The latest Isaca CISA dumps by geekcert helps you pass the CISA exam for the first time! geekcert Latest Update Isaca CISA VCE Dump and CISA PDF Dumps, geekcert CISA Exam Questions Updated, Answers corrected! Get the latest geekcert CISA dumps with Vce and PDF: https://www.geekcert.com/cisa.html (Q&As: 3107 dumps)

[Free CISA PDF] Latest Isaca CISA Dumps PDF collected by geekcert Google Drive:
https://drive.google.com/file/d/1z9ajlcMZeRb_fcRtygofMYpqRd2EXf3b/

[geekcert CISA Youtube] Isaca CISA Dumps can be viewed on Youtube shared by geekcert

https://youtube.com/watch?v=Dcvr8rUqIog

Latest Isaca CISA Exam Practice Questions and Answers

QUESTION 1
An organization is considering whether to allow employees to use personal computing devices for business purposes.
To BEST facilitate senior management\\’s decision, the information security manager should:
A. perform a cost-benefit analysis
B. map the strategy to business objectives
C. conduct a risk assessment
D. develop a business case
Correct Answer: B

 

QUESTION 2
Which of the following would prevent unauthorized changes to information stored in a server\\’s log?
A. Write-protecting the directory containing the system log
B. Writing a duplicate log to another server
C. Daily printing of the system log
D. Storing the system log in write-once media
Correct Answer: D
Storing the system log in write-once media ensures the log cannot be modified. Write- protecting the system log does
not prevent deletion or modification, since the superuser or users that have special permission can override the write
protection. Writing a duplicate log to another server or daily printing of the system log cannot prevent unauthorized
changes.

 

QUESTION 3
An IS auditor is reviewing a project to implement a payment system between a parent bank and a subsidiary. The IS
auditor should FIRST verify that the:
A. technical platforms between the two companies are interoperable.
B. parent bank is authorized to serve as a service provider.
C. security features are in place to segregate subsidiary trades.
D. subsidiary can join as a co-owner of this payment system.
Correct Answer: B
Even between parent and subsidiary companies, contractual agreement(s) should be in place to conduct shared
services. This is particularly important in highly regulated organizations such as banking. Unless granted to serve as a
service provider, it may not be legal for the bank to extend business to the subsidiary companies. Technical aspects
should always be considered; however, this can be initiated after confirming that the parent bank can serve as a service
provider. Security aspects are another important factor; however, this should be considered after confirming that the
parent bank can serve as a service provider. The ownership of the payment system is not as important as the legal
authorization to operate the system.

 

QUESTION 4
Which of the following is the most important element in the design of a data warehouse?
A. Quality of the metadata
B. Speed of the transactions
C. Volatility of the data
D. Vulnerability of the system
Correct Answer: A
Quality of the metadata is the most important element in the design of a data warehouse. A data warehouse is a copy of
transaction data specifically structured for query and analysis. Metadata aim to provide a table of contents to the
information stored in the data warehouse. Companies that have built warehouses believe that metadata are the most
important component of the warehouse.

 

QUESTION 5
Talking about application system audit, focus should always be placed on (Choose five.)
A. performance and controls of the system
B. the ability to limit unauthorized access and manipulation
C. input of data are processed correctly
D. output of data are processed correctly
E. changes to the system are properly authorized
F. None of the choices.
Correct Answer: ABCDE
Talking about application system audit, focus should be placed on the performance and controls of the system, its ability
to limit unauthorized access and manipulation, that input and output of data are processed correctly on the system, that
any changes to the system are authorized, and that users have access to the system.

 

QUESTION 6
The information security policy that states \\’each individual must have their badge read at every controlled door\\’
addresses which of the following attack methods?
A. Piggybacking
B. Shoulder surfing
C. Dumpster diving
D. Impersonation
Correct Answer: A
Piggybacking refers to unauthorized persons following authorized persons, either physically or virtually, into restricted
areas. This policy addresses the polite behavior problem of holding doors open for a stranger, if every employee must
have their badge read at every controlled door no unauthorized person could enter the sensitive area. Looking over the
shoulder of a user to obtain sensitive information could be done by an unauthorized person who has gained access to
areas using piggybacking, but this policy specifically refers to physical access control. Shoulder surfing would not be
prevented by the implementation of this policy. Dumpster diving, looking through an organization\\’s trash for valuable
information, could be done outside the company\\’s physical perimeter; therefore, this policy would not address this
attack method. Impersonation refers to a social engineer acting as an employee, trying to retrieve the desired
information. Some forms of social engineering attacks could join an impersonation attack and piggybacking, but this
information security policy does not address the impersonation attack.

 

QUESTION 7
Which of the following is the PRIMARY reason for an IS auditor to issue an interim audit report?
A. To avoid issuing a final audit report
B. To enable the auditor to complete the engagement in a timely manner
C. To provide feedback to the auditee for timely remediation
D. To provide follow-up opportunity during the audit
Correct Answer: C

 

QUESTION 8
An organization has outsourced many application development activities to a third party that uses contract programmers
extensively. Which of the following would provide the BEST assurance that the third party\\’s contract programmers
comply with the organization\\’s security policies?
A. Perform periodic security assessments of the contractors\\’ activities.
B. Conduct periodic vulnerability scans of the application.
C. Include penalties for noncompliance in the contracting agreement.
D. Require annual signed agreements of adherence to security policies.
Correct Answer: A

QUESTION 9
With respect to the outsourcing of IT services, which of the following conditions should be of GREATEST concern to an
IS auditor?
A. Outsourced activities are core and provide a differentiated advantage to the organization.
B. Periodic renegotiation is specified in the outsourcing contract.
C. The outsourcing contract fails to cover every action required by the arrangement.
D. Similar activities are outsourced to more than one vendor.
Correct Answer: A
An organization\\’s core activities generally should not be outsourced, because they are what the organization does
best; an IS auditor observing that should be concerned. An IS auditor should not be concerned about the other
conditions because specification of periodic renegotiation in the outsourcing contract is a best practice. Outsourcing
contracts cannot be expected to cover every action and detail expected of the parties involved, while multisourcing is an
acceptable way to reduce risk.

 

QUESTION 10
Which of the following is an oft-cited cause of vulnerability of networks?
A. software monoculture
B. software diversification
C. single line of defense
D. multiple DMZ
E. None of the choices.
Correct Answer: A
An oft-cited cause of vulnerability of networks is homogeneity or software monoculture. In particular, Microsoft Windows
has such a large share of the market that concentrating on it will enable a cracker to subvert a large number of systems.
Introducing inhomogeneity purely for the sake of robustness would however bring high costs in terms of training and
maintenance.

 

QUESTION 11
Which of the following do digital signatures provide?
A. Authentication and integrity of data
B. Authentication and confidentiality of data
C. Confidentiality and integrity of data
D. Authentication and availability of data
Correct Answer: A
The primary purpose of digital signatures is to provide authentication and integrity of data.

 

QUESTION 12
During a follow-up audit, an IS auditor discovers that a recommendation has not been implemented. However, the
auditee has implemented a manual workaround that addresses the identified risk, through far less efficiency than the
recommended action would. Which of the following would be the auditor\\’s BEST course of action?
A. Notify management that the risk has been addressed and take no further action.
B. Escalate the remaining issue for further discussion and resolution.
C. Note that the risk has been addressed and notify management of the inefficiency.
D. Insist to management that the original recommendation be implemented.
Correct Answer: D

 

QUESTION 13
The ultimate purpose of IT governance is to:
A. encourage optimal use of IT.
B. reduce IT costs.
C. decentralize IT resources across the organization.
D. centralize control of IT.
Correct Answer: A
IT governance is intended to specify the combination of decision rights and accountability that is best for the enterprise.
It is different for every enterprise. Reducing IT costs may not be the best IT governance outcome for an enterprise.
Decentralizing IT resources across the organization is not always desired, although it may be desired in a decentralized
environment. Centralizing control of IT is not always desired. An example of where it might be desired is an enterprise
desiring a single point of customer contact.


latest updated Isaca CISA exam questions from the geekcert CISA dumps! 100% pass the CISA exam! Download geekcert CISA VCE and PDF dumps: https://www.geekcert.com/cisa.html (Q&As: 3107 dumps)

Get free Isaca CISA dumps PDF online: https://drive.google.com/file/d/1z9ajlcMZeRb_fcRtygofMYpqRd2EXf3b/

Related Posts