The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1571
- Question
- Answer
- Explanation
- CISA Question 1572
- Question
- Answer
- Explanation
- CISA Question 1573
- Question
- Answer
- Explanation
- CISA Question 1574
- Question
- Answer
- Explanation
- CISA Question 1575
- Question
- Answer
- Explanation
- CISA Question 1576
- Question
- Answer
- Explanation
- CISA Question 1577
- Question
- Answer
- Explanation
- CISA Question 1578
- Question
- Answer
- Explanation
- CISA Question 1579
- Question
- Answer
- Explanation
- CISA Question 1580
- Question
- Answer
- Explanation
CISA Question 1571
Question
Which of the following refers to the collection of policies and procedures for implementing controls capable of restricting access to computer software and data files?
A. Binary access control
B. System-level access control
C. Logical access control
D. Physical access control
E. Component access control
F. None of the choices.
Answer
C. Logical access control
Explanation
Logical access control is about the use of a collection of policies, procedures, and controls to restrict access to computer software and data files.
Such control system should provide reasonable assurance that an organization’s objectives are being properly achieved securely and reliably.
CISA Question 1572
Question
A trojan horse simply cannot operate autonomously.
A. true
B. false
Answer
A. true
Explanation
As a common type of Trojan horses, a legitimate software might have been corrupted with malicious code which runs when the program is used. The key is that the user has to invoke the program in order to trigger the malicious code. In other words, a trojan horse simply cannot operate autonomously. You would also want to know that most but not all trojan horse payloads are harmful – a few of them are harmless.
CISA Question 1573
Question
Creating which of the following is how a hacker can insure his ability to return to the hacked system at will?
A. rootsec
B. checksum
C. CRC
D. backdoors
E. None of the choices.
Answer
D. backdoors
Explanation
A backdoor refers to a generally undocumented means of getting into a system, mostly for programming and maintenance/troubleshooting needs. Most real world programs have backdoors. Creating backdoors is how a hacker can insure his ability to return to the hacked system at will.
CISA Question 1574
Question
Which of the following is not a good tactic to use against hackers?
A. Enticement
B. Entrapment
Answer
B. Entrapment
Explanation
Enticement occurs after somebody has gained unlawful access to a system and then subsequently lured to a honey pot. Entrapment encourages the commitment of unlawful access. The latter is not a good tactic to use as it involves encouraging someone to commit a crime.
CISA Question 1575
Question
Which of the following is one most common way that spyware is distributed?
A. as a trojan horse.
B. as a virus.
C. as an Adware.
D. as a device driver.
E. as a macro.
F. None of the choices.
Answer
A. as a trojan horse.
Explanation
One of the most common ways that spyware is distributed is as a Trojan horse, bundled with a piece of desirable software that the user downloads off the Web or a peer-to-peer file-trading network. When the user installs the software, the spyware is installed alongside.
CISA Question 1576
Question
The sophistication and formality of IS audit programs may vary significantly depending on which of the following factors?
A. the target’s management hands-on involvement.
B. the target’s location.
C. the target’s size and complexity.
D. the target’s budget.
E. the target’s head count.
F. None of the choices.
Answer
C. the target’s size and complexity.
Explanation
Properly planned risk-based audit programs shall increase audit efficiency and effectiveness. The sophistication and formality of this kind of audit do vary a lot depending on the target’s size and complexity.
CISA Question 1577
Question
Properly planned risk-based audit programs are often capable of offering which of the following benefits?
A. audit efficiency and effectiveness.
B. audit efficiency only.
C. audit effectiveness only.
D. audit transparency only.
E. audit transparency and effectiveness.
F. None of the choices.
Answer
A. audit efficiency and effectiveness.
Explanation
Properly planned risk-based audit programs shall increase audit efficiency and effectiveness. The sophistication and formality of this kind of audit do vary a lot depending on the target’s size and complexity.
CISA Question 1578
Question
Which of the following should be seen as one of the most significant factors considered when determining the frequency of IS audits within your organization?
A. The cost of risk analysis
B. The income generated by the business function
C. Resource allocation strategy
D. The nature and level of risk
E. None of the choices.
Answer
D. The nature and level of risk
Explanation
You use a risk assessment process to describe and analyze the potential audit risks inherent in a given line of business. You should update such risk assessment at least annually to reflect changes. The level and nature of risk should be the most significant factors to be considered when determining the frequency of audits.
CISA Question 1579
Question
For application acquisitions with significant impacts, participation of your IS audit team should be encouraged:
A. early in the due diligence stage.
B. at the testing stage.
C. at the final approval stage.
D. at the budget preparation stage.
E. None of the choices.
Answer
A. early in the due diligence stage.
Explanation
For acquisitions with significant IT impacts, participation of IS audit is often necessary early in the due diligence stage as defined in the audit policy.
CISA Question 1580
Question
A comprehensive IS audit policy should include guidelines detailing what involvement the internal audit team should have?
A. in the development and coding of major OS applications.
B. in the acquisition and maintenance of major WEB applications.
C. in the human resource management cycle of the application development project.
D. in the development, acquisition, conversion, and testing of major applications.
E. None of the choices.
Answer
D. in the development, acquisition, conversion, and testing of major applications.
Explanation
The audit policy should include guidelines detailing what involvement internal audit will have in the development, acquisition, conversion, and testing of major applications. Such a policy must be approved by top management for it to be effective.