Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 1

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 81

Question

Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-to- consumer transactions via the internet?

A. Customers are widely dispersed geographically, but the certificate authorities are not.
B. Customers can make their transactions from any computer or mobile device.
C. The certificate authority has several data processing subcenters to administer certificates.
D. The organization is the owner of the certificate authority.

Answer

D. The organization is the owner of the certificate authority.

Explanation

If the certificate authority belongs to the same organization, this would generate a conflict of interest. That is, if a customer wanted to repudiate a transaction, they could allege that because of the shared interests, an unlawful agreement exists between the parties generating the certificates, if a customer wanted to repudiate a transaction, they could argue that there exists a bribery between the parties to generate the certificates, as shared interests exist. The other options are not weaknesses.

CISA Question 82

Question

Applying a digital signature to data traveling in a network provides:

A. confidentiality and integrity.
B. security and nonrepudiation.
C. integrity and nonrepudiation.
D. confidentiality and nonrepudiation.

Answer

C. integrity and nonrepudiation.

Explanation

The process of applying a mathematical algorithm to the data that travel in the network and placing the results of this operation with the hash data is used for controlling data integrity, since any unauthorized modification to this data would result in a different hash. The application of a digital signature would accomplish the non-repudiation of the delivery of the message. The term security is a broad concept and not a specific one. In addition to a hash and a digital signature, confidentiality is applied when an encryption process exists.

CISA Question 83

Question

An IS auditor observes that a business-critical application does not currently have any level of fault tolerance. Which of the following is the GREATEST concern with this situation?

A. Degradation of services
B. Limited tolerance for damage
C. Decreased mean time between failure (MTBF)
D. Single point of failure

Answer

D. Single point of failure

CISA Question 84

Question

Which of the following is the BEST recommendation to prevent fraudulent electronic funds transfers by accounts payable employees?

A. Re-keying of monetary amounts
B. Dual control
C. Periodic vendor reviews
D. Independent reconciliation

Answer

B. Dual control

CISA Question 85

Question

An organization allows employees to retain confidential data on personal mobile devices. Which of the following is the BEST recommendation to mitigate the risk of data leakage from lost or stolen devices?

A. Require employees to attend security awareness training
B. Password protect critical data files
C. Enable device auto-lock function
D. Configure to auto-wipe after multiple failed access attempts

Answer

B. Password protect critical data files

CISA Question 86

Question

An organization uses multiple offsite data center facilities. Which of the following is MOST important to consider when choosing related backup devices and media?

A. Associated costs
B. Standardization
C. Backup media capacity
D. Restoration speed

Answer

D. Restoration speed

CISA Question 87

Question

Which type of attack poses the GREATEST risk to an organization’s most sensitive data?

A. Password attack
B. Eavesdropping attack
C. Spear phishing attack
D. Insider attack

Answer

D. Insider attack

CISA Question 88

Question

What is BEST for an IS auditor to review when assessing the effectiveness of changes recently made to processes and tools related to an organization’s business continuity plan (BCP)?

A. Change management processes
B. Completed test plans
C. Updated inventory of systems
D. Full test results

Answer

D. Full test results

CISA Question 89

Question

An IS auditor is reviewing an organization’s business continuity plan (BCP) following a change in organizational structure with significant impact to business processes. Which of the following findings should be the auditor’s GREATEST concern?

A. Copies of the BCP have not been distributed to new business unit end users since the reorganization
B. The most recent business impact analysis (BIA) was performed two years before the reorganization
C. A test plan for the BCP has not been completed during the last two years
D. Key business process end users did not participate in the business impact analysis (BIA)

Answer

B. The most recent business impact analysis (BIA) was performed two years before the reorganization

CISA Question 90

Question

A USB device containing sensitive production data was lost by an employee, and its contents were subsequently found published online. Which of the following controls is the BEST recommendation to prevent a similar recurrence?

A. Training users on USB device security
B. Monitoring data being downloaded on USB devices
C. Electronically tracking portable devices
D. Using a strong encryption algorithm

Answer

A. Training users on USB device security

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker