Show
The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.  CISA Question 681QuestionWhen an employee is terminated from service, the MOST important action is to: A. hand over all of the employee’s files to another designated employee. B. complete a backup of the employee’s work. C. notify other employees of the termination. D. disable the employee’s logical access. AnswerD. disable the employee’s logical access. ExplanationThere is a probability that a terminated employee may misuse access rights; therefore, disabling the terminated employee’s logical access is the most important action to take. All the work of the terminated employee needs to be handed over to a designated employee; however, this should be performed after implementing choice D. All the work of the terminated employee needs to be backed up and the employees need to be notified of the termination of the employee, but this should not precede the action in choice D. CISA Question 682QuestionWhich of the following would BEST provide assurance of the integrity of new staff? A. background screening B. References C. Bonding D. Qualifications listed on a resume AnswerA. background screening ExplanationA background screening is the primary method for assuring the integrity of a prospective staff member. References are important and would need to be verified, but they are not as reliable as background screening. Bonding is directed at due-diligence compliance, not at integrity, and qualifications listed on a resume may not be accurate. CISA Question 683QuestionFrom a control perspective, the key element in job descriptions is that they: A. provide instructions on how to do the job and define authority. B. are current, documented and readily available to the employee. C. communicate management’s specific job performance expectations. D. establish responsibility and accountability for the employee’s actions. AnswerB. are current, documented and readily available to the employee. ExplanationFrom a control perspective, a job description should establish responsibility and accountability. This will aid in ensuring that users are given system access in accordance with their defined job responsibilities. The other choices are not directly related to controls. Providing instructions on how to do the job and defining authority addresses the managerial and procedural aspects of the job. It is important that job descriptions are current, documented and readily available to the employee, but this in itself is not a control. Communication of management’s specific expectations for job performance outlines the standard of performance and would not necessarily include controls. CISA Question 684QuestionAn IS auditor identifies that reports on product profitability produced by an organization’s finance and marketing departments give different results. Further investigation reveals that the product definition being used by the two departments is different. What should the IS auditor recommend? A. User acceptance testing (UAT) occur for all reports before release into production B. Organizational data governance practices be put in place C. Standard software tools be used for report development D. Management sign-off on requirements for new reports AnswerB. Organizational data governance practices be put in place ExplanationThis choice directly addresses the problem. An organization wide approach is needed to achieve effective management of data assets. This includes enforcing standard definitions of data elements, which is part of a data governance initiative. The other choices, while sound development practices, do not address the root cause of the problem described. CISA Question 685QuestionResponsibility for the governance of IT should rest with the: A. IT strategy committee. B. chief information officer (CIO). C. audit committee. D. board of directors. AnswerD. board of directors. ExplanationGovernance is the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly. The audit committee, the chief information officer (CIO) and the IT strategy committee all play a significant role in the successful implementation of IT governance within an organization, but the ultimate accountability resides with the board of directors. CISA Question 686QuestionWhat is the lowest level of the IT governance maturity model where an IT balanced scorecard exists? A. Repeatable but Intuitive B. Defined C. Managed and Measurable D. Optimized AnswerB. Defined ExplanationDefined (level 3) is the lowest level at which an IT balanced scorecard is defined. CISA Question 687QuestionThe ultimate purpose of IT governance is to: A. encourage optimal use of IT. B. reduce IT costs. C. decentralize IT resources across the organization. D. centralize control of IT. AnswerA. encourage optimal use of IT. ExplanationIT governance is intended to specify the combination of decision rights and accountability that is best for the enterprise. It is different for every enterprise. CISA Question 688QuestionWhen implementing an IT governance framework in an organization the MOST important objective is: A. IT alignment with the business. B. accountability. C. value realization with IT. D. enhancing the return on IT investments. AnswerA. IT alignment with the business. ExplanationThe goals of IT governance are to improve IT performance, to deliver optimum business value and to ensure regulatory compliance. The key practice in support of these goals is the strategic alignment of IT with the business {choice A). To achieve alignment, all other choices need to be tied to business practices and strategies. CISA Question 689QuestionThe MAJOR consideration for an IS auditor reviewing an organization’s IT project portfolio is the: A. IT budget. B. existing IT environment. C. business plan. D. investment plan. AnswerC. business plan. ExplanationOne of the most important reasons for which projects get funded is how well a project meets an organization’s strategic objectives. Portfolio management takes a holistic view of a company’s overall IT strategy. IT strategy should be aligned with the business strategy and, hence, reviewing the business plan should be the major consideration. Choices A, B and D are important but secondary to the importance of reviewing the business plan. CISA Question 690QuestionWhich of the following is the MOST important element for the successful implementation of IT governance? A. Implementing an IT scorecard B. Identifying organizational strategies C. Performing a risk assessment D. Creating a formal security policy AnswerB. Identifying organizational strategies ExplanationThe key objective of an IT governance program is to support the business, thus the identification of organizational strategies is necessary to ensure alignment between IT and corporate governance. Without identification of organizational strategies, the remaining choices-even if implemented-would be ineffective. More CISA Certification Interview Questions
Of the following who is MOST likely to be responsible for network security operations? A. Users B. Security administrators C. Line managers D. Security officers 1 Answers A referential integrity constraint consists of: A. ensuring the integrity of transaction processing. B. ensuring that data are updated through triggers. C. ensuring controlled user updates to database. D. rules for designing tables and queries. 1 Answers During an IT audit of a large bank, an IS auditor observes that no formal risk assessment exercise has been carried out for the various business applications to arrive at their relative importance and recovery time requirements. The risk that the bank is exposed to is that the: A. business continuity plan may not have been calibrated to the relative risk that disruption of each application poses to the organization. B. business continuity plan may not include all relevant applications and therefore may lack completeness in terms of its coverage. C. business impact of a disaster may not have been accurately understood by the management. D. business continuity plan may lack an effective ownership by the business owners of such applications. 1 Answers The intent of application controls is to ensure that when inaccurate data is entered into the system, the data is: A. accepted and processed. B. accepted and not processed. C. not accepted and not processed. D. not accepted and processed. 1 Answers Disaster recovery planning addresses the: A. technological aspect of business continuity planning. B. operational piece of business continuity planning. C. functional aspect of business continuity planning. D. overall coordination of business continuity planning. 1 Answers In a business continuity plan, there are several methods of providing telecommunication continuity. One method is diverse routing which involves: A. providing extra capacity with the intent of using the surplus capacity should the normal primary transmission capability not be available. B. routing information via other alternate media such as copper cable or fiber optics. C. providing diverse long-distance network availability utilizing T-1 circuits among the major long-distance carriers. D. routing traffic through split-cable facilities or duplicate-cable facilities. 2 Answers CISA, Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance with an organization's security policy? A. Review the parameter settings B. Interview the firewall administrator C. Review the actual procedures D. Review the device's log file for recent attacks 1 Answers An IS auditor needs to link his/her microcomputer to a mainframe system that uses binary synchronous data communications with block data transmission. However, the IS auditor's microcomputer, as presently configured, is capable of only asynchronous ASCII character data communications. Which of the following must be added to the IS auditor's computer to enable it to communicate with the mainframe system? A. Buffer capacity and parallel port B. Network controller and buffer capacity C. Parallel port and protocol conversion D. Protocol conversion and buffer capability 1 Answers A data warehouse is: A. object orientated. B. subject orientated. C. departmental specific. D. a volatile databases. 1 Answers Which of the following should be the FIRST step of an IS audit? A. Create a flowchart of the decision branches. B. Gain an understanding of the environment under review. C. Perform a risk assessment. D. Develop the audit plan. 1 Answers Which of the following BEST provides access control to payroll data being processed on a local server? A. Logging of access to personal information B. Separate password for sensitive transactions C. Software restricts access rules to authorized staff D. System access restricted to business hours 1 Answers A sequence of bits appended to a digital document that is used to secure an e-mail sent through the Internet is called a: A. digest signature. B. electronic signature. C. digital signature. D. hash signature. 1 Answers |
Which of the following would BEST provide assurance of the integrity of new staff
Postagens relacionadas
direito autoral © 2024 estudarpara Inc.
