Share Isaca CISA exam practice questions and answers from Lead4Pass latest updated CISA dumps free of charge.
Get the latest uploaded CISA dumps pdf from google driver online. To get the full Isaca CISA dumps PDF or dumps
VCE visit: https://www.leads4pass.com/cisa.html (Q&As: 3107). all Isaca CISA exam questions have been updated, the answer has been corrected! Make sure your exam questions are real and effective to help you pass your first exam!
[Isaca CISA Dumps pdf] Latest Isaca CISA Dumps PDF collected by Lead4pass Google Drive:
https://drive.google.com/file/d/1K1Uba7ruX_aMq4GSe9A0P7VqV3hmzvwo/
Latest Update Isaca CISA Exam Practice Questions and Answers Online Test
QUESTION 1
Which of the following is the MOST important difference between end-user computing (EUC) applications and traditional
applications?
A. Traditional application documentation is typically less comprehensive than EUC application documentation.
B. Traditional applications require roll-back procedures whereas EUC applications do not.
C. Traditional applications require periodic patching whereas EUC applications do not.
D. Traditional application input controls are typically more robust than EUC application input controls.
Correct Answer: C
QUESTION 2
Which of the following should be the MOST important consideration when establishing data classification standards?
A. An education campaign is established upon rollout.
B. Reporting metrics are established.
C. Management supports the newly developed standards.
D. The standards comply with relevant regulations.
Correct Answer: C
QUESTION 3
Which of the following findings should be an IS auditor\\’s GREATEST concern when reviewing an organization\\’s
purchase of new IT infrastructure hardware?
A. The new infrastructure arrived with default system settings.
B. The new infrastructure has residual risk within the organization\\’s risk tolerance.
C. The new infrastructure\\’s hardening requirements are stronger than required by policy.
D. The new infrastructure has compatibility issues with existing systems.
Correct Answer: D
QUESTION 4
An IS auditor is assigned to perform a post implementation review of an application system. Which pf the following
situations may have impaired the independence of the IS auditor? The IS auditor:
A. implemented a specific control during the development of the application system.
B. designed an embedded audit module exclusively for auditing the application system.
C. participated as a member of the application system project team, but did not have operational responsibilities.
D. provided consulting advice concerning application system best practices.
Correct Answer: A
Independence may be impaired if an IS auditor is, or has been, actively involved in the development,
acquisition and implementation of the application system. Choices B and C are situations that do not impair
an IS auditor\\’s independence.
Choice D is incorrect because an IS auditor\\’s independence is not impaired by providing advice on known
best practices.
QUESTION 5
Confidentiality of the data transmitted in a wireless LAN is BEST protected if the session is:
A. restricted to predefined MAC addresses.
B. encrypted using static keys.
C. encrypted using dynamic keys.
D. initiated from devices that have encrypted storage.
Correct Answer: C
When using dynamic keys, the encryption key is changed frequently, thus reducing the risk of the key being
compromised and the message being decrypted. Limiting the number of devices that can access the network does not
address the issue of encrypting the session. Encryption with static keys-using the same key for a long period of timerisks that the key would be compromised. Encryption of the data on the connected device (laptop, PDA, etc.) addresses
the confidentiality of the data on the device, not the wireless session.
QUESTION 6
Which of the following terms generally refers to small programs designed to take advantage of a software flaw that has
been discovered?
A. exploit
B. patch
C. quick fix
D. service pack
E. malware
F. None of the choices.
Correct Answer: A
“The term “”exploit”” generally refers to small programs designed to take advantage of a software flaw that has been
discovered, either remote or local. The code from the exploit program is frequently reused in trojan horses and computer
viruses. In some cases, a vulnerability can lie in a certain programs processing of a specific file type, such as a nonexecutable media file.”
QUESTION 7
Parity bits are a control used to validate:
A. Data authentication
B. Data completeness
C. Data source
D. Data accuracy
Correct Answer: B
Parity bits are a control used to validate data completeness.
QUESTION 8
During a software acquisition review, an IS auditor should recommend that there be a software escrow agreement
when:
A. the estimated life for the product is less than 3 years.
B. the deliverables do not include the source code.
C. the product is new in the market.
D. there is no service level agreement (SLA).
Correct Answer: B
QUESTION 9
An organization plans to implement a virtualization strategy enabling multiple operating systems on a single host. Which
of the following should be the GREATEST concern with this strategy?
A. Adequate storage space
B. Complexity of administration
C. Network bandwidth
D. Application performance
Correct Answer: D
QUESTION 10
Which of the following is the MOST effective way for an organization to ensure its third-party service providers are
aware of information security requirements and expectations?
A. Providing information security training to third-party personnel
B. Auditing the service delivery of third-party providers
C. Inducting information security clauses within contracts
D. Requiring third parties to sign confidentiality agreements
Correct Answer: C
QUESTION 11
Upon receipt of the initial signed digital certificate the user will decrypt the certificate with the public key of the:
A. registration authority (RA).
B. certificate authority (CA).
C. certificate repository.
D. receiver.
Correct Answer: B
A certificate authority (CA) is a network authority that issues and manages security credentials and public keys for
message encryption. As a part of the public key infrastructure, a CA checks with a registration authority (RA) to verify
information provided by the requestor of a digital certificate. If the RA verifies the requestor\\’s information, the CA can
issue a certificate. The CA signs the certificate with its private key for distribution to the user. Upon receipt, the user will
decrypt the certificate with the CA\\’s public key.
QUESTION 12
To mitigate the risk of exposing data through application programming interface (API) queries, which of the following
design considerations is MOST important?
A. Data minimalization
B. Data quality
C. Data retention
D. Data integrity
Correct Answer: A
QUESTION 13
An internet-based attack using password sniffing can:
A. enable one party to act as if they are another party.
B. cause modification to the contents of certain transactions.
C. be used to gain access to systems containing proprietary information.
D. result in major problems with billing systems and transaction processing agreements.
Correct Answer: C
Password sniffing attacks can be used to gain access to systems on which proprietary information is stored. Spoofing
attacks can be used to enable one party to act as if they are another party. Data modification attacks can be used to
modify the contents of certain transactions. Repudiation of transactions can cause major problems with billing systems
and transaction processing agreements.
For the full Isaca CISA exam dumps from Lead4pass CISA Dumps pdf or Dumps VCE visit: https://www.leads4pass.com/cisa.html (Q&As: 3107 dumps)
ps.
Get free Isaca CISA dumps PDF online: https://drive.google.com/file/d/1K1Uba7ruX_aMq4GSe9A0P7VqV3hmzvwo/