CISA Practice Exam Questions
The objective of concurrency control in a database system is to:
Select an answer:
A. restrict updating of the database to authorized users.
B. prevent integrity problems when two processes attempt to update the same data at
the same time.
C. prevent inadvertent or unauthorized disclosure of data in the database.
D. ensure the accuracy, completeness and consistency of data. - Answer B. prevent
integrity problems when two processes attempt to update the same data at the same
time.
Which of the following security measures BEST ensures the integrity of information
stored in a data warehouse? - Answer a read-only restriction
An organization has just completed its annual risk assessment. Regarding the business
continuity plan, what should an IS auditor recommend as the next step for the
organization? - Answer Review and evaluate the business continuity plan for adequacy
An IS auditor discovers that devices connected to the network are not included in a
network diagram that had been used to develop the scope of the audit. The chief
information officer explains that the diagram is being updated and awaiting final
approval. The IS auditor should FIRST: - Answer evaluate the impact of the
undocumented devices on the audit scope.
When auditing the archiving process of emails, the IS auditor should pay the MOST
attention to: - Answer the existence of a data retention policy.
During an audit of an enterprise that is dedicated to e-commerce, the IS manager states
that digital signatures are used when receiving communications from customers. To
substantiate this, an IS auditor must prove that which of the following is used? - Answer
A hash of the data that is transmitted and encrypted with the customer's private key
A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of
receiving financial data and has communicated the site's address, user ID and
password to the financial services company in separate email messages. The company
is to transmit its data to the FTP site after manually encrypting the data. The IS auditor's
GREATEST concern with this process is that: - Answer the users may not remember to
manually encrypt the data before transmission.
Which of the following choices would be the BEST source of information when
developing a risk-based audit plan? - Answer Senior management identify key business
processes.
, An IS auditor performing a review of application controls would evaluate the: - Answer
impact of any exposures discovered.
An IS auditor is reviewing Secure Sockets Layer enabled web sites for the company.
Which of the following choices would be the HIGHEST risk? - Answer Self-signed digital
certificates
A large chain of shops with electronic funds transfer at point-of-sale devices has a
central communications processor for connecting to the banking network. Which of the
following is the BEST disaster recovery plan for the communications processor? -
Answer Alternative standby processor at another network node
Which of the following should an IS auditor review to understand project progress in
terms of time, budget and deliverables for early detection of possible overruns and for
projecting estimates at completion? - Answer earned value analysis
(This is an industry standard method for measuring a project's progress at any given
point in time, forecasting its completion date and final cost, and analyzing variances in
the schedule and budget as the project proceeds. It compares the planned amount of
work with what has actually been completed to determine if the cost, schedule and work
accomplished are progressing in accordance with the plan. EVA works most effectively
if a well-formed work breakdown structure exists.)
The MAIN purpose for periodically testing offsite disaster recovery facilities is to: -
Answer ensure the continued compatibility of the contingency facilities.
The success of control self-assessment depends highly on: - Answer line managers
assuming a portion of the responsibility for control monitoring
(The primary objective of a control self-assessment (CSA) program is to leverage the
internal audit function by shifting some of the control monitoring responsibilities to the
functional area line managers. The success of a CSA program depends on the degree
to which line managers assume responsibility for controls. This enables line managers
to detect and respond to control errors promptly.)
What is a risk associated with attempting to control physical access to sensitive areas
such as computer rooms using card keys or locks? - Answer Unauthorized individuals
wait for controlled doors to open and walk in behind those authorized.
The vice president of human resources has requested an IS audit to identify payroll
overpayments for the previous year. Which would be the BEST audit technique to use in
this situation? - Answer Generalized audit software
(This features include mathematical computations, stratification, statistical analysis,
sequence checking, duplicate checking and re-computations. An IS auditor, using
generalized audit software, can design appropriate tests to recompute the payroll,
thereby determining whether there were overpayments and to whom they were made.)
