Real ISACA CISA Exam Dumps with Correct 724 Questions and Answers [Q114-Q132]

Real ISACA CISA Exam Dumps with Correct 724 Questions and Answers

Valid CISA Test Answers & ISACA CISA Exam PDF

NEW QUESTION 114
When an organization is outsourcing their information security function, which of the following should be kept in the organization?

 Accountability for the corporate security policy

 Defining the corporate security policy

 Implementing the corporate security policy

 Defining security procedures and guidelines

Accountability cannot be transferred to external parties. Choices B, C and D can be performed by outside entities as long as accountability remains within the organization.

NEW QUESTION 115
Which of the following is found in an audit charter?

 Audit objectives and scope

 The process of developing the annual audit plan

 The authority given to the audit function

 training for audit staff

NEW QUESTION 116
In a RACI model, which at the following roles must be assigned lo only one individual?.

 accountable

 Responsible

 Consumed

 Informed

NEW QUESTION 117
Which of the following is the GREATEST risk associated with vulnerability scanning tools used to identify security weaknesses?

 False positives

 Outdated signatures for detection

 Use of open source tools

 False negatives

NEW QUESTION 118
In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as:

 wormnets

 trojannets

 spynets

 botnets

 rootnets

 backdoor

Explanation/Reference:
Explanation:
In order to coordinate the activity of many infected computers, attackers ave used coordinating systems known as botnets. In a botnet, the malware or malbot logs in to an Internet Relay Chat channel or other chat system. The attacker can then give instructions to all the infected systems simultaneously.

NEW QUESTION 119
Which of the following can help ensure that IT deliverables are linked to business goals and that appropriate performance criteria are in place?

 Business process reengineering (BPR)

 Service level management

 Quality assurance (QA) practices

 Benchmarking

NEW QUESTION 120
When conducting a requirements analysis for a project the BEST approach would be to

 consult key stakeholders

 prototype the requirements

 test operational deliverables

 conduct a control self-assessment (CSA)

NEW QUESTION 121
Which of the following would be the MOST effective audit technique for identifying segregation of duties violations in a new enterprise resource planning (ERP) implementation?

 Reviewing a report of security rights in the system

 Reviewing the complexities of authorization objects

 Building a program to identify conflicts in authorization

 Examining recent access rights violation cases

Since the objective is to identify violations in segregation of duties, it is necessary to define the logic that will identify conflicts in authorization. A program could be developed to identify these conflicts. A report of security rights in the enterprise resource planning (ERP) system would be voluminous and time consuming to review; therefore, this technique is not as effective as building a program. As complexities increase, it becomes more difficult to verify the effectiveness of the systems and complexity is not, in itself, a link to segregation of duties. It is good practice to review recent access rights violation cases; however, it may require a significant amount of time to truly identify which violations actually resulted froman inappropriate segregation of duties.

NEW QUESTION 122
An IS audit had identified that default passwords for a newly implemented application were not changed.
During the follow-up audit, which of the following would provide the BEST evidence that the finding was effectively addressed?

 Written confirmation from management that the passwords were changed

 Screenshots of system parameters requiring password changes on next login

 Application log files that record the password changes

 System-generated emails requiring application users to change passwords

Section: Information System Acquisition, Development and Implementation

NEW QUESTION 123
Which of the following comparisons are used for identification and authentication in a biometric system?

