
[2021] CISA by Isaca Certification Actual Free Exam Practice Test
Free Isaca Certification CISA Exam Question
Career Prospects for Successful Exam-Passers
Any successful candidate who manages to pass the ISACA CISA certification exam can take the role of information systems auditor in international companies. According to Payscale.com, a mid-level auditor with a minimum of 5-9 years of experience can get an annual salary of $75k.
Information Systems Operations & Business Resilience: This domain is designed to evaluate the individuals’ skills in IT controls as well as their knowledge of how IT relates to an enterprise. It requires that you have competence in the following areas:
- Business resilience is the second phase, which covers skills in system resilience, business impact analysis, business continuity plan, data backup, storage & restoration, as well as disaster recovery plans.
- Information systems operations, which cover basic technology components, IT asset management, system interfaces, data governance, end-user computing, problem & incident management, systems performance management, database management, and IT service level management, among others;
NEW QUESTION 383
Which of the following procedures would BEST determine whether adequate recovery/restart procedures
exist?
- A. Turning off the UPS, then the power
- B. Reviewing operations documentation
- C. Reviewing program code
- D. Reviewing program documentation
Answer: B
Explanation:
Section: Protection of Information Assets
Explanation:
Operations documentation should contain recovery/restart procedures, so operations can return to normal
processing in a timely manner. Turning off the uninterruptible power supply (UPS) and then turning off the
power might create a situation for recovery and restart, but the negative effect on operations would prove
this method to be undesirable. The review of program code and documentation generally does not provide
evidence regarding recovery/restart procedures.
NEW QUESTION 384
Which of the following types of attack often take advantage of curiosity or greed to deliver malware?
- A. Gimmes
- B. Tripwire
- C. None of the choices.
- D. Soft coding
- E. Pretexting
- F. Icing
Answer: A
Explanation:
Gimmes take advantage of curiosity or greed to deliver malware. Also known as a Trojan Horse, gimmes can arrive as an email attachment promising anything. The recipient is expected to give in to the need to the program and open the attachment. In addition, many users will blindly click on any attachments they receive that seem even mildly legitimate.
NEW QUESTION 385
During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST:
- A. conduct additional compliance testing.
- B. perform a business impact analysis (BIA).
- C. evaluate the impact on current disaster recovery capability.
- D. issue an intermediate report to management.
Answer: C
Explanation:
Section: Protection of Information Assets
Explanation/Reference:
NEW QUESTION 386
Which of the following should be the MOST important consideration when implementing an information
security framework?
- A. Technical capabilities
- B. Risk appetite
- C. Audit findings
- D. Compliance requirements
Answer: D
Explanation:
Section: Governance and Management of IT
NEW QUESTION 387
An IS auditor has completed an audit on the organization's IT strategic planning process Which of the following findings should be given the HIGHEST priority?
- A. The IT strategic plan was formulated based on the current IT capabilities.
- B. The IT strategic plan does not include resource requirements for implementation.
- C. The IT strategic plan was completed prior to the formulation of the business strategic plan
- D. Assumptions in the IT strategic plan have not been communicated to business stakeholders
Answer: C
NEW QUESTION 388
Which of the following would be BEST prevented by a raised floor in the computer machine room?
- A. Damage of wires around computers and servers
- B. Water flood damage.
- C. A power failure from static electricity
- D. Shocks from earthquakes
Answer: A
Explanation:
The primary reason for having a raised floor is to enable power cables and data cables to be installed underneath the floor. This eliminates the safety and damage risks posed when cables are placed in a spaghetti-like fashion on an open floor. Staticelectricity should be avoided in the machine room; therefore, measures such as specially manufactured carpet or shoes would be more appropriate for static prevention than a raised floor. Raised floors do not address shocks from earthquakes. To address earthquakes, anti-seismic architecture would be required to establish a quake-resistant structural framework. Computer equipment needs to be protected against water. However, a raised floor would not prevent damage to the machines in the event of overhead water pipe leakage.
NEW QUESTION 389
Neural networks are effective in detecting fraud because they can:
- A. attack problems that require consideration of a large number of input variables.
- B. discover new trends since they are inherently linear.
- C. make assumptions about the shape of any curve relating variables to the output.
- D. solve problems where large and general sets of training data are not obtainable.
Answer: A
Explanation:
Section: Protection of Information Assets
Explanation:
Neural networks can be used to attack problems that require consideration of numerous input variables.
