ISACA CISA Practice Exam 124 Questions and Answers.
Abend - Correct Answer An abnormal end to a computer job; termination of a task prior to
its completion because of an error condition that cannot be resolved by recovery facilities
while the task is executing
Acceptable Use Policy - Correct Answer A policy that establishes an agreement between
users and the enterprise and defines for all parties' the ranges of use that are approved
before gaining access to a network or the Internet.
Access Control - Correct Answer The processes, rules and deployment mechanisms that
control access to information systems, resources and physical access to premises
Access Control List (ACL) - Correct Answer An internal computerized table of access
rules regarding the levels of computer access permitted to logon IDs and computer
terminals. Also referred to as access control tables.
Access control table - Correct Answer An internal computerized table of access rules
regarding the levels of computer access permitted to logon IDs and computer terminals
Access Method - Correct Answer The technique used for selecting records in a file, one
at a time, for processing, retrieval or storage. The access method is related to, but distinct
from, the file organization, which determines how the records are stored.
Access Path - Correct Answer The logical route an end user takes to access
computerized information. Typically, it includes a route through the operating system,
telecommunications software, selected application software and the access control
system.
Access rights - Correct Answer The permission or privileges granted to users, programs
or workstations to create, change, delete or view data and files within a system, as
defined by rules established by data owners and the information security policy
Access Servers - Correct Answer Provides centralized access control for managing
remote access dial-up services
Address - Correct Answer Within computer storage, the code used to designate the
location of a specific piece of data
,Address Space - Correct Answer The number of distinct locations that may be referred to
with the machine address. For most binary machines, it is equal to 2n, where n is the
number of bits in the machine address.
Addressing - Correct Answer The method used to identify the location of a participant in a
network. Ideally, addressing specifies where the participant is located rather than who
they are (name) or how to get there (routing).
Administrative controls - Correct Answer The rules, procedures and practices dealing
with operational effectiveness, efficiency and adherence to regulations and management
policies.
Adware - Correct Answer A software package that automatically plays, displays or
downloads advertising material to a computer after the software is installed on it or while
the application is being used. In most cases, this is done without any notification to the
user or without the user's consent. The term adware may also refer to software that
displays advertisements, whether or not it does so with the user's consent; such
programs display advertisements as an alternative to shareware registration fees. These
are classified as adware in the sense of advertising supported software, but not as
spyware. Adware in this form does not operate surreptitiously or mislead the user and
provides the user with a specific service.
Alpha - Correct Answer The use of alphabetic characters or an alphabetic character
string
Alternative routing - Correct Answer A service that allows the option of having an
alternate route to complete a call when the marked destination is not available. In
signaling, alternate routing is the process of allocating substitute routes for a given
signaling traffic stream in case of failure(s) affecting the normal signaling links or routes of
that traffic stream.
Which of the following is the BEST performance indicator for the effectiveness of an
incident management program?
A. Incident alert meantime
B. Number of incidents reported
C. Average time between incidents
, D. Incident resolution meantime - Correct Answer D. Incident resolution meantime
Backups will MOST effectively minimize a disruptive incident's impact on a business if
they are:
A. taken according to recovery point objectives (RPOs).
B. scheduled according to the service delivery objectives.
C. performed by automated backup software on a fixed schedule.
D. stored on write-once read-many media. - Correct Answer B. scheduled according to
the service delivery objectives
An IS audit reveals that an organization is not proactively addressing known
vulnerabilities. Which of the following should the IS auditor recommend the organization
do FIRST?
A. Ensure the intrusion prevention system (IPS) is effective.
B. Verify the disaster recovery plan (DRP) has been tested.
C. Assess the security risks to the business.
D. Confirm the incident response team understands the issue. - Correct Answer C.
Assess the security risks to the business
An IS auditor has completed the fieldwork phase of a network security review and is
preparing the initial draft of the audit report. Which of the following findings should be
ranked as the HIGHEST risk?
A. Network penetration tests are not performed.
B. The network firewall policy has not been approved by the information security officer.
C. Network firewall rules have not been documented.
D. The network device inventory is incomplete. - Correct Answer D. The network device
inventory is incomplete.
Which of the following is the PRIMARY advantage of parallel processing for a new
system implementation?
