Latest CISA Pass Guaranteed Exam Dumps Certification Sample Questions

New CISA Test Materials & Valid CISA Test Engine

Conclusion

The CISA exam is definitely an instrumental tool for IT generalists wanting to jump aboard the audit field or IT auditors who want to climb the career ladder. With a successful feat in this superior Isaca certification, you become an in-demand specialist with a validated skillset and proven IT/IS audit expertise. So, better get started with your preparation by utilizing the helpful resources mentioned above and earn this top-notch endorsement in no time.

Prerequisites

The main requirement for earning the CISA certification is to pass one test. However, before you can take it, you are required to have at least five years of practical experience in the field of information security and information technology audit. The candidates should also have experience with control, assurance, and security. If you don’t have up to five years, you can also complete the exam with a minimum of two years of hands-on experience in the domain of the qualifying test.

 

NEW QUESTION 319
An information security manager has identified and implemented migrating controls according to industry
best practices. Which of the following is the GREATEST risk associated with this approach?

• A. Important security controls may be missed without senior management input.
• B. The security program may not be aligned with organizational objectives.
• C. The migration measures may not be updated in a timely manner.
• D. The cost of control implementation may be too high.

Answer: B

Explanation:
Section: Governance and Management of IT

 

NEW QUESTION 320
Identify the correct sequence which needs to be followed as a chain of event in regards to evidence handling in computer forensics?

• A. Preserve, Identify, Analyze and Present
• B. Analyze, Identify, preserve and present
• C. Identify, Preserve, Analyze and Present
• D. Identify, Analyze, preserve and Present

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
There are 4 major considerations in the chain of event in regards to evidence in computer forensics:
Identify -Refers to identification of information that is available and might form evidence of an accident Preserve -Refers to the practice of retrieving identified information and preserving it as evidence. The practice generally includes the imaging of original media in presence of an independent third party. The process also requires being able to document chain-of-custody so that it can be established in a court law.
Analyze - Involves extracting, processing and interpreting the evidence. Extracted data could be unintelligible binary data after it has been processed and converted into human readable format.
Interpreting the data requires an in-depth knowledge of how different pieces of evidences may fit together.
The analysis should be performed using an image of media and not the original.
Present -Involves a presentation of the various audiences such as management, attorneys, court, etc.Acceptance of evidence depends upon the manner of presentation, qualification of the presenter, and credibility of the process used to preserve and analyze the evidence.
The following were incorrect answers:
The other options presented are not a valid sequence which needs to be followed in the chain of events in regards to evidence in computer forensic.
Reference:
CISA review manual 2014 Page number367

 

NEW QUESTION 321
To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the:

• A. Internet and the firewall.
• B. Internet and the web server.
• C. Firewall and the organization's network.
• D. Web server and the firewall.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Attack attempts that could not be recognized by the firewall will be detected if a network- based intrusion detection system is placed between the firewall and the organization's network. A network-based intrusion detection system placed between the internet and the firewall will detect attack attempts, whether they do or do not enter the firewall.

 

NEW QUESTION 322
An IS auditor would be concerned if the quality assurance (QA) function were found to be performing which of the following roles?

• A. Submitting corrected code for issues identified through the testing process
• B. Reviewing the code to ensure proper documentation and development practices were followed
• C. Ensuring the development methods and standards are adhered to throughout the process
• D. Evaluating whether the testing assumptions and developed code are aligned to the design criteria

Answer: B

Explanation:
Section: Information System Acquisition, Development and Implementation

 

NEW QUESTION 323
Which of the following layer in in an enterprise data flow architecture is directly death with by end user with information?

• A. Desktop access layer
• B. Data access layer
• C. Data preparation layer
• D. Data mart layer