They are capable of capturing relationships and patterns often missed by other statistical methods, but they
will not discover new trends. Neural networks are inherently nonlinear and make no assumption about the
shape of any curve relating variables to the output. Neural networks will not work well at solving problems
for which sufficiently large and general sets of training data are not obtainable.
NEW QUESTION 390
An IS auditor is using a statistical sample to inventory the tape library. What type of test would this be considered?
- A. Compliance
- B. Substantive
- C. Continuous audit
- D. Integrated
Answer: B
Explanation:
Explanation/Reference:
Explanation:
Using a statistical sample to inventory the tape library is an example of a substantive test.
NEW QUESTION 391
Which of the following tests would provide the BEST assurance that a health care organization is handling patient data appropriately?
- A. Compliance with industry standards and best practice
- B. Compliance with local laws and regulations
- C. Compliance with the organization's policies and procedures
- D. Compliance with action plans resulting from recent audits
Answer: D
Explanation:
Section: Governance and Management of IT
NEW QUESTION 392
A database administrator has detected a performance problem with some tables which
could be solved through denormalization. This situation will increase the risk of:
- A. unauthorized access to data.
- B. a loss of data integrity.
- C. deadlocks.
- D. concurrent access.
Answer: B
Explanation:
Normalization is the removal of redundant data elements from the database structure. Disabling normalization in relational databases will create redundancy and a risk of not maintaining consistency of data, with the consequent loss of data integrity. Deadlocks are not caused by denormalization. Access to data is controlled by defining user rights to information, and is not affected by denormalization.
NEW QUESTION 393
Which of the following observations would an IS auditor consider the GREATEST risk when conducting an audit of a virtual server farm for potential software vulnerabilities?
- A. A variety of guest operating systems operate on one virtual server.
- B. Antivirus software has been implemented on the guest operating system only.
- C. The hypervisor is updated quarterly.
- D. Guest operating systems are updated monthly
Answer: B
NEW QUESTION 394
IT best practices for the availability and continuity of IT services should:
- A. provide for sufficient capacity to meet the agreed upon demands of the business.
- B. minimize costs associated with disaster-resilient components.
- C. provide reasonable assurance that agreed upon obligations to customers can be met.
- D. produce timely performance metric reports.
Answer: C
Explanation:
Section: Protection of Information Assets
Explanation:
It is important that negotiated and agreed commitments (i.e., service level agreements [SLAs]) can be
fulfilled all the time. If this were not achievable, IT should not have agreed to these requirements, as
entering into such a commitment would be misleading to the business. 'All the time' in this context directly
relates to the 'agreed obligations' and does not imply that a service has to be available 100 percent of the
time. Costs are a result of availability and service continuity management and may only be partially
controllable. These costs directly reflect the agreed upon obligations. Capacity management is a
necessary, but not sufficient, condition of availability.
Despite the possibility that a lack of capacity may result in an availability issue, providing the capacity
necessary for seamless operations of services would be done within capacity management, and not within
availability management. Generating reports might be a task of availability and service continuity
management, but that is true for many other areas of interest as well (e.g., incident, problem, capacity and
change management).
NEW QUESTION 395
When reviewing print systems spooling, an IS auditor is MOST concerned with which of the following vulnerabilities?
- A. The potential for unauthorized modification of report copies
- B. The potential for unauthorized editing of report copies
- C. The potential for unauthorized deletion of report copies
- D. The potential for unauthorized printing of report copies
Answer: D
Explanation:
Explanation/Reference:
Explanation:
When reviewing print systems spooling, an IS auditor is most concerned with the potential for unauthorized printing of report copies.
NEW QUESTION 396
An organization using development operations (DevOps) processes has deployed tools to provide automated configuration management functionality. Which of the following is the BEST way to ensure changes to system configuration do not inadvertently introduce security vulnerabilities into production platforms?
- A. Implement automated scanning as part of the release process.
- B. Implement logging of developer activity in the production environment.
- C. Implement tools to inventory newly introduced application components.
- D. Implement mechanisms for measuring production application performance.
Answer: A
NEW QUESTION 397
A data center has a badge-entry system. Which of the following is MOST important to protect the computing assets in the center?
