CISA Exam 388 Questions with Verified Answers,100% CORRECT
6 views 0 purchase
Course
CISA - Certified Information Systems Auditor
Institution
CISA - Certified Information Systems Auditor
CISA Exam 388 Questions with Verified Answers
Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions?
a. Parity check
b. Echo check
c. Block sum check
d. Cyclic redundancy check - CORRECT ANSWER d. Cyclic redundancy check
Whi...
CISA Exam 388 Questions with Verified Answers
Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions?
a. Parity check
b. Echo check
c. Block sum check
d. Cyclic redundancy check - CORRECT ANSWER d. Cyclic redundancy check
Which of the following issues associated with a data center's closed circuit television (CCTV) surveillance cameras should be of MOST concern to an IS auditor? A. CCTV recordings are not regularly reviewed. B. CCTV records are deleted after one year. C. CCTV footage is not recorded 24 x 7. D. CCTV cameras are not installed in break rooms. - CORRECT ANSWER A. CCTV recordings are not regularly reviewed.
An IS auditor has been asked to audit the proposed acquisition of new computer hardware. The auditor's PRIMARY concern is that: A. a clear business case has been established. B. the new hardware meets established security standards. C. a full, visible audit trail will be included. D. the implementation plan meets user requirements. - CORRECT ANSWER A. a clear business case has been established.
An organization is implementing a new system that supports a month-end business process. Which of the following implementation strategies would be MOST efficient to decrease business downtime?
A. Cutover
B. Phased
C. Pilot
D. Parallel - CORRECT ANSWER C. Pilot Which of the following is the BEST way to ensure that an application is performing
according to its specifications?
A. Pilot testing
B. System testing
C. Integration testing
D. Unit testing - CORRECT ANSWER C. Integration testing
An employee loses a mobile device resulting in loss of sensitive corporate data. Which of the following would have BEST prevented data leakage?
A. Data encryption on the mobile device
B. The triggering of remote data wipe capabilities
C. Awareness training for mobile device users
D. Complex password policy for mobile devices - CORRECT ANSWER A. Data encryption on the mobile device
During the evaluation of controls over a major application development project, the MOST effective use of an IS auditor's time would be to review and evaluate:
A. cost-benefit analysis.
B. acceptance testing.
C. application test cases.
D. project plans. - CORRECT ANSWER C. application test cases.
Upon completion of audit work, an IS auditor should:
A. provide a report to the auditee stating the initial findings.
B. provide a report to senior management prior to discussion with the auditee.
C. distribute a summary of general findings to the members of the auditing team.
D. review the working papers with the auditee. - CORRECT ANSWER A. provide a report to the auditee stating the initial findings.
During an IT general controls audit of a high-risk area where both internal and external audit teams are reviewing the same areas simultaneously, which of the following is the BEST approach to optimize resources?
A. Leverage the work performed by external audit for the internal audit testing.
B. Ensure both the internal and external auditors perform the work simultaneously.
C. Roll forward the general controls audit to the subsequent audit year. D. Request that the external audit team leverage the internal audit work. - CORRECT ANSWER A. Leverage the work performed by external audit for the internal audit testing.
The GREATEST benefit of using a prototyping approach in software development is that it helps to:
A. improve efficiency of quality assurance (QA) testing.
B. conceptualize and clarify requirements.
C. decrease the time allocated for user testing and review.
D. minimize scope changes to the system. - CORRECT ANSWER D. minimize scope changes to the system.
Management receives information indicating a high level of risk associated with potential flooding near the organization's data center with in the next few years. As a result, a decision has been made to move data center operations to another facility on higher ground. Which approach has been adopted?
A. Risk reduction
B. Risk acceptance
C. Risk transfer
D. Risk avoidance - CORRECT ANSWER D. Risk avoidance
Which of the following MOST effectively minimizes downtime during system conversions?
A. Phased approach
B. Parallel run
C. Direct cutover
D. Pilot study - CORRECT ANSWER B. Parallel run
Which of the following would MOST effectively ensure the integrity of data transmitted over a network?
A. Message encryption
B. Steganography
C. Certificate authority (CA)
D. Message digest - CORRECT ANSWER D. Message digest An IS auditor is evaluating controls for monitoring the regulatory compliance of a third party that provides IT services to the organization. Which of the following should be the auditor's GREATEST concern?
A. A gap analysis against regulatory requirements has not been conducted.
B. The third-party disclosed a policy-related issue of noncompliance.
C. The organization has not reviewed the third party's policies and procedures.
D. The organization has not communicated regulatory requirements to the third party. - CORRECT ANSWER D. The organization has not communicated regulatory requirements to the third party.
An IS auditor is reviewing processes for importing market price data from external
data providers. Which of the following findings should the auditor consider MOST critical?
A. The quality of the data is not monitored.
B. The transfer protocol does not require authentication.
C. Imported data is not disposed frequently.
D. The transfer protocol is not encrypted. - CORRECT ANSWER A. The quality of the data is not monitored.
In a controlled application development environment, the MOST important segregation of duties should be between the person who implements changes into the production environment and the:
A. application programmer.
B. quality assurance (QA) personnel.
C. computer operator.
D. systems programmer. - CORRECT ANSWER A. application programmer.
A small startup organization does not have the resources to implement segregation of duties. Which of the following is the MOST effective compensating control?
A. Rotation of log monitoring and analysis responsibilities
B. Additional management reviews and reconciliations
C. Mandatory vacations
D. Third-party assessments - CORRECT ANSWER B. Additional management reviews and reconciliations
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through EFT, credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying this summary from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller SuperGrade. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy this summary for R243,38. You're not tied to anything after your purchase.