CISA Practice exam 1

IS auditor is reviewing database security for an organizatino. What would be most important consideration for database hardening.

The BEST method of confirming the accuracy of a system tax calculation is by:

IS auditor reviewing wireless network security determines that the Dynamic host Configuration Protocol is disabled at all wireless access points. What does this practice help with

During planning stage of IS auditor, what is the primary goal of an IS auditor?

In a risk-based information systems (IS) audit, where both inherent and control risk ahve been assessed as high, an IS auditor would most likely compensate the scenario by performing additional what?

What is a key benefit of a control self-assessment (CSA)?

To support an organization’s goals, an IT department should have

IS auditor has been assigned to conduct a test that compares job run logs to computer job schedules. What observation would be the greatest concern to the IS auditor?

IS auditor uses computer-assisted audit techniques (CAATs) to collect and analyze data. What attribute of evidence is most affected by using CAATs?

What should be the first action of an IS auditor during a dispute with a department manager over audit findings?

What is the primary consideration for an IS auditor reviewing the prioritzation and coordinatio of IT projects and program management?

An organization purchased a third-party application and made significant modifications. While auditing the development process for this customer-facing application, the IS auditor noted that the vendor has been in business for only one year. What would help mitigate the risk relating to continued application support?

What antispam filtering method has the lowest possibility fo false-positive alerts?

What represents the greatest risk crated by a reciprocal agreement for disaster recovery between two organizations?

Offsite information processing facility (IPF) with electrical wiring, air conditioning and flooring, but no computer or communications equipment is referred to as what?

what type of penetration test simulates a real attack and is used to test incident handling and repsonse capability of the target?

IS auditor reviewing an org’s disaster recovery plan (DRP) should primarily verify that it is

An organizatio nhas contracted with a vendor for a turnkey solution for its electronic toll collection system (ETCS). The vendor has provided its proprietary application software as part of the solution. What should the contract require?

\

An IS auditor who has discovered unauthorized transactions during a review of electronic data interchange (EDI) transactions is likely to recommend improving what?

Organization with extremely high security requirements is evaluating the effectiveness of biometric systems. What performance indicator is most important?

email traffic from the internet is routed via firewall-1 to the mail gateway. Mail is routed from the mail gateway, vai firewall-2, to the mail recipients in the internal network. The IDS detects traffic for the internal wall did not originate from teh mail gateway. The first action triggered by the IDS should be to?

digitial signatures require what in regards to public/private keys?

IS auditor found that the enterprise architecture (EA) recently adopted by an organization has an adequate current-state representation. However, the organization has started a separate project to develop a future-state representation. The IS auditor should do what?

when reviewing system parameters, an IS auditor’s primary concern should be that?

IS auditor reviewing a recently completed conversion to a new enterprise resource planning system. In the final stage of the conversion process, the organization ran the old and new systems in parallel for 30 days before allowing the new system to run on its own. What is the most significatn advantage to the organization using this strategy?

What is the best factor for determining the required extent of data collection during the planning phase of an IS compliance audit?

When determing the acceptable time period for the resumption of critical business processes, what should be evaluated?

what should the IS auditor review to ensure the correct version of a data file is used for a production run?

what is the best way to minimize unauthorized access to unattended end-user PC systems?