Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 106

  1. Which of the following controls can BEST detect accidental corruption during transmission of data across a network?

    • Sequence checking
    • Parity checking
    • Symmetric encryption
    • Check digit verification

    Explanation: 
    Parity check is used to detect transmission errors in the data. When a parity check is applied to a single character, it is called vertical or column check. In addition, if a parity check is applied to all the data it is called vertical or row check. By using both types of parity check simultaneously can greatly increase the error detection possibility, which may not be possible when only one type of parity check is used.

  2. An IS auditor is asked to identify risk within an organization’s software development project. The project manager tells the auditor that an agile development methodology is being used to minimize the lengthy development process. Which of the following would be of GREATEST concern to the auditor?

    • Each team does its own testing.
    • The needed work has not yet been fully identified.
    • Some of the developers have not attended recent training.
    • Elements of the project have not been documented.
  3. Which of the following must be in place before an IS auditor initiates audit follow-up activities?

    • A heat map with the gaps and recommendations displayed in terms of risk
    • A management response in the final report with a committed implementation date
    • Supporting evidence for the gaps and recommendations mentioned in the audit report
    • Available resources for the activities included in the action plan
  4. To maintain the confidentiality of information moved between office and home on removable media, which of the following is the MOST effective control?

    • Mandatory file passwords
    • Security awareness training
    • Digitally signed media
    • Data encryption
  5. An organization transmits large amounts of data from one internal system to another. The IS auditor is reviewing the quality of the data at the originating point. Which of the following should the auditor verify FIRST?

    • The data has been encrypted.
    • The data transformation is accurate.
    • The data extraction process is completed.
    • The source data is accurate.
  6. An IS auditor intends to accept a management position in the data processing department within the same organization. However, the auditor is currently working on an audit of a major application and has not yet finished the report. Which of the following would be the BEST step for the IS auditor to take?

    • Start in the position and inform the application owner of the job change.
    • Start in the position immediately.
    • Disclose this issue to the appropriate parties.
    • Complete the audit without disclosure and then start in the position.
  7. Which of the following would BEST describe an audit risk?

    • The company is being sued for false accusations.
    • The financial report may contain undetected material errors.
    • Key employees have not taken vacation for 2 years.
    • Employees have been misappropriating funds.
  8. During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be MOST concerned with the:

    • allocation of resources during an emergency.
    • maintenance of hardware and software compatibility.
    • differences in IS policies and procedures.
    • frequency of system testing.
  9. While planning a review of IT governance, the IS auditor is MOST likely to:

    • examine audit committee minutes for IS-related matters and their control.
    • obtain information about the framework of control adopted by management.
    • assess whether business process owner responsibilities are consistent across the organization.
    • review compliance with policies and procedures issued by the board of directors.
  10. What is the MOST difficult aspect of access control in a multiplatform, multiple-site client/server environment?

    • Creating new user IDs valid only on a few hosts
    • Maintaining consistency throughout all platforms
    • Restricting a local user to necessary resources on a local platform
    • Restricting a local user to necessary resources on the host server
  11. Which of the following cloud deployment models would BEST meet the needs of a startup software development organization with limited initial capital?

    • Private
    • Public
    • Community
    • Hybrid
  12. An IS auditor is reviewing documentation of application systems change control and identifies several patches that were not tested before being put into production. Which of the following is the MOST significant risk from this situation?

    • Developer access to production
    • Lack of system integrity
    • Outdated system documentation
    • Loss of application support
  13. Which of the following would BEST help ensure information security is effective following the outsourcing of network operations?

    • Test security controls periodically.
    • Review security key performance indicators (KPIs).
    • Establish security service level agreements (SLAs).
    • Appoint a security service delivery monitoring manager.
  14. As part of a mergers and acquisitions activity, an acquiring organization wants to consolidate data and system from the organization being acquired into existing systems. To ensure the data is relevant, the acquiring organization should:

    • obtain data quality software.
    • define data quality requirements based on business needs.
    • automate the process of data collection and cleaning.
    • implement a data warehouse solution.
  15. The business owner’s approval of software changes being moved into production is PRIMARILY necessary to:

    • ensure that an application functionality requirement is satisfied.
    • prevent unauthorized access to data.
    • inform management of deployments of new functionality.
    • confirm there is a process to control system changes.
  16. A warehouse employee of a retail company has been able to conceal the theft of inventory items by entering adjustments of either damaged or lost stock items to the inventory system. Which control would have BEST prevented this type of fraud in a retail environment?

    • An edit check for the validity of the inventory transaction
    • Separate authorization for input of transactions
    • Unscheduled audits of lost stock lines
    • Statistical sampling of adjustment transactions
  17. Which of the following controls will MOST effectively detect inconsistent records resulting from the lack of referential integrity in a database management system?

    • Concurrent access controls
    • Incremental data backups
    • Performance monitoring tools
    • Periodic table link checks
  18. Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?

    • Apply single sign-on for access control.
    • Enforce an internal data access policy.
    • Enforce the use of digital signatures.
    • Implement segregation of duties.
  19. Which of the following is the MOST effective way for an organization to protect against data leakage?

    • Conduct periodic security awareness training.
    • Limit employee Internet access.
    • Review firewall logs for anomalies.
    • Develop a comprehensive data loss prevention policy.
  20. Which of the following would BEST help to support an auditor’s conclusion about the effectiveness of an implemented data classification program?

    • Detailed data classification scheme
    • Access rights provisioned according to scheme
    • Business use cases and scenarios
    • Purchase of information management tools