Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 3

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 251

Question

The implementation of access controls FIRST requires:

A. a classification of IS resources.
B. the labeling of IS resources.
C. the creation of an access control list.
D. an inventory of IS resources.

Answer

D. an inventory of IS resources.

CISA Question 252

Question

An IS auditor performing an independent classification of systems should consider a situation where functions could be performed manually at a tolerable cost for an extended period of time as:

A. critical
B. vital.
C. sensitive.
D. noncritical.

Answer

C. sensitive.

Explanation

Sensitive functions are best described as those that can be performed manually at a tolerable cost for an extended period of time. Critical functions are those that cannot be performed unless they are replaced by identical capabilities and cannot be replaced by manual methods.
Vital functions refer to those that can be performed manually but only for a brief period of time; this is associated with lower costs of disruption than critical functions. Noncritical functions may be interrupted for an extended period of time at little or no cost to the company, and require little time or cost to restore.

CISA Question 253

Question

Which of the following user profiles should be of MOST concern to an IS auditor when performing an audit of an EFT system?

A. Three users with the ability to capture and verify their own messages
B. Five users with the ability to capture and send their own messages
C. Five users with the ability to verify other users and to send their own messages
D. Three users with the ability to capture and verify the messages of other users and to send their own messages

Answer

A. Three users with the ability to capture and verify their own messages

Explanation

The ability of one individual to capture and verify messages represents an inadequate segregation, since messages can be taken as correct and as if they had already been verified.

CISA Question 254

Question

The reliability of an application system’s audit trail may be questionable if:

A. user IDs are recorded in the audit trail.
B. the security administrator has read-only rights to the audit file.
C. date and time stamps are recorded when an action occurs.
D. users can amend audit trail records when correcting system errors.

Answer

D. users can amend audit trail records when correcting system errors.

Explanation

An audit trail is not effective if the details in it can be amended.

CISA Question 255

Question

A hacker could obtain passwords without the use of computer tools or programs through the technique of:

A. social engineering.
B. sniffers.
C. back doors.
D. Trojan horses.

Answer

A. social engineering.

Explanation

Social engineering is based on the divulgence of private information through dialogues, interviews, inquiries, etc., in which a user may be indiscreet regarding their or someone else’s personal data. A sniffer is a computer tool to monitor the traffic in networks. Back doors are computer programs left by hackers to exploit vulnerabilities. Trojan horses are computer programs that pretend to supplant a real program; thus, the functionality of the program is not authorized and is usually malicious in nature.

CISA Question 256

Question

Which of the following provides the framework for designing and developing logical access controls?

A. Information systems security policy
B. Access control lists
C. Password management
D. System configuration files

Answer

A. Information systems security policy

Explanation

The information systems security policy developed and approved by an organization’s top management is the basis upon which logical access control is designed and developed. Access control lists, password management and systems configuration files are tools for implementing the access controls.

CISA Question 257

Question

The FIRST step in data classification is to:

A. establish ownership.
B. perform a criticality analysis.
C. define access rules.
D. create a data dictionary.

Answer

A. establish ownership.

Explanation

Data classification is necessary to define access rules based on a need-to-do and need-to-know basis. The data owner is responsible for defining the access rules; therefore, establishing ownership is the first step in data classification. The other choices are incorrect. A criticality analysis is required for protection of data, which takes input from data classification. Access definition is complete after data classification and input for a data dictionary is prepared from the data classification process.

CISA Question 258

Question

With the help of a security officer, granting access to data is the responsibility of:

A. data owners.
B. programmers.
C. system analysts.
D. librarians.

Answer

A. data owners.

Explanation

Data owners are responsible for the use of data. Written authorization for users to gain access to computerized information should be provided by the data owners. Security administration with the owners’ approval sets up access rules stipulating which users or group of users are authorized to access data or files and the level of authorized access (e.g., read or update).

CISA Question 259

Question

Security administration procedures require read-only access to:

A. access control tables.
B. security log files.
C. logging options.
D. user profiles.

Answer

B. security log files.

Explanation

Security administration procedures require read-only access to security log files to ensure that, once generated, the logs are not modified. Logs provide evidence and track suspicious transactions and activities. Security administration procedures require write access to access control tables to manage and update the privileges according to authorized business requirements. Logging options require write access to allow the administrator to update the way the transactions and user activities are monitored, captured, stored, processed and reported.

CISA Question 260

Question

Electromagnetic emissions from a terminal represent an exposure because they:

A. affect noise pollution.
B. disrupt processor functions.
C. produce dangerous levels of electric current.
D. can be detected and displayed.

Answer

D. can be detected and displayed.

Explanation

Emissions can be detected by sophisticated equipment and displayed, thus giving unauthorized person access to data. They should not cause disruption of CPUs or effect noise pollution.

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.