Answer: A

Explanation:
Explanation/Reference:
Presentation/desktop access layer is where end users directly deal with information. This layer includes familiar desktop tools such as spreadsheets, direct querying tools, reporting and analysis suits offered by vendors such as Congas and business objects, and purpose built application such as balanced source cards and digital dashboards.
For CISA exam you should know below information about business intelligence:
Business intelligence(BI) is a broad field of IT encompasses the collection and analysis of information to assist decision making and assess organizational performance.
To deliver effective BI, organizations need to design and implement a data architecture. The complete data architecture consists of two components The enterprise data flow architecture (EDFA)
A logical data architecture
Various layers/components of this data flow architecture are as follows:
Presentation/desktop access layer - This is where end users directly deal with information. This layer includes familiar desktop tools such as spreadsheets, direct querying tools, reporting and analysis suits offered by vendors such as Congas and business objects, and purpose built application such as balanced source cards and digital dashboards.
Data Source Layer - Enterprise information derives from number of sources:
Operational data - Data captured and maintained by an organization's existing systems, and usually held in system-specific database or flat files.
External Data - Data provided to an organization by external sources. This could include data such as customer demographic and market share information.
Nonoperational data - Information needed by end user that is not currently maintained in a computer accessible format.
Core data warehouse -This is where all the data of interest to an organization is captured and organized to assist reporting and analysis. DWs are normally instituted as large relational databases. A property constituted DW should support three basic form of an inquiry.
Drilling up and drilling down - Using dimension of interest to the business, it should be possible to aggregate data as well as drill down. Attributes available at the more granular levels of the warehouse can also be used to refine the analysis.
Drill across - Use common attributes to access a cross section of information in the warehouse such as sum sales across all product lines by customer and group of customers according to length of association with the company.
Historical Analysis - The warehouse should support this by holding historical, time variant data. An example of historical analysis would be to report monthly store sales and then repeat the analysis using only customer who were preexisting at the start of the year in order to separate the effective new customer from the ability to generate repeat business with existing customers.
Data Mart Layer- Data mart represents subset of information from the core DW selected and organized to meet the needs of a particular business unit or business line. Data mart can be relational databases or some form on-line analytical processing (OLAP) data structure.
Data Staging and quality layer -This layer is responsible for data copying, transformation into DW format and quality control. It is particularly important that only reliable data into core DW. This layer needs to be able to deal with problems periodically thrown by operational systems such as change to account number format and reuse of old accounts and customer numbers.
Data Access Layer -This layer operates to connect the data storage and quality layer with data stores in the data source layer and, in the process, avoiding the need to know to know exactly how these data stores are organized. Technology now permits SQL access to data even if it is not stored in a relational database.
Data Preparation layer -This layer is concerned with the assembly and preparation of data for loading into data marts. The usual practice is to per-calculate the values that are loaded into OLAP data repositories to increase access speed. Data mining is concern with exploring large volume of data to determine patterns and trends of information. Data mining often identifies patterns that are counterintuitive due to number and complexity of data relationships. Data quality needs to be very high to not corrupt the result.
Metadata repository layer - Metadata are data about data. The information held in metadata layer needs to extend beyond data structure names and formats to provide detail on business purpose and context. The metadata layer should be comprehensive in scope, covering data as they flow between the various layers, including documenting transformation and validation rules.
Warehouse Management Layer -The function of this layer is the scheduling of the tasks necessary to build and maintain the DW and populate data marts. This layer is also involved in administration of security.
Application messaging layer -This layer is concerned with transporting information between the various layers. In addition to business data, this layer encompasses generation, storage and targeted communication of control messages.
Internet/Intranet layer - This layer is concerned with basic data communication. Included here are browser based user interface and TCP/IP networking.
Various analysis models used by data architects/ analysis follows:
Activity or swim-lane diagram - De-construct business processes.
Entity relationship diagram -Depict data entities and how they relate. These data analysis methods obviously play an important part in developing an enterprise data model. However, it is also crucial that knowledgeable business operative are involved in the process. This way proper understanding can be obtained of the business purpose and context of the data. This also mitigates the risk of replication of suboptimal data configuration from existing systems and database into DW.
The following were incorrect answers:
Data mart layer - Data mart represents subset of information from the core DW selected and organized to meet the needs of a particular business unit or business line. Data mart can be relational databases or some form on-line analytical processing (OLAP) data structure.
Data access layer - his layer operates to connect the data storage and quality layer with data stores in the data source layer and, in the process, avoiding the need to know to know exactly how these data stores are organized. Technology now permits SQL access to data even if it is not stored in a relational database.
Data preparation layer -This layer is concerned with the assembly and preparation of data for loading into data marts. The usual practice is to per-calculate the values that are loaded into OLAP data repositories to increase access speed.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 188

 

NEW QUESTION 324
When reviewing past results of a recurring annual audit, an IS auditor notes that findings may not have been reported and independence may not have been maintained Which of the following is the auditor's BEST course of action?

• A. Reevaluate internal controls
• B. Re-perform past audits to ensure independence
• C. Inform audit management
• D. Inform senior management

Answer: C

 

NEW QUESTION 325
What is the PRIMARY objective of implementing data classification?

• A. Establish appropriate data protection methods.
• B. Establish appropriate encryption methods.
• C. Employ data leakage prevention tools.
• D. Create awareness among users.

