Exam (elaborations)
ISACA Exam Questions > CISA (v.5) - part.2 with rationales
- Course
- Institution
ISACA Exam Questions > CISA (v.5) - part.2 with rationales
[Show more]
Content preview
ISACA EXAM QUESTIONSCISA (v.5) - part.2
1. When reviewing an organizations logical access security, which of the following should be of
MOST concern to an IS auditor?
A. Passwords are not shared.
B. Password files are not encrypted.
C. Redundant logon IDs are deleted.
D. The allocation of logon IDs is controlled.
Explanation:
When evaluating the technical aspects of logical security, unencrypted files represent the greatest
risk. The sharing of passwords, checking for the redundancy of logon IDs and proper logon ID
procedures are essential, but they are less important than ensuring that the password files are
encrypted.
2. Passwords should be:
A. assigned by the security administrator for first time logon.
B. changed every 30 days at the discretion of the user.
C. reused often to ensure the user does not forget the password.
D. displayed on the screen so that the user can ensure that it has been entered properly.
Explanation:
Initial password assignment should be done discretely by the security administrator. Passwords
should be changed often (e.g., every 30 days); however, changing should not be voluntary, it should
be required by the system. Systems should not permit previous passwords to be used again. Old
passwords may have been compromised and would thus permit unauthorized access. Passwords
should not be displayed in any form.
3. adminJanuary 30, 2019
When performing an audit of access rights, an IS auditor should be suspicious of which of the
following if allocated to a computer operator?
A. Read access to data
B. Delete access to transaction data files
C. Logged read/execute access to programs
D. Update access to job control language/script files
, Explanation:
Deletion of transaction data files should be a function of the application support team, not operations
staff. Read access to production data is a normal requirement of a computer operator, as is logged
access to programs and access to JCL to control job execution.
4. adminJanuary 30, 2019
To prevent unauthorized entry to the data maintained in a dial-up, fast response system, an IS
auditor should recommend:
A. online terminals are placed in restricted areas.
B. online terminals are equipped with key locks.
C. ID cards are required to gain access to online terminals.
D. online access is terminated after a specified number of unsuccessful attempts.
Explanation:
The most appropriate control to prevent unauthorized entry is to terminate connection after a
specified number of attempts. This will deter access through the guessing of IDs and passwords.
The other choices are physical controls, which are not effective in deterring unauthorized accesses
via telephone lines
5. An IS auditor conducting an access control review in a client-server environment discovers
that all printing options are accessible by all users. In this situation, the IS auditor is MOST likely to
conclude that:
A. exposure is greater, since information is available to unauthorized users.
B. operating efficiency is enhanced, since anyone can print any report at any time.
C. operating procedures are more effective, since information is easily available.
D. user friendliness and flexibility is facilitated, since there is a smooth flow of information among
users.
Explanation:
Information in all its forms needs to be protected from unauthorized access. Unrestricted access to
the report option results in an exposure. Efficiency and effectiveness are not relevant factors in this
situation. Greater control over reports will not be accomplished since reports need not be in a printed
form only. Information could be transmitted outside as electronic files, because print options allow for
printing in an electronic form as well.
6. During the requirements definition phase for a database application, performance is listed as
a top priority. To access the DBMS files, which of the following technologies should be
recommended for optimal I/O performance?
A. Storage area network (SAN)
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller codersimon. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.00. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
80435 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now