The objective of concurrency control in a database system is to:
Select an answer:
A. restrict updating of the database to authorized users.
B. prevent integrity problems when two processes attempt to update the same data at
the same time.
C. prevent inadvertent or unauthorized disclosure of data in the database.
D. ensure the accuracy, completeness and consistency of data. - Answer B. prevent
integrity problems when two processes attempt to update the same data at the same
time.
Which of the following security measures BEST ensures the integrity of information
stored in a data warehouse? - Answer a read-only restriction
An organization has just completed its annual risk assessment. Regarding the business
continuity plan, what should an IS auditor recommend as the next step for the
organization? - Answer Review and evaluate the business continuity plan for adequacy
An IS auditor discovers that devices connected to the network are not included in a
network diagram that had been used to develop the scope of the audit. The chief
information officer explains that the diagram is being updated and awaiting final
approval. The IS auditor should FIRST: - Answer evaluate the impact of the
undocumented devices on the audit scope.
When auditing the archiving process of emails, the IS auditor should pay the MOST
attention to: - Answer the existence of a data retention policy.
During an audit of an enterprise that is dedicated to e-commerce, the IS manager states
that digital signatures are used when receiving communications from customers. To
substantiate this, an IS auditor must prove that which of the following is used? - Answer
A hash of the data that is transmitted and encrypted with the customer's private key
A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of
receiving financial data and has communicated the site's address, user ID and
password to the financial services company in separate email messages. The company
is to transmit its data to the FTP site after manually encrypting the data. The IS auditor's
GREATEST concern with this process is that: - Answer the users may not remember to
manually encrypt the data before transmission.
Which of the following choices would be the BEST source of information when
developing a risk-based audit plan? - Answer Senior management identify key business
processes.
, An IS auditor performing a review of application controls would evaluate the: - Answer
impact of any exposures discovered.
An IS auditor is reviewing Secure Sockets Layer enabled web sites for the company.
Which of the following choices would be the HIGHEST risk? - Answer Self-signed digital
certificates
A large chain of shops with electronic funds transfer at point-of-sale devices has a
central communications processor for connecting to the banking network. Which of the
following is the BEST disaster recovery plan for the communications processor? -
Answer Alternative standby processor at another network node
Which of the following should an IS auditor review to understand project progress in
terms of time, budget and deliverables for early detection of possible overruns and for
projecting estimates at completion? - Answer earned value analysis
(This is an industry standard method for measuring a project's progress at any given
point in time, forecasting its completion date and final cost, and analyzing variances in
the schedule and budget as the project proceeds. It compares the planned amount of
work with what has actually been completed to determine if the cost, schedule and work
accomplished are progressing in accordance with the plan. EVA works most effectively
if a well-formed work breakdown structure exists.)
The MAIN purpose for periodically testing offsite disaster recovery facilities is to: -
Answer ensure the continued compatibility of the contingency facilities.
The success of control self-assessment depends highly on: - Answer line managers
assuming a portion of the responsibility for control monitoring
(The primary objective of a control self-assessment (CSA) program is to leverage the
internal audit function by shifting some of the control monitoring responsibilities to the
functional area line managers. The success of a CSA program depends on the degree
to which line managers assume responsibility for controls. This enables line managers
to detect and respond to control errors promptly.)
What is a risk associated with attempting to control physical access to sensitive areas
such as computer rooms using card keys or locks? - Answer Unauthorized individuals
wait for controlled doors to open and walk in behind those authorized.
The vice president of human resources has requested an IS audit to identify payroll
overpayments for the previous year. Which would be the BEST audit technique to use in
this situation? - Answer Generalized audit software
(This features include mathematical computations, stratification, statistical analysis,
sequence checking, duplicate checking and re-computations. An IS auditor, using
generalized audit software, can design appropriate tests to recompute the payroll,
thereby determining whether there were overpayments and to whom they were made.)