Answer: A

Explanation:
Section: Protection of Information Assets

 

NEW QUESTION 326
A CIO has asked an IS to implement several security controls for an organization's IT process and system. The auditor should:

• A. Refuse due to independence issue
• B. Communicate the conflict of interest to audit management.
• C. Perform the assignment and future audits with the due professional care.
• D. Obtain approval from execute management for the implementation.

Answer: B

 

NEW QUESTION 327
A CIO has asked an IS auditor to implement several security controls for an organization s IT processes and systems. The auditor should:

• A. communicate the conflict of interest to audit management
• B. obtain approval from executive management for the implementation
• C. perform the assignment and future audits with due professional care.
• D. refuse due to independence issues.

Answer: D

 

NEW QUESTION 328
Which of the following is the BEST indicator of an effective employee information security program?

• A. More efficient and effective incident handling
• B. Reduced operational cost of security
• C. Increased detection and reporting of incidents
• D. Increased management support for security

Answer: A

Explanation:
Section: Information System Operations, Maintenance and Support
Explanation

 

NEW QUESTION 329
Which of the following should an IS auditor review to determine user permissions that have been granted for a particular resource?

• A. Application logs
• B. Systems logs
• C. Error logs
• D. Access control lists (ACL)

Answer: D

Explanation:
Explanation/Reference:
Explanation:
IS auditors should review access-control lists (ACL) to determine user permissions that have been granted for a particular resource.

 

NEW QUESTION 330
Which of the following will replace system binaries and/or hook into the function calls of the operating system to hide the presence of other programs (choose the
most precise answer)?

• A. tripwire
• B. virus
• C. trojan
• D. rootkits
• E. None of the choices.

Answer: D

Explanation:
"A backdoor may take the form of an installed program (e.g., Back Orifice) or could be in the form of an existing ""legitimate"" program, or executable file. A specific form of backdoors are rootkits, which replaces system binaries and/or hooks into the function calls of the operating system to hide the presence of other programs, users, services and open ports."

 

NEW QUESTION 331
The IS management of a multinational company is considering upgrading its existing virtual private network (VPN) to support voice-over IP (VoIP) communications via tunneling. Which of the following considerations should be PRIMARILY addressed?

• A. Confidentiality of data transmissions
• B. Privacy of voice transmissions
• C. Reliability and quality of service (QoS)
• D. Means of authentication

Answer: C

Explanation:
The company currently has a VPN; issues such as authentication and confidentiality have been implemented by the VPN using tunneling. Privacy of voice transmissions is provided by the VPN protocol. Reliability and QoS are, therefore, the primary considerations to be addressed.

 

NEW QUESTION 332
Once an organization has finished the business process reengineering (BPR) of all its critical operations, an IS auditor would MOST likely focus on a review of:

• A. BPR project plans.
• B. post-BPR process flowcharts.
• C. pre-BPR process flowcharts.
• D. continuous improvement and monitoring plans.

Answer: B

Explanation:
An IS auditor's task is to identify and ensure that key controls have been incorporated into the reengineered process. Choice A is incorrect because an IS auditor must review the process as it is today, not as it was in the past. Choices C and D areincorrect because they are steps within a BPR project.

 

NEW QUESTION 333
An organization's current end-user computing practices include the use of a spreadsheet for financial statements. Which of the following is the GREATEST concern?

• A. Operational procedures have not been reviewed in the current fiscal year
• B. The spreadsheet is not maintained by IT.
• C. Formulas are not protected against unintended changes.
• D. The spreadsheet contains numerous macros.

Answer: C

 

NEW QUESTION 334
......

ISACA CISA Exam Certification Details:

Duration	240 mins
Exam Name	ISACA Certified Information Systems Auditor (CISA)
Schedule Exam	Exam Registration
Books / Training	Virtual Instructor-Led Training In-Person Training & Conferences Customized, On-Site Corporate Training CISA Planning Guide
Exam Code	CISA
Passing Score	450/800
Sample Questions	ISACA CISA Sample Questions
Exam Price ISACA Nonmember	$760(USD)
Number of Questions	150
Exam PriceISACA Member	$575(USD)

 

CISA Sample with Accurate & Updated Questions: https://www.validexam.com/CISA-latest-dumps.html

CISA Updated Exam Dumps [2021] Practice Valid Exam Dumps Question: https://drive.google.com/open?id=1baBOyFE83bGuKdpN4l1RHWmAsWtjw2xE