Test-Questions.com
Exam Prep With Quizzes
 Certified Information Systems Auditor (CISA) 
cisa exam questions cisa questions free download

 

Q:1-Which of the following is a risk of cross-training?
Mark one answer:
Increases the dependence on one employee
Does not assist in succession planning
One employee may know all parts of a system
Does not help in achieving a continuity of operations

Q:2-Which of the following is the BEST performance criterion for evaluating the adequacy of an organization's security awareness training?
Mark one answer:
Senior management is aware of critical information assets and demonstrates an adequate concern for their protection.
Job descriptions contain clear statements of accountability for information security.
In accordance with the degree of risk and business impact, there is adequate funding for security efforts.
No actual incidents have occurred that have caused a loss or a public embarrassment.

Q:3-To gain an understanding of the effectiveness of an organization's planning and management of investments in IT assets, an IS auditor should review the:
Mark one answer:
enterprise data model.
IT balanced scorecard (BSC).
IT organizational structure.
historical financial statements.

Q:4-Which of the following activities performed by a database administrator (DBA) should be performed by a different person?
Mark one answer:
Deleting database activity logs
Implementing database optimization tools
Monitoring database usage
Defining backup and recovery procedures

Q:5-Which of the following reduces the potential impact of social engineering attacks?
Mark one answer:
Compliance with regulatory requirements
Promoting ethical understanding
Security awareness programs
Effective performance incentives

test-questions.com

Q:6-Which of the following controls would an IS auditor look for in an environment where duties cannot be appropriately segregated?
Mark one answer:
Overlapping controls
Boundary controls
Access controls
Compensating controls

Q:7-An IS auditor reviewing an organization that uses cross-training practices should assess the risk of:
Mark one answer:
dependency on a single person.
inadequate succession planning.
one person knowing all parts of a system.
a disruption of operations.

Q:8-When segregation of duties concerns exist between IT support staff and end users, what would be a suitable compensating control?
Mark one answer:
Restricting physical access to computing equipment
Reviewing transaction and application logs
Performing background checks prior to hiring IT staff
Locking user sessions after a specified period of inactivity

Q:9-An IS auditor should be concerned when a telecommunication analyst:
Mark one answer:
monitors systems performance and tracks problems resulting from program changes.
reviews network load requirements in terms of current and future transaction volumes.
assesses the impact of the network load on terminal response times and network data transfer rates.
recommends network balancing procedures and improvements.

Q:10-A long-term IS employee with a strong technical background and broad managerial experience has applied for a vacant position in the IS audit department. Determining whether to hire this individual for this position should be based on the individual's experience and:
Mark one answer:
length of service, since this will help ensure technical competence.
age, as training in audit techniques may be impractical.
IS knowledge, since this will bring enhanced credibility to the audit function.
ability, as an IS auditor, to be independent of existing IS relationships.

❌Report wrong answer

cisa questions and answers pdf cisa sample test questions

Test-Questions.com CISA Review Questions
Unlock 790 Q's with Code

 ISACA CISA 
Total Questions: 790 
Free        Demo        Premium