Realistic CISA Dumps Questions 2019

for Isaca certification, Real Success Guaranteed with Updated . 100% PASS CISA Isaca CISA exam Today!

Free CISA Demo Online For Microsoft Certifitcation:

NEW QUESTION 1
Talking about biometric authentication, physical characteristics typically include (choose all that apply):

  • A. fingerprints
  • B. eye retinas
  • C. irises
  • D. facial patterns
  • E. hand measurements
  • F. None of the choice

Answer: ABCDE

Explanation:
Biometric authentication refers to technologies that measure and analyze human physical and behavioral characteristics for authentication purposes. Physical characteristics include fingerprints, eye retinas and irises, facial patterns and hand measurements, while behavioral characteristics include signature, gait and typing patterns. Voice is often considered as a mix of both physical and behavioral characteristics.
 

NEW QUESTION 2
What is the lowest level of the IT governance maturity model where an IT balanced scorecard exists?

  • A. Repeatable but Intuitive
  • B. Defined
  • C. Managed and Measurable
  • D. Optimized

Answer: B

Explanation:
Defined (level 3) is the lowest level at which an IT balanced scorecard is defined.
 

NEW QUESTION 3
An IS auditor is told by IS management that the organization has recently reached the highest level of the software capability maturity model (CMM). The software quality process MOST recently added by the organization is:

  • A. continuous improvemen
  • B. quantitative quality goal
  • C. a documented proces
  • D. a process tailored to specific project

Answer: A

Explanation:
An organization would have reached the highest level of the software CMM at level 5, optimizing. Quantitative quality goals can be reached at level 4 and below, a documented process is executed at level 3 and below, and a process tailored to specific projects can be achieved at level 3 or below.
 

NEW QUESTION 4
Which of the following is the initial step in creating a firewall policy?

  • A. A cost-benefit analysis of methods for securing the applications
  • B. Identification of network applications to be externally accessed
  • C. Identification of vulnerabilities associated with network applications to be externally accessed
  • D. Creation of an applications traffic matrix showing protection methods

Answer: B

Explanation:
Identification of the applications required across the network should be identified first. After identification, depending on the physical location of these applications in the network and the network model, the person in charge will be able to understand the need for, and possible methods of, controlling access to these applications. Identifying methods to protect against identified vulnerabilities and their comparative cost-benefit analysis is the third step. Having identified the applications, the next step is to identify vulnerabilities (weaknesses) associated with the network applications. The next step is to analyze the application traffic and create a matrix showing how each type of traffic will be protected.
 

NEW QUESTION 5
If an IS auditor observes that an IS department fails to use formal documented methodologies, policies, and standards, what should the auditor do? Choose the BEST answer.

  • A. Lack of IT documentation is not usually material to the controls tested in an IT audi
  • B. The auditor should at least document the informal standards and policie
  • C. Furthermore, the IS auditor should create formal documented policies to be implemente
  • D. The auditor should at least document the informal standards and policies, and test for complianc
  • E. Furthermore, the IS auditor should recommend to management that formal documented policies be developed and implemente
  • F. The auditor should at least document the informal standards and policies, and test for complianc
  • G. Furthermore, the IS auditor should create formal documented policies to be implemente

Answer: C

Explanation: If an IS auditor observes that an IS department fails to use formal documented methodologies, policies, and standards, the auditor should at least document the informal standards and policies, and test for compliance. Furthermore, the IS auditor should recommend to management that formal documented policies be developed and implemented.
 

NEW QUESTION 6
Who assumes ownership of a systems-development project and the resulting system?

  • A. User management
  • B. Project steering committee
  • C. IT management
  • D. Systems developers

Answer: A

Explanation: User management assumes ownership of a systems-development project and the resulting system.
 

NEW QUESTION 7
The reliability of an application system's audit trail may be questionable if:

  • A. user IDs are recorded in the audit trai
  • B. the security administrator has read-only rights to the audit fil
  • C. date and time stamps are recorded when an action occur
  • D. users can amend audit trail records when correcting system error

Answer: D

Explanation:
An audit trail is not effective if the details in it can be amended.
 

NEW QUESTION 8
As an outcome of information security governance, strategic alignment provides:

  • A. security requirements driven by enterprise requirement
  • B. baseline security following best practice
  • C. institutionalized and commoditized solution
  • D. an understanding of risk exposur

Answer: A

Explanation:
Information security governance, when properly implemented, should provide four basic outcomes: strategic alignment, value delivery, risk management and performance measurement. Strategic alignment provides input for security requirements driven by enterprise requirements. Value delivery provides a standard set of security practices, i.e., baseline security following best practices or institutionalized and commoditized solutions. Risk management provides an understanding of risk exposure.
 

NEW QUESTION 9
A long-term IS employee with a strong technical background and broad managerial experience has applied for a vacant position in the IS audit department. Determining whether to hire this individual for this position should be based on the individual'sexperience and:

  • A. length of service, since this will help ensure technical competenc
  • B. age, as training in audit techniques may be impractica
  • C. IS knowledge, since this will bring enhanced credibility to the audit functio
  • D. ability, as an IS auditor, to be independent of existing IS relationship

Answer: D

Explanation:
Independence should be continually assessed by the auditor and management. This assessment should consider such factors as changes in personal relationships, financial interests, and prior job assignments and responsibilities. The fact that the employee has worked in IS for many years may not in itself ensure credibility. The audit department's needs should be defined and any candidate should be evaluated against those requirements. The length of service will not ensure technical competency. Evaluating an individual's qualifications based on the age of the individual is not a good criterion and is illegal in many parts of the world.
 

