• Home
  • Articles
  • Verified CISA exam dumps Q&As with Correct 973 Questions and Answers [Q91-Q115]

Verified CISA exam dumps Q&As with Correct 973 Questions and Answers [Q91-Q115]

Share

Verified CISA exam dumps Q&As with Correct 973 Questions and Answers

ISACA CISA Test Engine PDF - All Free Dumps from ActualCollection


Target Audience

The potential candidates for the ISACA CISA certification are the information technology and information security auditors as well as control, assurance, and information security professionals. These are the specialists with expertise in the field of security and information technology. They have the competence and skills required to achieve success in the prerequisite exam.


Useful Isaca CISA Exam Prep Resources

With the above-mentioned details about the certification exam, are you ready to act upon the next step? The test preparation is, of course, a gruelling process of intense studying and extensive honing of skills. So, right here and now, we’ll make it much easier for you. We will serve as your eyes and ears in catching the finest resources in the market:

  • CISA Exam Prep Course

    Are you the type of learner who gets more insights if you’re with an instructor? If yes, enroll in the expert-led course and join other exam candidates in learning the CISA job practice in a more in-depth manner. The instructor will guide you in sorting out the core requirements that you need to master, which is done through comprehensive modules and case study activities. Likewise, there will be a revisit of the fundamental concepts to ensure that you master the basics and core responsibilities of an IS auditor. The course won’t be complete without some practice tests, which are thoroughly assessed by the instructor. The trial questions are further elaborated through an extensive explanation of the answers. Along with the lectures and quizzes, the instructor also shares a lot of useful techniques, particularly in terms of time management and better knowledge retention. Do take note that time is very important if you avail of this virtual material. Compared to the self-paced course, this one has a limited timeline. It’s only a 60-day subscription that is divided into 4 sessions. Therefore, you have to check the schedule posted on the official site first so you can allocate your time properly and attend the training with ease.

  • CISA Review Questions, Answers & Explanations Manual (12th Edition) by Isaca

    Another top-notch book suggested by the vendor is this practice test manual that has 1,000 questions in multiple-choice style. The questions listed here are in accordance with the latest CISA Job Practice (2019). Therefore, most of these are already revised and upgraded, providing more up-to-date coverage of the exam. Another thing is the detailed explanation of the answers, which is a great help in correcting your mistakes and ensuring that you don’t make the same error twice. And of course, the questions are structured in a way that mimics the official CISA test. Though not exactly the same in terms of order and context, practicing with such items is very beneficial in strengthening your adeptness in the crucial test domains.

  • CISA Online Review Course

    The best online prep tool comes from the certification vendor itself. Isaca has prepared a comprehensive package that you can use to study efficiently for the CISA test. Equipped with instructional strategies and interactive lessons, this course has been proven and tested by thousands of exam candidates. More importantly, it details the five major domains of the CISA, which include the auditing process, governance, operations, implementation, and the protection of information systems. The eLearning modules are also created in relation to the CISA job practice so you’ll develop a working knowledge of the key subject areas. This means that your comprehension is not just about the theoretical aspect of the domains but also its technical features. In addition, the context of the materials guarantees you up-to-date guidelines of IT audit as well as assurance. As a result, you will gain an understanding of the latest industry standards, which are relevant among businesses. Along with the interactive lessons, you’ll also get some downloadable materials to further aid your topic mastery. And to complete the set of training resources, you’ll get a self-assessment (50 questions) and a practice test (75 questions) that check on your knowledge before and after the training. And before we forget, this online course provides you with the opportunity to navigate through the lessons at your own pace. Also, you can take advantage of the structured guideline and create your preferred learning schedule and style. The total training duration lasts for up to 22 hours, with a 365-day subscription.

  • CISA Review Manual (27th Edition) by Isaca

    Accompany the self-paced course with one of the selected books for your CISA test. The CISA Review Manual is an official reference guide that is handpicked by the experts because of its all-inclusive test coverage that is designed to help you stay on track with the main exam objectives. This book discusses the vital roles of an information systems auditor, giving you a glimpse of the technical skillset you have to develop before the certification evaluation. Also, such a manual has been restructured in accordance with the official 2019 CISA Job Practice, hence the most recent and relevant coverage of the exam domains. More so, it brings out the critical concepts and terminologies of IS and IT for proper documentation of your abilities. And by mastering both the fundamentals as well as the technical roles, you won’t have a hard time handling audit tasks required by organizations of different sizes and types.


The ISACA CISA certification exam is suitable for any entry to a mid-level specialist who wants to demonstrate his/her ability to apply and manage a risk-based approach and focus on planning, executing, and reporting on audit engagements.

 

NEW QUESTION 91
A retirement system verifies that the field for employee status has either a value of A (for active) or R (for retired). This is an example of which type of check?

  • A. Existence
  • B. Limit
  • C. Validity
  • D. Completeness

Answer: A

 

NEW QUESTION 92
When protecting an organization's IT systems, which of the following is normally the next line of defense after the network firewall has been compromised?

  • A. Antivirus programs
  • B. Virtual local area network (VLAN) configuration
  • C. Personal firewall
  • D. Intrusion detection system (IDS)

Answer: D

Explanation:
Explanation/Reference:
Explanation:
An intrusion detection system (IDS) would be the next line of defense after the firewall. It would detect anomalies in the network/server activity and try to detect the perpetrator. Antivirus programs, personal firewalls and VI_AN configurations would be later in the line of defense.

 

NEW QUESTION 93
What is a primary high-level goal for an auditor who is reviewing a system development project?

  • A. To ensure that projects are monitored and administrated effectively
  • B. To ensure that programming and processing environments are segregated
  • C. To ensure that business objectives are achieved
  • D. To ensure that proper approval for the project has been obtained

Answer: C

Explanation:
Explanation/Reference:
A primary high-level goal for an auditor who is reviewing a systems-development project is to ensure that business objectives are achieved. This objective guides all other systems development objectives.

 

NEW QUESTION 94
As compared to understanding an organization's IT process from evidence directly collected, how valuable are prior audit reports as evidence?

  • A. Prior audit reports are not relevant.
  • B. Lesser value.
  • C. Greater value.
  • D. The same value.

Answer: B

Explanation:
Prior audit reports are considered of lesser value to an IS auditor attempting to gain an understanding of an organization's IT process than evidence directly collected.

 

NEW QUESTION 95
An organization wants to reuse company-provided smartphones collected from staff leaving the organization.
Which of the following would be the BEST recommendation?

  • A. The memory cards of the smartphones should be replaced.
  • B. Data should be securely deleted from the smanphones.
  • C. Smartphones should not be reused, but physically destroyed.
  • D. The SIM card and telephone number should be changed.

Answer: B

 

NEW QUESTION 96
Which of the following is the BEST audit procedure to determine if a firewall is configured in compliance
with an organization's security policy?

  • A. Review the parameter settings.
  • B. Interview the firewall administrator.
  • C. Review the device's log file for recent attacks.
  • D. Review the actual procedures.

Answer: A

Explanation:
Section: Protection of Information Assets
Explanation:
A review of the parameter settings will provide a good basis for comparison of the actual configuration to
the security policy and will provide audit evidence documentation. The other choices do not provide audit
evidence as strong as choice A.

 

NEW QUESTION 97
To confirm integrity for a hashed message, the receiver should use

  • A. a different hashing algorithm from me sender s to create a binary image of the file
  • B. a different hashing algorithm from the sender s to create a numerical representation of the file
  • C. the same hashing algorithm as the sender's to create a binary image of the file.
  • D. the same hashing algorithm as the tender s to create a numerical representation of the file.

Answer: C

 

NEW QUESTION 98
Which of the following are BEST suited for continuous auditing?

  • A. Real-time transactions
  • B. Low-value transactions
  • C. Irregular transactions
  • D. Manual transactions

Answer: A

Explanation:
Section: The process of Auditing Information System

 

NEW QUESTION 99
Which of the following provides the BEST single-factor authentication?

  • A. Password
  • B. PIN
  • C. Token
  • D. Biometrics

Answer: D

Explanation:
Section: Protection of Information Assets
Explanation
Explanation:
Although biometrics provides only single-factor authentication, many consider it to be an excellent method
for user authentication.

 

NEW QUESTION 100
Which of the following cryptography is based on practical application of the characteristics of the smallest
"grains" of light, the photon, the physical laws governing their generation and propagation and detection?

