Real CISA Exam Questions 2019

Cause all that matters here is passing exam with . Cause all that you need is a high score of . The only one thing you need to do is downloading free now. We will not let you down with our money-back guarantee.

Free demo questions for Isaca CISA Exam Dumps Below:

Test and development environments should be separated. True or false?

  • A. True
  • B. False

Answer: A

Explanation: Test and development environments should be separated, to control the stability of the test environment.

Which of the following is a risk of cross-training?

  • A. Increases the dependence on one employee
  • B. Does not assist in succession planning
  • C. One employee may know all parts of a system
  • D. Does not help in achieving a continuity of operations

Answer: C

When cross-training, it would be prudent to first assess the risk of any person knowing all parts of a system and what exposures this may cause. Cross-training has the advantage of decreasing dependence on one employee and, hence, can be part of succession planning. It also provides backup for personnel in the event of absence for any reason and thereby facilitates the continuity of operations.

Which of the following is a distinctive feature of the Secure Electronic Transactions (SET) protocol when used for electronic credit card payments?

  • A. The buyer is assured that neither the merchant nor any other party can misuse their credit card dat
  • B. All personal SET certificates are stored securely in the buyer's compute
  • C. The buyer is liable for any transaction involving his/her personal SET certificate
  • D. The payment process is simplified, as the buyer is not required to enter a credit card number and an expiration dat

Answer: C

The usual agreement between the credit card issuer and the cardholder stipulates that the cardholder assumes responsibility for any use of their personal SET certificates for e-commerce transactions. Depending upon the agreement between the merchant and the buyer's credit card issuer, the merchant will have access to the credit card number and expiration date. Secure data storage in the buyer's computer (local computer security) is not part of the SET standard. Although the buyer is not required to enter their credit card data, they will have to handle the wallet software.

Which of the following would BEST ensure continuity of a wide area network (WAN) across the organization?

  • A. Built-in alternative routing
  • B. Completing full system backup daily
  • C. A repair contract with a service provider
  • D. A duplicate machine alongside each server

Answer: A

Alternative routing would ensure the network would continue if a server is lost or if a link is severed as message rerouting could be automatic. System backup will not afford immediate protection. The repair contract is not as effective as perm a nentalte (native routing. Standby servers will not provide continuity if a link is severed.

Which of the following is BEST characterized by unauthorized modification of data before or during systems data entry?

  • A. Data diddling
  • B. Skimming
  • C. Data corruption
  • D. Salami attack

Answer: A

Explanation: Data diddling involves modifying data before or during systems data entry.

Which of the following would impair the independence of a quality assurance team?

  • A. Ensuring compliance with development methods
  • B. Checking the testing assumptions
  • C. Correcting coding errors during the testing process
  • D. Checking the code to ensure proper documentation

Answer: C

Correction of code should not be a responsibility of the quality assurance team as it would not ensure segregation of duties and would impair the team's independence. The other choices are valid quality assurance functions.

Back Orifice is an example of:

  • A. a viru
  • B. a legitimate remote control softwar
  • C. a backdoor that takes the form of an installed progra
  • D. an eavedroppe
  • E. None of the choice

Answer: C

"A backdoor may take the form of an installed program (e.g., Back Orifice) or could be in the form of an existing ""legitimate"" program, or executable file. A specific form of backdoors are rootkits, which replaces system binaries and/or hooks into the function calls of the operating system to hide the presence of other programs, users, services and open ports."

An IS auditor evaluating the resilience of a high-availability network should be MOST concerned if:

  • A. the setup is geographically disperse
  • B. the network servers are clustered in a sit
  • C. a hot site is ready for activatio
  • D. diverse routing is implemented for the networ

Answer: B

A clustered setup in one location makes the entire network vulnerable to natural disasters or other disruptive events. Dispersed geographical locations and diverse routing provide backup if a site has been destroyed. A hot site would also be a good alternative for a single point-of-failure site.

Which of the following would provide the highest degree of server access control?

  • A. A mantrap-monitored entryway to the server room
  • B. Host-based intrusion detection combined with CCTV
  • C. Network-based intrusion detection
  • D. A fingerprint scanner facilitating biometric access control

Answer: D

Explanation: A fingerprint scanner facilitating biometric access control can provide a very high degree of server access control.

Who is ultimately responsible and accountable for reviewing user access to systems?

  • A. Systems security administrators
  • B. Data custodians
  • C. Data owners
  • D. Information systems auditors

Answer: C

Explanation: Data owners are ultimately responsible and accountable for reviewing user
access to systems.

