Updated Jan-2022 Exam Engine or PDF for the ISACA CISA test to help you quickly prepare for the ISACA exam! [Q561-Q584]

Updated Jan-2022 Test Engine or PDF for the ISACA CISA test to help you quickly prepare for the ISACA exam!

Full CISA Practice Test and 973 unique questions with explanations waiting just for you, get it now!

NEW QUESTION 561
When removing a financial application system from production, which of the following is MOST important?

• A. Data retained for regulatory purposes can be retrieved.
• B. End-user requests for changes are recorded and tracked.
• C. Software license agreements are retained.
• D. Media used by the retired system has been sanitized.

Answer: A

Explanation:
Section: Protection of Information Assets

 

NEW QUESTION 562
.Which of the following best characterizes "worms"?

• A. Malicious programs that masquerade as common applications such as screensavers or macro-enabled Word documents
• B. Malicious programs that require the aid of a carrier program such as email
• C. Programming code errors that cause a program to repeatedly dump data
• D. Malicious programs that can run independently and can propagate without the aid of a carrier program such as email

Answer: D

Explanation:
Worms are malicious programs that can run independently and can propagate without the aid of a carrier program such as email.

 

NEW QUESTION 563
IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. True or false?

• A. False
• B. True

Answer: B

Explanation:
Explanation/Reference:
IS auditors are most likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. Think of it this way: If any reliance is placed on internal controls, that reliance must be validated through compliance testing. High control risk results in little reliance on internal controls, which results in additional substantive testing.

 

NEW QUESTION 564
Which of the following Is a challenge in developing a service level agreement (SLA) for network services?

• A. Finding performance metrics that can be measured property
• B. Ensuring that network components are not modified by the client
• C. Establishing a well-designed framework for network services
• D. Reducing the number of entry points into the network

Answer: A

 

NEW QUESTION 565
An IS auditor who is reviewing incident reports discovers that, in one instance, an important document left on an employee's desk was removed and put in the garbage by the outsourced cleaning staff. Which of the following should the IS auditor recommend to management?

• A. No action is required since such incidents have not occurred in the past.
• B. A clear desk policy should be implemented and strictly enforced in the organization.
• C. A sound backup policy for all important office documents should be implemented.
• D. Stricter controls should be implemented by both the organization and the cleaning agency.

Answer: D

Explanation:
An employee leaving an important document on a desk and the cleaning staff removing it may result in a serious impact on the business. Therefore, the IS auditor should recommend that strict controls be implemented by both the organization and the outsourced cleaning agency. That such incidents have not occurred in the past does not reduce the seriousness of their impact. Implementing and monitoring a clear desk policy addresses only one part of the issue. Appropriate confidentiality agreements with the cleaning agency, along with ensuring that the cleaning staff has been educated on the dos and don'ts of the cleaning process, are also controls that should be implemented. The risk here is not a loss of data, but leakage of data to unauthorized sources. A backup policy does not address the issue of unauthorized leakage of information.

 

NEW QUESTION 566
Which of the following is the BEST method to delete sensitive information from storage media that will be reused?

• A. Multiple-overwriting
• B. Reformatting
• C. Re-partitioning
• D. Crypto-shredding

Answer: D

 

NEW QUESTION 567
Which of the following is a PRIMARY role of an IT steering committee?

• A. Determining the acceptability of residual risk arising from the IT risk strategy
• B. Acting an liaison between the organization's assurance and senior management teams
• C. Providing insight and advice on the progress of major IT projects
• D. Communicating organizational business objectives to the IT department

Answer: B

 

NEW QUESTION 568
Why is one-time pad not always preferable for encryption:
(Choose all that apply.)

• A. it requires internet connectivity.
• B. it requires licensing fee.
• C. it is Microsoft only.
• D. None of the choices.
• E. it is highly inconvenient to use.
• F. it is difficult to use securely.

Answer: E,F

Explanation:
Section: Protection of Information Assets
Explanation:
It's possible to protect messages in transit by means of cryptography. One method of encryption - the one- time pad - has been proven to be unbreakable when correctly used. This method uses a matching pair of key- codes, securely distributed, which are used once-and-only-once to encode and decode a single message. Note that this method is difficult to use securely, and is highly inconvenient as well.

 

NEW QUESTION 569
Which of the following should be the PRIMARY role of an internal audit function in the management of identified business risks?

• A. Validating enterprise risk management (ERM)
• B. Establishing a risk management framework
• C. Operating the risk management framework
• D. Establishing a risk appetite

Answer: A

 

NEW QUESTION 570
Which of the following sampling methods is the BEST approach for drawing conclusions based on frequency of occurrence?

• A. Stratified sampling
• B. Monetary estimation sampling
• C. Attribute sampling
• D. Difference estimation sampling

Answer: C

 

NEW QUESTION 571
Digital signatures require the:

• A. signer and receiver to have a public key.
• B. signer to have a private key and the receiver to have a public key.
• C. signer to have a public key and the receiver to have a private key.
• D. signer and receiver to have a private key.

Answer: B

Explanation:
Section: Protection of Information Assets
Explanation:
Digital signatures are intended to verify to a recipient the integrity of the data and the identity of the sender.
The digital signature standard is a public key algorithm. This requires the signer to have a private key and
the receiver to have a public key.

 

NEW QUESTION 572
What must an IS auditor understand before performing an application audit?

• A. The potential business impact of application risks.
• B. Application risks must first be identified.
• C. Relative business processes.
• D. Relevant application risks.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
An IS auditor must first understand relative business processes before performing an application audit.

 

NEW QUESTION 573
Which of the following are often considered as the first defensive line in protecting a typical data and information environment?

