The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1591
- Question
- Answer
- CISA Question 1592
- Question
- Answer
- CISA Question 1593
- Question
- Answer
- Explanation
- CISA Question 1594
- Question
- Answer
- Explanation
- CISA Question 1595
- Question
- Answer
- Explanation
- CISA Question 1596
- Question
- Answer
- Explanation
- CISA Question 1597
- Question
- Answer
- Explanation
- CISA Question 1598
- Question
- Answer
- Explanation
- CISA Question 1599
- Question
- Answer
- Explanation
- CISA Question 1600
- Question
- Answer
- Explanation
CISA Question 1591
Question
The purpose of a mainframe audit is to provide assurance that processes are being implemented as required, the mainframe is operating as it should, security is strong, and that procedures in place are working and are updated as needed. The auditor may accordingly make recommendations for improvement. Which of the following types of audit always takes high priority over the others? (Choose five.)
A. System audit
B. Application audit
C. Software audit
D. License audit
E. Security server audit
F. None of the choices.
Answer
A. System audit
B. Application audit
C. Software audit
D. License audit
E. Security server audit
CISA Question 1592
Question
In a security server audit, focus should be placed on (Choose two.):
A. proper segregation of duties
B. adequate user training
C. continuous and accurate audit trail
D. proper application licensing
E. system stability
F. performance and controls of the system
G. None of the choices.
Answer
A. proper segregation of duties
C. continuous and accurate audit trail
CISA Question 1593
Question
Which of the following refers to a primary component of corporate risk management with the goal of minimizing the risk of prosecution for software piracy due to use of unlicensed software?
A. Software audit
B. System audit
C. Application System audit
D. Test audit
E. Mainframe audit
F. None of the choices.
Answer
A. Software audit
Explanation
Software audits are a component of corporate risk management, with the goal of minimizing the risk of prosecution for software piracy due to use of unlicensed software. From time to time internal or external audits may take a forensic approach to establish what is installed on the computers in an organization with the purpose of ensuring that it is all legal and authorized and to ensure that its process of processing transactions or events is correct.
CISA Question 1594
Question
The technique of rummaging through commercial trash to collect useful business information is known as:
A. Information diving
B. Intelligence diving
C. Identity diving
D. System diving
E. Program diving
F. None of the choices.
Answer
A. Information diving
Explanation
Dumpster diving in the form of information diving describes the practice of rummaging through commercial trash to find useful information such as files, letters, memos, passwords …etc.
CISA Question 1595
Question
Fault-tolerance is a feature particularly sought-after in which of the following kinds of computer systems:
A. desktop systems
B. laptop systems
C. handheld PDAs
D. business-critical systems
E. None of the choices.
Answer
D. business-critical systems
Explanation
Fault-tolerance enables a system to continue operating properly in the event of the failure of some parts of it. It avoids total breakdown, and is particularly sought- after in high-availability environment full of business critical systems.
CISA Question 1596
Question
Physical access controls are usually implemented based on which of the following means (Choose two.):
A. mechanical locks
B. guards
C. operating systems
D. transaction applications
E. None of the choices.
Answer
A. mechanical locks
B. guards
Explanation
In physical security, access control refers to the practice of restricting entrance to authorized persons. Human means of enforcement include guard, bouncer, receptionist … etc. Mechanical means may include locks and keys.
CISA Question 1597
Question
In the context of physical access control, what is known as the process of verifying user identities?
A. Authentication
B. Authorization
C. Accounting
D. Encryption
E. Compression
F. None of the choices.
Answer
A. Authentication
Explanation
Authentication is the process of verifying a user’s claimed identity. It is based on at least one of these three factors: Something you know, Something you have, or Something you are.
CISA Question 1598
Question
Effective transactional controls are often capable of offering which of the following benefits (Choose four.):
A. reduced administrative and material costs
B. shortened contract cycle times
C. enhanced procurement decisions
D. diminished legal risk
E. None of the choices.
Answer
A. reduced administrative and material costs
B. shortened contract cycle times
C. enhanced procurement decisions
D. diminished legal risk
Explanation
Transactional systems provide a baseline necessary to measure and monitor contract performance and provide a method for appraising efficiency against possible areas of exposure. Effective transactional controls reduce administrative and material costs, shorten contract cycle times, enhance procurement decisions, and diminish legal risk.
CISA Question 1599
Question
Common implementations of strong authentication may use which of the following factors in their authentication efforts (Choose three.):
A. ‘something you know’
B. ‘something you have’
C. ‘something you are’
D. ‘something you have done in the past on this same system’
E. ‘something you have installed on this same system’
F. None of the choices.
Answer
A. ‘something you know’
B. ‘something you have’
C. ‘something you are’
Explanation
Two-factor authentication (T-FA) refers to any authentication protocol that requires two independent ways to establish identity and privileges.
Common implementations of two-factor authentication use ‘something you know’ as one of the two factors, and use either ‘something you have’ or ‘something you are’ as the other factor. In fact, using more than one factor is also called strong authentication. On the other hand, using just one factor is considered by some weak authentication.
CISA Question 1600
Question
Which of the following refers to any authentication protocol that requires two independent ways to establish identity and privileges?
A. Strong-factor authentication
B. Two-factor authentication
C. Dual-password authentication
D. Two-passphrases authentication
E. Dual-keys authentication
F. Rich-factor authentication
Answer
B. Two-factor authentication
Explanation
Two-factor authentication (T-FA) refers to any authentication protocol that requires two independent ways to establish identity and privileges.
Common implementations of two-factor authentication use ‘something you know’ as one of the two factors, and use either ‘something you have’ or ‘something you are’ as the other factor. In fact, using more than one factor is also called strong authentication. On the other hand, using just one factor is considered by some weak authentication.