Page 1 of 220
Certified Information Systems Auditor CISA Exam
TESTBANK ALL 350 QUESTIONS AND CORRECT
ANSWERS LATEST UPDATE THIS YEAR
QUESTION: Fair Lending has implemented a disaster recovery plan. Andrew, CFO of Fair
Lending, wants to ensure that the implemented plan is adequate. Identify the immediate next
step from the following.
Initiate the Full Operational Test
Initiate the Desk-based Evaluation
Initiate the Preparedness Test
Socialize with the Senior Management and Obtain Sponsorship - ANSWER-B. The immediate
next step to evaluate the adequacy of a disaster recovery plan once it has been implemented is
to conduct a desk-based evaluation which is also known as a paper test. The paper test involves
walking through the plan and discussion on what might happen in a particular type of service
disruption with the major stakeholders. As per the best practice, the paper test precedes the
preparedness test.
QUESTION: There are various methods of suppressing a data center fire. Identify the MOST
effective and environmentally friendly method from the following.
1
, Page 2 of 220
Water-based systems (sprinkler systems)
Argonite systems
Carbon dioxide systems
Dry-pipe sprinkling systems - ANSWER-D, Dry-pipe sprinkling systems are the most effective and
environmentally friendly from the available options. In this system, the water does not flow
until the fire alarm activates a pump. Water-based systems (sprinkler systems) are
environmentally friendly but may not present the most effective option. In this system, the
water is always present in the piping, which can potentially leak, causing damage to equipment.
QUESTION: IT risk management process comprises of following 5 steps listed in no particular
sequence. (b) Asset Identification (e) Evaluation of Threats and Vulnerabilities to Assets (a)
Evaluation of the Impact (c) Calculation of Risk (d) Evaluation of and Response to Risk Identify
the correct sequence from the following
b, a, e, c, d
b, e, a, c, d
b, e, a, d, c
a, b, c, d, e - ANSWER-B. IT risk management process comprises of following 5 steps: Step 1:
Asset Identification Step 2: Evaluation of Threats and Vulnerabilities to Assets Step 3: Evaluation
of the Impact Step 4: Calculation of Risk Step 5: Evaluation of and Response to Risk
2
, Page 3 of 220
QUESTION: Palm Trading Company has implemented digital signatures to protect email
communication with their customers. Identify the benefit of using a digital signature from the
following.
Protects email content from unauthorized reading
Protects email content from data theft
Ensure timely delivery of email content
Ensures integrity of the email content - ANSWER-D. The digital signature is used for verifying
the identity of the sender and the integrity of the content.
QUESTION: Merlin, head of information systems audit at Cocoa Payroll Services, was invited to
a development project meeting. During the meeting, Merlin noted that no project risks were
documented and raised this issue with the head of IT. The IT project manager opined that it was
too early to identify risks and that they intend to hire a risk manager if risks do start impacting
the project. Identify the likely response from Merlin from the following.
Express the willingness to work with the risk manager when one is appointed
Emphasize the importance of identifying and documenting risks, and to develop contingency
plans
Since the project manager is accountable for the outcome of the project, it is reasonable to
accept his position
3
, Page 4 of 220
Inform the project manager of intent to conduct a review of the risks at the completion of the
requirements definition phase of the project - ANSWER-B An experienced project manager
must be able to identify the majority of key project risks at the beginning of the project, and
plan to deal with them when they do materialize
Q; Identify the most critical element from the following for the successful implementation and
ongoing regular maintenance of an information security policy. [BAC]
A.Management support and approval for the information security policy
B. Understanding of the information security policy by all appropriate parties
C. Punitive actions for any violation of information security rules
D. Stringent access control monitoring of information security rules - ANSWER-B. An
information security policy comprises of processes, procedures, and rules in an organization.
The most important aspect of a successful implementation of an information security policy is
the assimilation by all appropriate parties such as employees, service providers, and business
partners. Punitive actions for any violations are related to the education and awareness of the
policy.
QUESTION: Quick Micropayments has recently commissioned a critical online customer
platform. The CIO requested the information systems audit department to conduct an
independent review of the system. Identify the priority for the auditor to plan and initiate an
audit.
