CISA Practice Exam Graded A+
1. Identify the most critical element for the successful implementation and ongoing regular maintenance
of an information security policy. - B. Understanding of the information security policy by all appropriate parties ️
2. Andrew, CFO of Fair Lending, wants ...
CISA Practice Exam Graded A+
1. Identify the most critical element for the successful implementation and ongoing regular maintenance
of an information security policy.
- B. Understanding of the information security policy by all appropriate parties ✔️
2. Andrew, CFO of Fair Lending, wants to ensure that the implemented disaster recovery plan is
adequate. Identify the immediate next step.
- Initiate the Desk-based Evaluation ✔️
3. Identify the MOST effective and environmentally friendly method for suppressing a data center fire.
- Dry-pipe sprinkling systems ✔️
4. Identify the correct sequence of the IT risk management process.
- b, e, a, d, c ✔️
5. Identify the benefit of using a digital signature.
- Ensures integrity of the email content ✔️
6. Identify the likely response from Merlin regarding project risk documentation.
- Emphasize the importance of identifying and documenting risks, and to develop contingency plans
✔️
7. Identify the priority for the auditor to plan and initiate an audit of the critical online customer
platform.
- Review the audit charter and plan the audit ✔️
8. Identify suitable evaluation methods for ensuring a comprehensive disaster recovery plan.
- Preparedness Test ✔️
,9. Lorena recommends to address inadequate coverage of potential risks in the security policy.
- The outcome of the risk management process be considered while developing the security policy ✔️
10. Identify an activity to be avoided to ensure the independence of a QA team.
- Correct coding errors during the testing process ✔️
11. Identify a false statement regarding segregation of duties for IPF roles.
- A network administrator normally would be restricted from having programming responsibilities ✔️
12. Identify the artifact useful to review for identifying arrangements/controls against non-privileged
user access escalation.
- System configuration files for control options used ✔️
13. How does a data flow diagram (DFD) assist Lorena in her work?
- Establish a summary graphical view of data paths and storage ✔️
14. Identify the main consideration regarding transaction audit trails.
- Transaction audit trails are essential for ensuring non-repudiation ✔️
15. As a first step in a data privacy compliance audit, the information systems auditor must review:
- Statutory and regulatory requirements ✔️
16. Identify an important parameter for determining an adequate disaster recovery strategy.
- Service delivery objective ✔️
17. Jaime discovered unauthorized transactions. Identify the most likely recommendation to make.
- Improvement of authentication mechanism for sending and receiving transactional messages ✔️
,18. Identify the suitable testing method to test the functional operating effectiveness of the information
system without regard to internal program structure.
- Black box test ✔️
Dave, CFO at Herman Foundry, expresses his concern over the risky nature of the implementation
approach proposed by the IT Head to replace a legacy system with the new system. Identify an
implementation/conversion approach from following that carries the greatest risk
Parallel Run
Phased Approach
Direct Cutover
Pilot Run ✔️C Direct cutover, also known as the big bang approach, implies shorter time-window but
carries the greatest risk. It means shutting down the legacy system and going live with the new system
immediately. Shutting down the legacy system is usually irreversible. Other listed approaches are less
risky.
Parallel testing is testing multiple applications or subcomponents of one application concurrently to
reduce the test time.
Phased implementation is a method of System Changeover from an existing system to a new one that
takes place in stages.
PILOT TESTING is defined as a type of Software Testing that verifies a component of the system or the
entire system under a real-time operating condition.
Lisa, an information systems auditor at a non-profit charitable organization, is reviewing the perimeter
security controls. Lisa wants to verify if the firewall is configured in compliance with an organization's
security policy. Identify the most effective method from the following to verify
Review of firewall log files
Review of firewall administration procedures
Attestation by the firewall administrator
, Review of firewall parameter settings ✔️D Perimeter security plays a vital role in effectively preventing
and detecting most attacks on their networks. The proper implementation and maintenance of firewalls
are of paramount importance for having a robust and effective perimeter security mechanism and
compliance with the organization's security policy. Therefore, a review of firewall parameter settings is
the best method to determine if the firewall is configured in compliance with an organization's security
policy.
Lorena, an information systems auditor with the Town Bank, is planning for an audit. Lorena requests an
organizational chart from the auditee. Identify the main purpose of the auditor's request.
Understand the business workflows
Understand the roles, responsibilities, and authority of key individuals
Understand the available communication channels
Understand the organizational networked systems ✔️B Information systems auditors would usually
request an organizational chart during the audit planning process to develop an understanding of roles,
responsibilities, and authority of key people in the auditee organization. The auditor may also develop
an understanding of the segregation of duties controls at this stage and will identify the potential
control objectives for the audit.
Michelle is an information systems auditor at AZ Systems. She is reviewing the information systems
tactical plan. While doing so, she should determine whether
a strategic information technology planning methodology is in place
there is a clear definition of the information systems mission and vision
the plan correlates business objectives to information systems goals and objectives
there is an integration of information systems and business staffs within projects ✔️D The integration
of IS and business staff in projects is an operational issue and should be considered while reviewing the
short-range plan. A strategic plan would provide a framework for the IS short-range plan.
Identify the best way for an information systems auditor to determine the effectiveness of a security
awareness and training program.
Interview the system administrator
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller CertifiedGrades. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.89. You're not tied to anything after your purchase.