• A. None of the choices.
• B. certificates
• C. security token
• D. biometrics
• E. password

Answer: E

Explanation:
Passwords are the first defensive line in protecting your data and information. Your users need to be made aware of what a password provides them and what can be done with their password. They also need to be made aware of the things that make up a good password versus a bad password.

 

NEW QUESTION 574
Backups will MOST effectively minimize a disruptive incident s impact on a business it they are

• A. stored on write-once read-many media.
• B. taken according to recovery point objectives (RPOs)
• C. performed by automated backup software on a fixed schedule.
• D. scheduled according to the service delivery objectives.

Answer: B

 

NEW QUESTION 575
An efficient use of public key infrastructure (PKI) should encrypt the:

• A. private key.
• B. symmetric session key.
• C. entire message.
• D. public key.

Answer: B

Explanation:
Section: Protection of Information Assets
Explanation:
Public key (asymmetric) cryptographic systems require larger keys (1,024 bits) and involve intensive and time-consuming computations. In comparison, symmetric encryption is considerably faster, yet relies on the security of the process for exchanging the secret key. To enjoy the benefits of both systems, a symmetric session key is exchanged using public key methods, after which it serves as the secret key for encrypting/ decrypting messages sent between two parties.

 

NEW QUESTION 576
During maintenance of a relational database, several values of the foreign key in a transaction table of a
relational database have been corrupted. The consequence is that:

• A. the database will no longer accept input data.
• B. the database will immediately stop execution and lose more information.
• C. there is no way of reconstructing the lost information, except by deleting the dangling tuples and
  reentering the transactions.
• D. the detail of involved transactions may no longer be associated with master data, causing errors when
  these transactions are processed.

Answer: D

Explanation:
Section: Protection of Information Assets
Explanation
Explanation:
When the external key of a transaction is corrupted or lost, the application system will normally be
incapable of directly attaching the master data to the transaction data. This will normally cause the system
to undertake a sequential search and slow down the processing. If the concerned files are big, this
slowdown will be unacceptable. Choice B is incorrect, since a system can recover the corrupted external
key by reindexing the table. Choices C and D would not result from a corrupted foreign key.

 

NEW QUESTION 577
An organization has begun using social media to communicate with current and potential clients. Which of the following should be of PRIMARY concern to the auditor?

• A. Negative posts by customers affecting the organization's image
• B. Using a third-party provider to host and manage content
• C. Lack of guidance on appropriate social media usage and monitoring
• D. Reduced productivity of staff using social media

Answer: C

 

NEW QUESTION 578
What is the PRIMARY purpose of audit trails?

• A. To prevent unauthorized access to data
• B. To correct data integrity errors
• C. To establish accountability and responsibility for processed transactions
• D. To document auditing efforts

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
The primary purpose of audit trails is to establish accountability and responsibility for processed
transactions.

 

NEW QUESTION 579
The network of an organization has been the victim of several intruders' attacks. Which of the following measures would allow for the early detection of such incidents?

• A. Screening routers
• B. Hardening the servers
• C. Honeypots
• D. Antivirus software

Answer: C

Explanation:
Honeypots can collect data on precursors of attacks. Since they serve no business function, honeypots are hosts that have no authorized users other than the honeypot administrators. All activity directed at them is considered suspicious. Attackers will scan and attack honeypots , giving administrators data on new trends and attack tools, particularly malicious code. However, honeypots are a supplement to, not a replacement for, properly securing networks, systems and applications. If honeypots are to be used by an organization, qualified incident handlers and intrusion detection analysts should manage them. The other choices do not provide indications of potential attacks.

 

NEW QUESTION 580
Which of the following IS functions can be performed by the same group or individual while still providing the proper segregation of duties?

• A. Computer operations and application programming
• B. Database administration and computer operations
• C. Application programming and systems analysis
• D. Security administration and application programming

Answer: A

Explanation:
Section: Protection of Information Assets
Explanation
Explanation/Reference: https://www.isaca.org/Journal/archives/2016/volume-3/Pages/implementing-segregation-of- duties.aspx

 

NEW QUESTION 581
In a virtualized environment, which of the following techniques effectively mitigates the risk of network attacks?

• A. Encryption
• B. Configuration assessment
• C. Segmentation
• D. Containerization

Answer: C

 

NEW QUESTION 582
Is it appropriate for an IS auditor from a company that is considering outsourcing its IS processing to request and review a copy of each vendor's business continuity plan?

• A. Yes, because an IS auditor will evaluate the adequacy of the service bureau's plan and assist their company in implementing a complementary plan.
• B. Yes, because based on the plan, an IS auditor will evaluate the financial stability of the service bureau and its ability to fulfill the contract.
• C. No, because the service bureau's business continuity plan is proprietary information.
• D. No, because the backup to be provided should be specified adequately in the contract.

Answer: A

Explanation:
Explanation/Reference:
Explanation:
The primary responsibility of an IS auditor is to assure that the company assets are being safeguarded.
This is true even if the assets do not reside on the immediate premises. Reputable service bureaus will have a well-designed and tested business continuity plan.

 

NEW QUESTION 583
Which of the following would represent an acceptable test of an organization's business continuity plan (BCP)?

• A. Benchmarking the plan against similar organizations
• B. Walk-through of the plan with technology suppliers
• C. Full test of computer operations at an emergency site
• D. Paper test involving functional areas

Answer: C

Explanation:
Section: Information System Operations, Maintenance and Support

 

NEW QUESTION 584
......

Get Latest CISA Dumps Exam Questions: https://drive.google.com/open?id=15QILM2aLPpNmT8aVi9heWli5weu-NfPh

Full CISA Practice Test and 973 unique questions with explanations waiting just for you, get it now: https://www.trainingdumps.com/CISA_exam-valid-dumps.html