CISA Certified Information Systems Auditor Certification Practice Test

A sequence of bits appended to a digital document that is used to secure an e-mail sent through the Internet is called a:

Options are :

  • hash signature.
  • digest signature.
  • digital signature. (Correct)
  • electronic signature.

Answer : digital signature.

In an EDI process, the device which transmits and receives electronic documents is the:

Options are :

  • . EDI translator
  • EDI interface.
  • application interface.
  • Communications Handler. (Correct)

Answer : Communications Handler.

A critical function of a firewall is to act as a:

Options are :

  • proxy server to increase the speed of access to authorized users.
  • server used to connect authorized users to private trusted network resources.
  • special router that connects the Internet to a LAN.
  • device for preventing authorized users from accessing the LAN. (Correct)

Answer : device for preventing authorized users from accessing the LAN.

A LAN administrator normally would be restricted from:

Options are :

  • reporting to the end-user manager.
  • being responsible for LAN security administration.
  • having programming responsibilities. (Correct)
  • having end-user responsibilities.

Answer : having programming responsibilities.

Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness?

Options are :

  • Post test
  • Walk-through
  • Paper test
  • Preparedness test (Correct)

Answer : Preparedness test

Which of the following is a data validation edit and control?

Options are :

  • Hash totals
  • Before and after image reporting
  • Online access controls
  • Reasonableness checks (Correct)

Answer : Reasonableness checks

A hardware control that helps to detect errors when data are communicated from one computer to another is known as a:

Options are :

  • duplicate check.
  • validity check
  • table lookup.
  • parity check. (Correct)

Answer : parity check.

Which of the following devices extends the network and has the capacity to store frames and act as a storage and forward device?

Options are :

  • Router
  • Repeater
  • Gateway
  • Bridge (Correct)

Answer : Bridge

Which of the following BEST describes the necessary documentation for an enterprise product reengineering (EPR) software installation?

Options are :

  • All phases of the installation must be documented (Correct)
  • Business requirements only
  • Specific developments only
  • No need to develop a customer specific documentation

Answer : All phases of the installation must be documented

The MOST significant level of effort for business continuity planning (BCP) generally is required during the

Options are :

  • early stages of planning. (Correct)
  • testing stage.
  • maintenance stage.
  • evaluation stage.

Answer : early stages of planning.

The IS auditor learns that when equipment was brought into the data center by a vendor, the emergency power shutoff switch was accidentally pressed and the UPS was engaged. Which of the following audit recommendations should the IS auditor suggest?

Options are :

  • Log environmental failures.
  • Relocate the shut off switch.
  • Install protective covers. (Correct)
  • Escort visitors.

Answer : Install protective covers.

IS management has decided to rewrite a legacy customer relations system using fourth generation languages (4GLs). Which of the following risks is MOST often associated with system development using 4GLs?

Options are :

  • Complex programming language subsets
  • Inadequate screen/report design facilities
  • Lack of portability across operating systems
  • Inability to perform data intensive operations (Correct)

Answer : Inability to perform data intensive operations

The use of a GANTT chart can:

Options are :

  • direct the post-implementation review.
  • determine project checkpoints.
  • aid in scheduling project tasks. (Correct)
  • ensure documentation standards.

Answer : aid in scheduling project tasks.

An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a:

Options are :

  • duplicate processing facility.
  • warm site.
  • dial-up site.
  • cold site. (Correct)

Answer : cold site.

What is the PRIMARY purpose of audit trails?

Options are :

  • To establish accountability and responsibility for processed transactions (Correct)
  • To correct data integrity errors
  • To prevent unauthorized access to data
  • To document auditing efforts

Answer : To establish accountability and responsibility for processed transactions

IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. True or false?

Options are :

  • FALSE
  • TRUE (Correct)

Answer : TRUE

A malicious code that changes itself with each file it infects is called a:

Options are :

  • trojan horse.
  • logic bomb.
  • stealth virus.
  • polymorphic virus. (Correct)

Answer : polymorphic virus.

Which of the following is a telecommunication device that translates data from digital form to analog form and back to digital?

Options are :

  • Modem (Correct)
  • Concentrator
  • Protocol converter
  • Multiplexer

Answer : Modem

Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly?

Options are :

  • Control totals
  • A before-and-after maintenance report (Correct)
  • Reasonableness checks
  • Field checks

Answer : A before-and-after maintenance report

A hub is a device that connects:

Options are :

  • a LAN with a metropolitan area network (MAN).
  • two segments of a single LAN. (Correct)
  • two LANs using different protocols.
  • a LAN with a WAN.

Answer : two segments of a single LAN.

What type of risk results when an IS auditor uses an inadequate test procedure and concludes that material errors do not exist when errors actually exist?

Options are :

  • Business risk
  • Residual risk
  • Inherent risk
  • Detection risk (Correct)

Answer : Detection risk

As compared to understanding an organization's IT process from evidence directly collected, how valuable are prior audit reports as evidence?

Options are :

  • Prior audit reports are not relevant.
  • Lesser value (Correct)
  • Greater value.
  • The same value.

Answer : Lesser value

What would an IS auditor expect to find in the console log? Choose the BEST answer.

Options are :

  • Evidence of password sharing
  • System errors (Correct)
  • Evidence of data copy activities
  • Evidence of password spoofing

Answer : System errors

Which of the following is BEST characterized by unauthorized modification of data before or during systems data entry

Options are :

  • Data corruption
  • Data diddling (Correct)
  • Salami attack
  • Skimming

Answer : Data diddling

What can be very helpful to an IS auditor when determining the efficacy of a systems maintenance program? Choose the BEST answer.

Options are :

  • Help-desk utilization trend reports
  • A system downtime log (Correct)
  • Administration activity reports
  • Network-monitoring software

Answer : A system downtime log

Which of the following best characterizes "worms"?

Options are :

  • Malicious programs that can run independently and can propagate without the aid of a carrier program such as email (Correct)
  • Malicious programs that require the aid of a carrier program such as email
  • Programming code errors that cause a program to repeatedly dump data
  • Malicious programs that masquerade as common applications such as screensavers or macroenabled Word documents

Answer : Malicious programs that can run independently and can propagate without the aid of a carrier program such as email

Which of the following is a good control for protecting confidential data residing on a PC?

Options are :

  • Personal firewall
  • Host-based intrusion detection
  • File encapsulation
  • File encryption (Correct)

Answer : File encryption

Which of the following is often used as a detection and deterrent control against Internet attacks?

Options are :

  • VLAN
  • Honey Pots (Correct)
  • CCTV
  • VPN

Answer : Honey Pots

Set 1 : Certified Information Systems Auditor
Set 2 : Certified Information Systems Auditor
Set 3 : Certified Information Systems Auditor
Set 4 : Certified Information Systems Auditor
Set 5 : Certified Information Systems Auditor
Set 6 : Certified Information Systems Auditor

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions