those requirements. The length of service will not ensure technical competency. Evaluating an individual's qualifications based on the age of the individual is not a good criterion and is illegal in many parts of the world.
NEW QUESTION 137
During an audit of the organization's data privacy policy, the IS auditor identified that only some IT application databases have encryption in place. What should be the auditors FIRST action?
- A. Review a comprehensive list of databases with the information they contain.
- B. Review the most recent database penetration testing results.
- C. Assess the resources required to implement encryption to unencrypted databases.
- D. Determine whether compensating controls are in place
Answer: A
NEW QUESTION 138
Which of the following is the GREATEST security risk associated with data migration from a legacy HR
system to a cloud-based system?
- A. Data from the source and target system may be intercepted.
- B. Data from the source and target system may have different data formats.
- C. Records past their retention period may not be migrated to the new system.
- D. System performance may be impacted by the migration.
Answer: A
Explanation:
Section: Information System Operations, Maintenance and Support
NEW QUESTION 139
Which of the following is an effective way to ensure the integrity of file transfers in a peer-to-peer (P2P) computing environment?
- A. Encrypt the packets shared between peers within the environment.
- B. Ensure the files transferred through an intrusion detection system (IDS).
- C. Connect the client computers in the environment to a jump server.
- D. Associate a message authentication code with each file transferred.
Answer: D
Explanation:
Section: Information System Operations, Maintenance and Support
NEW QUESTION 140
Which of the following is MOST important when planning a network audit?
- A. Identification of existing nodes
- B. Analysis of traffic content
- C. Isolation of rogue access points
- D. Determination of IP range in use
Answer: A
NEW QUESTION 141
Disaster recovery planning for network connectivity to a hot site over a public-switched network would be
MOST likely to include:
- A. minimizing the number of points of presence
- B. contracts for acquiring new leased lines
- C. reciprocal agreements with customers of that network
- D. redirecting private virtual circuits
Answer: D
Explanation:
Section: Protection of Information Assets
NEW QUESTION 142
Which of the following should be a concern to an IS auditor reviewing a digital forensic process for a security incident?
- A. The forensic expert used open-source forensic tools.
- B. The affected computer was not immediately shut down after the incident.
- C. Analysis was performed using an image of the original media.
- D. The media with the original evidence was not write-blocked.
Answer: D
NEW QUESTION 143
Which of the following would be the GREATEST cause for concern when data are sent over the Internet
using HTTPS protocol?
- A. The implementation of an RSA-compliant solution
- B. A symmetric cryptography is used for transmitting data
- C. The use of a traffic sniffing tool
- D. Presence of spyware in one of the ends
Answer: D
Explanation:
Section: Protection of Information Assets
Explanation:
Encryption using secure sockets layer/transport layer security (SSL/TLS) tunnels makes it difficult to
intercept data in transit, but when spyware is running on an end user's computer, data are collected before
encryption takes place. The other choices are related to encrypting the traffic, but the presence of spyware
in one of the ends captures the data before encryption takes place.
NEW QUESTION 144
A successful risk-based IT audit program should be based on:
- A. an effective PERT diagram.
- B. an effective yearly budget.
- C. None of the choices.
- D. an effective departmental brainstorm session.
- E. an effective scoring system.
- F. an effective organization-wide brainstorm session.
Answer: E
Explanation:
Section: Protection of Information Assets
Explanation:
A successful risk-based IT audit program could be based on an effective scoring system. In establishing a scoring system, management should consider all relevant risk factors and avoid subjectivity. Auditors should develop written guidelines on the use of risk assessment tools and risk factors and review these guidelines with the audit committee.
NEW QUESTION 145
Which of the following is the BEST methodology to use for estimating the complexity of developing a large business application?
- A. Software cost estimation
- B. Critical path analysis
- C. Work breakdown structure
- D. Function point analysis
Answer: D
NEW QUESTION 146
A web server is attacked and compromised. Which of the following should be performed FIRST to handle the incident?
- A. Disconnect the web server from the network.
- B. Run the server in a fail-safe mode.
- C. Shut down the web server.
- D. Dump the volatile storage data to a disk.