 One-to-many for identification and authentication

 One-to-one for identification and authentication

 One-to-many for identification and one-to-one for authentication

 One-to-one for identification and one-to-many for authentication

Section: Protection of Information Assets
Explanation:
In identification mode the system performs a one-to-many comparison against a biometric database in attempt to establish the identity of an unknown individual. The system will succeed in identifying the individual if the comparison of the biometric sample to a template in the database falls within a previously set threshold. Identification mode can be used either for ‘positive recognition’ (so that the user does not have to provide any information about the template to be used) or for ‘negative recognition’ of the person
“where the system establishes whether the person is who she (implicitly or explicitly) denies to be” In verification (or authentication) mode the system performs a one-to-one comparison of a captured biometric with a specific template stored in a biometric database in order to verify the individual is the person they claim to be.
Management of Biometrics
Management of biometrics should address effective security for the collection, distribution and processing of biometrics data encompassing:
Data integrity, authenticity and non-repudiation
Management of biometric data across its life cycle – compromised of the enrollment, transmission and storage, verification, identification, and termination process Usage of biometric technology, including one-to-one and one-to-many matching, for identification and authentication Application of biometric technology for internal and external, as well as logical and physical access control Encapsulation of biometric data Security of the physical hardware used throughout the biometric data life cycle Techniques for integrity and privacy protection of biometric data.
The following were incorrect answers:
All other choices presented were incorrectly describing identification and authentication mapping.
Reference:
CISA review manual 2014 Page number 331
http://en.wikipedia.org/wiki/Biometrics

NEW QUESTION 124
Which of the following hardware devices relieves the central computer from performing network control, format conversion and message handling tasks?

 Spool

 Cluster controller

 Protocol converter

 Front end processor

A front-end processor is a hardware device that connects all communication lines to a central computer to relieve the central computer.

NEW QUESTION 125
Since data storage of a critical business application is on a redundant array of inexpensive disks (RAID). Backup are not considered essential. The IS auditor should recommend proper backup because RAID:

 Relies on proper maintenance

 Disks cannot be hot-swapped for quick recovery

 Cannot offer protection against disk corruption

 Cannot recover from a natural disaster

NEW QUESTION 126
An organization has implemented a control to help ensure databases containing personal information will not be updated with online transactions that are incomplete due to connectivity issues. Which of the following information attributes is PRIMARILY addressed by this control?

 Availability

 Compliance

 Confidentiality

 integrity

NEW QUESTION 127
A company has implemented an IT segregation of duties policy In a role-based environment, which of the following roles may be assigned to an application developer?

 Database administration

 Emergency support

 IT operator

 System administration

NEW QUESTION 128
Which of the following would BEST help to ensure compliance with an organization’s information security requirements by an IT service provider?

 Defining the business recovery plan with the IT service provider

 Requiring an external security audits of the IT service provider

 Defining information security requirements with internal IT

 Requiring regular reporting from the IT service provider

Section: Governance and Management of IT

NEW QUESTION 129
ALL computer programming languages are vulnerable to command injection attack.

 True

 False

Section: Protection of Information Assets
Explanation:
The majority of software vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows, format string vulnerabilities, integer overflow, and code/command injection. Some common languages such as C and C++ are vulnerable to all of these defects. Languages such as Java are immune to some of these defects but are still prone to code/ command injection and other software defects which lead to software vulnerabilities.

NEW QUESTION 130
What is the BEST way for an IS auditor to assess the adequacy of an expert consultant who was selected to be involved in an audit engagement?

 Review the independence and objectivity of the expert.

 Verify that the engagement letter outlines the expert’s responsibilities.

 Obtain an understanding of the expert’s relevant experience.

 Review the industry reputation of the expert consultant’s firm.

NEW QUESTION 131
An IS auditor is asked to identify risk within an organization’s software development project. The project manager tells the auditor that an agile development methodology is being used to minimize the lengthy development process. Which of the following would be of GREATEST concern to the auditor?

 Each team does its own testing.

 The needed work has not yet been fully identified.

 Some of the developers have not attended recent training.

 Elements of the project have not been documented.

Section: Protection of Information Assets

NEW QUESTION 132
An organization is shifting to a remote workforce. In preparation, the IT department is performing stress and capacity testing of remote access infrastructure and systems. What type of control is being implemented?

