Download New Updated (July) Isaca CISA Actual Test 91-100

Ensurepass

QUESTION 91

When should systems administrators first assess the impact of applications or systems patches?

 

A.

Within five business days following installation

B.

Prior to installation

C.

No sooner than five business days following installation

D.

Immediately following installation

 

Correct Answer: B

Explanation:

Systems administrators should always assess the impact of patches before installation.

 

 

QUESTION 92

IS auditors are MOST likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. True or false?

 

A.

True

B.

False

 

Correct Answer: A

Explanation:

IS auditors are most likely to perform compliance tests of internal controls if, after their initial evaluation of the controls, they conclude that control risks are within the acceptable limits. Think of it this way: If any reliance is placed on internal controls, that reliance must be validated through compliance testing. High control risk results in little reliance on internal controls, which results in additional substantive testing.

 

 

QUESTION 93

______________ risk analysis is not always possible because the IS auditor is attempting to calculate risk using nonquantifiable threats and potential losses. In this event, a ______________ risk assessment is more appropriate. Fill in the blanks.

 

A.

Quantitative; qualitative

B.

Qualitative; quantitative

C.

Residual; subjective

D.

Quantitative; subjective

 

Correct Answer: A

Explanation:

Quantitative risk analysis is not always possible because the IS auditor is attempting to calculate risk using nonquantifiable threats and potential losses. In this event, a qualitative risk assessment is more appropriate.

 

 

QUESTION 94

If an IS auditor finds evidence of risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function, what is the auditor’s primary responsibility?

 

A.

To advise senior management.

B.

To reassign job functions to eliminate potential fraud.

C.

To implement compensator controls.

D.

Segregation of duties is an administrative control not considered by an IS auditor.

 

Correct Answer: A

Explanation:

An IS auditor’s primary responsibility is to advise senior management of the risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function.

 

 

QUESTION 95

What is an effective control for granting temporary access to vendors and external support personnel? Choose the BEST answer.

 

A.

Creating user accounts that automatically expire by a predetermined date

B.

Creating permanent guest accounts for temporary use

C.

Creating user accounts that restrict logon access to certain hours of the day

D.

Creating a single shared vendor administrator account on the basis of least-privileged access

 

Correct Answer: A

Explanation:

Creating user accounts that automatically expire by a predetermined date is an effective control for granting temporary access to vendors and external support personnel.

 

 

QUESTION 96

The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a(n):

 

A.

Implementor

B.

Facilitator

C.

Developer

D.

Sponsor

 

Correct Answer: B

Explanation:

The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a facilitator.

 

 

QUESTION 97

The MOST significant level of effort for business continuity planning (BCP) generally is required during the:

 

A.

testing stage.

B.

evaluation stage.

C.

maintenance stage.

D.

early stages of planning.

 

Correct Answer: D

Explanation:

Company.com in the early stages of a BCP will incur the most significant level of program development effort, which will level out as the BCP moves into maintenance, testing and evaluation stages. It is during the planning stage that an IS auditor will play an important role in obtaining senior management’s commitment to resources and assignment of BCP responsibilities.

 

 

QUESTION 98

If senior management is not committed to strategic planning, how likely is it that a company’s implementation of IT will be successful?

 

A.

IT cannot be implemented if senior management is not committed to strategic planning.

B.

More likely.

C.

Less likely.

D.

Strategic planning does not affect the success of a company’s implementation of IT.

 

Correct Answer: C

Explanation:

A company’s implementation of IT will be less likely to succeed if senior management is not committed to strategic planning.

 

 

 

QUESTION 99

Using the OSI reference model, what layer(s) is/are used to encrypt data?

 

A.

Transport layer

B.

Session layer

C.

Session and transport layers

D.

Data link layer

 

Correct Answer: C

Explanation:

User applications often encrypt and encapsulate data using protocols within the OSI session layer or farther down in the transport layer.

 

 

QUESTION 100

Which of the following best characterizes “worms”?

 

A.

Malicious programs that can run independently and can propagate without the aid of a carrier program such as email

B.

Programming code errors that cause a program to repeatedly dump data

C.

Malicious programs that require the aid of a carrier program such as email

D.

Malicious programs that masquerade as common applications such as screensavers or macro-enabled Word documents

 

Correct Answer: A

Explanation:

Worms are malicious programs that can run independently and can propagate without the aid of a carrier program such as email.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …