Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 15

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1591

Question

The purpose of a mainframe audit is to provide assurance that processes are being implemented as required, the mainframe is operating as it should, security is strong, and that procedures in place are working and are updated as needed. The auditor may accordingly make recommendations for improvement. Which of the following types of audit always takes high priority over the others? (Choose five.)

A. System audit
B. Application audit
C. Software audit
D. License audit
E. Security server audit
F. None of the choices.

Answer

A. System audit
B. Application audit
C. Software audit
D. License audit
E. Security server audit

CISA Question 1592

Question

In a security server audit, focus should be placed on (Choose two.):

A. proper segregation of duties
B. adequate user training
C. continuous and accurate audit trail
D. proper application licensing
E. system stability
F. performance and controls of the system
G. None of the choices.

Answer

A. proper segregation of duties
C. continuous and accurate audit trail

CISA Question 1593

Question

Which of the following refers to a primary component of corporate risk management with the goal of minimizing the risk of prosecution for software piracy due to use of unlicensed software?

A. Software audit
B. System audit
C. Application System audit
D. Test audit
E. Mainframe audit
F. None of the choices.

Answer

A. Software audit

Explanation

Software audits are a component of corporate risk management, with the goal of minimizing the risk of prosecution for software piracy due to use of unlicensed software. From time to time internal or external audits may take a forensic approach to establish what is installed on the computers in an organization with the purpose of ensuring that it is all legal and authorized and to ensure that its process of processing transactions or events is correct.

CISA Question 1594

Question

The technique of rummaging through commercial trash to collect useful business information is known as:

A. Information diving
B. Intelligence diving
C. Identity diving
D. System diving
E. Program diving
F. None of the choices.

Answer

A. Information diving

Explanation

Dumpster diving in the form of information diving describes the practice of rummaging through commercial trash to find useful information such as files, letters, memos, passwords …etc.

CISA Question 1595

Question

Fault-tolerance is a feature particularly sought-after in which of the following kinds of computer systems:

A. desktop systems
B. laptop systems
C. handheld PDAs
D. business-critical systems
E. None of the choices.

Answer

D. business-critical systems

Explanation

Fault-tolerance enables a system to continue operating properly in the event of the failure of some parts of it. It avoids total breakdown, and is particularly sought- after in high-availability environment full of business critical systems.

CISA Question 1596

Question

Physical access controls are usually implemented based on which of the following means (Choose two.):

A. mechanical locks
B. guards
C. operating systems
D. transaction applications
E. None of the choices.

Answer

A. mechanical locks
B. guards

Explanation

In physical security, access control refers to the practice of restricting entrance to authorized persons. Human means of enforcement include guard, bouncer, receptionist … etc. Mechanical means may include locks and keys.

CISA Question 1597

Question

In the context of physical access control, what is known as the process of verifying user identities?

A. Authentication
B. Authorization
C. Accounting
D. Encryption
E. Compression
F. None of the choices.

Answer

A. Authentication

Explanation

Authentication is the process of verifying a user’s claimed identity. It is based on at least one of these three factors: Something you know, Something you have, or Something you are.

CISA Question 1598

Question

Effective transactional controls are often capable of offering which of the following benefits (Choose four.):

A. reduced administrative and material costs
B. shortened contract cycle times
C. enhanced procurement decisions
D. diminished legal risk
E. None of the choices.

Answer

A. reduced administrative and material costs
B. shortened contract cycle times
C. enhanced procurement decisions
D. diminished legal risk

Explanation

Transactional systems provide a baseline necessary to measure and monitor contract performance and provide a method for appraising efficiency against possible areas of exposure. Effective transactional controls reduce administrative and material costs, shorten contract cycle times, enhance procurement decisions, and diminish legal risk.

CISA Question 1599

Question

Common implementations of strong authentication may use which of the following factors in their authentication efforts (Choose three.):

A. ‘something you know’
B. ‘something you have’
C. ‘something you are’
D. ‘something you have done in the past on this same system’
E. ‘something you have installed on this same system’
F. None of the choices.

Answer

A. ‘something you know’
B. ‘something you have’
C. ‘something you are’

Explanation

Two-factor authentication (T-FA) refers to any authentication protocol that requires two independent ways to establish identity and privileges.
Common implementations of two-factor authentication use ‘something you know’ as one of the two factors, and use either ‘something you have’ or ‘something you are’ as the other factor. In fact, using more than one factor is also called strong authentication. On the other hand, using just one factor is considered by some weak authentication.

CISA Question 1600

Question

Which of the following refers to any authentication protocol that requires two independent ways to establish identity and privileges?

A. Strong-factor authentication
B. Two-factor authentication
C. Dual-password authentication
D. Two-passphrases authentication
E. Dual-keys authentication
F. Rich-factor authentication

Answer

B. Two-factor authentication

Explanation

Two-factor authentication (T-FA) refers to any authentication protocol that requires two independent ways to establish identity and privileges.
Common implementations of two-factor authentication use ‘something you know’ as one of the two factors, and use either ‘something you have’ or ‘something you are’ as the other factor. In fact, using more than one factor is also called strong authentication. On the other hand, using just one factor is considered by some weak authentication.