- A. Badge readers are installed in locations where tampering would be noticed
- B. A process for promptly deactivating lost or stolen badges exists
- C. The computer that controls the badge system is backed up frequently
- D. All badge entry attempts are logged
Answer: B
Explanation:
Explanation/Reference:
Explanation:
Tampering with a badge reader cannot open the door, so this is irrelevant. Logging the entry attempts may be of limited value. The biggest risk is from unauthorized individuals who can enter the data center, whether they are employees or not. Thus, a process of deactivating lost or stolen badges is important. The configuration of the system does not change frequently, therefore frequent backup is not necessary.
NEW QUESTION 398
......
Useful Isaca CISA Exam Prep Resources
With the above-mentioned details about the certification exam, are you ready to act upon the next step? The test preparation is, of course, a gruelling process of intense studying and extensive honing of skills. So, right here and now, we’ll make it much easier for you. We will serve as your eyes and ears in catching the finest resources in the market:
- CISA Exam Prep Course
Are you the type of learner who gets more insights if you’re with an instructor? If yes, enroll in the expert-led course and join other exam candidates in learning the CISA job practice in a more in-depth manner. The instructor will guide you in sorting out the core requirements that you need to master, which is done through comprehensive modules and case study activities. Likewise, there will be a revisit of the fundamental concepts to ensure that you master the basics and core responsibilities of an IS auditor. The course won’t be complete without some practice tests, which are thoroughly assessed by the instructor. The trial questions are further elaborated through an extensive explanation of the answers. Along with the lectures and quizzes, the instructor also shares a lot of useful techniques, particularly in terms of time management and better knowledge retention. Do take note that time is very important if you avail of this virtual material. Compared to the self-paced course, this one has a limited timeline. It’s only a 60-day subscription that is divided into 4 sessions. Therefore, you have to check the schedule posted on the official site first so you can allocate your time properly and attend the training with ease.
- CISA Review Manual (27th Edition) by Isaca
Accompany the self-paced course with one of the selected books for your CISA test. The CISA Review Manual is an official reference guide that is handpicked by the experts because of its all-inclusive test coverage that is designed to help you stay on track with the main exam objectives. This book discusses the vital roles of an information systems auditor, giving you a glimpse of the technical skillset you have to develop before the certification evaluation. Also, such a manual has been restructured in accordance with the official 2019 CISA Job Practice, hence the most recent and relevant coverage of the exam domains. More so, it brings out the critical concepts and terminologies of IS and IT for proper documentation of your abilities. And by mastering both the fundamentals as well as the technical roles, you won’t have a hard time handling audit tasks required by organizations of different sizes and types.
- CISA Online Review Course
The best online prep tool comes from the certification vendor itself. Isaca has prepared a comprehensive package that you can use to study efficiently for the CISA test. Equipped with instructional strategies and interactive lessons, this course has been proven and tested by thousands of exam candidates. More importantly, it details the five major domains of the CISA, which include the auditing process, governance, operations, implementation, and the protection of information systems. The eLearning modules are also created in relation to the CISA job practice so you’ll develop a working knowledge of the key subject areas. This means that your comprehension is not just about the theoretical aspect of the domains but also its technical features. In addition, the context of the materials guarantees you up-to-date guidelines of IT audit as well as assurance. As a result, you will gain an understanding of the latest industry standards, which are relevant among businesses. Along with the interactive lessons, you’ll also get some downloadable materials to further aid your topic mastery. And to complete the set of training resources, you’ll get a self-assessment (50 questions) and a practice test (75 questions) that check on your knowledge before and after the training. And before we forget, this online course provides you with the opportunity to navigate through the lessons at your own pace. Also, you can take advantage of the structured guideline and create your preferred learning schedule and style. The total training duration lasts for up to 22 hours, with a 365-day subscription.
- CISA Review Questions, Answers & Explanations Manual (12th Edition) by Isaca
Another top-notch book suggested by the vendor is this practice test manual that has 1,000 questions in multiple-choice style. The questions listed here are in accordance with the latest CISA Job Practice (2019). Therefore, most of these are already revised and upgraded, providing more up-to-date coverage of the exam. Another thing is the detailed explanation of the answers, which is a great help in correcting your mistakes and ensuring that you don’t make the same error twice. And of course, the questions are structured in a way that mimics the official CISA test. Though not exactly the same in terms of order and context, practicing with such items is very beneficial in strengthening your adeptness in the crucial test domains.
ISACA CISA Actual Questions and Braindumps: https://www.preppdf.com/ISACA/CISA-prepaway-exam-dumps.html
CISA dumps & Isaca Certification sure practice dumps: https://drive.google.com/open?id=1gKqihumwDoz7jEa-0fBVUQoLXsc8XZAC