CISA® - Certified Information Systems Auditor

(50 Exam Questions - EXTRA)

151. When installing an intrusion detection system (IDS), which of the following is MOST
important?
A. Properly locating it in the network architecture
B. Preventing denial-of-service (DoS) attacks
C. Identif ying messages that need to be quarantined
D. Minimizing the rejection errors

152. To ensure authentication, confidentiality and integrity of a message, the sender should encrypt
the hash of the message with the sender's:
A. public key and then encrypt the message with the receiver's private key.
B. private key and then encrypt the message with the receiver's public key.
C. public key and then encrypt the message with the receiver's public key.
D. private key and then encrypt the message with the receiver's private key.

153. Which of the following should be a concern to an IS auditor reviewing a wireless network?
A. 128-bit static-key WEP (Wired Equivalent Privacy) encryption is enabled.
B. SSID (Service Set Identifier) broadcasting has been enabled.
C. Antivirus software has been installed in all wireless clients.
D. MAC (Media Access Control) access control filtering has been deployed.

154. An IS auditor observes a weakness in the tape management system at a data center in that
some parameters are set to bypass or ignore tape header records. Which of the following is the
MOST effective compensating control for this weakness?
A. Staging and job set up
B. Supervisory review of logs
C. Regular back up of tapes
D. Of fsite storage of tapes

155. Which of the following is the BEST audit procedure to determine if a firewall is configured i n
compliance with an organization's security policy?
A. Review the parameter settings.
B. Interview the f irewall administrator.
C. Review the actual procedures.
D. Review the device's log file for recent attacks.

156. An IS auditor reviews an organizational chart PRIMARILY for:

A. an understanding of workflows.
B. investigating various communication channels.
C. understanding the responsibilities and authority of individuals.
D. investigating the network connected to different employees.

CISA® Review Course © Behaviour Group, 2020 Page 1 of 8

 CISA® - Certified Information Systems Auditor
(50 Exam Questions - EXTRA)
157. Which of the following is the BEST performance criterion for evaluating the adequacy of an
organization's security awareness training?
A. Senior management is aware of critical information assets and demonstrates an adequate
concern for their protection.
B. Job descriptions contain clear statements of accountability for information security.
C. In accordance with the degree of risk and business impact, there is adequate funding for security
ef f orts.
D. No actual incidents have occurred that have caused a loss or a public embarrassment.
.

158. What is the MOST prevalent security risk when an organization implements remote virtual
private network (VPN) access to its network?
A. Malicious code could be spread across the network
B. VPN logon could be spoofed
C. Traf f ic could be sniffed and decrypted
D. VPN gateway could be compromised

159. The activation of an enterprise's business continuity plan should be based on predetermined
criteria that address the:
A. duration of the outage.
B. type of outage.
C. probability of the outage.
D. cause of the outage.

160. An organization with extremely high security requirements is evaluating the effectiveness of
biometric systems. Which of the following performance indicators is MOST important?
A. False-acceptance rate (FAR)
B. Equal-error rate (EER)
C. False-rejection rate (FRR)
D. False-identification rate (FIR)

161. A structured walk-through test of a disaster recovery plan involves:

A. representatives from each of the functional areas coming together to go over the plan.
B. all employees who participate in the day-to-day operations coming together to practice executing
the plan.
C. moving the systems to the alternate processing site and performing processing operations.
D. distributing copies of the plan to the various functional areas for review.

162. To minimize costs and improve service levels an outsourcer should seek which of the
following contract clauses?
A. O/S and hardware refresh frequencies
B. Gain-sharing performance bonuses
C. Penalties for noncompliance
D. Charges tied to variable cost metrics

CISA® Review Course © Behaviour Group, 2020 Page 2 of 8

 CISA® - Certified Information Systems Auditor
(50 Exam Questions - EXTRA)
163. As updates to an online order entry system are processed, the updates are recorded on a
transaction tape and a hard copy transaction log. At the end of the day, the order entry files are
backed up on tape. During the backup procedure, a drive malfunctions and the order entry files are
lost. Which of the following is necessary to restore these files?
A. The previous day's backup file and the current transaction tape
B. The previous day's transaction file and the current transaction tape
C. The current transaction tape and the current hard copy transaction log
D. The current hard copy transaction log and the previous day's transaction file
.

164. Many IT projects experience problems because the development time and/or resource
requirements are underestimated. Which of the following techniques would provide the GREATEST
assistance in developing an estimate of project duration?
A. Function point analysis
B. PERT chart
C. Rapid application development
D. Object-oriented system development

165. Sending a message and a message hash encrypted by the sender's private key will ensure:
A. authenticity and integrity.
B. authenticity and privacy.
C. integrity and privacy.
D. privacy and nonrepudiation.

