Authentic CISA Dumps - Free PDF Questions to Pass [Q276-Q291]

Share

Authentic CISA Dumps - Free PDF Questions to Pass 

Guaranteed Accomplishment with Newest Jan-2022 FREE CISA


Who should take the CISA exam

The ISACA Certified Information Systems Auditor CISA Exam certification is an internationally-recognized validation that identifies persons who earn it as possessing skilled as Certified Information Systems Auditor CISA certification. If a candidate wants significant improvement in career growth needs enhanced knowledge, skills, and talents. The ISACA Certified Information Systems Auditor CISA Exam certification provides proof of this advanced knowledge and skill. If a candidate has knowledge and skills that are required to pass ISACA Certified Information Systems Auditor CISA Exam then he should take this exam.


The ISACA CISA certification exam is suitable for any entry to a mid-level specialist who wants to demonstrate his/her ability to apply and manage a risk-based approach and focus on planning, executing, and reporting on audit engagements.

 

NEW QUESTION 276
A proposed transaction processing application will have many data capture sources and outputs in paper and electronic form. To ensure that transactions are not lost during processing, an IS auditor should recommend the inclusion of:

  • A. automated systems balancing.
  • B. validation controls.
  • C. clerical control procedures.
  • D. internal credibility checks.

Answer: A

Explanation:
Automated systems balancing would be the best way to ensure that no transactions are lost as any imbalance between total inputs and total outputs would be reported for investigation and correction. Validation controls and internal credibility checksare certainly valid controls, but will not detect and report lost transactions. In addition, although a clerical procedure could be used to summarize and compare inputs and outputs, an automated process is less susceptible to error.

 

NEW QUESTION 277
The GREATEST benefit of using a prototyping approach in software development is that it helps to:

  • A. minimize scope changes to the system
  • B. decrease the time allocated for user testing and review
  • C. improve efficiency of quality assurance (QA) testing.
  • D. conceptualize and clarify requirements

Answer: D

 

NEW QUESTION 278
When conducting a requirements analysis for a project the BEST approach would be to

  • A. consult key stakeholders
  • B. test operational deliverables
  • C. prototype the requirements
  • D. conduct a control self-assessment (CSA)

Answer: D

 

NEW QUESTION 279
Which of the following is a data validation edit and control?

  • A. Reasonableness checks
  • B. Hash totals
  • C. Before and after image reporting
  • D. Online access controls

Answer: A

Explanation:
Explanation/Reference:
Explanation:
A reasonableness check is a data validation edit and control, used to ensure that data conforms to predetermined criteria.

 

NEW QUESTION 280
Which type of major BCP test only requires representatives from each operational area to meet to review the plan?

  • A. Walk-thorough
  • B. Paper
  • C. Parallel
  • D. Preparedness

Answer: A

Explanation:
Explanation/Reference:
Of the three major types of BCP tests (paper, walk-through, and preparedness), a walk-through test requires only that representatives from each operational area meet to review the plan.

 

NEW QUESTION 281
A small financial institution is preparing to implement a check image processing system to support planned mobile banking product offerings Which of the following is MOST critical to the successful implementation of the system?

  • A. Feasibility studies
  • B. End user training
  • C. Integration testing
  • D. Control design

Answer: C

 

NEW QUESTION 282
Which of the following typically consists of a computer, some real looking data and/or a network site that appears to be part of a production network but which is in fact isolated and well prepared?

  • A. IPS
  • B. firewall
  • C. superpot
  • D. IDS
  • E. honeypot
  • F. None of the choices.

Answer: E

Explanation:
Explanation/Reference:
Explanation:
You may use a honeypot to detect and deflect unauthorized use of your information systems. A typical honeypot consists of a computer, some real looking data and/or a network site that appears to be part of a production network but which is in fact isolated and well prepared for trapping hackers.

 

NEW QUESTION 283
Which of the following is the MOST important consideration when defining recovery point objectives
(RPOs)?

  • A. Acceptable data loss
  • B. Acceptable time for recovery
  • C. Mean time between failures
  • D. Minimum operating requirements

Answer: A

Explanation:
Section: Protection of Information Assets
Explanation:
Recovery time objectives (RTOs) are the acceptable time delay in availability of business operations, while
recovery point objectives (RPOs) are the level of data loss/reworking an organization is willing to accept.
Mean time between failures and minimum operating requirements help in defining recovery strategies.

 

NEW QUESTION 284
The PRIMARY benefit of implementing a security program as part of a security governance framework is the:

  • A. implementation of the chief information security officer's (CISO) recommendations.
  • B. alignment of the IT activities with IS audit recommendations.
  • C. enforcement of the management of security risks.
  • D. reduction of the cost for IT security.

Answer: C

Explanation:
The major benefit of implementing a security program is management's assessment of risk and its mitigation to an appropriate level of risk, and the monitoring of the remaining residual risks. Recommendations, visions and objectives of the auditor and the chief information security officer (CISO) are usually included within a security program, but they would not be the major benefit. The cost of IT security may or may not be reduced.

 

NEW QUESTION 285
Which of the following append themselves to files as a protection against viruses?

  • A. Immunizers
  • B. Behavior blockers
  • C. Active monitors
  • D. Cyclical redundancy checkers (CRCs)

Answer: A

Explanation:
I mmunizers defend against viruses by appending sections of themselves to files. They continuously check the file for changes and report changes as possible viral behavior. Behavior blockers focus on detecting potentially abnormal behavior, such as writing to the boot sector or the master boot record, or making changes to executable files. Cyclical redundancy checkers compute a binary number on a known virus-free program that is then stored in a database file. When that program is subsequently called to be executed, the checkers look for changes to the files, compare it to the database and report possible infection if changes have occurred. Active monitors interpret DOS and ROM basic input-output system (BIOS) calls, looking for virus-like actions.

 

NEW QUESTION 286
What is the BEST method for securing credit card numbers stored temporarily on a file server prior to transmission to the downstream system for payment processing?

  • A. Encryption with strong cryptography
  • B. One-way hash with strong cryptography
  • C. Truncating the credit card number
  • D. Masking the full credit card number

Answer: A

 

NEW QUESTION 287
Which of the following audit combines financial and operational audit steps?

  • A. Financial Audit
  • B. Forensic audit
  • C. Integrated Audit
  • D. Compliance Audit

Answer: C

Explanation:
Section: The process of Auditing Information System
Explanation:
An integrated audit combines financial and operational audit steps. An integrated audit is also performed to
assess overall objectives within an organization, related to financial information and asset, safeguarding,
efficiency and or internal auditors and would include compliance test of internal controls and substantive
audit step.
For your exam you should know below information about different types of audit:
What is an audit?
An audit in general terms is a process of evaluating an individual or organization's accounts. This is usually
done by an independent auditing body. Thus, audit involves a competent and independent person obtaining
evidence and evaluating it objectively with regard to a given entity, which in this case is the subject of audit,
in order to establish conformance to a given set of standards. Audit can be on a person, organization,
system, enterprise, project or product.
Compliance Audit
A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.
Independent accounting, security or IT consultants evaluate the strength and thoroughness of compliance
preparations. Auditors review security polices, user access controls and risk management procedures over
the course of a compliance audit. Compliance audit include specific tests of controls to demonstrate
adherence to specific regulatory or industry standard. These audits often overlap traditional audits, but may
focus on particular system or data.
What, precisely, is examined in a compliance audit will vary depending upon whether an organization is a
public or private company, what kind of data it handles and if it transmits or stores sensitive financial data.
For instance, SOX requirements mean that any electronic communication must be backed up and secured
with reasonable disaster recovery infrastructure. Health care providers that store or transmit e-health
records, like personal health information, are subject to HIPAA requirements. Financial services companies
that transmit credit card data are subject to PCI DSS requirements. In each case, the organization must be
able to demonstrate compliance by producing an audit trail, often generated by data from event log
management software.
Financial Audit
A financial audit, or more accurately, an audit of financial statements, is the verification of the financial
statements of a legal entity, with a view to express an audit opinion. The audit opinion is intended to provide
reasonable assurance, but not absolute assurance, that the financial statements are presented fairly, in all
material respects, and/or give a true and fair view in accordance with the financial reporting framework.
The purpose of an audit is to provide an objective independent examination of the financial statements,
which increases the value and credibility of the financial statements produced by management, thus
increase user confidence in the financial statement, reduce investor risk and consequently reduce the cost
of capital of the preparer of the financial statements.
Operational Audit
Operational Audit is a systematic review of effectiveness, efficiency and economy of operation. Operational
audit is a future-oriented, systematic, and independent evaluation of organizational activities. In Operational
audit financial data may be used, but the primary sources of evidence are the operational policies and
achievements related to organizational objectives. Operational audit is a more comprehensive form of an
Internal audit.
The Institute of Internal Auditor (IIA) defines Operational Audit as a systematic process of evaluating an
organization's effectiveness, efficiency and economy of operations under management's control and
reporting to appropriate persons the results of the evaluation along with recommendations for
improvement.
Objectives
To appraise the effectiveness and efficiency of a division, activity, or operation of the entity in meeting
organizational goals.
To understand the responsibilities and risks faced by an organization.
To identify, with management participation, opportunities for improving control.
To provide senior management of the organization with a detailed understanding of the Operations.
Integrated Audits
An integrated audit combines financial and operational audit steps. An integrated audit is also performed to
assess overall objectives within an organization, related to financial information and asset, safeguarding,
efficiency and or internal auditors and would include compliance test of internal controls and substantive
audit step.
IS Audit
An information technology audit, or information systems audit, is an examination of the management
controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence
determines if the information systems are safeguarding assets, maintaining data integrity, and operating
effectively to achieve the organization's goals or objectives. These reviews may be performed in
conjunction with a financial statement audit, internal audit, or other form of attestation engagement.
The primary functions of an IT audit are to evaluate the systems that are in place to guard an organization's
information. Specifically, information technology audits are used to evaluate the organization's ability to
protect its information assets and to properly dispense information to authorized parties. The IT audit aims
to evaluate the following:
Will the organization's computer systems be available for the business at all times when required? (known
as availability) Will the information in the systems be disclosed only to authorized users? (known as
security and confidentiality) Will the information provided by the system always be accurate, reliable, and
timely? (measures the integrity) In this way, the audit hopes to assess the risk to the company's valuable
asset (its information) and establish methods of minimizing those risks.
Forensic Audit
Forensic audit is the activity that consists of gathering, verifying, processing, analyzing of and reporting on
data in order to obtain facts and/or evidence - in a predefined context - in the area of legal/financial
disputes and or irregularities (including fraud) and giving preventative advice.
The purpose of a forensic audit is to use accounting procedures to collect evidence for the prosecution or
investigation of financial crimes such as theft or fraud. Forensic audits may be conducted to determine if
wrongdoing occurred, or to gather materials for the case against an alleged criminal.
The following answers are incorrect:
Compliance Audit - A compliance audit is a comprehensive review of an organization's adherence to
regulatory guidelines. Independent accounting, security or IT consultants evaluate the strength and
thoroughness of compliance preparations. Auditors review security polices, user access controls and risk
management procedures over the course of a compliance audit. Compliance audit include specific tests of
controls to demonstrate adherence to specific regulatory or industry standard. These audits often overlap
traditional audits, but may focus on particular system or data.
Financial Audit- A financial audit, or more accurately, an audit of financial statements, is the verification of
the financial statements of a legal entity, with a view to express an audit opinion. The audit opinion is
intended to provide reasonable assurance, but not absolute assurance, that the financial statements are
presented fairly, in all material respects, and/or give a true and fair view in accordance with the financial
reporting framework. The purpose of an audit is to provide an objective independent examination of the
financial statements, which increases the value and credibility of the financial statements produced by
management, thus increase user confidence in the financial statement, reduce investor risk and
consequently reduce the cost of capital of the preparer of the financial statements.
Forensic Audit - Forensic audit is the activity that consists of gathering, verifying, processing, analyzing of
and reporting on data in order to obtain facts and/or evidence - in a predefined context - in the area of legal/
financial disputes and or irregularities (including fraud) and giving preventative advice.
The following reference(s) were/was used to create this question:
CISA Review Manual 2014 Page number 44
http://searchcompliance.techtarget.com/definition/compliance-audit
http://en.wikipedia.org/wiki/Financial_audit
http://en.wikipedia.org/wiki/Operational_auditing
http://en.wikipedia.org/wiki/Information_technology_audit
http://www.investorwords.com/16445/forensic_audit.html

