Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 15

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1571

Question

Which of the following refers to the collection of policies and procedures for implementing controls capable of restricting access to computer software and data files?

A. Binary access control
B. System-level access control
C. Logical access control
D. Physical access control
E. Component access control
F. None of the choices.

Answer

C. Logical access control

Explanation

Logical access control is about the use of a collection of policies, procedures, and controls to restrict access to computer software and data files.
Such control system should provide reasonable assurance that an organization’s objectives are being properly achieved securely and reliably.

CISA Question 1572

Question

A trojan horse simply cannot operate autonomously.

A. true
B. false

Answer

A. true

Explanation

As a common type of Trojan horses, a legitimate software might have been corrupted with malicious code which runs when the program is used. The key is that the user has to invoke the program in order to trigger the malicious code. In other words, a trojan horse simply cannot operate autonomously. You would also want to know that most but not all trojan horse payloads are harmful – a few of them are harmless.

CISA Question 1573

Question

Creating which of the following is how a hacker can insure his ability to return to the hacked system at will?

A. rootsec
B. checksum
C. CRC
D. backdoors
E. None of the choices.

Answer

D. backdoors

Explanation

A backdoor refers to a generally undocumented means of getting into a system, mostly for programming and maintenance/troubleshooting needs. Most real world programs have backdoors. Creating backdoors is how a hacker can insure his ability to return to the hacked system at will.

CISA Question 1574

Question

Which of the following is not a good tactic to use against hackers?

A. Enticement
B. Entrapment

Answer

B. Entrapment

Explanation

Enticement occurs after somebody has gained unlawful access to a system and then subsequently lured to a honey pot. Entrapment encourages the commitment of unlawful access. The latter is not a good tactic to use as it involves encouraging someone to commit a crime.

CISA Question 1575

Question

Which of the following is one most common way that spyware is distributed?

A. as a trojan horse.
B. as a virus.
C. as an Adware.
D. as a device driver.
E. as a macro.
F. None of the choices.

Answer

A. as a trojan horse.

Explanation

One of the most common ways that spyware is distributed is as a Trojan horse, bundled with a piece of desirable software that the user downloads off the Web or a peer-to-peer file-trading network. When the user installs the software, the spyware is installed alongside.

CISA Question 1576

Question

The sophistication and formality of IS audit programs may vary significantly depending on which of the following factors?

A. the target’s management hands-on involvement.
B. the target’s location.
C. the target’s size and complexity.
D. the target’s budget.
E. the target’s head count.
F. None of the choices.

Answer

C. the target’s size and complexity.

Explanation

Properly planned risk-based audit programs shall increase audit efficiency and effectiveness. The sophistication and formality of this kind of audit do vary a lot depending on the target’s size and complexity.

CISA Question 1577

Question

Properly planned risk-based audit programs are often capable of offering which of the following benefits?

A. audit efficiency and effectiveness.
B. audit efficiency only.
C. audit effectiveness only.
D. audit transparency only.
E. audit transparency and effectiveness.
F. None of the choices.

Answer

A. audit efficiency and effectiveness.

Explanation

Properly planned risk-based audit programs shall increase audit efficiency and effectiveness. The sophistication and formality of this kind of audit do vary a lot depending on the target’s size and complexity.

CISA Question 1578

Question

Which of the following should be seen as one of the most significant factors considered when determining the frequency of IS audits within your organization?

A. The cost of risk analysis
B. The income generated by the business function
C. Resource allocation strategy
D. The nature and level of risk
E. None of the choices.

Answer

D. The nature and level of risk

Explanation

You use a risk assessment process to describe and analyze the potential audit risks inherent in a given line of business. You should update such risk assessment at least annually to reflect changes. The level and nature of risk should be the most significant factors to be considered when determining the frequency of audits.

CISA Question 1579

Question

For application acquisitions with significant impacts, participation of your IS audit team should be encouraged:

A. early in the due diligence stage.
B. at the testing stage.
C. at the final approval stage.
D. at the budget preparation stage.
E. None of the choices.

Answer

A. early in the due diligence stage.

Explanation

For acquisitions with significant IT impacts, participation of IS audit is often necessary early in the due diligence stage as defined in the audit policy.

CISA Question 1580

Question

A comprehensive IS audit policy should include guidelines detailing what involvement the internal audit team should have?

A. in the development and coding of major OS applications.
B. in the acquisition and maintenance of major WEB applications.
C. in the human resource management cycle of the application development project.
D. in the development, acquisition, conversion, and testing of major applications.
E. None of the choices.

Answer

D. in the development, acquisition, conversion, and testing of major applications.

Explanation

The audit policy should include guidelines detailing what involvement internal audit will have in the development, acquisition, conversion, and testing of major applications. Such a policy must be approved by top management for it to be effective.