166. An IS auditor was hired to review e-business security. The IS auditor's first task was to
examine each existing e-business application looking for vulnerabilities. What would be the next
task?
A. Report the risks to the CIO and CEO immediately
B. Examine e-business application in development
C. Identif y threats and likelihood of occurrence
D. Check the budget available for risk management

167. The PRIMARY purpose of a business impact analysis (BIA) is to:

A. provide a plan for resuming operations after a disaster.
B. identify the events that could impact the continuity of an organization's operations.
C. publicize the commitment of the organization to physical and logical security.
D. provide the framework for an effective disaster recovery plan.

168. A web server is attacked and compromised. Which of the following should be performed FIRST
to handle the incident?
A. Dump the volatile storage data to a disk.
B. Run the server in a f ail-safe mode.
C. Disconnect the web server from the network.
D. Shut down the web server.

CISA® Review Course © Behaviour Group, 2020 Page 3 of 8

 CISA® - Certified Information Systems Auditor
(50 Exam Questions - EXTRA)
169. Which of the following should be included in a feasibility study for a project to implement an
EDI process?
A. The encryption algorithm format
B. The detailed internal control procedures
C. The necessary communication protocols
D. The proposed trusted third-party agreement

170. Which of the following is the MOST effective control when granting temporary access to
vendors?
A. Vendor access corresponds to the service level agreement (SLA).
B. User accounts are created with expiration dates and are based on services provided.
C. Administrator access is provided for a limited period.
D. User IDs are deleted when the work is completed.

171. An IS auditor who has discovered unauthorized transactions during a review of EDI
transactions is likely to recommend improving the:
A. EDI trading partner agreements.
B. physical controls for terminals.
C. authentication techniques for sending and receiving messages.
D. program change control procedures.

172. From a control perspective, the PRIMARY objective of classifying information assets is to:
A. establish guidelines for the level of access controls that should be assigned.
B. ensure access controls are assigned to all information assets.
C. assist management and auditors in risk assessment.
D. identify which assets need to be insured against losses.

173. Business units are concerned about the performance of a newly implemented system. Which
of the following should an IS auditor recommend?
A. Develop a baseline and monitor system usage.
B. Def ine alternate processing procedures.
C. Prepare the maintenance manual.
D. Implement the changes users have suggested.

174. When developing a business continuity plan (BCP), which of the following tools should be
used to gain an understanding of the organization's business processes?
A. Business continuity self-audit
B. Resource recovery analysis
C. Risk assessment
D. Gap analysis

175. A team conducting a risk analysis is having difficulty projecting the financial losses that could
result from a risk. To evaluate the potential losses, the team should:
A. compute the amortization of the related assets.
B. calculate a return on investment (ROI).
C. apply a qualitative approach.
D. spend the time needed to define exactly the loss amount.

CISA® Review Course © Behaviour Group, 2020 Page 4 of 8

 CISA® - Certified Information Systems Auditor
(50 Exam Questions - EXTRA)

176. After observing suspicious activities in a server, a manager requests a forensic analysis.
Which of the following findings should be of MOST concern to the investigator?
A. Server is a member of a workgroup and not part of the server domain
B. Guest account is enabled on the server
C. Recently, 100 users were created in the server
D. Audit logs are not enabled for the server
.

177. An organization is implementing a new system to replace a legacy system. Which of the
following conversion practices creates the GREATEST risk?
A. Pilot
B. Parallel
C. Direct cutover
D. Phased

178. Which of the following is a network diagnostic tool that monitors and records network
information?
A. Online monitor
B. Downtime report
C. Help desk report
D. Protocol analyzer

179. Which of the following is the initial step in creating a firewall policy?
A. A cost-benefit analysis of methods for securing the applications
B. Identification of network applications to be externally accessed
C. Identif ication of vulnerabilities associated with network applications to be externally accessed
D. Creation of an applications traffic matrix showing protection methods

180. Which of the following components is responsible for the collection of data in an intrusion
detection system (IDS)?
A. Analyzer
B. Administration console
C. User interf ace
D. Sensor

181. The purpose of a checksum on an amount field in an electronic data interchange (EDI)
communication of financial transactions is to ensure:
A. integrity.
B. authenticity.
C. authorization.
D. nonrepudiation.

182. Minimum password length and password complexity verification are examples of:
A. detection controls.
B. control objectives.
C. audit objectives.
D. control procedures.

CISA® Review Course © Behaviour Group, 2020 Page 5 of 8

 CISA® - Certified Information Systems Auditor
(50 Exam Questions - EXTRA)
183. Disabling which of the following would make wireless local area networks more secure against
unauthorized access?
A. MAC (Media Access Control) address filtering
B. WPA (Wi-Fi Protected Access Protocol)
C. LEAP (Lightweight Extensible Authentication Protocol)
D. SSID (service set identifier) broadcasting

184. Which of the following would be the BEST access control procedure?
A. The data owner f ormally authorizes access and an administrator implements the user
authorization tables.
B. Authorized staff implements the user authorization tables and the data owner sanctions them.
C. The data owner and an IS manager jointly create and update the user authorization tables.
D. The data owner creates and updates the user authorization tables.

