The CISA certification test is administered by the Information Systems Audit and Control Association (ISACA), which is the governing organization. The CISA certification ensures that the exam taker knows all of the topics included on the CISA syllabus. The syllabus specifies five subjects in particular:
- Process of IS (Information Systems) Auditing
- IT Management
- Development and Implementation of Information Systems
- Business Resilience and IT Operations
- Information Asset Protection
A CISA-certified employee should have the confidence and capacity to conduct complex IT audits on any company system after mastering these five areas of knowledge.
If you are planning on CISA exam, try these sample questions and if you want more, feel free to consult us.
QUESTION 1
Which of the following is the BEST way to detect system security breaches?
A. Conducting continuous monitoring with an automated system security tool
B. Conducting frequent vulnerability scans
C. Ensuring maximum interoperability among systems throughout the organization
D. Performing intrusion tests on a regular basis
Correct Answer: A
QUESTION 2
An organization decides to establish a formal incident response capability with clear roles and
responsibilities facilitating centralized reporting of security incidents.
Which type of control is being implemented?
A. Corrective control
B. Detective control
C. Preventive control
D. Compensating control
Correct Answer: A
QUESTION 3
Which of the following is a preventive control that can be used to mitigate insider threats?
A. User activity monitoring
B. Penetration testing
C. Role-based access
D. Backup procedures
Correct Answer: C
QUESTION 4
In a virtualized environment, which of the following techniques effectively mitigates the risk of network attacks?
A. Segmentation
B. Configuration assessment
C. Encryption
D. Containerization
Correct Answer: C
QUESTION 5
Which of the following is the PRIMARY reason to adopt a capability model?
A. To ensure compliance with laws and regulations
B. To decrease the organization’s level of risk
C. To guide improvement of organizational processes
D. To increase the organization’s level of security
Correct Answer: C
QUESTION 6
Demonstrated support from which of the following roles in an organization has the MOST influence over information security governance?
A. Chief information security officer(CISO)
B. Information security steering committee
C. Chief information officer (CIO)
D. Board of directors
Correct Answer: D
QUESTION 7
Which of the following is the BEST indication of an effective problem management process?
A. Incidents are assigned to engineers immediately.
B. The time to close an incident is reduced.
C. The number of repeat incidents is reduced.
D. Incidents are logged in a centralized system.
Correct Answer: C
QUESTION 8
Which of the following provides an IS auditor assurance that the interface between a point of sale (POS) system and the general ledger is transferring sales data completely and accurately?
A. The data transferred over the POS interface is encrypted.
B. Nightly batch processing has been replaced with real-time processing.
C. Electronic copies of customer sales receipts are maintained.
D. Monthly bank statements are reconciled without exception
Correct Answer: D
QUESTION 9
Which of the following is the MOST effective control against injection attacks on a web application?
A. Modern application firewalls
B. Setting up the application and database on different servers
C. Strong identity controls for application users
D. Validation of data provided by application users
Correct Answer: D
QUESTION 10
The PRIMARY purpose of running a new system in parallel is to:
A. validate the operation of the new system against its predecessor.
B. resolve any errors in the program and file interfaces.
C. provide the basis for comprehensive unit and system testing.
D. determine which of the two systems is more efficient and effective
Correct Answer: A
How is your result? We offer CISA dump that guarantee 100% pass rate. If you are not satisfied with your current result, welcome to consult us.
Comments