CISA Practice Exam Questions and Answers with Verified Solutions

CISA Practice Exam Questions and Answers with Verified Solutions A centralized antivirus system determines whether each personal computer has the latest signature files and installs the latest signature files before allowing a PC to connect to the network. This is an example of a: corrective control A comprehensive and effective email policy should address the issues of email structure, policy enforcement, monitoring and: rentention A consulting firm has created a File Transfer Protocol (FTP) site for the purpose of receiving financial data and has communicated the site's address, user ID and password to the financial services company in separate email messages. The company is to transmit its data to the FTP site after manually encrypting the data. The IS auditor's GREATEST concern with this process is that: the users may not remember to manually encrypt the data before transmission. A database administrator (DBA) who needs to make emergency changes to a database after normal working hours should log in: with their named account to make the changes A digital signature contains a message digest to show if the message has been altered after transmission A hot site should be implemented as a recovery strategy when the: disaster downtime tolerance is low A large chain of shops with electronic funds transfer at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? Alternative standby processor at another network node Although management has stated otherwise, an IS auditor has reasons to believe that the organization is using software that is not licensed. In this situation, the IS auditor should FIRST: verify the software is in use through testing An enterprise selected a vendor to develop and implement a new software system. To ensure that the enterprise's investment in software is protected, which of the following security clauses is MOST important to include in the master services agreement? software escrow An IS auditor discovers several IT-based projects were implemented and not approved by the steering committee. What is the GREATEST concern for the IS auditor? The IT department may not be working toward a common goal An IS auditor discovers that devices connected to the network are not included in a network diagram that had been used to develop the scope of the audit. The chief information officer explains that the diagram is being updated and awaiting final approval. The IS auditor should FIRST: evaluate the impact of the undocumented devices on the audit scope. An IS auditor evaluating the resilience of a high-availability network should be MOST concerned if: the servers are clustered in one site An IS auditor has been asked to review the implementation of a customer relationship management system for a large organization. The IS auditor