• Home
  • Articles
  • ISACA CISA Certification Exam Dumps with 361 Practice Test Questions [Q121-Q143]

ISACA CISA Certification Exam Dumps with 361 Practice Test Questions [Q121-Q143]

Share

ISACA CISA Certification Exam Dumps with 361 Practice Test Questions

New CISA Exam Dumps with High Passing Rate


Difficulties in writing the ISACA CISA Certification Exam

The ISACA CISA Certification Exam is difficult in general and can be very challenging with the material that is provided for this exam. The test contains a lot of information and often poses more than one question with multiple-choice responses. Some students may run into trouble when they cannot determine the correct answer to a question because there are so many options available. The questions might also contain complicated language that is hard for some students to understand and give answers to those questions, which then leads to further distress during the exam. This can lead to students having less than stellar scores on their killexams and not being able to achieve their goals of obtaining their desired certification in security or cyber security.

Difficulty in writing the ISACA CISA Certification Exam can be attributed to many reasons. It could be because of the high level of complexity in the exam, or because of lack of technical background, or lack of time. Whatever the cause is, it is important that you are aware of this fact well before taking up your preparation for the ISACA CISA Certification Exams. If you are not ready enough, then it would only take a small mistake for you to lose your marks. So how do you prepare for a complex exam like ISACA CISA Certification Exam? The answer is simple. You just need some ISACA CISA Dumps preparation material that is designed to help you pass the CISA exam. It will mean that you will not have to focus on issues that are not even included in the actual ISACA CISA Certification Exam syllabus.

Many students try to cover as many topics as possible, and they end up paying more attention to unnecessary ideas which will eventually distract them from the leading theme. Because of this, they end up wasting time on issues they don't need to know. We have various materials that will help you prepare for the ISACA CISA Certification Exam. These are the simplest and most effective ways to get ready for the test. Make sure you read through all of our materials thoroughly, so that you understand how to use them efficiently before you start studying them. This will enable you to get maximum benefits out of your preparation for ISACA CISA Certification Exam.


What are the language, duration, and format of the ISACA CISA Certification Exam?

The Language, span, and format of the ISACA CISA Certification Exam are as follows:

  • Language: The CISA exam is being administered in 11 languages. Those languages are Chinese Traditional, Chinese Simplified, English, French, German, Hebrew, Italian, Japanese, Korean, Spanish, and Turkish.

  • A number of questions: There will be 150 questions in the CISA exam. You have to answer all the questions. Questions of the CISA exam will be in the form of multiple choice.

  • Time Duration: Candidates will have 240 min (04 hours) to attempt his/her CISA exam.


Information about the ISACA Certifications

ISACA certifications are recognized around the world as being one of the best credentials for those who want to have an understanding of software, security, and other issues related to information systems. ISACA certified professionals have a broad range of skills that allow them to work in the various aspects of the field. ISACA also offers the CISM (Certified Information Security Manager). It is a vendor-neutral qualification that is designed to measure the skills and knowledge of IT auditors and information system security officers. The exam validates that candidates have the necessary ability and knowledge to plan, implement, evaluate and maintain a company's auditing and security control. It also provides the documentation for independent evaluations.

Candidates can apply to take the exam at any testing center in their home country or around the world and start preparation from different sources like ISACA CISA Dumps. ISACA's certification programs are being developed, by using an exclusive international advisory board that oversees the development of new programs and exam specifications. The certification criteria are based on a combination of experience, education, training, job skills, integrity, and professional conduct.

 

NEW QUESTION 121
What should be the GREATEST concern to an IS auditor when employees use portable media (MP3 players, flash drives)?

  • A. The cost of these devices multiplied by all the employees could be high
  • B. They facilitate the spread of malicious code through the corporate network
  • C. The copying of songs and videos on them
  • D. The copying of sensitive data on them

Answer: D

Explanation:
The MAIN concern with MP3 players and flash drives is data leakage, especially sensitive information. This could occur if the devices were lost or stolen. The risk when copying songs and videos is copyright infringement, but this is normally aless important risk than information leakage. Choice C is hardly an issue because employees normally buy the portable media with their own funds. Choice D is a possible risk, but not as important as information leakage and can be reduced by other controls.

 

NEW QUESTION 122
Which of the following should an IS auditor use when verifying a three-way match has occurred in an enterprise resource planning (ERP) system?

  • A. Bank confirmation
  • B. Goods delivery notification
  • C. Purchase requisition
  • D. Purchase order

Answer: D

Explanation:
Section: Governance and Management of IT

 

NEW QUESTION 123
Following a significant merger and acquisition, which of the following should the chief audit executive (CAE) do FIRST to evaluate the performance of the combined internal audit function?

