CISA Study Guide – Questions With Step By Step
Solutions
Save
Terms in this set (1811)
QUESTION: 1 A. The BCP has not been tested since it was first
Which of the following should be of issued.
GREATEST concern to an IS auditor
reviewing an organization's business
continuity plan (BCP)?
A. The BCP has not been tested since
it was first issued.
B. The BCP is not version-controlled.
C. The BCP's contact information
needs to be updated.
D. The BCP has not been approved by
senior management.
QUESTION: 2 C. Statistical metrics measuring capacity utilization
Which of the following would be
MOST useful when analyzing
computer performance?
A. Tuning of system software to
optimize resource usage
B. Operations report of user
dissatisfaction with response time
C. Statistical metrics measuring
capacity utilization
D. Report of off-peak utilization and
response time
,QUESTION: 3 D. Data integrity
Which of the following is the
GREATEST risk if two users have
concurrent access to the same
database record?
A. Entity integrity
B. Availability integrity
C. Referential integrity
D. Data integrity
QUESTION: 4 A. Ensure ownership is assigned.
Which of the following is the MOST
effective way for an organization to
help ensure agreed-upon action plans
from an IS audit will be implemented?
A. Ensure ownership is assigned.
B. Test corrective actions upon
completion.
C. Ensure sufficient audit resources
are allocated.
D. Communicate audit results
organization-wide.
QUESTION: 5 A. CCTV recordings are not regularly reviewed.
Which of the following issues
associated with a data center's closed
circuit television (CCTV) surveillance
cameras should be of MOST concern
to an IS auditor?
A. CCTV recordings are not regularly
reviewed.
B. CCTV records are deleted after one
year.
C. CCTV footage is not recorded 24 x
7.
D. CCTV cameras are not installed in
break rooms.
,QUESTION: 6 A. a clear business case has been established.
An IS auditor has been asked to audit
the proposed acquisition of new
computer hardware. The auditor's
PRIMARY concern is that:
A. a clear business case has been
established.
B. the new hardware meets
established security standards.
C. a full visible audit trail will be
included.
D. the implementation plan meets user
requirements.
QUESTION: 7 D. the same hashing algorithm as the sender's to
To confirm integrity for a hashed create a numerical representation of the file.
message the receiver should use:
A. the same hashing algorithm as the
sender's to create a binary image of
the file.
B. a different hashing algorithm from
the sender's to create a numerical
representation of the file.
C. a different hashing algorithm from
the sender's to create a binary image
of the file.
D. the same hashing algorithm as the
sender's to create a numerical
representation of the file.
QUESTION: 8 D. Parallel
An organization is implementing a
new system that supports a month-
end business process. Which of the
following implementation strategies
would be MOST efficient to decrease
business downtime?
A. Cutover
B. Phased
C. Pilot
D. Parallel
, QUESTION: 9 B. Identifying vulnerable assets
Which of the following should be the
FIRST step in managing the impact of
a recently discovered zero-day
attack?
A. Estimating potential damage
B. Identifying vulnerable assets
C. Evaluating the likelihood of attack
D. Assessing the impact of
vulnerabilities
QUESTION: 10 B. System testing
Which of the following is the BEST way
to ensure that an application is
performing according to its
specifications?
A. Pilot testing
B. System testing
C. Integration testing
D. Unit testing
QUESTION: 11 C. Monitor and restrict vendor activities.
Which of the following would be
MOST effective to protect information
assets in a data center from theft by a
vendor?
A. Conceal data devices and
information labels.
B. Issue an access card to the vendor.
C. Monitor and restrict vendor
activities.
D. Restrict use of portable and
wireless devices.
Solutions
Save
Terms in this set (1811)
QUESTION: 1 A. The BCP has not been tested since it was first
Which of the following should be of issued.
GREATEST concern to an IS auditor
reviewing an organization's business
continuity plan (BCP)?
A. The BCP has not been tested since
it was first issued.
B. The BCP is not version-controlled.
C. The BCP's contact information
needs to be updated.
D. The BCP has not been approved by
senior management.
QUESTION: 2 C. Statistical metrics measuring capacity utilization
Which of the following would be
MOST useful when analyzing
computer performance?
A. Tuning of system software to
optimize resource usage
B. Operations report of user
dissatisfaction with response time
C. Statistical metrics measuring
capacity utilization
D. Report of off-peak utilization and
response time
,QUESTION: 3 D. Data integrity
Which of the following is the
GREATEST risk if two users have
concurrent access to the same
database record?
A. Entity integrity
B. Availability integrity
C. Referential integrity
D. Data integrity
QUESTION: 4 A. Ensure ownership is assigned.
Which of the following is the MOST
effective way for an organization to
help ensure agreed-upon action plans
from an IS audit will be implemented?
A. Ensure ownership is assigned.
B. Test corrective actions upon
completion.
C. Ensure sufficient audit resources
are allocated.
D. Communicate audit results
organization-wide.
QUESTION: 5 A. CCTV recordings are not regularly reviewed.
Which of the following issues
associated with a data center's closed
circuit television (CCTV) surveillance
cameras should be of MOST concern
to an IS auditor?
A. CCTV recordings are not regularly
reviewed.
B. CCTV records are deleted after one
year.
C. CCTV footage is not recorded 24 x
7.
D. CCTV cameras are not installed in
break rooms.
,QUESTION: 6 A. a clear business case has been established.
An IS auditor has been asked to audit
the proposed acquisition of new
computer hardware. The auditor's
PRIMARY concern is that:
A. a clear business case has been
established.
B. the new hardware meets
established security standards.
C. a full visible audit trail will be
included.
D. the implementation plan meets user
requirements.
QUESTION: 7 D. the same hashing algorithm as the sender's to
To confirm integrity for a hashed create a numerical representation of the file.
message the receiver should use:
A. the same hashing algorithm as the
sender's to create a binary image of
the file.
B. a different hashing algorithm from
the sender's to create a numerical
representation of the file.
C. a different hashing algorithm from
the sender's to create a binary image
of the file.
D. the same hashing algorithm as the
sender's to create a numerical
representation of the file.
QUESTION: 8 D. Parallel
An organization is implementing a
new system that supports a month-
end business process. Which of the
following implementation strategies
would be MOST efficient to decrease
business downtime?
A. Cutover
B. Phased
C. Pilot
D. Parallel
, QUESTION: 9 B. Identifying vulnerable assets
Which of the following should be the
FIRST step in managing the impact of
a recently discovered zero-day
attack?
A. Estimating potential damage
B. Identifying vulnerable assets
C. Evaluating the likelihood of attack
D. Assessing the impact of
vulnerabilities
QUESTION: 10 B. System testing
Which of the following is the BEST way
to ensure that an application is
performing according to its
specifications?
A. Pilot testing
B. System testing
C. Integration testing
D. Unit testing
QUESTION: 11 C. Monitor and restrict vendor activities.
Which of the following would be
MOST effective to protect information
assets in a data center from theft by a
vendor?
A. Conceal data devices and
information labels.
B. Issue an access card to the vendor.
C. Monitor and restrict vendor
activities.
D. Restrict use of portable and
wireless devices.
