CISA Certified Information Systems Auditor Certification Practice Test

Which of the following could lead to an unintentional loss of confidentiality? Choose the BEST answer

Options are :

  • Lack of security policy enforcement procedures
  • A momentary lapse of reason
  • Lack of employee awareness of a company's information security policy (Correct)
  • Failure to comply with a company's information security policy

Answer : Lack of employee awareness of a company's information security policy

How is the time required for transaction processing review usually affected by properly implemented Electronic Data Interface (EDI)?

Options are :

  • Cannot be determined.
  • EDI usually increases the time necessary for review.
  • EDI usually decreases the time necessary for review. (Correct)
  • EDI does not affect the time necessary for review.

Answer : EDI usually decreases the time necessary for review.

Proper segregation of duties normally does not prohibit a LAN administrator from also having programming responsibilities. True or false?

Options are :

  • FALSE (Correct)
  • TRUE

Answer : FALSE

What topology provides the greatest redundancy of routes and the greatest network fault tolerance?

Options are :

  • A bus network topology
  • A mesh network topology with packet forwarding enabled at each host (Correct)
  • A ring network topology
  • A star network topology

Answer : A mesh network topology with packet forwarding enabled at each host

What type of approach to the development of organizational policies is often driven by risk assessment?

Options are :

  • Comprehensive
  • Top-down (Correct)
  • Bottom-up
  • Integrated

Answer : Top-down

Who is ultimately accountable for the development of an IS security policy?

Options are :

  • Middle management
  • The board of directors (Correct)
  • Security administrators
  • Network administrators

Answer : The board of directors

What can ISPs use to implement inbound traffic filtering as a control to identify IP packets transmitted from unauthorized sources? Choose the BEST answer.

Options are :

  • Virtual Private Networks
  • Point-to-Point Tunneling Protocol
  • OSI Layer 2 switches with packet filtering enabled
  • Access Control Lists (ACL) (Correct)

Answer : Access Control Lists (ACL)

Which of the following is used to evaluate biometric access controls?

Options are :

  • EER (Correct)
  • . FRR
  • ERR
  • FAR

Answer : EER

Establishing data ownership is an important first step for which of the following processes? Choose the BEST answer.

Options are :

  • Developing organizational security policies
  • Assigning user access privileges
  • Classifying data (Correct)
  • Creating roles and responsibilities

Answer : Classifying data

An IS auditor usually places more reliance on evidence directly collected. What is an example of such evidence?

Options are :

  • Evidence collected through personal observation (Correct)
  • Evidence collected through surveys collected from internal staff
  • Evidence collected through transaction reports provided by the organization's IT administration
  • Evidence collected through systems logs provided by the organization's security administration

Answer : Evidence collected through personal observation

Who is ultimately responsible and accountable for reviewing user access to systems?

Options are :

  • Data custodians
  • Information systems auditors
  • Systems security administrators
  • Data owners (Correct)

Answer : Data owners

What are used as the framework for developing logical access controls?

Options are :

  • Organizational charts for identifying roles and responsibilities
  • Information systems security policies (Correct)
  • Organizational security policies
  • Access Control Lists (ACL)

Answer : Information systems security policies

Proper segregation of duties prohibits a system analyst from performing quality-assurance functions. True or false?

Options are :

  • TRUE (Correct)
  • FALSE

Answer : TRUE

Which of the following do digital signatures provide?

Options are :

  • Authentication and confidentiality of data
  • Authentication and integrity of data (Correct)
  • Authentication and availability of data
  • Confidentiality and integrity of data

Answer : Authentication and integrity of data

Atomicity enforces data integrity by ensuring that a transaction is either completed in its entirely or not at all. Atomicity is part of the ACID test reference for transaction processing. True or false?

Options are :

  • FALSE
  • TRUE (Correct)

Answer : TRUE

What type of cryptosystem is characterized by data being encrypted by the sender using the recipient's public key, and the data then being decrypted using the recipient's private key?

Options are :

  • With shared-key encryption, or symmetric encryption
  • With shared-key encryption, or asymmetric encryption
  • With public-key encryption, or asymmetric encryption (Correct)
  • With public-key encryption, or symmetric encryption

Answer : With public-key encryption, or asymmetric encryption

What are often the primary safeguards for systems software and data?