  • A. Review internal audit department procedures.
  • B. Identify key performance indicators (KPIs).
  • C. Set process maturity levels.
  • D. Conduct performance benchmarking.

Answer: A

 

NEW QUESTION 124
An IS auditor is conducting a post-implementation review of an enterprise resource planning (ERP) system. End users indicated concerns with the accuracy of critical automatic calculations made by the system. The auditor's FIRST course of action should be to:

  • A. verify results to determine validity of user concerns.
  • B. review initial business requirements.
  • C. review recent changes to the system.
  • D. verify completeness of user acceptance testing (UAT).

Answer: A

 

NEW QUESTION 125
The CIO of an organization is concerned that the information security policies may not be comprehensive.
Which of the following should an IS auditor recommend be performed FIRST?

  • A. Determine if there is j process to handle exceptions to the policies
  • B. Establish a governance board to track compliance with the policies
  • C. Obtain a copy of their competitor's policies
  • D. Compare the policies against an industry framework.

Answer: D

 

NEW QUESTION 126
Which of the following would be the GREATEST cause for concern when data are sent over the Internet
using HTTPS protocol?

  • A. The use of a traffic sniffing tool
  • B. The implementation of an RSA-compliant solution
  • C. Presence of spyware in one of the ends
  • D. A symmetric cryptography is used for transmitting data

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
Encryption using secure sockets layer/transport layer security (SSL/TLS) tunnels makes it difficult to
intercept data in transit, but when spyware is running on an end user's computer, data are collected before
encryption takes place. The other choices are related to encrypting the traffic, but the presence of spyware
in one of the ends captures the data before encryption takes place.

 

NEW QUESTION 127
Which of the following controls would BEST ensure that payroll system rate charges are valid?

  • A. Rate change require visual verification before acceptance
  • B. Only a payroll department manager can input the new rate.
  • C. Rate changes must be entered twice to ensure that they are entered correctly
  • D. Rate changes are reported to and independently verified by a manager

Answer: D

 

NEW QUESTION 128
Which of the following attacks would MOST likely result in the interception and modification of traffic for mobile phones connecting to potentially insecure public Wi-Fi networks?

  • A. Brute force
  • B. Vishing
  • C. Phishing
  • D. Man-in-the-middle

Answer: D

 

NEW QUESTION 129
As an IS auditor it is very important to understand software release management process. Which of the
following software release normally contains a significant change or addition of new functionality?

  • A. Emergency software release
  • B. General software Release
  • C. Major software Release
  • D. Minor software Release

Answer: C

Explanation:
Section: Information System Operations, Maintenance and Support
Explanation/Reference:
A major release usually introduces new capabilities or functions. Major releases may accumulate all the
changes from previous minor releases. Major releases advance the version number by a full increment, for
example, from version 5.70 to version 6.
For CISA exam you should know below information about software release management:
Software Release Management is the process of ensuring releases can be reliably planned, scheduled and
successfully transitioned (deployed) to Test and Live Environments. Software Release Management is not
just about "automating the path to production" although that is certainly an important part. It also about
adopting a holistic view of application changes, using the "Release" as the container to ensure that
changes are packaged, released and tested in a repeatable and controlled manner.
Release Management is often likened to the conductor of an orchestra, with the individual changes to be
implemented the various instruments within it. Software Release Management is intrinsically linked with the
more well understood and adopted Software Change and Configuration Management disciplines.
Software Release management is a process through which software is made available to user. Each
update or upgrade of a Configuration Item is referred to as a release.
There are three levels of releases. These levels related to releasing hardware or software into your IT
infrastructure. Some may be a single change, others may implement many changes at a time.
Major - A major release usually introduces new capabilities or functions. Major releases may accumulate all
the changes from previous minor releases. Major releases advance the version number by a full increment,
for example, from version 5.70 to version 6.
Minor - Minor releases incorporate a number of fixes for known problems into the baseline, or trusted state,
of an item. Minor releases usually increment the version number at the first decimal place. For example,
version 6.10 would change to version 6.20.
Emergency - Emergency releases are quick fixes to repair unexpected problems or temporary measures to
prevent the interruption of critical services.
The following were incorrect answers:
Minor - Minor releases incorporate a number of fixes for known problems into the baseline, or trusted state,
of an item. Minor releases usually increment the version number at the first decimal place. For example,
version 6.10 would change to version 6.20.
Emergency - Emergency releases are quick fixes to repair unexpected problems or temporary measures to
prevent the interruption of critical services.
General software Release - Not a valid type of software release.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 244

 

NEW QUESTION 130
The PRIMARY benefit of using secure shell (SSH) to access a server on a network is that it:

  • A. prevents man-in-the-middle attacks.
  • B. facilitates communication across platforms.
  • C. provides confidentiality of transmitted data.
  • D. provides better session reliability.

Answer: C

Explanation:
Section: Protection of Information Assets

 

NEW QUESTION 131
Which of the following is the BEST method to safeguard data on an organization's laptop computers?

  • A. Two-factor authentication
  • B. Disabled USB ports
  • C. Biometric access control
  • D. Full disk encryption

Answer: D

 

NEW QUESTION 132
The final acceptance testing of a new application system should be the responsibility of the:

  • A. quality assurance team
  • B. IS audit team.
  • C. IS management
  • D. user group

Answer: A

Explanation:
Section: Protection of Information Assets

 

NEW QUESTION 133
An organization has a mix of access points that cannot be upgraded to stronger security and newer access points having advanced wireless security. An IS auditor recommends replacing the non-upgradeable access points. Which of the following would BEST justify the IS auditor's recommendation?

  • A. The new access points with stronger security are affordable.
  • B. The new access points are easier to manage.
  • C. The old access points are poorer in terms of performance.
  • D. The organization's security would be as strong as its weakest points.

Answer: D

Explanation:
Explanation/Reference:
Explanation:
The old access points should be discarded and replaced with products having strong security; otherwise, they will leave security holes open for attackers and thus make the entire network as weak as they are.
Affordability is not the auditor's major concern. Performance is not as important as security in this situation.
Product manageability is not the IS auditor's concern.

 

NEW QUESTION 134
Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:

  • A. disaster recovery plan (DRP).
  • B. threat and risk assessment.
  • C. business continuity plan (BCP).
  • D. business impact analysis (BIA).

Answer: C

 

NEW QUESTION 135
An organization's strategy to source certain IT functions from a Software as a Service (SaaS) provider should be approved by the:

  • A. chief risk officer (CRO)
  • B. IT operations manager
  • C. IT steering committee
  • D. chief financial officer (CFO).

Answer: B

 

NEW QUESTION 136
Which of the following would provide the important input during the planning phase for an audit on the implementation of a bring your own device (BYOD) program?

  • A. An inventory of personal devices to be connected to the corporate network
  • B. Policies including BYOD acceptable use statements
  • C. Results of a risk assessment
  • D. Findings from prior audits

Answer: B

 

NEW QUESTION 137
Which of the following devices extends the network and has the capacity to store frames and act as a storage and forward device?

  • A. Repeater
  • B. Gateway
  • C. Router
  • D. Bridge

Answer: D

Explanation:
A bridge connects two separate networks to form a logical network (e.g., joining an ethernet and token network) and has the storage capacity to store frames and act as a storage and forward device. Bridges operate at the OSI data link layer by examining the media access control header of a data packet.

 

NEW QUESTION 138
A live test of a mutual agreement for IT system recovery has been carried out, including a
four-hour test of intensive usage by the business units. The test has been successful, but gives only partial assurance that the:

  • A. workflow of actual business operations can use the emergency system in case of a disaster.
  • B. system and the IT operations team can sustain operations in the emergency environment.
  • C. connectivity to the applications at the remote site meets response time requirements.
  • D. resources and the environment could sustain the transaction load.

Answer: B

Explanation:
The applications have been intensively operated, therefore choices B, C and D have been actually tested, but the capability of the system and the IT operations team to sustain and support this environment (ancillary operations, batch closing, error corrections, output distribution, etc.) is only partially tested.

 

NEW QUESTION 139
A comprehensive and effective e-mail policy should address the issues of e-mail structure, policy enforcement, monitoring and:

  • A. reuse.
  • B. recovery.
  • C. rebuilding.
  • D. retention.

Answer: D

Explanation:
Besides being a good practice, laws and regulations may require that an organization keep information that has an impact on the financial statements. The prevalence of lawsuits in which e-mail communication is held in the same regard as the officialform of classic 'paper* makes the retention of corporate e-mail a necessity. All e-mail generated on an organization's hardware is the property of the organization, and an e-mail policy should address the retention of messages, considering both known and unforeseen litigation. The policy should also address the destruction of e-mails after a specified time to protect the nature and confidentiality of the messages themselves. Addressing the retention issue in the e-mail policy would facilitate recovery, rebuilding and reuse.