NEW QUESTION 10
Which of the following is an appropriate test method to apply to a business continuity plan (BCP)?

  • A. Pilot
  • B. Paper
  • C. Unit
  • D. System

Answer: B

Explanation:
A paper test is appropriate for testing a BCP. it is a walkthrough of the entire plan, or part of the plan, involving major players in the plan's execution, who reason out what may happen in a particular disaster. Choices A, C and D are not appropriate for a BCP.
 

NEW QUESTION 11
Fourth-Generation Languages (4GLs) are most appropriate for designing the application's graphical user interface (GUI). They are inappropriate for designing any intensive data-calculation procedures. True or false?

  • A. True
  • B. False

Answer: A

Explanation: Fourth-generation languages(4GLs) are most appropriate for designing the application's graphical user interface (GUI). They are inappropriate for designing any intensive data-calculation procedures.
 

NEW QUESTION 12
Which of the following is the MOST secure and economical method for connecting a private network over the Internet in a small- to medium-sized organization?

  • A. Virtual private network
  • B. Dedicated line
  • C. Leased line
  • D. integrated services digital network

Answer: A

Explanation:
The most secure method is a virtual private network (VPN), using encryption, authentication and tunneling to allow data to travel securely from a private network to the internet. Choices B, C and D are network connectivity options that are normally too expensive to be practical for small- to medium-sized organizations.
 

NEW QUESTION 13
IT governance is PRIMARILY the responsibility of the:

  • A. chief executive office
  • B. board of director
  • C. IT steering committe
  • D. audit committe

Answer: B

Explanation:
IT governance is primarily the responsibility of the executives and shareholders {as represented by the board of directors). The chief executive officer is instrumental in implementing IT governance per the directions of the board of directors. The IT steering committee monitors and facilitates deployment of IT resources for specific projects in support of business plans. The audit committee reports to the board of directors and should monitor the implementation of audit recommendations.
 

NEW QUESTION 14
In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as:

  • A. wormnets
  • B. trojannets
  • C. spynets
  • D. botnets
  • E. rootnets
  • F. backdoor

Answer: D

Explanation:
In order to coordinate the activity of many infected computers, attackers ave used coordinating systems known as botnets. In a botnet, the malware or malbot logs in to an Internet Relay Chat channel or other chat system. The attacker can then give instructions to all the infected systems simultaneously.
 

NEW QUESTION 15
Which of the following exposures associated with the spooling of sensitive reports for offline printing should an IS auditor consider to be the MOST serious?

  • A. Sensitive data can be read by operator
  • B. Data can be amended without authorizatio
  • C. Unauthorized report copies can be printe
  • D. Output can be lost in the event of system failur

Answer: C

Explanation:
Unless controlled, spooling for offline printing may enable additional copies to be printed. Print files are unlikely to be available for online reading by operators. Data on spool files are no easier to amend without authority than any other file. There is usually a lesser threat of unauthorized access to sensitive reports in the event of a system failure.
 

NEW QUESTION 16
When reviewing an organization's approved software product list, which of the following is the MOST important thing to verify?

  • A. The risks associated with the use of the products are periodically assessed
  • B. The latest version of software is listed for each product
  • C. Due to licensing issues the list does not contain open source software
  • D. After hours support is offered

Answer: A

Explanation:
Since the business conditions surrounding vendors may change, it is important for an organization to conduct periodic risk assessments of the vendor software list. This might be best incorporated into the IT risk management process. Choices B, C andD are possible considerations but would not be the most important.
 

NEW QUESTION 17
What is the MOST prevalent security risk when an organization implements remote virtual private network (VPN) access to its network?

  • A. Malicious code could be spread across the network
  • B. VPN logon could be spoofed
  • C. Traffic could be sniffed and decrypted
  • D. VPN gateway could be compromised

Answer: A

Explanation:
VPN is a mature technology; VPN devices are hard to break. However, when remote access is enabled, malicious code in a remote client could spread to the organization's network. Though choices B, C and D are security risks, VPN technology largely mitigates these risks.
 

NEW QUESTION 18
Which of the following is an oft-cited cause of vulnerability of networks?

  • A. software monoculture
  • B. software diversification
  • C. single line of defense
  • D. multiple DMZ
  • E. None of the choice

Answer: A

Explanation:
An oft-cited cause of vulnerability of networks is homogeneity or software monoculture. In particular, Microsoft Windows has such a large share of the market that concentrating on it will enable a cracker to subvert a large number of systems. Introducing inhomogeneity purely for the sake of robustness would however bring high costs in terms of training and maintenance.
 

100% Valid and Newest Version CISA Questions & Answers shared by Certshared, Get Full Dumps HERE: https://www.certshared.com/exam/CISA/ (New 1177 Q&As)