s@lm@n

Isaca
Exam CISA
Certified Information Systems Auditor
Verson: Demo

[ Total Questions: 10 ]
 Isaca CISA : Practice Test
Topic break down

Topic No. of Questions

Topic 1: Main Questions (240 Main 1
Questions)
Topic 3: IT GOVERNANCE (111 1
PRACTICE QUESTION)
Topic 4: SYSTEMS AND 1
INFRASTRUCTURE LIFECYCLE
MANAGEMENT (130 PRACTICE
QUESTIONS)
Topic 6: PROTECTION OF 2
INFORMATION ASSETS (251
PRACTICE QUESTIONS)
Topic 7: BUSINESS CONTINUITY AND 1
DISASTER RECOVERY (111 PRACTICE
QUESTIONS)
Topic 8: Mixed Questions 4

Pass Your Certification With Marks4sure Guarantee 2

 Isaca CISA : Practice Test
Topic 1, Main Questions (240 Main Questions)

Question No : 1 - (Topic 1)

Why does an IS auditor review an organization chart?

A. To optimize the responsibilities and authority of individuals

B. To control the responsibilities and authority of individuals
C. To better understand the responsibilities and authority of individuals
D. To identify project sponsors

Answer: C
Explanation: The primary reason an IS auditor reviews an organization chart is to better
understand the responsibilities and authority of individuals.

Topic 3, IT GOVERNANCE (111 PRACTICE QUESTION)

Question No : 2 - (Topic 3)

Which of the following should be included in an organization's IS security policy?

A. A list of key IT resources to be secured

B. The basis for access authorization
C. Identity of sensitive security features
D. Relevant software security features

Answer: B
Explanation:
The security policy provides the broad framework of security, as laid down and approved
by senior management. It includes a definition of those authorized to grant access and the
basis for granting the access. Choices A, B and C are more detailed than that which should
be included in a policy.

Topic 4, SYSTEMS AND INFRASTRUCTURE LIFECYCLE MANAGEMENT (130

PRACTICE QUESTIONS)

Question No : 3 - (Topic 4)

The editing/validation of data entered at a remote site would be performed MOST

Pass Your Certification With Marks4sure Guarantee 3

 Isaca CISA : Practice Test
effectively at the:

A. central processing site after running the application system.

B. central processing site during the running of the application system.
C. remote processing site after transmission of the data to the central processing site.
D. remote processing site prior to transmission of the data to the central processing site.

Answer: D
Explanation:
It is important that the data entered from a remote site is edited and validated prior to
transmission to the central processing site.

Topic 6, PROTECTION OF INFORMATION ASSETS (251 PRACTICE QUESTIONS)

Question No : 4 - (Topic 6)

To detect attack attempts that the firewall is unable to recognize, an IS auditor should
recommend placing a network intrusion detection system (IDS) between the:

A. Firewall and the organization's network.

B. Internet and the firewall.
C. Internet and the web server.
D. Web server and the firewall.

Answer: A
Explanation:
Attack attempts that could not be recognized by the firewall will be detected if a network-

Pass Your Certification With Marks4sure Guarantee 4

 Isaca CISA : Practice Test
based intrusion detection system is placed between the firewall and the organization's
network. A network-based intrusion detection system placed between the internet and the
firewall will detect attack attempts, whether they do or do not enter the firewall.

Question No : 5 - (Topic 6)

An organization is using an enterprise resource management (ERP) application. Which of

the following would be an effective access control?

A. User-level permissions
B. Role-based
C. Fine-grained
D. Discretionary

Answer: B
Explanation:
Role-based access controls the system access by defining roles for a group of users.
Users are assigned to the various roles and the access is granted based on the user's role.
User-level permissions for an ERP system would create a larger administrative overhead.
Fine-grained access control is very difficult to implement and maintain in the context of a
large enterprise. Discretionary access control may be configured or modified by the users
or data owners, and therefore may create inconsistencies in the access control
management.

Topic 7, BUSINESS CONTINUITY AND DISASTER RECOVERY (111 PRACTICE

QUESTIONS)

Question No : 6 - (Topic 7)

When auditing a disaster recovery plan for a critical business area, an IS auditor finds that
it does not cover all the systems. Which of the following is the MOST appropriate action for
the IS auditor?

A. Alert management and evaluate the impact of not covering all systems.
B. Cancel the audit.
C. Complete the audit of the systems covered by the existing disaster recovery plan.
D. Postpone the audit until the systems are added to the disaster recovery plan.

Answer: A
Explanation:

Pass Your Certification With Marks4sure Guarantee 5

 Isaca CISA : Practice Test
An IS auditor should make management aware that some systems are omitted from the
disaster recovery plan. An IS auditor should continue the audit and include an evaluation of
the impact of not including all systems in the disaster recovery plan. Cancelling the audit,
ignoring the fact that some systems are not covered or postponing the audit are
inappropriate actions to take.

Topic 8, Mixed Questions

Question No : 7 - (Topic 8)

You should know the difference between an exploit and a vulnerability. Which of the
following refers to a weakness in the system?

A. exploit
B. vulnerability
C. both

Answer: B
Explanation:

You should know the difference between an exploit and a vulnerability. An exploit refers to
software, data, or commands capable of taking advantage of a bug, glitch or vulnerability in
order to cause unintended behavior. Vulnerability in this sense refers to a weakness in the
system.

Question No : 8 - (Topic 8)

Which of the following refers to the proving of mathematical theorems by a computer

program?

A. Analytical theorem proving

B. Automated technology proving
C. Automated theorem processing
D. Automated theorem proving
E. None of the choices.

Answer: D
Explanation:

Pass Your Certification With Marks4sure Guarantee 6

 Isaca CISA : Practice Test
Automated theorem proving (ATP) is the proving of mathematical theorems by a computer
program. Depending on the underlying logic, the problem of deciding the validity of a
theorem varies from trivial to impossible. Commercial use of automated theorem proving is
mostly concentrated in integrated circuit design and verification.

Question No : 9 - (Topic 8)

Which of the following are the characteristics of a good password?

A. It has mixed-case alphabetic characters, numbers, and symbols.

B. It has mixed-case alphabetic characters and numbers.
C. It has mixed-case alphabetic characters and symbols.
D. It has mixed-case alphabetic characters, numbers, and binary codes.
E. None of the choices.

Answer: A
Explanation:

Passwords are the first defensive line in protecting your data and information. Your users
need to be made aware of what a password provides them and what can be done with their
password. They also need to be made aware of the things that make up a good password
versus a bad password. A good password has mixed-case alphabetic characters, numbers,
and symbols. Do use a password that is at least eight or more characters.

Question No : 10 - (Topic 8)

Talking about biometric authentication, physical characteristics typically include (choose all
that apply):

A. fingerprints
B. eye retinas
C. irises
D. facial patterns
E. hand measurements
F. None of the choices.

Answer: A,B,C,D,E
Explanation:

Biometric authentication refers to technologies that measure and analyze human physical

Pass Your Certification With Marks4sure Guarantee 7

 Isaca CISA : Practice Test
and behavioral characteristics for authentication purposes.
Physical characteristics include fingerprints, eye retinas and irises, facial patterns and hand
measurements, while behavioral characteristics include signature, gait and typing patterns.
Voice is often considered as a mix of both
physical and behavioral characteristics.

Pass Your Certification With Marks4sure Guarantee 8