Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
we provide Realistic Isaca CISA free practice exam which are the best for clearing CISA test, and to get certified by Isaca Isaca CISA. The CISA Questions & Answers covers all the knowledge points of the real CISA exam. Crack your Isaca CISA Exam with latest dumps, guaranteed!
Online CISA free questions and answers of New Version:
NEW QUESTION 1
What are used as the framework for developing logical access controls?
Answer: A
Explanation:
Information systems security policies are used as the framework for developing logical access controls.
NEW QUESTION 2
The use of digital signatures:
Answer: C
Explanation:
The use of a digital signature verifies the identity of the sender, but does not encrypt the whole message, and hence is not enough to ensure confidentiality. A one-time password generator is an option, but is not a requirement for using digital signatures.
NEW QUESTION 3
Off-site data storage should be kept synchronized when preparing for recovery of time-sensitive data such as that resulting from which of the following? Choose the BEST answer.
Answer: D
Explanation:
Off-site data storage should be kept synchronized when preparing for the recovery of timesensitive data such as that resulting from transaction processing.
NEW QUESTION 4
Which of the following is the MOST important function to be performed by IS management when a service has been outsourced?
Answer: D
Explanation:
In an outsourcing environment, the company is dependent on the performance of the service provider. Therefore, it is critical the outsourcing provider's performance be monitored to ensure that services are delivered to the company as required. Payment of invoices is a finance function, which would be completed per contractual requirements. Participating in systems design is a byproduct of monitoring the outsourcing provider's performance, while renegotiating fees is usually a one-time activity.
NEW QUESTION 5
Which of the following ensures confidentiality of information sent over the internet?
Answer: D
Explanation:
Confidentiality is assured by a private key cryptosystem. Digital signatures assure data integrity, authentication and nonrepudiation, but not confidentially. A digital certificate is a certificate that uses a digital signature to bind together a public key with an identity; therefore, it does not address confidentiality. Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the revocation status of a digital certificate.
NEW QUESTION 6
All Social Engineering techniques are based on flaws in:
Answer: A
Explanation:
Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer system access. All Social Engineering techniques are based on flaws in human logic known as cognitive biases. These bias flaws are used in various combinations to create attack techniques.
NEW QUESTION 7
The responsibility for authorizing access to application data should be with the:
Answer: C
Explanation:
Data owners should have the authority and responsibility for granting access to the data and applications for which they are responsible. Data custodians are responsible only for storing and safeguarding the datA. The database administrator (DBA) isresponsible for managing the database and the security administrator is responsible for implementing and maintaining IS security. The ultimate responsibility for data resides with the data owner.
NEW QUESTION 8
After identifying potential security vulnerabilities, what should be the IS auditor's next step?
Answer: C
Explanation:
After identifying potential security vulnerabilities, the IS auditor's next step is to perform a business impact analysis of the threats that would exploit the vulnerabilities.
NEW QUESTION 9
What is the most common reason for information systems to fail to meet the needs of users? Choose the BEST answer.
Answer: B
Explanation:
Inadequate user participation during system requirements definition is the most common reason for information systems to fail to meet the needs of users.
NEW QUESTION 10
An IS auditor has identified the lack of an authorization process for users of an application. The IS auditor's main concern should be that:
Answer: B
Explanation:
Without an appropriate authorization process, it will be impossible to establish functional limits and accountability. The risk that more than one individual can claim to be a specific user is associated with the authentication processes, rather thanwith authorization. The risk that user accounts can be shared is associated with identification processes, rather than with authorization. The need-to-know basis is the best approach to assigning privileges during the authorization process.
NEW QUESTION 11
To minimize costs and improve service levels an outsourcer should seek which of the following contract clauses?
Answer: B
Explanation:
Because the outsourcer will share a percentage of the achieved savings, gain-sharing performance bonuses provide a financial incentive to go above and beyond the stated terms of the contract and can lead to cost savings for the client. Refresh frequencies and penalties for noncompliance would only encourage the outsourcer to meet minimum requirements. Similarly, tying charges to variable cost metrics would not encourage the outsourcer to seek additional efficiencies that might benefit the client.
