CISA Practice Exam Questions AND ANSWERS GRADE A+ SOLUTIONS

The objective of concurrency control in a database system is to: Select an answer: A. restrict updating of the database to authorized users. B. prevent integrity problems when two processes attempt to update the same data at the same time. C. prevent inadvertent or unauthorized disclosure of data in the database. D. ensure the accuracy, completeness and consistency of data. B. prevent integrity problems when two processes attempt to update the same data at the same time. Which of the following security measures BEST ensures the integrity of information stored in a data warehouse? a read-only restriction An organization has just completed its annual risk assessment. Regarding the business continuity plan, what should an IS auditor recommend as the next step for the organization? Review and evaluate the business continuity plan for adequacy An IS auditor discovers that devices connected to the network are not included in a network diagram that had been used to develop the scope of the audit. The chief information officer explains that the diagram is being updated and awaiting final approval. The IS auditor should FIRST: evaluate the impact of the undocumented devices on the audit scope. When auditing the archiving process of emails, the IS auditor should pay the MOST attention to: the existence of a data retention policy. During an audit of an enterprise that is dedicated to e-commerce, the IS manager states that digital signatures are used when receiving communications from customers. To substantiate this, an IS auditor must prove that which of the following is used? A hash of the data that is transmitted and encrypted with the customer's private key A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of receiving financial data and has communicated the site's address, user ID and password to the financial services company in separate email messages. The company is to transmit its data to the FTP site after manually encrypting the data. The IS auditor's GREATEST concern with this process is that: the users may not remember to manually encrypt the data before transmission. Which of the following choices would be the BEST source of information when developing a risk-based audit plan? Senior management identify key business processes. An IS auditor performing a review of application controls would evaluate the: impact of any exposures discovered. An IS auditor is reviewing Secure Sockets Layer enabled web sites for the company. Which of the following choices would be the HIGHEST risk? Self-signed digital certificates A large chain of shops with electronic funds transfer at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? Alternative standby processor at another network node Which of the following should an IS auditor review to understand project progress in terms of time, budget and deliverables for early detection of possible overruns and for projecting estimates at completion? earned value analysis (This is an industry standard method for measuring a project's progress at any given point in time, forecasting its completion date and final cost, and analyzing variances in the schedule and budget as the project proceeds. It compares the planned amount of work with what has actually been completed to determine if the cost, schedule and work accomplished are progressing in accordance with the plan. EVA works most effectively if a well-formed work breakdown structure exists.) The MAIN purpose for periodically testing offsite disaster recovery facilities is to: ensure the continued compatibility of the contingency facilities. The success of control self-assessment depends highly on: line managers assuming a portion of the responsibility for control monitoring (The primary objective of a control self-assessment (CSA) program is to leverage the internal audit function by shifting some of the control monitoring responsibilities to the functional area line managers. The success of a CSA program depends on the degree to which line managers assume responsibility for controls. This enables line managers to detect and respond to control errors promptly.) What is a risk associated with attempting to control physical access to sensitive areas such as computer rooms using card keys or locks? Unauthorized individuals wait for controlled doors to open and walk in behind those authorized. The vice president of human resources has requested an IS audit to identify payroll overpayments for the previous year. Which would be the BEST audit technique to use in this situation? Generalized audit software (This features include mathematical computations, stratification, statistical analysis, sequence checking, duplicate checking and re-computations. An IS auditor, using generalized audit software, can design appropriate tests to recompute the payroll, thereby determining whether there were overpayments and to whom they were made.) Recovery procedures for an information processing facility are BEST based on: recovery time objective. (This is the amount of time allowed for the recovery of a business function or resource after a disaster occurs; the RTO is the desired recovery time frame based on maximum tolerable outage (MTO) and available recovery alternatives.) An IS auditor has been asked to review the implementation of a customer relationship management system for a large organization. The IS auditor discovered the project incurred significant over-budget expenses and scope creep caused the project to miss key dates. Which of the following should the IS auditor recommend for future projects? a software baseline A comprehensive and effective email policy should address the issues of email structure, policy enforcement, monitoring and: rentention Which of the following would be the BEST access control procedure? the data owner formally authorizes access and an administrator implements the user authorization tables The role of the certificate authority (CA) as a third party is to: confirm the identity of the entity owning a certificate issued by that CA. Which of the following is the initial step in creating a firewall policy? Identification of network applications to be externally accessed It is MOST appropriate to implement an incremental backup scheme when: there is limited media capacity (incremental bakups, after full backups only backup the files that were changed.) A centralized antivirus system determines whether each personal computer has the latest signature files and installs the latest CONTINUED........