Beruflich Dokumente
Kultur Dokumente
Isaca
Exam CISA
Certified Information Systems Auditor
Verson: Demo
[ Total Questions: 10 ]
Isaca CISA : Practice Test
Topic break down
Question No : 1 - (Topic 1)
Answer: C
Explanation: The primary reason an IS auditor reviews an organization chart is to better
understand the responsibilities and authority of individuals.
Question No : 2 - (Topic 3)
Answer: B
Explanation:
The security policy provides the broad framework of security, as laid down and approved
by senior management. It includes a definition of those authorized to grant access and the
basis for granting the access. Choices A, B and C are more detailed than that which should
be included in a policy.
Question No : 3 - (Topic 4)
Answer: D
Explanation:
It is important that the data entered from a remote site is edited and validated prior to
transmission to the central processing site.
Question No : 4 - (Topic 6)
To detect attack attempts that the firewall is unable to recognize, an IS auditor should
recommend placing a network intrusion detection system (IDS) between the:
Answer: A
Explanation:
Attack attempts that could not be recognized by the firewall will be detected if a network-
Question No : 5 - (Topic 6)
A. User-level permissions
B. Role-based
C. Fine-grained
D. Discretionary
Answer: B
Explanation:
Role-based access controls the system access by defining roles for a group of users.
Users are assigned to the various roles and the access is granted based on the user's role.
User-level permissions for an ERP system would create a larger administrative overhead.
Fine-grained access control is very difficult to implement and maintain in the context of a
large enterprise. Discretionary access control may be configured or modified by the users
or data owners, and therefore may create inconsistencies in the access control
management.
Question No : 6 - (Topic 7)
When auditing a disaster recovery plan for a critical business area, an IS auditor finds that
it does not cover all the systems. Which of the following is the MOST appropriate action for
the IS auditor?
A. Alert management and evaluate the impact of not covering all systems.
B. Cancel the audit.
C. Complete the audit of the systems covered by the existing disaster recovery plan.
D. Postpone the audit until the systems are added to the disaster recovery plan.
Answer: A
Explanation:
Question No : 7 - (Topic 8)
You should know the difference between an exploit and a vulnerability. Which of the
following refers to a weakness in the system?
A. exploit
B. vulnerability
C. both
Answer: B
Explanation:
You should know the difference between an exploit and a vulnerability. An exploit refers to
software, data, or commands capable of taking advantage of a bug, glitch or vulnerability in
order to cause unintended behavior. Vulnerability in this sense refers to a weakness in the
system.
Question No : 8 - (Topic 8)
Answer: D
Explanation:
Question No : 9 - (Topic 8)
Answer: A
Explanation:
Passwords are the first defensive line in protecting your data and information. Your users
need to be made aware of what a password provides them and what can be done with their
password. They also need to be made aware of the things that make up a good password
versus a bad password. A good password has mixed-case alphabetic characters, numbers,
and symbols. Do use a password that is at least eight or more characters.
Question No : 10 - (Topic 8)
Talking about biometric authentication, physical characteristics typically include (choose all
that apply):
A. fingerprints
B. eye retinas
C. irises
D. facial patterns
E. hand measurements
F. None of the choices.
Answer: A,B,C,D,E
Explanation:
Biometric authentication refers to technologies that measure and analyze human physical