A. Assurance that the new system meets functional requirements
Abend - Correct Answer An abnormal end to a computer job; termination of a task prior to
its completion because of an error condition that cannot be resolved by recovery facilities
while the task is executing
Acceptable Use Policy - Correct Answer A policy that establishes an agreement between
users and the enterprise and defines for all parties' the ranges of use that are approved
before gaining access to a network or the Internet.
Access Control - Correct Answer The processes, rules and deployment mechanisms that
control access to information systems, resources and physical access to premises
Access Control List (ACL) - Correct Answer An internal computerized table of access
rules regarding the levels of computer access permitted to logon IDs and computer
terminals. Also referred to as access control tables.
Access control table - Correct Answer An internal computerized table of access rules
regarding the levels of computer access permitted to logon IDs and computer terminals
Access Method - Correct Answer The technique used for selecting records in a file, one
at a time, for processing, retrieval or storage. The access method is related to, but distinct
from, the file organization, which determines how the records are stored.
Access Path - Correct Answer The logical route an end user takes to access
computerized information. Typically, it includes a route through the operating system,
telecommunications software, selected application software and the access control
system.
Access rights - Correct Answer The permission or privileges granted to users, programs
or workstations to create, change, delete or view data and files within a system, as
defined by rules established by data owners and the information security policy
Access Servers - Correct Answer Provides centralized access control for managing
remote access dial-up services
Address - Correct Answer Within computer storage, the code used to designate the
location of a specific piece of data
,Address Space - Correct Answer The number of distinct locations that may be referred to
with the machine address. For most binary machines, it is equal to 2n, where n is the
number of bits in the machine address.
Addressing - Correct Answer The method used to identify the location of a participant in a
network. Ideally, addressing specifies where the participant is located rather than who
they are (name) or how to get there (routing).
Administrative controls - Correct Answer The rules, procedures and practices dealing
with operational effectiveness, efficiency and adherence to regulations and management
policies.
Adware - Correct Answer A software package that automatically plays, displays or
downloads advertising material to a computer after the software is installed on it or while
the application is being used. In most cases, this is done without any notification to the
user or without the user's consent. The term adware may also refer to software that
displays advertisements, whether or not it does so with the user's consent; such
programs display advertisements as an alternative to shareware registration fees. These
are classified as adware in the sense of advertising supported software, but not as
spyware. Adware in this form does not operate surreptitiously or mislead the user and
provides the user with a specific service.
Alpha - Correct Answer The use of alphabetic characters or an alphabetic character
string
Alternative routing - Correct Answer A service that allows the option of having an
alternate route to complete a call when the marked destination is not available. In
signaling, alternate routing is the process of allocating substitute routes for a given
signaling traffic stream in case of failure(s) affecting the normal signaling links or routes of
that traffic stream.
Which of the following is the BEST performance indicator for the effectiveness of an
incident management program?
A. Incident alert meantime
B. Number of incidents reported
C. Average time between incidents
, D. Incident resolution meantime - Correct Answer D. Incident resolution meantime
Backups will MOST effectively minimize a disruptive incident's impact on a business if
they are:
A. taken according to recovery point objectives (RPOs).
B. scheduled according to the service delivery objectives.
C. performed by automated backup software on a fixed schedule.
D. stored on write-once read-many media. - Correct Answer B. scheduled according to
the service delivery objectives
An IS audit reveals that an organization is not proactively addressing known
vulnerabilities. Which of the following should the IS auditor recommend the organization
do FIRST?
A. Ensure the intrusion prevention system (IPS) is effective.
B. Verify the disaster recovery plan (DRP) has been tested.
C. Assess the security risks to the business.
D. Confirm the incident response team understands the issue. - Correct Answer C.
Assess the security risks to the business
An IS auditor has completed the fieldwork phase of a network security review and is
preparing the initial draft of the audit report. Which of the following findings should be
ranked as the HIGHEST risk?
A. Network penetration tests are not performed.
B. The network firewall policy has not been approved by the information security officer.
C. Network firewall rules have not been documented.
D. The network device inventory is incomplete. - Correct Answer D. The network device
inventory is incomplete.
Which of the following is the PRIMARY advantage of parallel processing for a new
system implementation?
A. Assurance that the new system meets functional requirements