4
Certified Information Systems Auditor CISA Exam
TESTBANK ALL 350 QUESTIONS AND CORRECT
ANSWERS LATEST UPDATE THIS YEAR
QUESTION: Fair Lending has implemented a disaster recovery plan. Andrew, CFO of Fair
Lending, wants to ensure that the implemented plan is adequate. Identify the immediate next
step from the following.
Initiate the Full Operational Test
Initiate the Desk-based Evaluation
Initiate the Preparedness Test
Socialize with the Senior Management and Obtain Sponsorship - ANSWER-B. The immediate
next step to evaluate the adequacy of a disaster recovery plan once it has been implemented is
to conduct a desk-based evaluation which is also known as a paper test. The paper test involves
walking through the plan and discussion on what might happen in a particular type of service
disruption with the major stakeholders. As per the best practice, the paper test precedes the
preparedness test.
QUESTION: There are various methods of suppressing a data center fire. Identify the MOST
effective and environmentally friendly method from the following.
1
, Page 2 of 220
Water-based systems (sprinkler systems)
Argonite systems
Carbon dioxide systems
Dry-pipe sprinkling systems - ANSWER-D, Dry-pipe sprinkling systems are the most effective and
environmentally friendly from the available options. In this system, the water does not flow
until the fire alarm activates a pump. Water-based systems (sprinkler systems) are
environmentally friendly but may not present the most effective option. In this system, the
water is always present in the piping, which can potentially leak, causing damage to equipment.
QUESTION: IT risk management process comprises of following 5 steps listed in no particular
sequence. (b) Asset Identification (e) Evaluation of Threats and Vulnerabilities to Assets (a)
Evaluation of the Impact (c) Calculation of Risk (d) Evaluation of and Response to Risk Identify
the correct sequence from the following
b, a, e, c, d
b, e, a, c, d
b, e, a, d, c
a, b, c, d, e - ANSWER-B. IT risk management process comprises of following 5 steps: Step 1:
Asset Identification Step 2: Evaluation of Threats and Vulnerabilities to Assets Step 3: Evaluation
of the Impact Step 4: Calculation of Risk Step 5: Evaluation of and Response to Risk
2
, Page 3 of 220
QUESTION: Palm Trading Company has implemented digital signatures to protect email
communication with their customers. Identify the benefit of using a digital signature from the
following.
Protects email content from unauthorized reading
Protects email content from data theft
Ensure timely delivery of email content
Ensures integrity of the email content - ANSWER-D. The digital signature is used for verifying
the identity of the sender and the integrity of the content.
QUESTION: Merlin, head of information systems audit at Cocoa Payroll Services, was invited to
a development project meeting. During the meeting, Merlin noted that no project risks were
documented and raised this issue with the head of IT. The IT project manager opined that it was
too early to identify risks and that they intend to hire a risk manager if risks do start impacting
the project. Identify the likely response from Merlin from the following.
Express the willingness to work with the risk manager when one is appointed
Emphasize the importance of identifying and documenting risks, and to develop contingency
plans
Since the project manager is accountable for the outcome of the project, it is reasonable to
accept his position
3
, Page 4 of 220
Inform the project manager of intent to conduct a review of the risks at the completion of the
requirements definition phase of the project - ANSWER-B An experienced project manager
must be able to identify the majority of key project risks at the beginning of the project, and
plan to deal with them when they do materialize
Q; Identify the most critical element from the following for the successful implementation and
ongoing regular maintenance of an information security policy. [BAC]
A.Management support and approval for the information security policy
B. Understanding of the information security policy by all appropriate parties
C. Punitive actions for any violation of information security rules
D. Stringent access control monitoring of information security rules - ANSWER-B. An
information security policy comprises of processes, procedures, and rules in an organization.
The most important aspect of a successful implementation of an information security policy is
the assimilation by all appropriate parties such as employees, service providers, and business
partners. Punitive actions for any violations are related to the education and awareness of the
policy.
QUESTION: Quick Micropayments has recently commissioned a critical online customer
platform. The CIO requested the information systems audit department to conduct an
independent review of the system. Identify the priority for the auditor to plan and initiate an
audit.
4
