
2024 CISA Question Bank: Free PDF Download Recently Updated Questions
CISA Certification Exam Dumps with 1535 Practice Test Questions
NEW QUESTION # 205
Which of the following would be an IS auditor's GREATEST concern when reviewing the early stages of a software development project?
- A. The lack of completion of all requirements at the end of each sprint
- B. The lack of acceptance criteria behind user requirements
- C. The lack of a detailed unit and system test plan
- D. The lack of technical documentation to support the program code
Answer: B
NEW QUESTION # 206
Which of the following is the BEST preventative control to protect the confidentiality of data on a corporate
smartphone in the event it is lost?
- A. Password for device authentication
- B. Encryption of the data stored on the device
- C. Biometric authentication for the device
- D. Remote data wipe program
Answer: D
Explanation:
Section: Protection of Information Assets
NEW QUESTION # 207
Management has decided to include a compliance manager in the approval process for a new business that may require changes to tie IT infrastructure. Which of the following is the GREATEST benefit of this approach?
- A. Fewer views are needed when updating the IT compliance process
- B. Process accountabilities to external stakeholders are improved
- C. Regulatory risk exposures can be identified before they materialize
- D. Security breach incidents can be identified in early stages
Answer: C
NEW QUESTION # 208
A new application will require multiple interfaces. Which of the following testing methods can be used to detect interface errors early in the development life cycle1?
- A. Top down
- B. Acceptance
- C. Sociability
- D. Bottom up
Answer: C
NEW QUESTION # 209
An organization was recently notified by its regulatory body of significant discrepancies in its reporting data A preliminary investigation revealed that the discrepancies wore caused by problems with the organization's data quality Management has directed the data quality team to enhance their program. The audit committee has asked internal audit to be advisors to the process To ensure that management concerns are addressed which data set should internal audit recommend be reviewed FIRST?
- A. Data with customer personal information
- B. Data reported to the regulatory body
- C. Data impacting business objectives
- D. Data supporting financial statements
Answer: C
NEW QUESTION # 210
During a business process re-engineering (BPR) program, IT can assist with:
- A. total cost of ownership.
- B. streamlining of tasks.
- C. focusing on value-added tasks.
- D. segregation of duties.
Answer: C
Explanation:
Section: Information System Operations, Maintenance and Support
NEW QUESTION # 211
When developing a security architecture, which of the following steps should be executed FIRST?
- A. Developing security procedures
- B. Defining roles and responsibilities
- C. Specifying an access control methodology
- D. Defining a security policy
Answer: D
Explanation:
Section: Protection of Information Assets
Explanation:
Defining a security policy for information and related technology is the first step toward building a security architecture. A security policy communicates a coherent security standard to users, management and technical staff. Security policies will often set the stage in terms of what tools and procedures are needed for an organization. The other choices should be executed only after defining a security policy.
NEW QUESTION # 212
An IS auditor is assessing a recent migration of mission critical applications to a virtual platform. Which of the following observations poses the GREATEST risk to the organization?
- A. The migration was not approved by the board of directors.
- B. Role descriptions do not accurately reflect new virtualization responsibilities.
- C. Training for staff with new virtualization responsibilities has not been conducted.
- D. A post-implementation review of the hypervisor has not yet been conducted.
Answer: B
NEW QUESTION # 213
Which of the following is the MOST important feature of access control software?
- A. Nonrepudiation
- B. Authentication
- C. Identification
- D. Violation reporting
Answer: B
Explanation:
Section: Information System Operations, Maintenance and Support
NEW QUESTION # 214
The application systems of an organization using open-source software have no single recognized developer producing patches. Which of the following would be the MOST secure way of updating open-source software?
- A. identify and test suitable patches before applying them
- B. Code review and application of available patches
- C. Develop in-house patches
- D. Rewrite the patches and apply them
Answer: A
Explanation:
Suitable patches from the existing developers should be selected and tested before applying
them.
Rewriting the patches and applying them is not a correct answer because it would require skilled
resources and time to rewrite the patches. Code review could be possible but tests need to be
performed before applying the patches. Since the system was developed outside the organization,
the IT department may not have the necessary skills and resources to develop patches.
NEW QUESTION # 215
During an informatics security audit of a mid-sized organization an IS auditor notes that the organizations information security policy is not sufficient. What is the auditor's BEST recommendation for the organization?
