CISA (Certified Information Systems Auditor) 2020 Questions
AND Correct Answers
- ✔✔
A business application system accesses a corporate database
using a single ID and password embedded in a program.
Which of the following would provide efficient access control
over the organization's data? - ✔✔Apply role-based
permissions within the application system.
A business unit has selected a new accounting application and
did not consult with IT early in the selection process. The
PRIMARY risk is that: - ✔✔The application technology may be
inconsistent with the enterprise architecture.
The primary focus of the enterprise architecture (EA) is to
ensure that technology investments are consistent with the
platform, data and development standards of the IT
organization. The EA defines both a current and future state in
areas such as the use of standard platforms, databases or
programming languages. If a business unit selected an
application using a database or operating system that is not
part of the EA for the business, this increases the cost and
,complexity of the solution and ultimately delivers less value
to the business.
A certificate authority (CA) can delegate the processes of: -
✔✔establishing a link between the requesting entity and its
public key.
its public key is a function of a registration authority. This may
or may not be performed by a CA; therefore, this function can
be delegated.
A company has recently upgraded its purchase system to
incorporate electronic data interchange (EDI) transmissions.
Which of the following controls should be implemented in the
EDI interface to provide for efficient data mapping? -
✔✔Functional acknowledgements
Acting as an audit trail for electronic data interchange
transactions, functional acknowledgments are one of the main
controls used in data mapping.
,A company is planning to install a network-based intrusion
detection system to protect the web site that it hosts. Where
should the device be installed? - ✔✔In the demilitarized zone
Network-based intrusion detection systems (IDSs) detect
attack attempts by monitoring network traffic. A public web
server is typically placed on the protected network segment
known as the DMZ. An IDS installed in the DMZ detects and
reports on malicious activity originating from the Internet as
well as the internal network, thus allowing the administrator
to a
A cyclic redundancy check is commonly used to determine
the: - ✔✔validity of data transfer.
The accuracy of blocks of data transfers, such as data transfer
from hard disks, is validated by a cyclic redundancy check.
A decision support system is used to help high-level
management: - ✔✔Make decisions based on data analysis and
interactive models.
, A decision support system (DSS) emphasizes flexibility in the
decision-making approach of management through data
analysis and the use of interactive models, not fixed criteria.
A hard disk containing confidential data was damaged beyond
repair. If the goal is to positively prevent access to the data by
anyone else, what should be done to the hard disk before it is
discarded? - ✔✔Destruction
Physically destroying the hard disk is the most effective way
to ensure that data cannot be recovered.
A large chain of shops with electronic funds transfer at point-
of-sale devices has a central communications processor for
connecting to the banking network. Which of the following is
the BEST disaster recovery plan for the communications
processor? - ✔✔
A long-term IT employee with a strong technical background
and broad managerial experience has applied for a vacant
position in the IS audit department. Determining whether to
hire this individual for this position should be PRIMARILY
based on the individual's experience and: - ✔✔ability, as an IS
auditor, to be independent of existing IT relationships.
AND Correct Answers
- ✔✔
A business application system accesses a corporate database
using a single ID and password embedded in a program.
Which of the following would provide efficient access control
over the organization's data? - ✔✔Apply role-based
permissions within the application system.
A business unit has selected a new accounting application and
did not consult with IT early in the selection process. The
PRIMARY risk is that: - ✔✔The application technology may be
inconsistent with the enterprise architecture.
The primary focus of the enterprise architecture (EA) is to
ensure that technology investments are consistent with the
platform, data and development standards of the IT
organization. The EA defines both a current and future state in
areas such as the use of standard platforms, databases or
programming languages. If a business unit selected an
application using a database or operating system that is not
part of the EA for the business, this increases the cost and
,complexity of the solution and ultimately delivers less value
to the business.
A certificate authority (CA) can delegate the processes of: -
✔✔establishing a link between the requesting entity and its
public key.
its public key is a function of a registration authority. This may
or may not be performed by a CA; therefore, this function can
be delegated.
A company has recently upgraded its purchase system to
incorporate electronic data interchange (EDI) transmissions.
Which of the following controls should be implemented in the
EDI interface to provide for efficient data mapping? -
✔✔Functional acknowledgements
Acting as an audit trail for electronic data interchange
transactions, functional acknowledgments are one of the main
controls used in data mapping.
,A company is planning to install a network-based intrusion
detection system to protect the web site that it hosts. Where
should the device be installed? - ✔✔In the demilitarized zone
Network-based intrusion detection systems (IDSs) detect
attack attempts by monitoring network traffic. A public web
server is typically placed on the protected network segment
known as the DMZ. An IDS installed in the DMZ detects and
reports on malicious activity originating from the Internet as
well as the internal network, thus allowing the administrator
to a
A cyclic redundancy check is commonly used to determine
the: - ✔✔validity of data transfer.
The accuracy of blocks of data transfers, such as data transfer
from hard disks, is validated by a cyclic redundancy check.
A decision support system is used to help high-level
management: - ✔✔Make decisions based on data analysis and
interactive models.
, A decision support system (DSS) emphasizes flexibility in the
decision-making approach of management through data
analysis and the use of interactive models, not fixed criteria.
A hard disk containing confidential data was damaged beyond
repair. If the goal is to positively prevent access to the data by
anyone else, what should be done to the hard disk before it is
discarded? - ✔✔Destruction
Physically destroying the hard disk is the most effective way
to ensure that data cannot be recovered.
A large chain of shops with electronic funds transfer at point-
of-sale devices has a central communications processor for
connecting to the banking network. Which of the following is
the BEST disaster recovery plan for the communications
processor? - ✔✔
A long-term IT employee with a strong technical background
and broad managerial experience has applied for a vacant
position in the IS audit department. Determining whether to
hire this individual for this position should be PRIMARILY
based on the individual's experience and: - ✔✔ability, as an IS
auditor, to be independent of existing IT relationships.
