The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1021
- Question
- Answer
- Explanation
- CISA Question 1022
- Question
- Answer
- Explanation
- CISA Question 1023
- Question
- Answer
- Explanation
- CISA Question 1024
- Question
- Answer
- Explanation
- CISA Question 1025
- Question
- Answer
- Explanation
- CISA Question 1026
- Question
- Answer
- Explanation
- CISA Question 1027
- Question
- Answer
- Explanation
- CISA Question 1028
- Question
- Answer
- Explanation
- CISA Question 1029
- Question
- Answer
- Explanation
- CISA Question 1030
- Question
- Answer
- Explanation
CISA Question 1021
Question
If a programmer has update access to a live system, IS auditors are more concerned with the programmer’s ability to initiate or modify transactions and the ability to access production than with the programmer’s ability to authorize transactions. True or false?
A. True
B. False
Answer
A. True
Explanation
If a programmer has update access to a live system, IS auditors are more concerned with the programmer’s ability to initiate or modify transactions and the ability to access production than with the programmer’s ability to authorize transactions.
CISA Question 1022
Question
Rather than simply reviewing the adequacy of access control, appropriateness of access policies, and effectiveness of safeguards and procedures, the IS auditor is more concerned with effectiveness and utilization of assets. True or false?
A. True
B. False
Answer
B. False
Explanation
Instead of simply reviewing the effectiveness and utilization of assets, an IS auditor is more concerned with adequate access control, appropriate access policies, and effectiveness of safeguards and procedures.
CISA Question 1023
Question
What are intrusion-detection systems (IDS) primarily used for?
A. To identify AND prevent intrusion attempts to a network
B. To prevent intrusion attempts to a network
C. Forensic incident response
D. To identify intrusion attempts to a network
Answer
D. To identify intrusion attempts to a network
Explanation
Intrusion-detection systems (IDS) are used to identify intrusion attempts on a network.
CISA Question 1024
Question
Which of the following is of greatest concern when performing an IS audit?
A. Users’ ability to directly modify the database
B. Users’ ability to submit queries to the database
C. Users’ ability to indirectly modify the database
D. Users’ ability to directly view the database
Answer
A. Users’ ability to directly modify the database
Explanation
A major IS audit concern is users’ ability to directly modify the database.
CISA Question 1025
Question
Which of the following is the most fundamental step in preventing virus attacks?
A. Adopting and communicating a comprehensive antivirus policy
B. Implementing antivirus protection software on users’ desktop computers
C. Implementing antivirus content checking at all network-to-Internet gateways
D. Inoculating systems with antivirus code
Answer
A. Adopting and communicating a comprehensive antivirus policy
Explanation
Adopting and communicating a comprehensive antivirus policy is the most fundamental step in preventing virus attacks. All other antivirus prevention efforts rely upon decisions established and communicated via policy.
CISA Question 1026
Question
When should systems administrators first assess the impact of applications or systems patches?
A. Within five business days following installation
B. Prior to installation
C. No sooner than five business days following installation
D. Immediately following installation
Answer
B. Prior to installation
Explanation
Systems administrators should always assess the impact of patches before installation.
CISA Question 1027
Question
Using the OSI reference model, what layer(s) is/are used to encrypt data?
A. transport layer
B. Session layer
C. Session and transport layers
D. Data link layer
Answer
C. Session and transport layers
Explanation
User applications often encrypt and encapsulate data using protocols within the OSI session layer or farther down in the transport layer.
CISA Question 1028
Question
What should IS auditors always check when auditing password files?
A. That deleting password files is protected
B. That password files are encrypted
C. That password files are not accessible over the network
D. That password files are archived
Answer
B. That password files are encrypted
Explanation
IS auditors should always check to ensure that password files are encrypted.
CISA Question 1029
Question
Which of the following should an IS auditor review to determine user permissions that have been granted for a particular resource?
A. Systems logs
B. Access control lists (ACL)
C. Application logs
D. Error logs
Answer
B. Access control lists (ACL)
Explanation
IS auditors should review access-control lists (ACL) to determine user permissions that have been granted for a particular resource.
CISA Question 1030
Question
What is often assured through table link verification and reference checks?
A. Database integrity
B. Database synchronization
C. Database normalcy
D. Database accuracy
Answer
A. Database integrity
Explanation
Database integrity is most often ensured through table link verification and reference checks.