- A. Define roles and responsibilities for regularly updating the policy
- B. Obtain an external consultants support to rewrite the pokey
- C. Perform a Benchmark with competitors' polices
- D. Identify and close gaps compared to a best-practice framework
Answer: B
NEW QUESTION # 216
A now regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification. Which of the following is the IS auditors BEST recommendation to facilitate compliance with the regulation?
- A. Include the requirement in the incident management response plan.
- B. Establish key performance indicators (KPls) for timely identification of security incidents.
- C. Engage an external security incident response expert for incident handling.
- D. Enhance the alert functionality of the intrusion detection system (IDS).
Answer: D
NEW QUESTION # 217
Which of the following should MOST concern an IS auditor reviewing an intrusion detection system (IDS)?
- A. Legitimate traffic blocked by the system
- B. Reliability of IDS logs
- C. Number of false positives
- D. Number of false negatives
Answer: B
NEW QUESTION # 218
Which of the following is a guiding best practice for implementing logical access controls?
- A. Access is granted on a least-privilege basis, per the organization's data owners
- B. Classifying data according to the subject's requirements
- C. Implementing the Take-Grant access control model
- D. Implementing the Biba Integrity Model
Answer: A
Explanation:
Explanation/Reference:
Explanation:
Logical access controls should be reviewed to ensure that access is granted on a least-privilege basis, per the organization's data owners.
NEW QUESTION # 219
The use of a GANTT chart can:
- A. direct the post-implementation review.
- B. aid in scheduling project tasks.
- C. determine project checkpoints.
- D. ensure documentation standards.
Answer: B
Explanation:
A GANTT chart is used in project control. It may aid in the identification of needed checkpoints but its primary use is in scheduling. It will not ensure the completion of documentation nor will it provide direction for the post-implementation review.
NEW QUESTION # 220
Which of the following analytical methods would be MOST useful when trying to identify groups with similar behavior or characteristics in a large population?
- A. Classification
- B. Clustering
- C. Deviation detection
- D. Correlation analysis
Answer: D
NEW QUESTION # 221
An IS auditor is conducting a pre-implementation review to determine a new system's production readiness. The auditor's PRIMARY concern should be whether:
- A. benefits realization has been evidenced
- B. the project adhered to the budget and target date.
- C. users were involved in the quality assurance (QA) testing.
- D. there are unresolved high-risk items
Answer: D
NEW QUESTION # 222
Which of the following provides the BEST evidence of an organization's disaster recovery readiness?
- A. A disaster recovery plan
- B. Processes for maintaining the disaster recovery plan
- C. Customer references for the alternate site provider
- D. Results of tests and drills
Answer: D
Explanation:
Plans are important, but mere plans do not provide reasonable assurance unless tested. References for the alternate site provider and the existence and maintenance of a disaster recovery plan are important, but only tests and drills demonstrate the adequacy of the plans and provide reasonable assurance of an organization's disaster recovery readiness.
NEW QUESTION # 223
An IS auditor is conducting a review of a data center. Which of the following observations could indicate an access control Issue?
- A. Fencing around facility is two meters high
- B. Security cameras deployed outside main entrance
- C. Muddy footprints directly inside the emergency exit
- D. Antistatic mats deployed at the computer room entrance
Answer: C
NEW QUESTION # 224
In the event of a data center disaster, which of the following would be the MOST appropriate strategy to enable a complete recovery of a critical database?
- A. Real-time data backup to the local storage area network (SAN)
- B. Daily data backup to tape and storage at a remote site
- C. Hard disk mirroring to a local server
- D. Real-time replication to a remote site
Answer: D
Explanation:
Explanation/Reference:
Explanation:
With real-time replication to a remote site, data are updated simultaneously in two separate locations; therefore, a disaster in one site would not damage the information located in the remote site. This assumes that both sites were not affected by the disaster. Daily tape backup recovery could lose up to a day's work of datA. Choices C and D take place in the same data center and could possibly be affected by the same disaster.
NEW QUESTION # 225
......
New CISA Exam Dumps with High Passing Rate: https://www.prep4away.com/ISACA-certification/braindumps.CISA.ete.file.html
ISACA CISA Actual Questions and Braindumps: https://drive.google.com/open?id=1NREOI1oJPFwUhRd-CzMkzFAKfDU7mgwK