  • A. Asymmetric Key Cryptography
  • B. Quantum Cryptography
  • C. Symmetric Key Cryptography
  • D. Elliptical Curve Cryptography (ECC)

Answer: B

Explanation:
Explanation/Reference:
Quantum cryptography is based on a practical application of the characteristics of the smallest "grain" of light, photons and on physical laws governing their generation, propagation and detection.
Quantum cryptography is the next generation of cryptography that may solve some of the existing problem associated with current cryptographic systems, specifically the random generation and secure distribution of symmetric cryptographic keys. Initial commercial usage has already started now that the laboratory research phase has been completed.
Quantum cryptography is based on a practical application of the characteristics of the smallest "grain" of light, photons and on physical laws governing their generation, propagation and detection.
Quantum cryptography is the next generation of cryptography that may solve some of the existing problem associated with current cryptographic systems, specifically the random generation and secure distribution of symmetric cryptographic keys. Initial commercial usage has already started now that the laboratory research phase has been completed.
The following were incorrect answers: Elliptic Key Cryptography(ECC) - A variant and more efficient form of a public key cryptography (how to manage more security out of minimum resources) gaining prominence is the ECC. ECC works well on a network computer requires strong cryptography but have some limitation such as bandwidth and processing power. This is even more important with devices such as smart cards, wireless phones and other mobile devices. It is believed that ECC demands less computational power and, therefore offers more security per bit. For example, an ECC with a 160-bit key offer the same security as an RSA based system with a 1024-bit key.
Symmetric Encryption- Symmetric encryption is the oldest and best-known technique. A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key.
The problem with secret keys is exchanging them over the Internet or a large network while preventing them from falling into the wrong hands. Anyone who knows the secret key can decrypt the message.
Asymmetric encryption -In which there are two related keys--a key pair. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret, so that only you know it.
Any message (text, binary files, or documents) that are encrypted by using the public key can only be decrypted by applying the same algorithm, but by using the matching private key. Any message that is encrypted by using the private key can only be decrypted by using the matching public key.
This means that you do not have to worry about passing public keys over the Internet (the keys are supposed to be public). A problem with asymmetric encryption, however, is that it is slower than symmetric encryption. It requires far more processing power to both encrypt and decrypt the content of the message.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 349 and 350
http://support.microsoft.com/kb/246071

 

NEW QUESTION 101
Determining the risk for a particular threat/vulnerability pair before controls are applied can be expressed
as:

  • A. a function of the likelihood and impact, should a threat exploit a vulnerability
  • B. the magnitude of the impact should a threat exploit a vulnerability
  • C. the likelihood of a given threat attempting to exploit a vulnerability
  • D. a function of the cost and effectiveness of controls over a vulnerability

Answer: C

Explanation:
Section: Protection of Information Assets

 

NEW QUESTION 102
An auditor notes the administrator user ID is shared among three financial managers to perform month-end
updates. Which of the following is the BEST recommendation to ensure the administrator ID in the financial
system is controlled effectively?

  • A. Implement use of individual software tokens
  • B. Institute user ID logging and monitoring
  • C. Conduct employee awareness training
  • D. Ensure data in the financial systems has been classified

Answer: A

Explanation:
Section: The process of Auditing Information System

 

NEW QUESTION 103
The feature of a digital signature that ensures the sender cannot later deny generating and sending the
message is called:

  • A. non repudiation.
  • B. replay protection.
  • C. authentication.
  • D. data integrity.

Answer: A

Explanation:
Section: Protection of Information Assets
Explanation:
All of the above are features of a digital signature. Non repudiation ensures that the claimed sender cannot
later deny generating and sending the message. Data integrity refers to changes in the plaintext message
that would result in the recipient failing to compute the same message hash. Since only the claimed sender
has the key, authentication ensures that the message has been sent by the claimed sender. Replay
protection is a method that a recipient can use to check that the message was not intercepted and
replayed.

 

NEW QUESTION 104
An IS Auditor is performing a business continuity plan (BCP) audit and identifies that the plan has not been tested for five years, however, the plan was successfully activated during a recent extended power outage. Which of the following is the 15 auditor's BEST count of action?

  • A. Determine if the annual BCP training program is in need of review
  • B. Determine if lessons learned from the activation were incorporated into the plan
  • C. Determine if the business impact analysis (BIA) is still accurate.
  • D. Determine if a follow-up BCP audit is required to identify future gaps

Answer: B

 

NEW QUESTION 105
An organization has established three IS processing environments: development, test, and production. The MAJOR reason for separating the development and test environments is

  • A. perform testing in a stable environment
  • B. obtain segregation of duties between IS staff and end users.
  • C. protect the programs under development from unauthorized testing
  • D. limit the users access rights to the test environment

Answer: D

 

NEW QUESTION 106
When designing metrics for information security, the MOST important consideration is that the metrics:

  • A. are easy to understand.
  • B. apply to all business units.
  • C. provide actionable data.
  • D. track trends over time.

Answer: C

 

NEW QUESTION 107
An organization plans to deploy Wi-Fi location analytics to count the number of shoppers per day across its various retail outlets. What should the IS auditor recommend as the FIRST course of action by IT management?