 

NEW QUESTION 140
The PRIMARY reason an IS department should analyze past incidents and problems is to:

  • A. assign responsibility for problems.
  • B. determine if all incidents and problems are reported
  • C. identify the causes of recurring incidents and problems.
  • D. assess help desk performance

Answer: C

 

NEW QUESTION 141
Which of the following testing method examines the functionality of an application without peering into its
internal structure or knowing the details of it's internals?

  • A. Regression Testing
  • B. Pilot Testing
  • C. Black-box testing
  • D. Parallel Test

Answer: C

Explanation:
Section: Information System Acquisition, Development and Implementation
Explanation/Reference:
Black-box testing is a method of software testing that examines the functionality of an application (e.g. what
the software does) without peering into its internal structures or workings (see white-box testing). This
method of test can be applied to virtually every level of software testing: unit, integration, system and
acceptance. It typically comprises most if not all higher level testing, but can also dominate unit testing as
well.
For your exam you should know the information below:
Alpha and Beta Testing - An alpha version is early version is an early version of the application system
submitted to the internal user for testing. The alpha version may not contain all the features planned for the
final version. Typically, software goes to two stages testing before it consider finished. The first stage is
called alpha testing is often performed only by the user within the organization developing the software. The
second stage is called beta testing, a form of user acceptance testing, generally involves a limited number
of external users. Beta testing is the last stage of testing, and normally involves real world exposure,
sending the beta version of the product to independent beta test sites or offering it free to interested user.
Pilot Testing -A preliminary test that focuses on specific and predefined aspect of a system. It is not meant
to replace other testing methods, but rather to provide a limited evaluation of the system. Proof of concept
are early pilot tests - usually over interim platform and with only basic functionalities.
White box testing - Assess the effectiveness of a software program logic. Specifically, test data are used in
determining procedural accuracy or conditions of a program's specific logic path. However, testing all
possible logical path in large information system is not feasible and would be cost prohibitive, and therefore
is used on selective basis only.
Black Box Testing - An integrity based form of testing associated with testing components of an information
system's "functional" operating effectiveness without regards to any specific internal program structure.
Applicable to integration and user acceptance testing.
Function/validation testing - It is similar to system testing but it is often used to test the functionality of the
system against the detailed requirements to ensure that the software that has been built is traceable to
customer requirements.
Regression Testing -The process of rerunning a portion of a test scenario or test plan to ensure that
changes or corrections have not introduced new errors. The data used in regression testing should be
same as original data.
Parallel Testing - This is the process of feeding test data into two systems - the modified system and an
alternative system and comparing the result.
Sociability Testing -The purpose of these tests is to confirm that new or modified system can operate in its
target environment without adversely impacting existing system. This should cover not only platform that
will perform primary application processing and interface with other system but, in a client server and web
development, changes to the desktop environment. Multiple application may run on the user's desktop,
potentially simultaneously, so it is important to test the impact of installing new dynamic link libraries
(DLLs), making operating system registry or configuration file modification, and possibly extra memory
utilization.
The following answers are incorrect:
Parallel Testing - This is the process of feeding test data into two systems - the modified system and an
alternative system and comparing the result.
Regression Testing -The process of rerunning a portion of a test scenario or test plan to ensure that
changes or corrections have not introduced new errors. The data used in regression testing should be
same as original data.
Pilot Testing -A preliminary test that focuses on specific and predefined aspect of a system. It is not meant
to replace other testing methods, but rather to provide a limited evaluation of the system. Proof of concept
are early pilot tests - usually over interim platform and with only basic functionalities
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 167
Official ISC2 guide to CISSP CBK 3rd Edition Page number 176

 

NEW QUESTION 142
During the review of a biometrics system operation, an IS auditor should FIRST review the stage of:

  • A. identification.
  • B. storage.
  • C. verification.
  • D. enrollment.

Answer: D

Explanation:
Explanation/Reference:
Explanation:
The users of a biometrics device must first be enrolled in the device. The device captures a physical or behavioral image of the human, identifies the unique features and uses an algorithm to convert them into a string of numbers stored as a template to be used in the matching processes.

 

NEW QUESTION 143
......

Get CISA Braindumps & CISA Real Exam Questions: https://www.actualvce.com/ISACA/CISA-valid-vce-dumps.html

ISACA CISA Actual Questions and Braindumps: https://drive.google.com/open?id=1w-sZggC6AKGzVqOG5BZauS3bDkR9AOgK

Related Articles

more
ISACA CISA Certification Practice Exam