CISA - Certified Information Systems Auditor

Go back to ISACA

Example Questions

Which of the following will prevent dangling tuples in a database? What type of cryptosystem is characterized by data being encrypted by the sender using the recipient's public key, and the data then being decrypted using the recipient's private key? Which of the following is the BEST way to satisfy a two-factor user authentication? A virtual private network (VPN) provides data confidentiality by using: Which of the following database controls would ensure that the integrity of transactions is maintained in an online transaction processing system's database? Which of the following activities performed by a database administrator (DBA) should be performed by a different person? An organization has outsourced its wide area network (WAN) to a third-party service provider. Under these circumstances, which of the following is the PRIMARY task the IS auditor should perform during an audit of business continuity (BCP) and disaster recovery planning (DRP)? Which of the following is the BEST method for preventing the leakage of confidential information in a laptop computer? An IS auditor reviewing digital rights management (DRM) applications should expect to find an extensive use for which of the following technologies? An IS auditor interviewing a payroll clerk finds that the answers do not support job descriptions and documented procedures. Under these circumstances, the IS auditor should: The computer security incident response team (CSIRT) of an organization disseminates detailed descriptions of recent threats. An IS auditor's GREATEST concern should be that the users might: During an audit of a telecommunications system, an IS auditor finds that the risk of intercepting data transmitted to and from remote sites is very high. The MOST effective control for reducing this exposure is: Facilitating telecommunications continuity by providing redundant combinations of local carrier T-1 lines, microwaves and/or coaxial cables to access the local communication loop: Authentication techniques for sending and receiving data between EDI systems is crucial to prevent which of the following? Choose the BEST answer. Which of the following append themselves to files as a protection against viruses? Which of the following is the initial step in creating a firewall policy? A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses, the team should: The purpose of a deadman door controlling access to a computer facility is primarily to: When using public key encryption to secure data being transmitted across a network: Which of the following would be the GREATEST cause for concern when data are sent over the Internet using HTTPS protocol? A manager of a project was not able to implement all audit recommendations by the target date. The IS auditor should: In the context of effective information security governance, the primary objective of value delivery is to: Applying a retention date on a file will ensure that: Which of the following BEST reduces the ability of one device to capture the packets that are meant for another device? Which of the following is MOST likely to result from a business process reengineering (BPR) project? A financial services organization is developing and documenting business continuity measures. In which of the following cases would an IS auditor MOST likely raise an issue? An IS auditor is reviewing a project that is using an Agile software development approach. Which of the following should the IS auditor expect to find? A top-down approach to the development of operational policies will help ensure: Which of the following intrusion detection systems (IDSs) monitors the general patterns of activity and traffic on a network and creates a database? Which of the following is the PRIMARY advantage of using computer forensic software for investigations? Which of the following refers to the act of creating and using an invented scenario to persuade a 56 target to perform an action? Which of the following is the BEST type of program for an organization to implement to aggregate, correlate and store different log and event files, and then produce weekly and monthly reports for IS auditors? An IS auditor should expect the responsibility for authorizing access rights to production data and systems to be entrusted to the: What is the first step in a business process re-engineering project? Which of the following is a control over component communication failure/errors? Why does the IS auditor often review the system logs? Which of the following measures can effectively minimize the possibility of buffer overflows? An organization has just completed their annual risk assessment. Regarding the business continuity plan, what should an IS auditor recommend as the next step for the organization? The use of residual biometric information to gain unauthorized access is an example of which of the following attacks? Which of the following is the key benefit of control self-assessment (CSA)? An IS auditor finds that not all employees are aware of the enterprise's information security policy. The IS auditor should conclude that: An organization is implementing a new system to replace a legacy system. Which of the following conversion practices creates the GREATEST risk? When selecting audit procedures, an IS auditor should use professional judgment to ensure that: What is the BEST approach to mitigate the risk of a phishing attack? Which of the following would be the MOST effective audit technique for identifying segregation of duties violations in a new enterprise resource planning (ERP) implementation? Which of the following presents an inherent risk with no distinct identifiable preventive controls? The PRIMARY objective of performing a postincident review is that it presents an opportunity to: To ensure an organization is complying with privacy requirements, an IS auditor should FIRST review: Which of the following is the MOST important consideration when defining recovery point objectives (RPOs)? Which of the following is an oft-cited cause of vulnerability of networks?

Study Guides