Exam (elaborations)
CISA Practice Exam correctly answered to pass
- Course
- Institution
CISA Practice Exam correctly answered to pass
[Show more]
Content preview
CISA Practice ExamIdentify the most critical element from the following for the successful implementation and ongoing
regular maintenance of an information security policy. [BAC]
A.Management support and approval for the information security policy
B. Understanding of the information security policy by all appropriate parties
C. Punitive actions for any violation of information security rules
D. Stringent access control monitoring of information security rules - correct answer ✔✔B. An
information security policy comprises of processes, procedures, and rules in an organization. The most
important aspect of a successful implementation of an information security policy is the assimilation by
all appropriate parties such as employees, service providers, and business partners. Punitive actions for
any violations are related to the education and awareness of the policy.
Fair Lending has implemented a disaster recovery plan. Andrew, CFO of Fair Lending, wants to ensure
that the implemented plan is adequate. Identify the immediate next step from the following.
Initiate the Full Operational Test
Initiate the Desk-based Evaluation
Initiate the Preparedness Test
Socialize with the Senior Management and Obtain Sponsorship - correct answer ✔✔B. The immediate
next step to evaluate the adequacy of a disaster recovery plan once it has been implemented is to
conduct a desk-based evaluation which is also known as a paper test. The paper test involves walking
through the plan and discussion on what might happen in a particular type of service disruption with the
major stakeholders. As per the best practice, the paper test precedes the preparedness test.
There are various methods of suppressing a data center fire. Identify the MOST effective and
environmentally friendly method from the following.
Water-based systems (sprinkler systems)
Argonite systems
,Carbon dioxide systems
Dry-pipe sprinkling systems - correct answer ✔✔D, Dry-pipe sprinkling systems are the most effective
and environmentally friendly from the available options. In this system, the water does not flow until the
fire alarm activates a pump. Water-based systems (sprinkler systems) are environmentally friendly but
may not present the most effective option. In this system, the water is always present in the piping,
which can potentially leak, causing damage to equipment.
IT risk management process comprises of following 5 steps listed in no particular sequence. (b) Asset
Identification (e) Evaluation of Threats and Vulnerabilities to Assets (a) Evaluation of the Impact (c)
Calculation of Risk (d) Evaluation of and Response to Risk Identify the correct sequence from the
following
b, a, e, c, d
b, e, a, c, d
b, e, a, d, c
a, b, c, d, e - correct answer ✔✔B. IT risk management process comprises of following 5 steps: Step 1:
Asset Identification Step 2: Evaluation of Threats and Vulnerabilities to Assets Step 3: Evaluation of the
Impact Step 4: Calculation of Risk Step 5: Evaluation of and Response to Risk
Palm Trading Company has implemented digital signatures to protect email communication with their
customers. Identify the benefit of using a digital signature from the following.
Protects email content from unauthorized reading
Protects email content from data theft
Ensure timely delivery of email content
Ensures integrity of the email content - correct answer ✔✔D. The digital signature is used for verifying
the identity of the sender and the integrity of the content.
Merlin, head of information systems audit at Cocoa Payroll Services, was invited to a development
project meeting. During the meeting, Merlin noted that no project risks were documented and raised
this issue with the head of IT. The IT project manager opined that it was too early to identify risks and
that they intend to hire a risk manager if risks do start impacting the project. Identify the likely response
from Merlin from the following.
,Express the willingness to work with the risk manager when one is appointed
Emphasize the importance of identifying and documenting risks, and to develop contingency plans
Since the project manager is accountable for the outcome of the project, it is reasonable to accept his
position
Inform the project manager of intent to conduct a review of the risks at the completion of the
requirements definition phase of the project - correct answer ✔✔B An experienced project manager
must be able to identify the majority of key project risks at the beginning of the project, and plan to deal
with them when they do materialize
Quick Micropayments has recently commissioned a critical online customer platform. The CIO requested
the information systems audit department to conduct an independent review of the system. Identify the
priority for the auditor to plan and initiate an audit.
Review the audit charter and plan the audit
Review the impact of the implementation of the new system on the IT operations
Review prior audit reports on the system and plan the audit
Review the HR reports on employee turnover to identify any impact on the system - correct answer
✔✔A. The auditor should review the audit charter and plan the audit accordingly. Since this is a newly
implemented system, prior audit reports are not available. A review of employee turnover and the
impact on the IT operational environment is of limited value at this stage.
Andrew, CFO of Fair Lending, is working on a business expansion plan to have a street presence across
North America. Andrew wants to ensure the disaster recovery plan is comprehensive and provides
adequate coverage in a potential business interrupting scenario. The other consideration for Andrew is
to have an adequate and cost-effective evaluation method. Identify suitable evaluation methods from
the following
Preparedness Test
Full Operational Test
Desk-based Evaluation
Annual Tape Backup Recovery - correct answer ✔✔A. A preparedness test is a localized version of a full
operational test, wherein actual resources are expended in the simulation of a system crash. This test is
performed regularly on different aspects of the disaster recovery plan and can be a cost-effective way to
gradually obtain evidence about how good the plan is whereas a full operational test is one step away
, from an actual service disruption and may not be cost-effective. The desk-based evaluation also called a
paper test, may not be sufficient to test all necessary aspects of a disaster recovery plan.
Lorena, an information systems auditor with the Town Bank, observed an inadequate coverage of
potential risks in the security policy likely arising from an inadequate security policy development
process. Lorena should recommend the following.
Asset identification be ensured as part of security policy development
Business objectives are considered while developing the security policy
The outcome of the risk management process be considered while developing the security policy
The software design decisions are made based on the security policy and guidelines - correct answer
✔✔C The outcome of the risk management process is considered while developing the security policy to
ensure adequate coverage to underlying risks.
Julio, IT Head at Quick Micropayments, wants to ensure the independence of a quality assurance (QA)
team. Identify an activity to be avoided to achieve the objective.
Ensure compliance with software development methodology
Check the testing assumptions
Perform code review to ensure proper documentation
Correct coding errors during the testing process - correct answer ✔✔D Quality assurance (QA) team
should not be made responsible for correcting coding errors during the testing / QA process as
correction of code is not the responsibility of the QA team. Doing so would result in a violation of
segregation of duties principles and would impair the team's independence.
Andrew, CFO of Palm Trading Company, a relatively smaller organization, wants to implement
segregation of duties for information processing facility (IPF) roles. Considering this requirement, identify
a false statement from the following
A network administrator normally would be restricted from reporting to the end-user manager
A network administrator normally would be restricted from having additional end-user responsibilities
A network administrator normally would be restricted from being responsible for network security
administration
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller BukayoSaka120. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $19.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
80364 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now