CISA 시험 - ISACA실제시험문제와 답 - 693문항

Question No : 1

During an IS audit, it is discovered that security configurations differ across the organization’s virtual server farm.
Which of the following is the IS auditor’s BEST recommendation for improving the control environment?

A.Conduct an independent review of each server’s security configuration
B.Implement a security configuration baseline for virtual servers
C.Implement security monitoring controls for high-risk virtual servers
D.Conduct a standard patch management review across the virtual server farm

정답:

Question No : 2

An IS auditor is reviewing an organization’s incident management processes and procedures.
Which of the following observations should be the auditor’s GREATEST concern?

A.Ineffective incident classification
B.Ineffective incident prioritization
C.Ineffective incident detection
D.Ineffective post-incident review

정답:

Question No : 3

An IS auditor is assessing risk associated with peer-to-peer file sharing within an organization.
Which of the following should be of GREATEST concern?

A.File-sharing policies have not been reviewed since last year
B.Only some employees are required to attend security awareness training
C.Not all devices are running antivirus programs
D.The organization does not have an efficient patch management process

정답:

Question No : 4

Assessments of critical information systems are based on a cyclical audit plan that has not been updated for several years.
Which of the following should the IS auditor recommend to BEST address this situation?

A.Use a revolving set of audit plans to cover all systems
B.Update the audit plan quarterly to account for delays and deferrals of periodic reviews
C.Regularly validate the audit plan against business risks
D.Do not include periodic reviews in detail as part of the audit plan

정답:

Question No : 5

An IS auditor is analyzing a sample of accesses recorded on the system log of an application. The auditor intends to launch an intensive investigation if one exception is found.
Which sampling method would be appropriate?

A.Discovery sampling
B.Variable sampling
C.Stratified sampling
D.Judgmental sampling

정답:

Question No : 6

When evaluating the ability of a disaster recovery plan to enable the recovery of IT processing capabilities, it is MOST important for the IS auditor to verify the plan is:

A.stored at an offsite location
B.communicated to department heads
C.regularly reviewed
D.periodically tested

정답:

Question No : 7

The MAIN benefit of using an integrated test facility (ITF) as an online auditing technique is that it enables:

A.a cost-effective approach to application controls audit
B.auditors to investigate fraudulent transactions
C.auditors to test without impacting production data
D.the integration of financial and audit tests

정답:

Question No : 8

An organization is concerned about duplicate vendor payments on a complex system with a high volume of transactions.
Which of the following would be MOST helpful to an IS auditor to determine whether duplicate vendor payments exist?

A.Computer-assisted technique
B.Stop-and-go testing
C.Statistical sampling
D.Judgmental sampling

정답:

Question No : 9

During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS).
Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?

A.Inherent risk
B.Sampling risk
C.Control risk
D.Detection risk

정답:

Question No : 10

An IS auditor conducting audit follow-up activities learns that some previously agreed-upon corrective actions have not been taken and that the associated risk has been accepted by senior management. If the auditor disagrees with management’s decision, what is the BEST way to address the situation?

A.Repeat the audit with audit scope only covering areas with accepted risks
B.Report the issue to the chief audit executive for resolution
C.Recommend new corrective actions to mitigate the accepted risk
D.Take no action since management’s decision has been made

정답:

Question No : 11

When auditing the effectiveness of a biometric system, which of the following indicators would be MOST important to review?

A.False negatives
B.False acceptance rate
C.Failure to enroll rate
D.System response time

정답:

Question No : 12

An IS auditor discovered abnormalities in a monthly report generated from a system upgraded six months ago.
Which of the following should be the auditor’s FIRST course of action?

A.Inspect source code for proof of abnormalities
B.Perform a change management review of the system
C.Schedule an access review of the system
D.Determine the impact of abnormalities in the report

정답:

Question No : 13

An organization plans to deploy Wi-Fi location analytics to count the number of shoppers per day across its various retail outlets.
What should the IS auditor recommend as the FIRST course of action by IT management?

A.Conduct a privacy impact assessment
B.Mask media access control (MAC) addresses
C.Survey shoppers for feedback
D.Develop a privacy notice to be displayed to shoppers

정답:

Question No : 14

Which of the following findings would be of MOST concern to an IS auditor performing a review of an end-user developed application that generates financial statements?

A.The application is not sufficiently supported by the IT department
B.There is not adequate training in the use of the application
C.There is no adequate user license for the application
D.There is no control to ensure accuracy of the processed data

정답:

Question No : 15

Which audit technique provides the GREATEST assurance that incident management procedures are effective?

A.Determining whether incidents are categorized and addressed
B.Performing comprehensive vulnerability scanning and penetration testing
C.Comparing incident management procedures to best practices
D.Evaluating end-user satisfaction survey results

정답:

ISACA CISA 시험