Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 65

  1. Which of the following would be the MOST effective method to address software license violations on employee workstations?

    • Restricting administrative rights on employee workstations
    • Requiring automated installation of software
    • Scanning of workstations daily for unauthorized software use
    • Implementing real-time monitoring software on employee workstations
  2. Which of the following BEST minimizes performance degradation of servers used to authenticate users of an e-commerce website?

    • Configure each authentication server and ensure that the disks of each server form part of a duplex.
    • Configure each authentication server as belonging to a cluster of authentication servers.
    • Configure a single server as a primary authentication server and a second server as a secondary authentication server.
    • Configure each authentication server and ensure that each disk of its RAID is attached to the primary controller.
  3. Which of the following should be the MOST important consideration when establishing data classification standards?

    • An education campaign is established upon rollout.
    • Reporting metrics are established.
    • Management supports the newly developed standards.
    • The standards comply with relevant regulations.
  4. The MAJOR reason for segregating test programs from production programs is to:

    • achieve segregation of duties between IS staff and end users.
    • limit access rights of IS staff to the development environment.
    • provide control over program changes.
    • provide the basis for efficient system change management.
  5. Which of the following entities is BEST suited to define the data classification levels within an organization?

    • Database administrator (DBA) based on the data schema
    • Legal compliance team based on the application regulations
    • Business owner responsible for the respective data
    • System administrator responsible for data security controls
  6. An IT organization’s incident response plan is which type of control?

    • Preventive
    • Corrective
    • Detective
    • Directive
  7. Which of the following is an example of a preventive control in an accounts payable system?

    • The system only allows payments to vendors who are included in the system’s master vendor list.
    • Policies and procedures are clearly communicated to all members of the accounts payable department.
    • The system produces daily payment summary reports that staff use to compare against invoice totals.
    • Backups of the system and its data are performed on a nightly basis and tested periodically.
  8. Which of the following areas of responsibility would cause the GREATEST segregation of duties conflict if the individual who performs the related tasks also has approval authority?

    • Purchase requisitions and purchase orders
    • Invoices and reconciliations
    • Vendor selection and statements of work
    • Good receipts and payments
  9. The information security function in a large organization is MOST effective when:

    • decentralized as close to the user as possible.
    • the function reports directly to the IS operations manager.
    • partnered with the IS development team to determine access rights.
    • established at a corporate-wide level.
  10. Which of the following is MOST helpful in preventing a systems failure from occurring when an application is replaced using the abrupt changeover technique?

    • Comprehensive documentation
    • Comprehensive testing
    • Threat and risk assessment
    • Change management
  11. Which of the following would represent an acceptable test of an organization’s business continuity plan (BCP)?

    • Benchmarking the plan against similar organizations
    • Paper test involving functional areas
    • Full test of computer operations at an emergency site
    • Walk-through of the plan with technology suppliers
  12. Which of the following would be the GREATEST risk associated with a new chat feature on a retailer’s website?

    • Productivity loss
    • Reputational damage
    • Data loss
    • System downtime
  13. Which of the following is the MOST likely result of the ongoing deterioration of a detective control?

    • Increased number of data loss events
    • Increased security incident response time
    • Decreased effectiveness of root cause analysis
    • Decreased overall recovery time
  14. Following the discovery of inaccuracies in a data warehouse, an organization has implemented data profiling, cleansing, and handling filters to enhance the quality of data obtained from connected sources. Which type of control has been applied?

    • Directive control
    • Corrective control
    • Compensating control
    • Detective control
  15. Which of the following is the BEST approach for performing a business impact analysis (BIA) of a supply-chain management application?

    • Circulating questionnaires to key internal stakeholders
    • Interviewing groups of key stakeholders
    • Accepting IT personnel’s view of business issues
    • Reviewing the organization’s policies and procedures
  16. Inherent risk ratings are determined by assessing the impact and likelihood of a threat or vulnerability occurring:

    • after internal controls are taken into account.
    • before the risk appetite is established.
    • after compensating controls have been applied.
    • before internal controls are taken into account.
  17. Which of the following is the BEST type of backup to minimize the associated time and media?

    • Differential
    • Incremental
    • Mirror
    • Compressed full
  18. Which of the following BEST provides continuous availability of network bandwidth for critical application services?

    • Configuration management
    • Cloud computing
    • Problem management
    • Quality of service (QoS)
  19. During a business process re-engineering (BPR) program, IT can assist with:

    • total cost of ownership.
    • focusing on value-added tasks.
    • segregation of duties.
    • streamlining of tasks.
  20. Which of the following would be MOST helpful when assessing how applications exchange data with other applications?

    • List of servers and their applications
    • Entity relationship diagram
    • Results of a risk assessment on the applications
    • Configuration management database