Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 60

  1. An existing system is being replaced with a new application package. User acceptance testing (UAT) should ensure that:

    • data from the old system has been converted correctly
    • the new system functions as expected
    • the new system is better than the old system
    • there is a business need for the new system
  2. An employee of an organization has reported losing a smartphone that contains sensitive information. The BEST step to address this situation should be to:

    • terminate the device connectivity
    • escalated to the user’s management
    • disable the user’s access to corporate resources
    • remotely wipe the device
  3. As part of an international expansion plan, an organization has acquired a company located in another jurisdiction. Which of the following would be the BEST way to maintain an effective information security program?

    • Determine new factors that could influence the information security strategy.
    • Implement the current information security program in the acquired company.
    • Merge the two information security programs to establish continuity.
    • Ensure information security is included in any change control efforts.
  4. In an organization that has undergone an expansion through an acquisition, which of the following would BEST secure the enterprise network?

    • Business or role-based segmentation
    • Using security groups
    • Log analysis of system access
    • Encryption of data traversing networks.
  5. Which type of control is being implemented when a biometric access device is installed at the entrance to a facility?

    • Preventive
    • Deterrent
    • Corrective
    • Detective
  6. Which of the following is the BEST physical security solution for granting and restricting access to individuals based on their unique access needs?

    • Bolting door locks
    • Cipher locks
    • Closed-circuit television (CCTV)
    • Electronic badge system
  7. Which of the following methods should be used to purge confidential data from write-once optical media?

    • Degauss the media.
    • Destroy the media.
    • Remove the references to data from the access index.
    • Write over the data with null values.
  8. Which of the following is the MOST effective way to minimize the risk of a SQL injection attack?

    • Reconfiguring content filtering settings
    • Performing activity monitoring
    • Using secure coding practices
    • Implementing an intrusion detection tool
  9. Which of the following is used in providing logical access control to restrict updating or deleting business information in a relational database?

    • Trigger
    • View
    • Join
    • Primary key
  10. Which of the following is the MOST reliable control to prevent double payments made as a result of payment system batch jobs restarting after processing errors?

    • Database rollback in case of processing errors
    • Review of batch job competition logs
    • Duplicate verification at the last possible point in processing
    • Restart procedures integrated in job controls
  11. A programmer has made unauthorized changes to key fields in a payroll system report. Which of the following control weaknesses would have contributed MOST to this problem?

    • The user requirements were not documented.
    • Payroll files were not under the control of a librarian.
    • The programmer did not involve the user in testing.
    • The programmer has access to the production programs.
  12. Which cloud deployment model is MOST likely to be limited in scalability?

    • Public
    • Private
    • Hybrid
    • Community
  13. Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following is the IS auditor’s BEST recommendation?

    • Ensure the business signs off on end-to-end user acceptance test results.
    • Ensure corrected program code is compiled in a dedicated server.
    • Ensure change management reports are independently reviewed.
    • Ensure programmers cannot access code after the completion of program edits.
  14. During a computer forensics investigation, what is the PRIMARY reason for obtaining a bit-for-bit copy of data in storage?

    • To document findings
    • To obtain residual data
    • To obtain data as well as source code details
    • To transfer the data into a controlled location
  15. Controls related to authorized modifications to production programs are BEST tested by:

    • testing only the authorizations to implement the new program.
    • tracing modifications from the executable program back to the original request for change.
    • reviewing only the actual lines of source code changed in the program.
    • tracing modifications from the original request for change forward to the executable program.
  16. IS management has decided to replace the current single-server-based local area network (LAN) with three interconnected servers running different operating systems. Existing applications and data on the old server have been exclusively distributed on the new servers. This will MOST likely result in:

    • disclosure of information.
    • multiple authentication.
    • data incompleteness.
    • data unavailability.
  17. A retailer normally uses a scanner to read product labels and input product codes and prices. The unit is not functioning and staff are keying information manually. With respect to the accuracy of the input, it is likely that:

    • audit risk has increased.
    • control risk has increased.
    • inherent risk has decreased.
    • detection risk has decreased.
  18. When reviewing an end-user computing (EUC) application, which of the following techniques is MOST appropriate for testing program logic?

    • Integrated testing facility
    • Test decking
    • Re-performance
    • Key calculation inspection
  19. Which of the following would provide the MOST assurance that an application will work in a live environment?

    • Walking through the programs to view the results of error processing
    • Processing of test data to prove that data can be passed between individual programs
    • Walking through the programs to view the results of processing copies of production data.
    • Processing of valid and erroneous data in an acceptance test environment
  20. For a company that outsources payroll processing, which of the following is the BEST way to ensure that only authorized employees are paid?

    • The company’s bank reconciliations should be independently prepared and checked.
    • Employees should receive pay statements showing gross pay, net pay, and deductions.
    • Only payroll employees should be given the password for data entry and report retrieval.
    • Electronic payroll reports should be independently reviewed.