Get Ready to Boost your Prepare for your CISA Exam with 927 Questions Use Free CISA Exam Questions that Stimulates Actual EXAM ISACA CISA (Certified Information Systems Auditor) exam is an internationally recognized certification that is designed for IT professionals who want to specialize in information systems auditing, control, and security. Certified Information Systems Auditor certification is [...]

All Products Contact now

Get Ready to Boost your Prepare for your CISA Exam with 927 Questions [Q151-Q171]

Share

Get Ready to Boost your Prepare for your CISA Exam with 927 Questions

Use Free CISA Exam Questions that Stimulates Actual EXAM


ISACA CISA (Certified Information Systems Auditor) exam is an internationally recognized certification that is designed for IT professionals who want to specialize in information systems auditing, control, and security. Certified Information Systems Auditor certification is awarded by the Information Systems Audit and Control Association (ISACA), which is a globally recognized professional association for IT governance, security, and auditing.

 

NEW QUESTION # 151
An organization allows its employees to use personal mobile devices for work. Which of the following would BEST maintain information security without compromising employee privacy?

  • A. Partitioning the work environment from personal space on devices
  • B. Preventing users from adding applications
  • C. Restricting the use of devices for personal purposes during working hours
  • D. Installing security software on the devices

Answer: A


NEW QUESTION # 152
Which of the following findings would be of GREATEST concern to an IS auditor reviewing an
organization's newly implemented online security awareness program?

  • A. The timing for program updates has not been determined
  • B. Employees do not receive immediate notification of results
  • C. Only new employees are required to attend the program
  • D. Metrics have not been established to assess training results

Answer: D

Explanation:
Section: The process of Auditing Information System


NEW QUESTION # 153
The vice president of human resources has requested an audit to identify payroll overpayments for the previous year. Which would be the BEST audit technique to use in this situation? A) Test data

  • A. Integrated test facility
  • B. Embedded audit module
  • C. Generalized audit software

Answer: A

Explanation:
Generalized audit software features include mathematical computations, stratification, statistical analysis, sequence checking, duplicate checking and recomputations . An IS auditor, using generalized audit software, could design appropriate tests torecompute the payroll, thereby determining if there were overpayments and to whom they were made. Test data would test for the existence of controls that might prevent overpayments, but it would not detect specific, previous miscalculations. Neitheran integrated test facility nor an embedded audit module would detect errors for a previous period.


NEW QUESTION # 154
Which of the following BEST demonstrates that IT strategy is aligned with organizational goals and objectives?

  • A. Business stakeholders are involved in approving the IT strategy.
  • B. Organizational strategies are communicated to the chief information officer (CIO)
  • C. The chief information officer (CIO) is involved in approving the organizational strategies
  • D. IT strategies are communicated to all business stakeholders

Answer: A


NEW QUESTION # 155
Which of the following database controls would ensure that the integrity of transactions
is maintained in an online transaction processing system's database?

  • A. Data normalization controls
  • B. Commitment and rollback controls
  • C. Read/write access log controls
  • D. Authentication controls

Answer: B

Explanation:
Commitment and rollback controls are directly relevant to integrity. These controls ensure that database operations that form a logical transaction unit will complete in its entirety or not at all; i.e., if, for some reason, a transaction cannot be fully completed, then incomplete inserts/updates/deletes are rolled back so that the database returns to its pretransaction state. All other choices would not address transaction integrity.


NEW QUESTION # 156
Performance of a biometric measure is usually referred to in terms of (choose all that apply):

  • A. failure to reject rate
  • B. None of the choices.
  • C. failure to enroll rate
  • D. false accept rate
  • E. false reject rate

Answer: C,D,E

Explanation:
Performance of a biometric measure is usually referred to in terms of the false accept rate (FAR), the false non match or reject rate (FRR), and the failure to enroll rate (FTE or FER). The FAR measures the percent of invalid users who are incorrectly accepted in, while the FRR measures the percent of valid users who are wrongly rejected.


NEW QUESTION # 157
.Which of the following can degrade network performance? Choose the BEST answer.

  • A. Inefficient and superfluous use of network devices such as hubs
  • B. Superfluous use of redundant load-sharing gateways
  • C. Inefficient and superfluous use of network devices such as switches
  • D. Increasing traffic collisions due to host congestion by creating new collision domains

Answer: A

Explanation:
Inefficient and superfluous use of network devices such as hubs can degrade network performance.


NEW QUESTION # 158
Buffer overflow aims primarily at corrupting:

  • A. None of the choices.
  • B. system memory
  • C. network firewall
  • D. system processor
  • E. disk storage

Answer: B

Explanation:
Explanation/Reference:
Explanation:
A buffer overflow is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer. The result is that the extra data overwrites adjacent memory locations.
The overwritten data may include other buffers, variables and program flow data.


NEW QUESTION # 159
An organization has recently moved to an agile model for deploying custom code to its in-house accounting software system. When reviewing the procedures in place for production code deployment, which of the following is the MOST significant security concern to address?

  • A. Current DevSecOps processes have not been independently verified.
  • B. Production code deployment is not automated.
  • C. Software vulnerability scanning is done on an ad hoc basis.
  • D. Change control does not include testing and approval from quality assurance (QA).

Answer: C


NEW QUESTION # 160
Which of the following types of firewalls provide the GREATEST degree of control against hacker intrusion?

  • A. Screening router
  • B. Packet filtering router
  • C. Application level gateway
  • D. Circuit gateway

Answer: C

Explanation:
Explanation
The type of firewall that provides the greatest degree of control against hacker intrusion is an application level gateway. A firewall is a device or software that filters or blocks network traffic based on predefined rules or policies. A firewall can help protect an information system or network from unauthorized access or attack by hackers or other malicious entities. An application level gateway is a type of firewall that operates at the application layer of the network model (layer 7), which is where user applications communicate with each other over the network. An application level gateway provides the greatest degree of control against hacker intrusion, by inspecting and analyzing the content and context of each network packet at the application level, such as protocols, commands, requests, responses, etc., and allowing or denying access based on specific criteria or conditions. An application level gateway can also perform additional functions such as authentication, encryption, caching, logging, etc., to enhance the security and performance of network traffic.
A circuit gateway is a type of firewall that operates at the transport layer of the network model (layer 4), which is where data are transferred between end points over the network. A circuit gateway provides a moderate degree of control against hacker intrusion by establishing a secure connection between two end points (such as client and server) and relaying network packets between them without inspecting or analyzing their content. A circuit gateway can also perform functions such as encryption, authentication, or address translation to improve the security and privacy of network traffic. A packet filtering router is a type of firewall that operates at the network layer of the network model (layer 3), which is where data are routed between different networks or subnets. A packet filtering router provides a low degree of control against hacker intrusion by examining the header of each network packet and allowing or denying access based on basic criteria such as source address, destination address, port number, protocol, etc. A packet filtering router can also perform functions such as routing, forwarding, or address translation to optimize the delivery and efficiency of network traffic. A screening router is a type of firewall that operates at the network layer of the network model (layer 3), which is where data are routed between different networks or subnets. A screening router provides a low degree of control against hacker intrusion by examining the header of each network packet and allowing or denying access based on basic criteria such as source address, destination address, port number, protocol, etc. A screening router can also perform functions such as routing, forwarding, or address translation to optimize the delivery and efficiency of network traffic.


NEW QUESTION # 161
Which of the following would be to MOST concern when determine if information assets are adequately safequately safeguarded during transport and disposal?

  • A. Lack of appropriate labelling
  • B. Lack of password protection
  • C. Lack of appropriate data classification
  • D. Lack of recent awareness training.

Answer: C


NEW QUESTION # 162
Which of the following could lead to an unintentional loss of confidentiality? Choose the BEST answer.

  • A. Failure to comply with a company's information security policy
  • B. Lack of employee awareness of a company's information security policy
  • C. A momentary lapse of reason
  • D. Lack of security policy enforcement procedures

Answer: B

Explanation:
Explanation/Reference:
Lack of employee awareness of a company's information security policy could lead to an unintentional loss of confidentiality.


NEW QUESTION # 163
The PRIMARY purpose of conducting a test of an alternate site as part of a disaster recovery program is to

  • A. verify the alternate infrastructure works as designed
  • B. identify hidden costs for maintaining the site
  • C. assess security awareness among employees
  • D. determine recovery time objectives (RTOs).

Answer: A


NEW QUESTION # 164
.Who is ultimately accountable for the development of an IS security policy?

  • A. Network administrators
  • B. Middle management
  • C. The board of directors
  • D. Security administrators

Answer: C

Explanation:
The board of directors is ultimately accountable for the development of an IS security policy.


NEW QUESTION # 165
Which of the following controls will BEST ensure that the board of directors receives sufficient information about IT?

  • A. Board members are knowledgeable about IT, and the CIO is consulted on IT issues.
  • B. The CIO regularly sends IT trend reports to the board.
  • C. Regular meetings occur between the board, the CIO, and a technology committee.
  • D. The CIO reports on performance and corrective actions in a timely manner.

Answer: A

Explanation:
Section: Governance and Management of IT


NEW QUESTION # 166
Which of the following is the GREATEST advantage of vulnerability scanning over penetration testing'?

  • A. Custom-developed applications can be tested more accurately
  • B. The testing produces a lower number of false positive results
  • C. The testing process can be automated to cover large groups of assets
  • D. Network bandwidth is utilized more efficiently.

Answer: D


NEW QUESTION # 167
Which of the following type of a computer network is a WAN that are limited to a city?