 

NEW QUESTION 288
Which of the following should an IS auditor be MOST concerned with when reviewing the IT asset disposal process?

  • A. Monetary value of the asset
  • B. Data stored on the asset
  • C. Data migration to the new asset
  • D. Certificate of destruction

Answer: B

 

NEW QUESTION 289
Which of the following is the BEST way to protect the confidentiality of data on a corporate smartphone?

  • A. Disabling public wireless connections
  • B. Changing the default PIN for Bluetooth connections
  • C. Using remote data wipe capabilities
  • D. Using encryption

Answer: C

Explanation:
Section: Protection of Information Assets

 

NEW QUESTION 290
An IS auditor conducting a review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor take?

  • A. Report the use of the unauthorized software and the need to prevent recurrence to auditee management.
  • B. Take no action, as it is a commonly accepted practice and operations management is responsible for monitoring such use.
  • C. Inform the auditee of the unauthorized software, and follow up to confirm deletion.
  • D. Personally delete all copies of the unauthorized software.

Answer: A

Explanation:
Explanation/Reference:
Explanation:
The use of unauthorized or illegal software should be prohibited by an organization. Software piracy results in inherent exposure and can result in severe fines. An IS auditor must convince the user and user management of the risk and the need to eliminate the risk. An IS auditor should not assume the role of the enforcing officer and take on any personal involvement in removing or deleting the unauthorized software.

 

NEW QUESTION 291
......


Protection of Information Assets

This objective has the highest percentage in the exam content, which means that you need to pay more attention to its components. The questions from this topic will measure your knowledge of the following:

  • Information asset security and control – privacy principles; data classification; virtual environments; information assets security frameworks, guidelines, and standards; identity & access management; public key infrastructure; data encryption & encryption-related methods; network & endpoint security; physical access & environmental controls;
  • Security Event Management – security awareness programs and training; information system attack techniques; security testing tools and methods; security monitoring tools and methods; evidence collection and forensic; incident response management.

You should also be ready that there will be about 39 supporting tasks that include various processes connected to the exam concepts. Therefore, it is important to master all the objectives.

 

CISA Braindumps PDF, ISACA CISA Exam Cram: https://www.dumpsvalid.com/CISA-still-valid-exam.html

Use Valid New Free CISA Exam Dumps & Answers: https://drive.google.com/open?id=1RS-kwaJhQpD0EJt0OJZO9YXIOmsjKV3Q