Answer: A
Explanation:
Explanation/Reference:
Explanation:
The first action is to disconnect the web server from the network to contain the damage and prevent more actions by the attacker. Dumping the volatile storage data to a disk may be used at the investigation stage but does not contain an attack in progress. To run the server in a fail-safe mode, the server needs to be shut down. Shutting down the server could potentially erase information that might be needed for a forensic investigation or to develop a strategy to prevent future similar attacks.
NEW QUESTION 147
An IS auditor reviewing a proposed application software acquisition should ensure that the:
- A. OS has the latest versions and updates.
- B. operating system (OS) being used is compatible with the existing hardware platform.
- C. planned OS updates have been scheduled to minimize negative impacts on company needs.
- D. products are compatible with the current or planned OS.
Answer: D
Explanation:
Explanation/Reference:
Explanation:
Choices A, B and C are incorrect because none of them are related to the area being audited. In reviewing the proposed application the auditor should ensure that the products to be purchased are compatible with the current or planned OS. Regarding choice A, if the OS is currently being used, it is compatible with the existing hardware platform, because if it is not it would not operate properly. In choice B, the planned OS updates should be scheduled to minimize negative impacts on the organization. For choice C, the installed OS should be equipped with the most recent versions and updates (with sufficient history and stability).
NEW QUESTION 148
Which of the following encryption techniques will BEST protect a wireless network from a man-inthe-middle attack?
- A. Randomly generated pre-shared key (PSKJ
- B. 128-bit wired equivalent privacy (WEP)
- C. MAC-basedpre-sharedkey(PSK)
- D. Alphanumeric service set identifier (SSID)
Answer: A
Explanation:
A randomly generated PSK is stronger than a MAC-based PSK, because the MAC address of a computer is fixed and often accessible. WEP has been shown to be a very weak encryption technique and can be cracked within minutes. The SSID is broadcast on the wireless network in plaintext.
NEW QUESTION 149
During a review of an application system, an IS auditor identifies automated controls designed to prevent the entry of duplicate transactions. What is the BEST way to verify that the controls work as designed?
- A. Enter duplicate transactions in a copy of the live system.
- B. Use generalized audit software for seeking data corresponding to duplicate transactions.
- C. Implement periodic reconciliations.
- D. Review quality assurance (QA) test results.
Answer: C
Explanation:
Section: The process of Auditing Information System
NEW QUESTION 150
An organization offers an online information security awareness program to employees on an annual basis.
Which of the following from an audit of the program should be the auditor's GREATEST concern?
- A. The post-training test content is two years old.
- B. Employees have complained about the length of the program
- C. Training completions is not mandatory for staff.
- D. New employees are given three months to complete the training
Answer: C
NEW QUESTION 151
chain management processes Customer orders are not being fulfilled in a timely manner, and the inventory in the warehouse does not match the quantity of goods in the sales orders. Which of the following is the auditor's BEST recommendation?
- A. Require the sales representative to verify inventory levels prior to finalizing sales orders.
- B. Revise the order fulfillment procedures in collaboration with the e-commerce team.
- C. Implement an automated control to verify inventory levels prior to finalizing sales orders.
- D. Require the warehouse manager to send updated inventory levels on a periodic basis.
Answer: C
NEW QUESTION 152
An organization s data retention policy states that all data will be backed up, retained for 10 years, and then destroyed. When conducting an audit of the long-term offsite backup program, an IS auditor should:
- A. review data classification schemes for appropriate security levels.
- B. verify that there is a process to ensure readability and restore capability
- C. verify that business owners review data before it is destroyed.
- D. confirm that business interruption insurance coverage is in place.
Answer: B
NEW QUESTION 153
......
Which skills and knowledge are required for passing the ISACA CISA Exam?
A person would have sufficient knowledge in how to perform systems analysis, documentation of security policy implementation including full life cycle assessment from design and development through maintenance and compliance monitoring as well as designing system architectures with an emphasis on safeguarding information assets both physical and virtual. CISA certification validates that an individual has the competence, sufficient knowledge, skill, experience, and training to do these tasks. It is an important credential for individuals seeking entry-level employment in IT auditing or assurance. Individuals who are already employed in the IT industry may choose to pursue CISA Certification to improve job opportunities or increase their salaries.
Ultimate Guide to Prepare CISA Certification Exam for Isaca Certification: https://certlibrary.itpassleader.com/ISACA/CISA-dumps-pass-exam.html