  • A. Conduct a privacy impact assessment
  • B. Mask media access control (MAC) addresses
  • C. Survey shoppers for feedback
  • D. Develop a privacy notice to be displayed to shoppers

Answer: A

 

NEW QUESTION 108
Which of the following should be the GREATEST concern to an IS auditor evaluating an organization's policies?

  • A. Policies are nor formally acknowledged and signed by employees.
  • B. Policies do not provide adequate protection to the organization.
  • C. Policies are not reviewed and updated frequently.
  • D. Policies are not formally approved by the management.

Answer: B

Explanation:
Section: The process of Auditing Information System

 

NEW QUESTION 109
Which of the following is the most effective control for emergency changes to application programs?

  • A. Periodically checking the application program libraries to detect whether unauthorized changes have been made
  • B. Keeping a sealed envelope containing a passwords that operator can use to make emergency changes
  • C. Processing the change through change control with review of the change the following key
  • D. Preparing and approving program change forms before the changes are made

Answer: A

 

NEW QUESTION 110
Which of the following translates e-mail formats from one network to another so that the message can travel through all the networks?

  • A. Gateway
  • B. Front-end communication processor
  • C. Concentrator/multiplexor
  • D. Protocol converter

Answer: A

Explanation:
Section: Protection of Information Assets
Explanation:
A gateway performs the job of translating e-mail formats from one network to another so messages can make their way through all the networks.

 

NEW QUESTION 111
What would be an IS auditor's BEST recommendation upon finding that a third-party IT service provider hosts the organization's human resources (HR) system in a foreign country?

  • A. Review third-party audit reports.
  • B. Conduct a privacy impact analysis.
  • C. Implement change management review.
  • D. Perform background verification checks.

Answer: B

Explanation:
Section: Information System Acquisition, Development and Implementation

 

NEW QUESTION 112
Which of the following is by far the most common prevention system from a network security perspective?

  • A. IPS
  • B. Firewall
  • C. Hardened OS
  • D. IDS
  • E. Tripwire
  • F. None of the choices.

Answer: B

Explanation:
Section: Protection of Information Assets
Explanation:
User account access controls and cryptography can protect systems files and data, respectively. On the other hand, firewalls are by far the most common prevention systems from a network security perspective as they can shield access to internal network services, and block certain kinds of attacks through packet filtering.

 

NEW QUESTION 113
During an audit, an IS auditor notes that an organization's business continuity plan (BCP) does not
adequately address information confidentiality during a recovery process. The IS auditor should
recommend that the plan be modified to include:

  • A. information security roles and responsibilities in the crisis management structure.
  • B. change management procedures for information security that could affect business continuity
    arrangements.
  • C. information security resource requirements.
  • D. the level of information security required when business recovery procedures are invoked.

Answer: D

Explanation:
Section: Protection of Information Assets
Explanation:
Business should consider whether information security levels required during recovery should be the same,
lower or higher than when business is operating normally. In particular, any special rules for access to
confidential data during a crisis need to be identified. The other choices do not directly address the
information confidentiality issue.

 

NEW QUESTION 114
An IS auditor has imported data from the client's database. The next step-confirming whether the imported
data are complete-is performed by:

  • A. filtering data for different categories and matching them to the original data.
  • B. matching control totals of the imported data to control totals of the original data.
  • C. sorting the data to confirm whether the data are in the same order as the original data.
  • D. reviewing the printout of the first 100 records of original data with the first 100 records of imported data.

Answer: B

Explanation:
Section: Protection of Information Assets
Explanation:
Matching control totals of the imported data with control totals of the original data is the next logical step, as
this confirms the completeness of the imported datA. It is not possible to confirm completeness by sorting
the imported data, because the original data may not be in sorted order. Further, sorting does not provide
control totals for verifying completeness. Reviewing a printout of 100 records of original data with 100
records of imported data is a process of physical verification and confirms the accuracy of only these
records. Filtering data for different categories and matching them to original data would still require that
control totals be developed to confirm the completeness of the data.

 

NEW QUESTION 115
......

100% Passing Guarantee - Brilliant CISA Exam Questions PDF: https://www.actualcollection.com/CISA-exam-questions.html

Get New CISA Certification – Valid Exam Dumps Questions: https://drive.google.com/open?id=1NFfuqp6I_2wwU88CzxL7qqqi-IuAftvG

Related Articles

more
ISACA CISA Certification Practice Exam

Copyright © 2026 ActualCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy