• Home
  • Blogs
  • ISACA CISA Dumps - The Sure Way To Pass Exam [Q245-Q268]

ISACA CISA Dumps - The Sure Way To Pass Exam [Q245-Q268]

Share

ISACA CISA Dumps - The Sure Way To Pass Exam

CISA Exam Questions (Updated 2022) 100% Real Question Answers


ISACA CISA Exam Syllabus Topics:

TopicDetails
Topic 1
  • Recommend Enterprise Specific Practices To Support And Safeguard The Governance Of Information And Related Technologies
Topic 2
  • Affirms Your Credibility To Offer Conclusions On The State Of An Organization’s IS
  • IT Security, Risk And Control Solutions
Topic 3
  • Information Systems Operations and Business Resilience
Topic 4
  • Protection of Information Assets
Topic 5
  • Governance and Management of IT
Topic 6
  • Confirms To Stakeholders Your Abilities To Identify Critical Issues

 

NEW QUESTION 245
Which of the following is the GREATEST advantage of elliptic curve encryption over RSA encryption?

  • A. Computation speed
  • B. Simpler key distribution
  • C. Ability to support digital signatures
  • D. Greater strength for a given key length

Answer: A

Explanation:
Explanation/Reference:
Explanation:
The main advantage of elliptic curve encryption over RSA encryption is its computation speed. This method was first independently suggested by Neal Koblitz and Victor S.
Miller. Both encryption methods support digital signatures and are used for public key encryption and distribution. However, a stronger key per se does not necessarily guarantee better performance, but rather the actual algorithm employed.

 

NEW QUESTION 246
Within a payroll department, which of the following responsibilities should be assigned to two or more individuals to avoid a segregation of duties conflict?

  • A. Adding and removing new users of the payroll system
  • B. Reviewing time sheets and accessing bank statements for account reconciliation
  • C. Approving payroll payments and inputting salary rates into the system
  • D. Viewing lists of terminated employees and editing payroll information

Answer: B

 

NEW QUESTION 247
An IS auditor is examining a front-end sub ledger and a main ledger Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?

  • A. Inaccuracy of financial reporting
  • B. Unauthorized alteration of account attributes
  • C. inability to support new business Transactions
  • D. Double-posting of a single journal entry

Answer: A

 

NEW QUESTION 248
An IS auditor is evaluating the completeness of privacy procedures involving personally identifiable
information (PII). Which of the following is MOST important for the auditor to verify is included in the
procedures?

  • A. Encryption requirements for transmitting PII externally
  • B. The organization's definition of PII
  • C. A description of how PII is masked within key systems
  • D. Regulatory requirements for protecting PII

Answer: D

Explanation:
Section: The process of Auditing Information System

 

NEW QUESTION 249
To gain an understanding of the effectiveness of an organization's planning and management of investments in IT assets, an IS auditor should review the:

  • A. enterprise data model.
  • B. IT organizational structure.
  • C. historical financial statements.
  • D. IT balanced scorecard (BSC).

Answer: D

Explanation:
The IT balanced scorecard (BSC) is a tool that provides the bridge between IT objectives and business objectives by supplementing the traditional financial evaluation with measures to evaluate customer satisfaction, internal processes and the abilityto innovate. An enterprise data model is a document defining the data structure of an organization and how data interrelate. It is useful, but it does not provide information on investments. The IT organizational structure provides an overview of the functional and reporting relationships in an IT entity. Historical financial statements do not provide information about planning and lack sufficient detail to enable one to fully understand management's activities regarding IT assets. Past costs do not necessarily reflect value, and assets such as data are not represented on the books of accounts.

 

NEW QUESTION 250
The IS security group is planning to implement single sign-on. What is the IS auditor's PRIMARY concern?

  • A. Compromise of a user ID/password will yield more privileges
  • B. Managing user IDs/passwords will require increased efforts.
  • C. Integrated access rules will increase users' access privileges.
  • D. Integrated access rules will restrict users' access privileges.