NEW QUESTION 12
An investment advisor e-mails periodic newsletters to clients and wants reasonable assurance that no one has modified the newsletter. This objective can be achieved by:
Answer: A
Explanation:
There is no attempt on the part of the investment advisor to prove their identity or to keep the newsletter confidential. The objective is to assure the receivers that it came to them without any modification, i.e., it has message integrity. Choice Ais correct because the hash is encrypted using the advisor's private key. The recipients can open the newsletter, recompute the hash and decrypt the received hash using the advisor's public key. If the two hashes are equal, the newsletter was not modified in transit. Choice B is not feasible, for no one other than the investment advisor can open it. Choice C addresses sender authentication but not message integrity. Choice D addresses confidentiality, but not message integrity, because anyone can obtain the investment advisor's public key, decrypt the newsletter, modify it and send it to others. The interceptor will not be able to use the advisor's private key, because they do not have it. Anything encrypted using the interceptor's privatekey can be decrypted by the receiver only by using their public key.
NEW QUESTION 13
Which of the following would be BEST prevented by a raised floor in the computer machine room?
Answer: A
Explanation:
The primary reason for having a raised floor is to enable power cables and data cables to be installed underneath the floor. This eliminates the safety and damage risks posed when cables are placed in a spaghetti-like fashion on an open floor. Staticelectricity should be avoided in the machine room; therefore, measures such as specially manufactured carpet or shoes would be more appropriate for static prevention than a raised floor. Raised floors do not address shocks from earthquakes. To address earthquakes, anti-seismic architecture would be required to establish a quake-resistant structural framework. Computer equipment needs to be protected against water. However, a raised floor would not prevent damage to the machines in the event of overhead water pipe leakage.
NEW QUESTION 14
Fourth-Generation Languages (4GLs) are most appropriate for designing the application's graphical user interface (GUI). They are inappropriate for designing any intensive data-calculation procedures. True or false?
Answer: A
Explanation:
Fourth-generation languages(4GLs) are most appropriate for designing the application's graphical user interface (GUI). They are inappropriate for designing any intensive data-calculation procedures.
NEW QUESTION 15
After completing the business impact analysis (BIA), what is the next step in the business continuity planning process?
Answer: C
Explanation:
The next phase in the continuity plan development is to identify the various recovery strategies and select the most appropriate strategy for recovering from a disaster. After
selecting a strategy, a specific plan can be developed, tested and implemented.
NEW QUESTION 16
Talking about biometric measurement, which of the following measures the percent of invalid users who are incorrectly accepted in?
Answer: B
Explanation:
Performance of a biometric measure is usually referred to in terms of the false accept rate (FAR), the false non match or reject rate (FRR), and the failure to enroll rate (FTE or FER). The FAR measures the percent of invalid users who are incorrectly accepted in, while the FRR measures the percent of valid users who are wrongly rejected.
NEW QUESTION 17
If a database is restored from information backed up before the last system image, which of the following is recommended?
Answer: B
Explanation:
If a database is restored from information backed up before the last system image, the system should be restarted before the last transaction because the final transaction must be reprocessed.
NEW QUESTION 18
After discovering a security vulnerability in a third-party application that interfaces with several external systems, a patch is applied to a significant number of modules. Which of the following tests should an IS auditor recommend?
Answer: D
Explanation:
Given the extensiveness of the patch and its interfaces to external systems, system testing is most appropriate. Interface testing is not enough, and stress or black box testing are inadequate in these circumstances.
NEW QUESTION 19
......
P.S. Easily pass CISA Exam with 980 Q&As Allfreedumps.com Dumps & pdf Version, Welcome to Download the Newest Allfreedumps.com CISA Dumps: https://www.allfreedumps.com/CISA-dumps.html (980 New Questions)