  • A. PAN
  • B. SAN
  • C. LAN
  • D. MAN

Answer: D

Explanation:
Explanation/Reference:
MAN - A metropolitan area network (MAN) is a computer network in which two or more computers or communicating devices or networks which are geographically separated but in same metropolitan city and are connected to each other are said to be connected on MAN. Metropolitan limits are determined by local municipal corporations; the larger the city, the bigger the MAN, the smaller a metro city, smaller the MAN.
For your exam you should know below information about computer networks:
Local Area Network (LAN)
A local area network (LAN) is a computer network that interconnects computers within a limited area such as a home, school, computer laboratory, or office building using network media.
Local Area Network

Wide Area Network
A wide area network (WAN) is a network that covers a broad area (i.e., any telecommunications network that links across metropolitan, regional, national or international boundaries) using leased telecommunication lines.
Wide Area Network

Source of image: http://www.netprivateer.com/images/lanwan.gif
Metropolitan Area Network
A metropolitan area network (MAN) is a computer network in which two or more computers or communicating devices or networks which are geographically separated but in same metropolitan city and are connected to each other are said to be connected on MAN. Metropolitan limits are determined by local municipal corporations; the larger the city, the bigger the MAN, the smaller a metro city, smaller the MAN Metropolitan Area Network

Source of image: http://cis.msjc.edu/courses/images/MAN.jpg
Personal Area Network
A personal area network (PAN) is a computer network used for data transmission among devices such as computers, telephones and personal digital assistants. PANs can be used for communication among the personal devices themselves (intrapersonal communication), or for connecting to a higher level network and the Internet (an uplink).
Personal Area Network

Click HERE for original image
Storage Area Network
A storage area network (SAN) is a dedicated network that provides access to consolidated, block level data storage. SANs are primarily used to enhance storage devices, such as disk arrays, tape libraries, and optical jukeboxes, accessible to servers so that the devices appear like locally attached devices to the operating system. A SAN typically has its own network of storage devices that are generally not accessible through the local area network (LAN) by other devices.
Storage Area Network

Source of image: http://www.imexresearch.com/images/sasnassan-3.gif
The following were incorrect answers:
PAN - A personal area network (PAN) is a computer network used for data transmission among devices such as computers, telephones and personal digital assistants. PANs can be used for communication among the personal devices themselves (intrapersonal communication), or for connecting to a higher level network and the Internet (an uplink).
LAN - A local area network (LAN) is a computer network that interconnects computers within a limited area such as a home, school, computer laboratory, or office building using network media.
SAN - A storage area network (SAN) is a dedicated network that provides access to consolidated, block level data storage. SANs are primarily used to enhance storage devices, such as disk arrays, tape libraries, and optical jukeboxes, accessible to servers so that the devices appear like locally attached devices to the operating system. A SAN typically has its own network of storage devices that are generally not accessible through the local area network (LAN) by other devices.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 258


NEW QUESTION # 168
Following the discovery of inaccuracies in a data warehouse, an organization has implemented data profiling, cleansing, and handling filters to enhance the quality of data obtained from c

  • A. Directive control
  • B. Corrective control
  • C. Compensating control
  • D. Detective control

Answer: B


NEW QUESTION # 169
When developing a business continuity plan (BCP), business unit management's involvement is MOST important during the:

  • A. implementation of a document repository.
  • B. performance of an IT risk assessment.
  • C. performance of a business impact analysis (BIA).
  • D. development of business recovery procedures.

Answer: D

Explanation:
Section: Protection of Information Assets


NEW QUESTION # 170
An IS auditor has identified the lack of an authorization process for users of an application. The IS auditor's main concern should be that:

  • A. there is no way to limit the functions assigned to users.
  • B. user accounts can be shared.
  • C. more than one individual can claim to be a specific user.
  • D. users have a need-to-know privilege.

Answer: A

Explanation:
Without an appropriate authorization process, it will be impossible to establish functional limits and accountability. The risk that more than one individual can claim to be a specific user is associated with the authentication processes, rather thanwith authorization. The risk that user accounts can be shared is associated with identification processes, rather than with authorization. The need-toknow basis is the best approach to assigning privileges during the authorization process.


NEW QUESTION # 171
......

BEST Verified ISACA CISA Exam Questions (2024) : https://www.prep4surereview.com/CISA-latest-braindumps.html

Get 100% Real CISA Free Online Practice Test: https://drive.google.com/open?id=1VcQoVR1sn-PXWa3IM11l7-ugMpqfO5w8

Related Articles

more
ISACA CISA Certification Practice Exam

Prep4SureReview is engaged on providing valid & accurate IT Prep4sure materials & exam review to help candidates pass exams and get certifications successfully. The pass rate of Prep4sure materials is very high.

Latest Exam Review

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 Prep4SureReview NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy