Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.

ISACA CISA Test Engine Dumps Training With 973 Questions [Q16-Q31]

Share

ISACA CISA Test Engine Dumps Training With 973 Questions

CISA Questions Pass on Your First Attempt Dumps for Isaca Certification Certified


Further Certification Path after Passing CISA Exam

Once IT specialists manage to get the passing score in the CISA certification exam they can move forward to leverage their skills with more advanced ISACA certificates. Therefore, they can take the CRISC certification exam that helps them become certified professionals in Risk and Information Systems Control. Another certification that successful ISACA CISA certified specialists can take is the CISM or Certified Information Security Manager.

 

NEW QUESTION 16
An organization's software developers need access to personally identifiable information (Pll) stored in a particular data format. Which of the following is the BEST way to protect this sensitive information while allowing the developers to use it in development and test environments?

  • A. Data tokenization
  • B. Data encryption
  • C. Data masking
  • D. Data abstraction

Answer: C

 

NEW QUESTION 17
The responsibility for authorizing access to a business application system belongs to the:

  • A. requestor's immediate supervisor.
  • B. data owner.
  • C. security administrator.
  • D. IT security manager.

Answer: B

Explanation:
Section: Protection of Information Assets
Explanation:
When a business application is developed, the best practice is to assign an information or data owner to
the application. The Information owner should be responsible for authorizing access to the application itself
or to back-end databases for queries. Choices B and C are not correct because the security administrator
and manager normally do not have responsibility for authorizing access to business applications. The
requestor's immediate supervisor may share the responsibility for approving user access to a business
application system; however, the final responsibility should go to the information owner.

 

NEW QUESTION 18
Since data storage of a critical business application is on a redundant array of inexpensive disks (RAID), backups are not considered essential. The IS auditor should recommend proper backups because RAID:

  • A. cannot recover from a natural disaster.
  • B. disks cannot be hot-swapped for quick recovery.
  • C. relies on proper maintenance.
  • D. cannot offer protection against disk corruption.

Answer: A

Explanation:
Section: Information System Operations, Maintenance and Support

 

NEW QUESTION 19
An IS auditor is planning on utilizing attribute sampling to determine the error rate for health care claims processed. Which of the following factors will cause the sample size to decrease?

  • A. Population size increase
  • B. Expected error rate increase
  • C. Acceptable risk level decrease
  • D. Tolerable error rate increase

Answer: B

 

NEW QUESTION 20
Identify the INCORRECT statement from below mentioned testing types

  • A. Volume testing - Studying the impact on the application by testing with an incremental volume of
    records to determine the maximum volume of records that application can process
  • B. Load Testing - Testing an application with large quantities of data to evaluate its performance during
    peak hour
  • C. Recovery Testing - Making sure the modified/new system includes provisions for appropriate access
    control and does not introduce any security holes that might compromise other systems
  • D. Stress Testing - Studying the impact on the application by testing with an incremental umber of
    concurrent users/services on the application to determine maximum number of concurrent user/service
    the application can process

