






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
CISA Practice Questions with correct answers
Typology: Exams
1 / 10
This page cannot be seen from the preview
Don't miss anything!







It is important to understand the organization and its environment in order to effectively pinpoint the organization's key risk. One specific factor is an understanding of: Correct Answer-The organization's selection and application of policies and procedures Of the following, which is not a way to treat a risk? Correct Answer-Ignore it The three focus areas that management must address in order to govern IT include all of the following except: Correct Answer-Control optimization The first step in establishing a risk management program is: Correct Answer-To decide what the purpose of the program is An incident is any unexpected occurrence. The severity of an incident is generally: Correct Answer-Directly proportional to the time elapsed from the incident to the resolution of the incident One of the issues in managing a project is managing scope changes. Which of the following should be included in management of scope changes? Correct Answer- The work structure should be documented in a component management database Personal area networks (PANs) are used for: Correct Answer-Communications among computer devices, which include telephones, PDAs, cameras, etc. The IS Auditor is preparing the external network security assessment. Of the following, which step should the IS Auditor start with? Correct Answer- Reconnaissance. The IS Auditor should perform reconnaissance, or "footprinting" of the enterprise to appropriate gauge several details such as the scope (what
elements to include in the test), what protocols and technology are involved, whether there is any sensitive information readily available to the public, or "leaked" Fire suppression systems can be divided into total flooding and local application fire extinguishing systems. The difference between the two is that: Correct Answer-Local application design lacks physical barriers enclosing the fire space Computer crime can be performed __________________ without anything being physically taken or stolen. Correct Answer-Remotely All of these are COBIT principles: Correct Answer-Apply a single integrated framework; separate governance from management; enable a holistic approach Continuous auditing: Correct Answer-involves a minimal time lapse between the collection of evidence and the audit reporting What fundamental change in the information systems (IS) role has taken place? Correct Answer-IS is now an integral part of every department of an organization What does the term SCADA stand for? Correct Answer-Supervisory Control and Data Acquisition Computer-aided software engineering (CASE) tools are divided into the categories upper CASE, middle CASE, and lower CASE. Middle CASE is: Correct Answer- The products for detailed design and development
following would be the most appropriate method? Correct Answer-Compare the service delivery report to the service level agreement There are four primary cloud architectures or deployment models: private, public, hybrid, and community. Which cloud deployment model potentially has the least scalability and agility? Correct Answer-Private cloud When a new system is ready to go, there are several different ways of actually switching the old system to the new system. The following are all changeover techniques: Correct Answer--Phased changeover -Abrupt changeover -Parallel changeover Hardware needs careful monitoring. Part of that monitoring is effective reporting. All of the following are commonly used hardware monitoring reports: Correct Answer--Availability reports -Asset management reports -Hardware error report A virtual circuit is: Correct Answer-A logical circuit between two network points that supplies reliable data communication between the two An SLA is an agreement between the IT organization and the: Correct Answer- Customer When dealing with auditing environment controls, what fire resistance rating should fireproof walls, ceilings, and floors have around the information processing facility? Correct Answer-2 hour
The common link between all forms of social media is ________________________. Correct Answer-Content is supplied and managed by individual users Information Security Control is extremely important and enacted controls should be tested against industry benchmarks. What is the benchmark for security across the payment card industry? Correct Answer-PCI DSS There are a number of governmental and external requirements related to computer system practices and controls and the way data is stored and used. These controls include Sarbanes-Oxley and HIPAA. The CISA candidate is expected to know: Correct Answer-How one would audit for compliance with laws and regulations What is non-statistical sampling? Correct Answer-Its based on the auditor's judgement as to what kind of samples to evaluate, the sample size, and the sampling method Continuous auditing is superior to periodic auditing insofar as it: Correct Answer- Captures control problems as they occur, helping to prevent negative consequences The Framework for Enterprise Architecture (EA) is otherwise known as _____________________. Correct Answer-The Zachman Framework SteelWorks Manufacturing utilizes a system where its production line is controlled by remote terminal units (RTUs) and programmable logic controllers (PLCs). These automated system components comprise an overall system capable of measuring and collating the data, compiling it, and then providing it to the control room. From this human machine interface (HMI) network, operators can make supervisory decisions to maximize production. What is this system an example of? Correct Answer-Supervisory Control and Data Acquisition (SCADA)
Performance optimization tools types include all of the following: Correct Answer--Continuous improvement methodologies -Frameworks -Comprehensive best practices Which of the following are project organizational forms? Correct Answer-- Influence project organization -Pure project organization -Matrix project organization When acquiring hardware, all of the following should be considered: Correct Answer--Utilization -Turnaround time -Throughput Virtualization software that runs as an application within operating systems such as Windows, Linux, or MacOS is an example of what type of virtualization architecture? Correct Answer-Hosted virtualization Which of the following has evolved over the years to become a widely use multi- point technique used for estimating large business application development complexity? Correct Answer-Function Point Analysis (FPA) Which IT Service Management framework utilizes five volumes with titles such as Service Strategy and Service Operations? Correct Answer-ITIL - 5 volumes
procedures, and several pieces of information controlled by legislation. This information should be classified under which of the following? Correct Answer- Private information