Answer: A

 

NEW QUESTION 251
Which of the following is the BEST way to identify the potential impact of a successful attack on an organization's mission critical applications?

  • A. Perform an independent code review
  • B. Execute regular vulnerability scans
  • C. Perform an application vulnerability review
  • D. Conduct penetration testing

Answer: D

Explanation:
Section: Protection of Information Assets

 

NEW QUESTION 252
Which of the following would an IS auditor recommend as the MOST effective preventive control to reduce the risk of data leakage'

  • A. Implement an intrusion detection system (IDS).
  • B. Ensure that paper documents arc disposed security.
  • C. Verify that application logs capture any changes made.
  • D. Validate that all data files contain digital watermarks

Answer: D

 

NEW QUESTION 253
When implementing an IT governance framework in an organization the MOST important objective is:

  • A. value realization with IT.
  • B. IT alignment with the business.
  • C. accountability.
  • D. enhancing the return on IT investments.

Answer: B

Explanation:
The goals of IT governance are to improve IT performance, to deliver optimum business value and to ensure regulatory compliance. The key practice in support of these goals is the strategic alignment of IT with the business {choice A). To achieve alignment, all other choices need to be tied to business practices and strategies.

 

NEW QUESTION 254
The PRIMARY reason for using digital signatures is to ensure data:

  • A. integrity.
  • B. timeliness.
  • C. availability.
  • D. confidentiality.

Answer: A

Explanation:
Digital signatures provide integrity because the digital signature of a signed message (file, mail, document, etc.) changes every time a single bit of the document changes; thus, a signed document cannot be altered. Depending on the mechanism chosen to implement a digital signature, the mechanism might be able to ensure data confidentiality or even timeliness, but this is not assured. Availability is not related to digital signatures.

 

NEW QUESTION 255
An IS auditor conducting a review of software usage and licensing discovers that numerous PCs contain unauthorized software. Which of the following actions should the IS auditor take?

  • A. Take no action, as it is a commonly accepted practice and operations management is responsible for monitoring such use.
  • B. Inform the auditee of the unauthorized software, and follow up to confirm deletion.
  • C. Personally delete all copies of the unauthorized software.
  • D. Report the use of the unauthorized software and the need to prevent recurrence to auditee management.

Answer: D

Explanation:
Explanation/Reference:
Explanation:
The use of unauthorized or illegal software should be prohibited by an organization. Software piracy results in inherent exposure and can result in severe fines. An IS auditor must convince the user and user management of the risk and the need to eliminate the risk. An IS auditor should not assume the role of the enforcing officer and take on any personal involvement in removing or deleting the unauthorized software.

 

NEW QUESTION 256
Which of the following would BEST help prioritize various projects in an organization's IT portfolio?

  • A. Enterprise architecture (EA)
  • B. Business cases
  • C. Industry trends
  • D. Total cost of ownership (TCO)

Answer: B

 

NEW QUESTION 257
What should be of MOST concern to an IS auditor reviewing an organization's proposal to combine its online transaction processing (OLTP) data and data warehouse in the same database environment?

  • A. A significant amount of data computing resources will be required.
  • B. The combination of static data with dynamic data could reduce data quality.
  • C. The quality of business intelligence reporting may be impacted.
  • D. The complexity of the solution could lead to delays in deployment.

Answer: A

 

NEW QUESTION 258
Which of the following provides the MOST useful information for performing a business impact analysis (BIA)?

  • A. Inventory of relevant business processes
  • B. Results of business resumption planning efforts
  • C. Policies for business procurement
  • D. Documentation of application configurations

Answer: A

 

NEW QUESTION 259
Which testing approach is MOST appropriate to ensure that internal application interface errors are identified as soon as possible?

  • A. Bottom up
  • B. Top-down
  • C. System test
  • D. Sociability testing

Answer: B

Explanation:
Section: Protection of Information Assets
Explanation:
The top-down approach to testing ensures that interface errors are detected early and that testing of major functions is conducted early. A bottom-up approach to testing begins with atomic units, such as programs and modules, and works upward until a complete system test has taken place. Sociability testing and system tests take place at a later stage in the development process.

