Download New Updated (July) Isaca CISA Actual Test 1-10

Ensurepass

QUESTION 1

What must an IS auditor understand before performing an application audit? Choose the BEST answer.

 

A.

The potential business impact of application risks.

B.

Application risks must first be identified.

C.

Relative business processes.

D.

Relevant application risks.

 

Correct Answer: C

Explanation:

An IS auditor must first understand relative business processes before performing an application audit.

 

 

QUESTION 2

Which of the following help(s) prevent an organization’s systems from participating in a distributed denial-of-service (DDoS) attack? Choose the BEST answer.

 

A.

Inbound traffic filtering

B.

Using access control lists (ACLs) to restrict inbound connection attempts

C.

Outbound traffic filtering

D.

Recentralizing distributed systems

 

Correct Answer: C

Explanation:

Outbound traffic filtering can help prevent an organization’s systems from participating in a distributed denial-of-service (DDoS) attack.

 

 

QUESTION 3

How is the risk of improper file access affected upon implementing a database system?

 

A.

Risk varies.

B.

Risk is reduced.

C.

Risk is not affected.

D.

Risk is increased.

 

Correct Answer: D

Explanation:

Improper file access becomes a greater risk when implementing a database system.

 

 

QUESTION 4

Why does the IS auditor often review the system logs?

 

A.

To get evidence of password spoofing

B.

To get evidence of data copy activities

C.

To determine the existence of unauthorized access to data by a user or program

D.

To get evidence of password sharing

 

Correct Answer: C

Explanation:

When trying to determine the existence of unauthorized access to data by a user or program, the IS auditor will often review the system logs.

 

 

QUESTION 5

What should IS auditors always check when auditing password files?

 

A.

That deleting password files is protected

B.

That password files are encrypted

C.

That password files are not accessible over the network

D.

That password files are archived

 

Correct Answer: B

Explanation:

IS auditors should always check to ensure that password files are encrypted.< /span>

 

 

QUESTION 6

What is the most common purpose of a virtual private network implementation?

 

A.

A virtual private network (VPN) helps to secure access between an enterprise and its partners when communicating over an otherwise unsecured channel such as the Internet.

B.

A virtual private network (VPN) helps to secure access between an enterprise and its partners when communicating over a dedicated T1 connection.

C.

A virtual private network (VPN) helps to secure access within an enterprise when communicating over a dedicated T1 connection between network segments within the same facility.

D.

A virtual private network (VPN) helps to secure access between an enterprise and its partners when communicating over a wireless connection.

 

Correct Answer: A

Explanation:

A virtual private network (VPN) helps to secure access between an enterprise and its partners when communicating over an otherwise unsecured channel such as the Internet.

 

 

QUESTION 7

Which of the following data validation edits is effective in detecting transposition and transcription errors?

 

A.

Range check

B.

Check digit

C.

Validity check

D.

Duplicate check

 

Correct Answer: B

Explanation:

A check digit is a numeric value that is calculated mathematically and is appended to data to ensure that the original data have not been altered or an incorrect, but valid, value substituted. This control is effective in detecting transposition and transcription errors.

 

 

 

 

 

QUESTION 8

Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan’s effectiveness?

 

A.

Paper test

B.

Post test

C.

Preparedness test

D.

Walk-through

 

Correct Answer: C

Explanation:

A preparedness test is a localized version of a full test, wherein resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost-effective way to gradually obtain evidence about the plan’s effectiveness. It also provides a means to improve the plan in increments.

 

 

QUESTION 9

Which of the following types of data validation editing checks is used to determine if a field contains data, and not zeros or blanks?

 

A.

Check digit

B.

Existence check

C.

Completeness check

D.

Reasonableness check

 

Correct Answer: C

Explanation:

A completeness check is used to determine if a field contains data and not zeros or blanks.

 

 

QUESTION 10

Which of the following is a program evaluation review technique that considers different scenarios for planning and control projects?

 

A.

Function Point Analysis (FPA)

B.

GANTT

C.

Rapid Application Development (RAD)

D.

PERT

 

Correct Answer: D

Explanation:

PERT is a program-evaluation review technique that considers different scenarios for planning and control projects.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CISA Real Tests (July) and tagged , , , , , , . Bookmark the permalink.