Answer: C

Explanation:
Section: Information System Acquisition, Development and Implementation
Explanation
Explanation/Reference:
The word INCORRECT is the keyword used in this question. You need to find out the incorrect option
specified above. The term recovery testing is incorrectly defined in the above options. The correct
description of recovery testing is: Recovery Testing - Checking the system's ability to recover after a
software or hardware failure
For CISA exam you should know below types of testing:
Unit Testing - The testing of an individual program or module. Unit testing uses set of test cases that focus
on control structure of procedural design. These tests ensure internal operation of the programs according
to the specification.
Interface or integration testing - A hardware or software test that evaluates the connection of two or more
components that pass information from one area to another. The objective it to take unit tested module and
build an integrated structure dictated by design. The term integration testing is also referred to tests that
verify and validate functioning of the application under test with other systems, where a set of data is
transferred from one system to another.
System Testing - A series of tests designed to ensure that modified programs, objects, database schema,
etc , which collectively constitute a new or modified system, function properly. These test procedures are
often performed in a non-production test/development environment by software developers designated as a
test team. The following specific analysis may be carried out during system testing.
Recovery Testing - Checking the system's ability to recover after a software or hardware failure.
Security Testing - Making sure the modified/new system includes provisions for appropriate access control
and does not introduce any security holes that might compromise other systems.
Load Testing - Testing an application with large quantities of data to evaluate its performance during peak
hour.
Volume testing - Studying the impact on the application by testing with an incremental volume of records to
determine the maximum volume of records that application can process.
Stress Testing - Studying the impact on the application by testing with an incremental umber of concurrent
users/services on the application to determine maximum number of concurrent user/service the application
can process.
Performance Testing - Comparing the system performance to other equivalent systems using well defined
benchmarks.
Final Acceptance Testing -It has two major parts: Quality Assurance Testing(QAT) focusing on the
technical aspect of the application and User acceptance testing focusing on functional aspect of the
application.
QAT focuses on documented specifications and the technology employed. It verifies that application works
as documented by testing the logical design and the technology itself. It also ensures that the application
meet the documented technical specifications and deliverables. QAT is performed primarily by IS
department. The participation of end user is minimal and on request. QAT does not focus on functionality
testing.
UAT supports the process of ensuring that the system is production ready and satisfies all documented
requirements. The methods include:
Definition of test strategies and procedure.
Design of test cases and scenarios
Execution of the tests.
Utilization of the result to verify system readiness.
Acceptance criteria are defined criteria that a deliverable must meet to satisfy the predefined needs of the
user. A UAT plan must be documented for the final test of the completed system. The tests are written from
a user's perspective and should test the system in a manner as close to production possible.
The following were incorrect answers:
The other options presented contains valid definitions.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 166

 

NEW QUESTION 21
An IS auditor reviewing digital rights management (DRM) applications should expect to find an extensive use for which of the following technologies?

  • A. Parsing
  • B. Steganography
  • C. Hashing
  • D. Digitalized signatures

Answer: B

Explanation:
Explanation/Reference:
Explanation:
Steganography is a technique for concealing the existence of messages or information. An increasingly important steganographical technique is digital watermarking, which hides data within data, e.g., by encoding rights information in a picture or music file without altering the picture or music's perceivable aesthetic qualities. Digitalized signatures are not related to digital rights management. Hashing creates a message hash or digest, which is used to ensure the integrity of the message; it is usually considered a part of cryptography. Parsing is the process of splitting up a continuous stream of characters for analytical purposes, and is widely applied in the design of programming languages or in data entry editing.

 

NEW QUESTION 22
The PRIMARY objective of testing a business continuity plan is to:

  • A. familiarize employees with the business continuity plan.
  • B. identify limitations of the business continuity plan.
  • C. ensure that all residual risks are addressed.
  • D. exercise all possible disaster scenarios.

Answer: B

Explanation:
Section: Protection of Information Assets
Explanation:
Testing the business continuity plan provides the best evidence of any limitations that may exist.
Familiarizing employees with the business continuity plan is a secondary benefit of a test. It is not cost
effective to address residual risks in a business continuity plan, and it is not practical to test all possible
disaster scenarios.

 

NEW QUESTION 23
Which of the following should MOST concern an IS auditor reviewing an intrusion detection system (IDS)?

  • A. Reliability of IDS logs
  • B. Number of false negatives
  • C. Number of false positives
  • D. Legitimate traffic blocked by the system

Answer: B

Explanation:
Section: The process of Auditing Information System

 

NEW QUESTION 24
Disaster recovery planning (DRP) addresses the:

  • A. technological aspect of business continuity planning.
  • B. operational piece of business continuity planning.
  • C. functional aspect of business continuity planning.
  • D. overall coordination of business continuity planning.

Answer: A

Explanation:
Section: Protection of Information Assets
Explanation:
Disaster recovery planning (DRP) is the technological aspect of business continuity planning. Business
resumption planning addresses the operational part of business continuity planning.

 

NEW QUESTION 25
Which of the following should be an IS auditor's GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?

  • A. IT budgeting constraints
  • B. Availability of responsible IT personnel
  • C. Business interruption due to remediation
  • D. Risk rating of original findings

Answer: D

 

NEW QUESTION 26
Which of the following is the BEST approach to identify whether a vulnerability is actively being exploited?

  • A. Review service desk reports.
  • B. Implement key performance indicators (KPIs).
  • C. Conduct a penetration test.
  • D. Perform log analysis.

