Exam (elaborations)
CISA Practice Exam
- Course
- Institution
Exam of 179 pages for the course CISA - Certified Information Systems Auditor at CISA - Certified Information Systems Auditor (CISA Practice Exam)
[Show more]
Content preview
CISA Practice Exam"Their security responsibilities include authorizing access,
ensuring that access rules are updated when personnel changes
occur, and regularly review access rules for the data for which
they are responsible." Identify the appropriate role for the above
mentioned responsibility.
Data Users
Data Custodians
Data Owners
Security Administrator Correct Answer C The mentioned
responsibility falls under the remit of data owners. Data owners
are usually business leaders responsible for using information
for running and controlling the business. Data custodians are
people responsible for storing and safeguarding the data and
include IT personnel. Data users include the user communities
with access levels authorized by the data owners. Security
administrators have the responsibility to provide physical and
logical security for data, software, and hardware.
A comprehensive IS audit policy should include guidelines
detailing what involvement the internal audit team should have?
in the development and coding of major OS applications.
in the acquisition and maintenance of major WEB applications.
in the human resource management cycle of the application
development project.
,None of the choices.
in the development, acquisition, conversion, and testing of major
applications. Correct Answer E The audit policy should include
guidelines detailing what involvement internal audit will have in
the development, acquisition, conversion, and testing of major
applications. Such a policy must be approved by top
management for it to be effective.
A computer system is no more secure than the human systems
responsible for its operation. Malicious individuals have
regularly penetrated well-designed, secure computer systems by
taking advantage of the carelessness of trusted individuals, or by
deliberately deceiving them. zombie computers are being
HEAVILY relied upon on by which of the following types of
attack?
ATP
Social Engineering
DDoS
Eavedropping
DoS Correct Answer C "Distributed denial of service (DDoS)
attacks are common, where a large number of compromised
hosts (""zombie computers"") are used to flood a target system
with network requests, thus attempting to render it unusable
through resource exhaustion."
,A major portion of what is required to address nonrepudiation is
accomplished through the use of:
strong methods for authorization and ensuring data integrity.
None of the choices.
strong methods for authentication and ensuring data validity
strong methods for authentication and ensuring data reliability.
strong methods for authentication and ensuring data integrity
Correct Answer E A major portion of what is required to
address nonrepudiation is accomplished through the use of
strong methods for authentication and ensuring data integrity.
A substantive test to verify that tape library inventory records
are accurate is:
checking if receipts and issues of tapes are accurately recorded.
determining whether the movement of tapes is authorized.
conducting a physical count of the tape inventory.
determining whether bar code readers are installed. Correct
Answer C
A successful risk-based IT audit program should be based on:
an effective departmental brainstorm session.
, an effective organization-wide brainstorm session.
an effective scoring system.
an effective PERT diagram.
an effective yearly budget. Correct Answer C
A trojan horse simply cannot operate autonomously.
FALSE
TRUE Correct Answer T As a common type of Trojan horses,
a legitimate software might have been corrupted with malicious
code which runs when the program is used. The key is that the
user has to invoke the program in order to trigger the malicious
code. In other words, a trojan horse simply cannot operate
autonomously. You would also want to know that most but not
all trojan horse payloads are harmful - a few of them are
harmless.
A virus typically consists of what major parts (choose all that
apply):
a payload
a mechanism that allows them to infect other files and
reproduce" a
trigger that activates delivery of a ""payload"""
a signature
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Classroom. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $22.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
75759 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now