185. Accountability for the maintenance of appropriate security measures over information assets
resides with the:
A. security administrator.
B. systems administrator.
C. data and systems owners.
D. systems operations group.

186. Which of the following is a dynamic analysis tool for the purpose of testing software modules?
A. Black box test
B. Desk checking
C. Structured walkthrough
D. Design and code

187. In a client-server architecture, a domain name service (DNS) is MOST important because it
provides the:
A. address of the domain server.
B. resolution service for the name/address.
C. IP addresses for the Internet.
D. domain name system.

188. Which of the following is an advantage of the top-down approach to software testing?
A. Interf ace errors are identified early
B. Testing can be started before all programs are complete
C. It is more ef fective than other testing approaches
D. Errors in critical modules are detected sooner

189. An organization currently using tape backups takes one full backup weekly and incremental
backups daily. They recently augmented their tape backup procedures with a backup-to-disk
solution. This is appropriate because:
A. f ast synthetic backups for offsite storage are supported.
B. backup to disk is always significantly faster than backup to tape.
C. tape libraries are no longer needed.
D. data storage on disks is more reliable than on tapes.

CISA® Review Course © Behaviour Group, 2020 Page 6 of 8

 CISA® - Certified Information Systems Auditor
(50 Exam Questions - EXTRA)
190. An IS auditor reviewing database controls discovered that changes to the database during
normal working hours were handled through a standard set of procedures. However, changes made
after normal hours required only an abbreviated number of steps. In this situation, which of the
following would be considered an adequate set of compensating controls?
A. Allow changes to be made only with the DBA user account.
B. Make changes to the database after granting access to a normal user account.
C. Use the DBA user account to make changes, log the changes and review the change log the
f ollowing day.
D. Use the normal user account to make changes, log the changes and review the change log the
f ollowing day.

191. Which of the following message services provides the strongest evidence that a specific
action has occurred?
A. Proof of delivery
B. Nonrepudiation
C. Proof of submission
D. Message origin authentication
.

192. Assessing IT risks is BEST achieved by:

A. evaluating threats associated with existing IT assets and IT projects.
B. using the firm's past actual loss experience to determine current exposure.
C. reviewing published loss statistics from comparable organizations.
D. reviewing IT control weaknesses identified in audit reports.

193. Which of the following exposures could be caused by a line grabbing technique?
A. Unauthorized data access
B. Excessive CPU cycle usage
C. Lockout of terminal polling
D. Multiplexor control dysfunction

194. Which of the following antispam filtering techniques would BEST prevent a valid, variable-
length e-mail message containing a heavily weighted spam keyword from being labeled as spam?
A. Heuristic (rule-based)
B. Signature-based
C. Pattern matching
D. Bayesian (statistical)

195. IT governance is PRIMARILY the responsibility of the:

A. chief executive officer.
B. board of directors.
C. IT steering committee.
D. audit committee.

CISA® Review Course © Behaviour Group, 2020 Page 7 of 8

 CISA® - Certified Information Systems Auditor
(50 Exam Questions - EXTRA)
196. After reviewing its business processes, a large organization is deploying a new web
application based on a VoIP technology. Which of the following is the MOST appropriate approach
for implementing access control that will facilitate security management of the VoIP web
application?
A. Fine-grained access control
B. Role-based access control (RBAC)
C. Access control lists
D. Network/service access control

197. The GREATEST advantage of rapid application development (RAD) over the tradi tional system
development life cycle (SDLC) is that it:
A. f acilitates user involvement.
B. allows early testing of technical features.
C. f acilitates conversion to the new system.
D. shortens the development time frame.

198. Web and e-mail filtering tools are PRIMARILY valuable to an organization because they:
A. protect the organization from viruses and nonbusiness materials.
B. maximize employee performance.
C. saf eguard the organization's image.
D. assist the organization in preventing legal issues

199. After installing a network, an organization installed a vulnerability assessment tool or security
scanner to identify possible weaknesses. Which is the MOST serious risk associated with such
tools?
A. Differential reporting
B. False-positive reporting
C. False-negative reporting
D. Less-detail reporting

200. IS management recently replaced its existing wired local area network (LAN) with a wireless
infrastructure to accommodate the increased use of mobile devices within the organization. This
will increase the risk of which of the following attacks?
A. Port scanning
B. Back door
C. Man-in-the-middle
D. War driving

CISA® Review Course © Behaviour Group, 2020 Page 8 of 8