CISA Practice Questions with correct answers, Exams of Statistics

CISA Practice Questions with correct answers

Typology: Exams

2024/2025

Available from 10/28/2024

EXAMDOC
EXAMDOC 🇺🇸

4.4

(9)

22K documents

1 / 10

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CISA Practice Questions with correct answers
It is important to understand the organization and its environment in order to
effectively pinpoint the organization's key risk. One specific factor is an
understanding of: Correct Answer-The organization's selection and application of
policies and procedures
Of the following, which is not a way to treat a risk? Correct Answer-Ignore it
The three focus areas that management must address in order to govern IT include
all of the following except: Correct Answer-Control optimization
The first step in establishing a risk management program is: Correct Answer-To
decide what the purpose of the program is
An incident is any unexpected occurrence. The severity of an incident is generally:
Correct Answer-Directly proportional to the time elapsed from the incident to the
resolution of the incident
One of the issues in managing a project is managing scope changes. Which of the
following should be included in management of scope changes? Correct Answer-
The work structure should be documented in a component management database
Personal area networks (PANs) are used for: Correct Answer-Communications
among computer devices, which include telephones, PDAs, cameras, etc.
The IS Auditor is preparing the external network security assessment. Of the
following, which step should the IS Auditor start with? Correct Answer-
Reconnaissance. The IS Auditor should perform reconnaissance, or "footprinting"
of the enterprise to appropriate gauge several details such as the scope (what
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download CISA Practice Questions with correct answers and more Exams Statistics in PDF only on Docsity!

CISA Practice Questions with correct answers

It is important to understand the organization and its environment in order to effectively pinpoint the organization's key risk. One specific factor is an understanding of: Correct Answer-The organization's selection and application of policies and procedures Of the following, which is not a way to treat a risk? Correct Answer-Ignore it The three focus areas that management must address in order to govern IT include all of the following except: Correct Answer-Control optimization The first step in establishing a risk management program is: Correct Answer-To decide what the purpose of the program is An incident is any unexpected occurrence. The severity of an incident is generally: Correct Answer-Directly proportional to the time elapsed from the incident to the resolution of the incident One of the issues in managing a project is managing scope changes. Which of the following should be included in management of scope changes? Correct Answer- The work structure should be documented in a component management database Personal area networks (PANs) are used for: Correct Answer-Communications among computer devices, which include telephones, PDAs, cameras, etc. The IS Auditor is preparing the external network security assessment. Of the following, which step should the IS Auditor start with? Correct Answer- Reconnaissance. The IS Auditor should perform reconnaissance, or "footprinting" of the enterprise to appropriate gauge several details such as the scope (what

elements to include in the test), what protocols and technology are involved, whether there is any sensitive information readily available to the public, or "leaked" Fire suppression systems can be divided into total flooding and local application fire extinguishing systems. The difference between the two is that: Correct Answer-Local application design lacks physical barriers enclosing the fire space Computer crime can be performed __________________ without anything being physically taken or stolen. Correct Answer-Remotely All of these are COBIT principles: Correct Answer-Apply a single integrated framework; separate governance from management; enable a holistic approach Continuous auditing: Correct Answer-involves a minimal time lapse between the collection of evidence and the audit reporting What fundamental change in the information systems (IS) role has taken place? Correct Answer-IS is now an integral part of every department of an organization What does the term SCADA stand for? Correct Answer-Supervisory Control and Data Acquisition Computer-aided software engineering (CASE) tools are divided into the categories upper CASE, middle CASE, and lower CASE. Middle CASE is: Correct Answer- The products for detailed design and development

following would be the most appropriate method? Correct Answer-Compare the service delivery report to the service level agreement There are four primary cloud architectures or deployment models: private, public, hybrid, and community. Which cloud deployment model potentially has the least scalability and agility? Correct Answer-Private cloud When a new system is ready to go, there are several different ways of actually switching the old system to the new system. The following are all changeover techniques: Correct Answer--Phased changeover -Abrupt changeover -Parallel changeover Hardware needs careful monitoring. Part of that monitoring is effective reporting. All of the following are commonly used hardware monitoring reports: Correct Answer--Availability reports -Asset management reports -Hardware error report A virtual circuit is: Correct Answer-A logical circuit between two network points that supplies reliable data communication between the two An SLA is an agreement between the IT organization and the: Correct Answer- Customer When dealing with auditing environment controls, what fire resistance rating should fireproof walls, ceilings, and floors have around the information processing facility? Correct Answer-2 hour

The common link between all forms of social media is ________________________. Correct Answer-Content is supplied and managed by individual users Information Security Control is extremely important and enacted controls should be tested against industry benchmarks. What is the benchmark for security across the payment card industry? Correct Answer-PCI DSS There are a number of governmental and external requirements related to computer system practices and controls and the way data is stored and used. These controls include Sarbanes-Oxley and HIPAA. The CISA candidate is expected to know: Correct Answer-How one would audit for compliance with laws and regulations What is non-statistical sampling? Correct Answer-Its based on the auditor's judgement as to what kind of samples to evaluate, the sample size, and the sampling method Continuous auditing is superior to periodic auditing insofar as it: Correct Answer- Captures control problems as they occur, helping to prevent negative consequences The Framework for Enterprise Architecture (EA) is otherwise known as _____________________. Correct Answer-The Zachman Framework SteelWorks Manufacturing utilizes a system where its production line is controlled by remote terminal units (RTUs) and programmable logic controllers (PLCs). These automated system components comprise an overall system capable of measuring and collating the data, compiling it, and then providing it to the control room. From this human machine interface (HMI) network, operators can make supervisory decisions to maximize production. What is this system an example of? Correct Answer-Supervisory Control and Data Acquisition (SCADA)

Performance optimization tools types include all of the following: Correct Answer--Continuous improvement methodologies -Frameworks -Comprehensive best practices Which of the following are project organizational forms? Correct Answer-- Influence project organization -Pure project organization -Matrix project organization When acquiring hardware, all of the following should be considered: Correct Answer--Utilization -Turnaround time -Throughput Virtualization software that runs as an application within operating systems such as Windows, Linux, or MacOS is an example of what type of virtualization architecture? Correct Answer-Hosted virtualization Which of the following has evolved over the years to become a widely use multi- point technique used for estimating large business application development complexity? Correct Answer-Function Point Analysis (FPA) Which IT Service Management framework utilizes five volumes with titles such as Service Strategy and Service Operations? Correct Answer-ITIL - 5 volumes

  1. Service strategy
  2. Service design
  3. Service transition
  1. Service operations
  2. Continual service improvement An IS auditor is working with an organization to assist in planning for disaster recovery. The executives explain to the auditor that their primary systems cannot support a downtime of over an hour and can support a data loss of about four hours of data. From these recovery objectives, which of the following would be an appropriate recovery option? Correct Answer-Active-active clustering with disk- based backups To monitor data in motion, data leak prevention systems use what technology? Correct Answer-Deep packet inspection (DPI) The role of an internal audit function is established by: Correct Answer-An audit charter that's been approved by senior management Laws and regulations control audit plans in what way? Correct Answer-The audit plan must adhere to and test for all regulations to ensure a company is compliant Of the following, which falls under the General category in the ISACA IS Assurance Guidelines? Correct Answer-Audit Charter An IS auditor is reviewing the specific standards and compliance requirements that need to be achieved from the systems that they will be auditing. The auditor has discovered that the ISACA IS Audit and Assurance Standards are not as stringent as the local regulatory authority. What should the auditor do in this case? Correct Answer-Abide by the more stringent regulations and incorporate them into the audit

procedures, and several pieces of information controlled by legislation. This information should be classified under which of the following? Correct Answer- Private information