Answer: D

Explanation:
Section: Protection of Information Assets

 

NEW QUESTION 27
After threats to a data center are identified, an IS auditor would expect management to FIRST:

  • A. implement procedures to address all identified threats.
  • B. establish and quantify the potential effects if each threat occurs.
  • C. discuss risk management practices with neighboring firms.
  • D. recommend required actions to executive management.

Answer: A

Explanation:
Section: Protection of Information Assets

 

NEW QUESTION 28
Which of the following statement correctly describes difference between SSL and S/HTTP?

  • A. S/HTTP works at transport layer where as SSL works at the application layer of OSI model
  • B. Both works at transport layer
  • C. Both works at application layer of OSI model
  • D. SSL works at transport layer where as S/HTTP works at application layer of OSI model

Answer: D

Explanation:
Explanation/Reference:
For your exam you should know below information about S/HTTP and SSL protocol:
Secure Hypertext Transfer Protocol (S/HTTP) -As an application layer protocol, S/HTTP transmits individual messages or pages securely between a web client and server by establishing SSL-type connection. Using the https:// designation in the URL, instead of the standard http://, directs the message to a secure port number rather than the default web port address. This protocol utilizes SSL secure features but does so as a message rather than the session-oriented protocol.
Secure Socket Layer (SSL) and Transport Layer Security (TLS) - These are cryptographic protocols which provide secure communication on Internet. There are only slight difference between SSL 3.0 and TLS 1.0.
For general concept both are called SSL.
SSL is session-connection layer protocol widely used on Internet for communication between browser and web servers, where any amount of data is securely transmitted while a session is established. SSL provides end point authentication and communication privacy over the Internet using cryptography. In typical use, only the server is authenticated while client remains unauthenticated. Mutual authentication requires PKI development to clients. The protocol allows application to communicate in a way designed to prevent eavesdropping, tampering and message forging.
SSL involves a number of basic phases
Peer negotiation for algorithm support
Public-key, encryption based key exchange and certificate based authentication Symmetric cipher based traffic encryption.
SSL runs on a layer beneath application protocol such as HTTP, SMTP and Network News Transport Protocol (NNTP) and above the TCP transport protocol, which forms part of TCP/IP suite.
SSL uses a hybrid hashed, private and public key cryptographic processes to secure transmission over the INTERNET through a PKI.
The SSL handshake protocol is based on the application layer but provides for the security of the communication session too. It negotiates the security parameter for each communication section. Multiple session can belong to one SSL session and the participating in one session can take part in multiple simultaneous sessions.
The following were incorrect answers:
The other choices presented in the options are not valid asSSL works at transport layer where as S/HTTP works at application layer of OSI model.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 352

 

NEW QUESTION 29
You may reduce a cracker's chances of success by:
(Choose all that apply.)

  • A. keeping your systems up to date using a security scanner.
  • B. using multiple firewalls and IDS.
  • C. using multiple firewalls.
  • D. hiring competent people responsible for security to scan and update your systems.
  • E. None of the choices.

Answer: A,D

Explanation:
Section: Protection of Information Assets
Explanation:
Only a small fraction of computer program code is mathematically proven, or even goes through comprehensive information technology audits or inexpensive but extremely valuable computer security audits, so it is quite possible for a determined cracker to read, copy, alter or destroy data in well secured computers, albeit at the cost of great time and resources. You may reduce a cracker's chances by keeping your systems up to date, using a security scanner or/and hiring competent people responsible for security.

 

NEW QUESTION 30
What type of cryptosystem is characterized by data being encrypted by the sender using the recipient's
public key, and the data then being decrypted using the recipient's private key?

  • A. With shared-key encryption, or symmetric encryption
  • B. With public-key encryption, or symmetric encryption
  • C. With shared-key encryption, or asymmetric encryption
  • D. With public-key encryption, or asymmetric encryption

Answer: D

Explanation:
Section: Protection of Information Assets
Explanation:
With public key encryption or asymmetric encryption, data is encrypted by the sender using the recipient's
public key; the data is then decrypted using the recipient's private key.

 

NEW QUESTION 31
......

CISA Practice Test Pdf Exam Material: https://www.actual4test.com/CISA_examcollection.html

CISA Answers CISA Free Demo Are Based On The Real Exam: https://drive.google.com/open?id=1OcE14rzUVHuCWeJhH951GDkIYcd7J_t9