CISA EXAM PRACTICE
QUESTIONS AND 100% CORRECT
ANSWERS!!
Question #:181 - (Exam Topic 3)
Which of the following is the MOST effective way for an organization to help ensure
agreed-upon action plans from an IS audit will be implemented? A. Ensure
sufficient audit resources are allocated,
B. Communicate audit results organization-wide.
C. Ensure ownership is assigned.
D. Test corrective actions upon completion.
C. Ensure ownership is assigned.
Question #:185 - (Exam Topic 3)
Which of the following is the MOST important consideration for an IS auditor when
assessing the adequacy of an organization's information security policy A. IT steering
committee minutes
B. Business objectives
C. Alignment with the IT tactical plan
D. Compliance with industry best practice
B. Business objectives.
Question #:186 - (Exam Topic 3)
An organization has engaged a third party to implement an application to perform
business-critical calculations. Which of the following is the MOST important process to
help ensure the application provides accurate calculations? A. Key performance
indicator (KPI) monitoring
,B. Change management
C. Configuration management
D. Quality assurance (QA)
A. Key performance indicator (KPI) monitoring.
Question #:188 - (Exam Topic 3)
Which of the following would be an appropriate role of internal audit in helping
to establish an organization's privacy program? A. Analyzing risks posed by new
regulations
B. Developing procedures to monitor the use of personal data
C. Defining roles within the organization related to privacy
D. Designing controls to protect personal data
A. Analyzing risks posed by new regulations.
Question #:190 - (Exam Topic 3)
An IS auditor reviewing the threat assessment tor a data center would be MOST
concerned if:
A. some of the identified throats are unlikely to occur.
B. all identified throats relate to external entities.
C. the exercise was completed by local management.
D. neighboring organizations operations have been included.
B. all identified throats relate to external entities.
Question #:193 - (Exam Topic 3)
The PRIMARY purpose of a configuration management system is to:
A. track software updates.
B. define baselines for software.
C. support the release procedure.
D. standardize change approval.
B. define baselines for software.
, Question #:195 - (Exam Topic 3)
Which of the following types of environmental equipment will MOST likely be deployed
below the floor tiles of a data center?
A. Temperature sensors
B. Humidity sensors
C. Water sensors
D. Air pressure sensors
C. Water sensors.
Question #:196 - (Exam Topic 3)
If enabled within firewall rules, which of the following services would present
the GREATEST risk?
A. Simple mail transfer protocol (SMTP)
B. Simple object access protocol (SOAP)
C. Hypertext transfer protocol (HTTP)
D. File transfer protocol (FTP)
D. File transfer protocol (FTP).
Question #:197 - (Exam Topic 3)
What Is the BEST method to determine if IT resource spending is aligned with planned
project spending?
A. Earned value analysis (EVA)
B. Return on investment (ROI) analysis
C. Gantt chart
D. Critical path analysis
A. Earned value analysis (EVA).
Question #:198 - (Exam Topic 3)
Which of the following should be of GREATEST concern to an IS auditor reviewing
an organization's business continuity plan (BCP)?
A. The BCP's contact information needs to be
updated B. The BCP is not version controlled.
QUESTIONS AND 100% CORRECT
ANSWERS!!
Question #:181 - (Exam Topic 3)
Which of the following is the MOST effective way for an organization to help ensure
agreed-upon action plans from an IS audit will be implemented? A. Ensure
sufficient audit resources are allocated,
B. Communicate audit results organization-wide.
C. Ensure ownership is assigned.
D. Test corrective actions upon completion.
C. Ensure ownership is assigned.
Question #:185 - (Exam Topic 3)
Which of the following is the MOST important consideration for an IS auditor when
assessing the adequacy of an organization's information security policy A. IT steering
committee minutes
B. Business objectives
C. Alignment with the IT tactical plan
D. Compliance with industry best practice
B. Business objectives.
Question #:186 - (Exam Topic 3)
An organization has engaged a third party to implement an application to perform
business-critical calculations. Which of the following is the MOST important process to
help ensure the application provides accurate calculations? A. Key performance
indicator (KPI) monitoring
,B. Change management
C. Configuration management
D. Quality assurance (QA)
A. Key performance indicator (KPI) monitoring.
Question #:188 - (Exam Topic 3)
Which of the following would be an appropriate role of internal audit in helping
to establish an organization's privacy program? A. Analyzing risks posed by new
regulations
B. Developing procedures to monitor the use of personal data
C. Defining roles within the organization related to privacy
D. Designing controls to protect personal data
A. Analyzing risks posed by new regulations.
Question #:190 - (Exam Topic 3)
An IS auditor reviewing the threat assessment tor a data center would be MOST
concerned if:
A. some of the identified throats are unlikely to occur.
B. all identified throats relate to external entities.
C. the exercise was completed by local management.
D. neighboring organizations operations have been included.
B. all identified throats relate to external entities.
Question #:193 - (Exam Topic 3)
The PRIMARY purpose of a configuration management system is to:
A. track software updates.
B. define baselines for software.
C. support the release procedure.
D. standardize change approval.
B. define baselines for software.
, Question #:195 - (Exam Topic 3)
Which of the following types of environmental equipment will MOST likely be deployed
below the floor tiles of a data center?
A. Temperature sensors
B. Humidity sensors
C. Water sensors
D. Air pressure sensors
C. Water sensors.
Question #:196 - (Exam Topic 3)
If enabled within firewall rules, which of the following services would present
the GREATEST risk?
A. Simple mail transfer protocol (SMTP)
B. Simple object access protocol (SOAP)
C. Hypertext transfer protocol (HTTP)
D. File transfer protocol (FTP)
D. File transfer protocol (FTP).
Question #:197 - (Exam Topic 3)
What Is the BEST method to determine if IT resource spending is aligned with planned
project spending?
A. Earned value analysis (EVA)
B. Return on investment (ROI) analysis
C. Gantt chart
D. Critical path analysis
A. Earned value analysis (EVA).
Question #:198 - (Exam Topic 3)
Which of the following should be of GREATEST concern to an IS auditor reviewing
an organization's business continuity plan (BCP)?
A. The BCP's contact information needs to be
updated B. The BCP is not version controlled.