Which of the following refers to an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer?

  • A. buffer overflow
  • B. format string vulnerabilities
  • C. integer misappropriation
  • D. code injection
  • E. None of the choice

Answer: A

A buffer overflow is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer. The result is that the extra data overwrites adjacent memory locations. The overwritten data may include other buffers, variables and program flow data.

The PRIMARY objective of Secure Sockets Layer (SSL) is to ensure:

  • A. only the sender and receiver are able to encrypt/decrypt the dat
  • B. the sender and receiver can authenticate their respective identitie
  • C. the alteration of transmitted data can be detecte
  • D. the ability to identify the sender by generating a one-time session ke

Answer: A

SSL generates a session key used to encrypt/decrypt the transmitted data, thus ensuring its confidentiality. Although SSL allows the exchange of X509 certificates to provide for identification and authentication, this feature along with choices C and D are not the primary objectives.

The output of the risk management process is an input for making:

  • A. business plan
  • B. audit charter
  • C. security policy decision
  • D. software design decision

Answer: C

The risk management process is about making specific, security-related decisions, such as the level of acceptable risk. Choices A, B and D are not ultimate goals of the risk
management process.

You should keep all computer rooms at reasonable temperatures, which is in between (choose all that apply):

  • A. 60 - 75 degrees Fahrenheit
  • B. 10 - 25 degrees Celsius
  • C. 30 - 45 degrees Fahrenheit
  • D. 1 - 15 degrees Celsius
  • E. 20 - 35 degrees Fahrenheit
  • F. 0 - 5 degrees Celsius

Answer: AB

You should keep all computer rooms at reasonable temperatures, which is in between 60 -75 degrees Fahrenheit or 10 - 25 degrees Celsius. You should also keep humidity levels at 20 - 70 percent.

An IS auditor inspected a windowless room containing phone switching and networking equipment and documentation binders. The room was equipped with two handheld fire extinguishers-one filled with CO2, the other filled with halon. Which ofthe following should be given the HIGHEST priority in the auditor's report?

  • A. The halon extinguisher should be removed because halon has a negative impact on the atmospheric ozone laye
  • B. Both fire suppression systems present a risk of suffocation when used in a closed roo
  • C. The CO2 extinguisher should be removed, because CO2 is ineffective for suppressing fires involving solid combustibles (paper).
  • D. The documentation binders should be removed from the equipment room to reduce potential risk

Answer: B

Protecting people's lives should always be of highest priority in fire suppression activities. COz and halon both reduce the oxygen ratio in the atmosphere, which can induce serious personal hazards, in many countries installing or refilling halon fire suppression systems is not allowed. Although COz and halon are effective and appropriate for fires involving synthetic combustibles and electrical equipment, they are nearly totally ineffective on solid combustibles (wood andpaper). Although not of highest priority, removal of the
documentation would probably reduce some of the risks.

The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program?

  • A. Utilization of an intrusion detection system to report incidents
  • B. Mandating the use of passwords to access all software
  • C. Installing an efficient user log system to track the actions of each user
  • D. Training provided on a regular basis to all current and new employees

Answer: D

Utilizing an intrusion detection system to report on incidents that occur is an implementation of a security program and is not effective in establishing a security awareness program. Choices B and C do not address awareness. Training is the only choice that is directed at security awareness.

Network ILD&P are typically installed:

  • A. on the organization's internal network connectio
  • B. on the organization's internet network connectio
  • C. on each end user station
  • D. on the firewal
  • E. None of the choice

Answer: B

Information Leakage Detection and Prevention (ILD&P) is a computer security term referring to systems designed to detect and prevent the unauthorized transmission of information from the computer systems of an organization to outsiders. Network ILD&P are gateway-based systems installed on the organization's internet network connection and analyze network traffic to search for unauthorized information transmissions. Host Based ILD&P systems run on end-user workstations to monitor and control access to physical devices and access information before it has been encrypted.

An IS auditor reviewing an organization's IT strategic plan should FIRST review:

  • A. the existing IT environmen
  • B. the business pla
  • C. the present IT budge
  • D. current technology trend

Answer: B

The IT strategic plan exists to support the organization's business plan. To evaluate the IT strategic plan, an IS auditor would first need to familiarize themselves with the business plan.

100% Valid and Newest Version CISA Questions & Answers shared by, Get Full Dumps HERE: (New 1177 Q&As)