 

NEW QUESTION 260
A CIO has asked an IS auditor to implement several security controls for an organization s IT processes and systems. The auditor should:

  • A. communicate the conflict of interest to audit management
  • B. obtain approval from executive management for the implementation
  • C. refuse due to independence issues.
  • D. perform the assignment and future audits with due professional care.

Answer: A

 

NEW QUESTION 261
What is wrong with a Black Box type of intrusion detection system?

  • A. you cannot tune it
  • B. you cannot patch it
  • C. None of the choices.
  • D. you cannot test it
  • E. you cannot examine its internal workings from outside.

Answer: E

Explanation:
Section: Protection of Information Assets
Explanation:
"An intrusion detection system should be able to run continually without human supervision. The system must be reliable enough to allow it to run in the background of the system being observed. However, it should not be a "black box", because you want to ensure its internal workings are examinable from outside."

 

NEW QUESTION 262
The objective of using coding standards for systems development is to:

  • A. ensure the completeness of requirements.
  • B. facilitate user testing
  • C. ensure that business needs are met
  • D. facilitate program maintenance

Answer: D

 

NEW QUESTION 263
Due to system limitations, segregation of duties (SoD) cannot be enforced in an accounts payable system. Which of the following is the IS auditor s BEST recommendation for a compensating control?

  • A. Review payment transaction history.
  • B. Restrict payment authorization to senior staff members
  • C. Require written authorization for all payment transactions.
  • D. Reconcile payment transactions with invoices.

Answer: D

 

NEW QUESTION 264
Which of the following is the MAIN purpose of data classification?

  • A. Defining requirements of security labels
  • B. Ensuring integrity of sensitive information
  • C. Applying the appropriate protective measures
  • D. Ensuring the segregation of duties

Answer: C

Explanation:
Section: Governance and Management of IT
Explanation/Reference:

 

NEW QUESTION 265
Fault-tolerance is a feature particularly sought-after in which of the following kinds of computer systems (choose all that apply):

  • A. handheld PDAs
  • B. business-critical systems
  • C. desktop systems
  • D. None of the choices.
  • E. laptop systems

Answer: B

Explanation:
Fault-tolerance enables a system to continue operating properly in the event of the failure of some parts of it. It avoids total breakdown, and is particularly sought-after in high-availability environment full of businesscritical systems.

 

NEW QUESTION 266
Which of the following device in Frame Relay WAN technique is generally customer owned device that provides a connectivity between company's own network and the frame relays network?

  • A. DLE
  • B. DTE
  • C. DME
  • D. DCE

Answer: B

Explanation:
Explanation/Reference:
Data Terminal Equipment (DTE) - Usually a customer owned device that provides connectivity between company's own network and the frame relay's network.
For your exam you should know below information about WAN Technologies:
Point-to-point protocol
PPP (Point-to-Point Protocol) is a protocol for communication between two computers using a serial interface, typically a personal computer connected by phone line to a server. For example, your Internet server provider may provide you with a PPP connection so that the provider's server can respond to your requests, pass them on to the Internet, and forward your requested Internet responses back to you.
PPP uses the Internet protocol (IP) (and is designed to handle other protocol as well). It is sometimes considered a member of the TCP/IP suite of protocols. Relative to the Open Systems Interconnection (OSI) reference model, PPP provides layer 2 (data-link layer) service. Essentially, it packages your computer's TCP/IP packets and forwards them to the server where they can actually be put on the Internet.
PPP is a full-duplex protocol that can be used on various physical media, including twisted pair or fiber optic lines or satellite transmission. It uses a variation of High Speed Data Link Control (HDLC) for packet encapsulation.
PPP is usually preferred over the earlier de facto standard Serial Line Internet Protocol (SLIP) because it can handle synchronous as well as asynchronous communication. PPP can share a line with other users and it has error detection that SLIP lacks. Where a choice is possible, PPP is preferred.
Point-to-point protocol

Image from:http://withfriendship.com/images/g/31728/a-pointtopoint-protocol.png
X.25
X.25 is an ITU-T standard protocol suite for packet switched wide area network (WAN) communication.
X.25 is a packet switching technology which uses carrier switch to provide connectivity for many different networks.
Subscribers are charged based on amount of bandwidth they use. Data are divided into 128 bytes and encapsulated in High Level Data Link Control (HDLC).
X.25 works at network and data link layer of an OSI model.
X.25

Image from:http://www.sangoma.com/assets/images/content/tutorials_x25_1.gif Frame Relay Works as packet switching Operates at data link layer of an OSI model Companies that pay more to ensure that a higher level of bandwidth will always be available, pay a committed information rate or CIR Two main types of equipment's are used in Frame Relay
1. Data Terminal Equipment (DTE) - Usually a customer owned device that provides connectivity between company's own network and the frame relay's network.
2. Data Circuit Terminal Equipment (DCE) - Service provider device that does the actual data transmission and switching in the frame relay cloud.
The Frame relay cloud is the collection of DCE that provides that provides switching and data communication functionality. Frame relay is any to any service.
Frame Relay

Image from: http://www.cpcstech.com/images/frame-2.jpg
Integrated Service Digital Network (ISDN)
Enables data, voice and other types of traffic to travel over a medium in a digital manner previously used only for analog voice transmission.
Runs on top of the Plain Old Telephone System (POTS). The same copper telephone wire is used.
Provide digital point-to-point circuit switching medium.
ISDN

Image from: http://www.hw-server.com/obrazek/network_topology
Asynchronous Transfer Mode (ATM)
Uses Cell switching method
High speed network technology used for LAN, MAN and WAN
Like frame relay it is connection oriented technology which creates and uses fixed channel Data are segmented into fixed size cell of 53 bytes Some companies have replaces FDDI back-end with ATM Asynchronous Transfer Mode

Image from: http://html.rincondelvago.com/000050700.png
Multiprotocol Label Switching (MPLS)
Multiprotocol Label Switching (MPLS) is a standard-approved technology for speeding up network traffic flow and making things easier to manage.MPLS involves setting up a specific path for a given sequence of packets, identified by a label put in each packet, thus saving the time needed for a router to look up the address to the next node to forward the packet to.
MPLS is called multiprotocol because it works with the Internet Protocol (IP), Asynchronous Transport Mode (ATM), and frame relay network protocols.
In reference to the Open Systems Interconnection, or OSI model, MPLS allows most packets to be forwarded at Layer 2 (switching) level rather than at the Layer 3 (routing) level.
In addition to moving traffic faster overall, MPLS makes it easy to manage a network for quality of service (QoS). For these reasons, the technique is expected to be readily adopted as networks begin to carry more and different mixtures of traffic.
MPLS

Image from: http://www.carrierbid.com/wp-content/uploads/2011/01/mpls1.gif The following answers are incorrect:
DCE - Data Circuit Terminal Equipment (DCE) is a service provider device that does the actual data transmission and switching in the frame relay cloud.
DME - Not a valid frame relay technique
DLE - Not a valid frame relay technique
The following reference(s) were/was used to create this question:
CISA review manual 2014 page number 266

 

NEW QUESTION 267
What type of approach to the development of organizational policies is often driven by risk assessment?

  • A. Comprehensive
  • B. Bottom-up
  • C. Top-down
  • D. Integrated

Answer: C

Explanation:
Explanation/Reference:
Explanation:
A bottom-up approach to the development of organizational policies is often driven by risk assessment.

 

NEW QUESTION 268
......

Pass ISACA CISA Exam Quickly With Test4Sure: https://freecert.test4sure.com/CISA-exam-materials.html

Related Blogs

more
ISACA CISA Certification Practice Exam

Copyright © 2026 TEST4SURE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.