Options are :

  • Physical access controls
  • Detective access controls
  • Logical access controls (Correct)
  • Administrative access controls

Answer : Logical access controls

What is the key distinction between encryption and hashing algorithms?

Options are :

  • Hashing algorithms ensure data confidentiality
  • Hashing algorithms are irreversible. (Correct)
  • Encryption algorithms ensure data integrity.
  • Encryption algorithms are not irreversible.

Answer : Hashing algorithms are irreversible.

How does the SSL network protocol provide confidentiality?

Options are :

  • Through symmetric encryption such as Data Encryption Standard, (Correct)
  • Through asymmetric encryption such as Advanced Encryption Standard, or
  • Through asymmetric encryption such as Data Encryption Standard, or DES
  • Through symmetric encryption such as RSA

Answer : Through symmetric encryption such as Data Encryption Standard,

If senior management is not committed to strategic planning, how likely is it that a company's implementation of IT will be successful?

Options are :

  • IT cannot be implemented if senior management is not committed to strategic planning.
  • Strategic planning does not affect the success of a company's implementation of IT.
  • More likely.
  • Less likely. (Correct)

Answer : Less likely.

Which of the following provides the strongest authentication for physical access control?

Options are :

  • Dynamic passwords
  • Key verification
  • Biometrics (Correct)
  • Sign-in logs

Answer : Biometrics

What kind of protocols does the OSI Transport Layer of the TCP/IP protocol suite provide to ensure reliable communication?

Options are :

  • Session-oriented protocols
  • No connection-oriented protocols
  • Connection-oriented protocols (Correct)
  • No session-oriented protocols

Answer : Connection-oriented protocols

A core tenant of an IS strategy is that it must:

Options are :

  • Be inexpensive
  • Support the business objectives of the organization (Correct)
  • Be protected as sensitive confidential information
  • Protect information confidentiality, integrity, and availability

Answer : Support the business objectives of the organization

What are used as a countermeasure for potential database corruption when two processes attempt to simultaneously edit or update the same information? Choose the BEST answer.

Options are :

  • Concurrency controls
  • Normalization controls
  • Run-to-run totals
  • Referential integrity controls (Correct)

Answer : Referential integrity controls

What increases encryption overhead and cost the most?

Options are :

  • A long Data Encryption Standard (DES) key
  • A long Advance Encryption Standard (AES) key
  • A long asymmetric encryption key (Correct)
  • A long symmetric encryption key

Answer : A long asymmetric encryption key

What benefit does using capacity-monitoring software to monitor usage patterns and trends provide to management? Choose the BEST answer.

Options are :

  • The software produces nice reports that really impress management
  • It allows users to properly allocate resources and ensure continuous efficiency of operations
  • The software can dynamically readjust network traffic capabilities based upon current usage.
  • It allows management to properly allocate resources and ensure continuous efficiency of operations. (Correct)

Answer : It allows management to properly allocate resources and ensure continuous efficiency of operations.

How is risk affected if users have direct access to a database at the system level?

Options are :

  • Risk of unauthorized access increases, but risk of untraceable changes to the database decreases
  • Risk of unauthorized and untraceable changes to the database increases. (Correct)
  • Risk of unauthorized and untraceable changes to the database decreases.
  • Risk of unauthorized access decreases, but risk of untraceable changes to the database increases

Answer : Risk of unauthorized and untraceable changes to the database increases.

Which of the following are effective controls for detecting duplicate transactions such as payments made or received?

Options are :

  • Reasonableness checks
  • Time stamps (Correct)
  • Referential integrity controls
  • Concurrency controls

Answer : Time stamps

What is an initial step in creating a proper firewall policy?

Options are :

  • Determining appropriate firewall hardware and software
  • Configuring firewall access rules
  • Assigning access to users according to the principle of least privilege
  • Identifying network applications such as mail, web, or FTP servers (Correct)

Answer : Identifying network applications such as mail, web, or FTP servers

Set 1 : Certified Information Systems Auditor
Set 2 : Certified Information Systems Auditor
Set 3 : Certified Information Systems Auditor
Set 4 : Certified Information Systems Auditor
Set 5 : Certified Information Systems Auditor
Set 6 : Certified Information Systems Auditor

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions