Exam CISA: Certified Information Systems Auditor
| Exam Number: CISA | Length of test: 4 hours |
| Exam Name: Certified Information Systems Auditor | Number of questions in the actual exam: 150 |
| Format: PDF, VPLUS | Passing Score: 450/800 |
Total Questions: 1198
FREE
Premium VPLUS file
Last updated: November-2024
Download practice test questions
| Title | Size | Hits | Download |
|---|---|---|---|
| Isaca.CISA.vAug-2024.by.An.364q | 1.19 MB | 59 | Download |
| Isaca.CISA.vAug-2024.by.An.364q | 183.08 KB | 51 | Download |
| Isaca.CISA.vMay-2024.by.Tom.312q | 555.63 KB | 66 | Download |
Hello, the Premium file is only 170q, it says it should be 1198q
Hi,
We haved fixed link.
You can download exam now.
Thanks
Some new questions:
Q
An IS auditor finds that a new network connection allows communication between the Internet and the internal enterprise resource planning (ERP) system. Which of the following is the PRIMARY business impact to include when presenting this observation to management?
A. An increase to the threat landscape
B. A decrease in data quality in the ERP system
C. A decrease in network performance
D. An increase in potential fines from regulators
Q
During an IS audit of a data center, it was found that programmers are allowed to make emergency fixes to operational programs. Which of the following should be the IS auditor’s PRIMARY recommendation?
A. Programmers should be allowed to implement emergency fixes only after obtaining verbal agreement from the application owner.
B. Emergency program changes should be subject to program migration and testing procedures before they are applied to operational systems.
C. Bypass user ID procedures should be put in place to ensure that the changes are subject to after-the-event approval and testing.
Q
An IS auditor determines elevated administrator accounts for servers that are not properly checked out and then back in after each use. Which of the following is the MOST appropriate sampling technique to determine the scope of the problem?
A. Haphazard sampling
B. Random sampling
C. Statistical sampling
D. Stratified sampling
Q
An organization has decided to purchase a web-based email service from a third-party vendor and eliminate its own email server infrastructure. What type of cloud computing environment would BEST meet the organization’s objective?
A. Platform as a Service (PaaS)
B. Software as a Service (SaaS)
C. Database as a Service (DBaaS)
D. Infrastructure as a Service (laaS)
…….
Some new questions:
Q
An IS auditor is evaluating an enterprise resource planning (ERP) migration from local systems to the cloud. Who should be responsible for the data classification in this project?
A. Information security officer
B. Database administrator (DBA)
C. Information owner
D. Data architect
Q
What would be the PRIMARY reason an IS auditor would recommend replacing universal PIN codes with an RFID access card system at a data center?
A. To improve traceability
B. To prevent piggybacking
C. To implement multi-factor authentication
D. To reduce maintenance costs
Q
Which of the following provides the BEST evidence of the validity and integrity of logs in an organization’s security information and event management (SIEM) system?
A. Compliance testing
B. Stop-or-go sampling
C. Substantive testing
D. Variable sampling
Q
What is the FIRST step when creating a data classification program?
A. Categorize and prioritize data.
B. Develop data process maps.
C. Categorize information by owner.
D. Develop a policy.
Q
In a high-volume, real-time system, the MOST effective technique by which to continuously monitor and analyze transaction processing is:
A. integrated test facility (ITF).
B. parallel simulation.
C. transaction tagging.
D. embedded audit modules.
Q
Which of the following is the MAIN responsibility of the IT steering committee?
A. Reviewing and assisting with IT strategy integration efforts
B. Developing and assessing the IT security strategy
C. Implementing processes to integrate security with business objectives
D. Developing and implementing the secure system development framework
Q
Which of the following non-audit activities may impair an IS auditor’s independence and objectivity?
A. Evaluating a third-party customer satisfaction survey
B. Providing advice on an IT project management framework
C. Designing security controls for a new cloud-based workforce management system
D. Reviewing secure software development guidelines adopted by an organization
…..