 Directive

 Preventive

 Compensating

 Detective

 Loading …

Useful Isaca CISA Exam Prep Resources

With the above-mentioned details about the certification exam, are you ready to act upon the next step? The test preparation is, of course, a gruelling process of intense studying and extensive honing of skills. So, right here and now, we’ll make it much easier for you. We will serve as your eyes and ears in catching the finest resources in the market:

• CISA Review Questions, Answers & Explanations Manual (12th Edition) by Isaca

  Another top-notch book suggested by the vendor is this practice test manual that has 1,000 questions in multiple-choice style. The questions listed here are in accordance with the latest CISA Job Practice (2019). Therefore, most of these are already revised and upgraded, providing more up-to-date coverage of the exam. Another thing is the detailed explanation of the answers, which is a great help in correcting your mistakes and ensuring that you don’t make the same error twice. And of course, the questions are structured in a way that mimics the official CISA test. Though not exactly the same in terms of order and context, practicing with such items is very beneficial in strengthening your adeptness in the crucial test domains.

• CISA Review Manual (27th Edition) by Isaca

  Accompany the self-paced course with one of the selected books for your CISA test. The CISA Review Manual is an official reference guide that is handpicked by the experts because of its all-inclusive test coverage that is designed to help you stay on track with the main exam objectives. This book discusses the vital roles of an information systems auditor, giving you a glimpse of the technical skillset you have to develop before the certification evaluation. Also, such a manual has been restructured in accordance with the official 2019 CISA Job Practice, hence the most recent and relevant coverage of the exam domains. More so, it brings out the critical concepts and terminologies of IS and IT for proper documentation of your abilities. And by mastering both the fundamentals as well as the technical roles, you won’t have a hard time handling audit tasks required by organizations of different sizes and types.

• CISA Online Review Course

  The best online prep tool comes from the certification vendor itself. Isaca has prepared a comprehensive package that you can use to study efficiently for the CISA test. Equipped with instructional strategies and interactive lessons, this course has been proven and tested by thousands of exam candidates. More importantly, it details the five major domains of the CISA, which include the auditing process, governance, operations, implementation, and the protection of information systems. The eLearning modules are also created in relation to the CISA job practice so you’ll develop a working knowledge of the key subject areas. This means that your comprehension is not just about the theoretical aspect of the domains but also its technical features. In addition, the context of the materials guarantees you up-to-date guidelines of IT audit as well as assurance. As a result, you will gain an understanding of the latest industry standards, which are relevant among businesses. Along with the interactive lessons, you’ll also get some downloadable materials to further aid your topic mastery. And to complete the set of training resources, you’ll get a self-assessment (50 questions) and a practice test (75 questions) that check on your knowledge before and after the training. And before we forget, this online course provides you with the opportunity to navigate through the lessons at your own pace. Also, you can take advantage of the structured guideline and create your preferred learning schedule and style. The total training duration lasts for up to 22 hours, with a 365-day subscription.

• CISA Exam Prep Course

  Are you the type of learner who gets more insights if you’re with an instructor? If yes, enroll in the expert-led course and join other exam candidates in learning the CISA job practice in a more in-depth manner. The instructor will guide you in sorting out the core requirements that you need to master, which is done through comprehensive modules and case study activities. Likewise, there will be a revisit of the fundamental concepts to ensure that you master the basics and core responsibilities of an IS auditor. The course won’t be complete without some practice tests, which are thoroughly assessed by the instructor. The trial questions are further elaborated through an extensive explanation of the answers. Along with the lectures and quizzes, the instructor also shares a lot of useful techniques, particularly in terms of time management and better knowledge retention. Do take note that time is very important if you avail of this virtual material. Compared to the self-paced course, this one has a limited timeline. It’s only a 60-day subscription that is divided into 4 sessions. Therefore, you have to check the schedule posted on the official site first so you can allocate your time properly and attend the training with ease.

CISA Exam Questions and Valid PMP Dumps PDF: https://www.exams4sures.com/ISACA/CISA-practice-exam-dumps.html