Grolar CISA will be a stepping stone in my career. Why I got my results early and now they seem to be running late is anyones guess. It is a cliff notes style book and it gives test taking strategies. If money is an issue then I would defer. From my experience on my last exam on June and this exam I noticed that they focusing on one area in each chapter in more details to see how depth your understanding in this topic which indicate that you generally you are having efficient idea about the whole chapter, and it is a clever way to do that.

Author:Taran Nejas
Language:English (Spanish)
Published (Last):11 March 2004
PDF File Size:19.75 Mb
ePub File Size:13.24 Mb
Price:Free* [*Free Regsitration Required]

If you are interested in getting CISA certified, you need to ensure that you are well-versed with cybersecurity and its nuances.

This free CISA practice exam can help you get skilled and certified. Containing CISA exam sample questions that are in line with the questions that you might come across in the certification examination, this CISA practice test lets you analyze your skills and better them if required. Also, it provides you the confidence to appear the CISA certification test as well. Take the CISA mock exam today and hope for a great career in cybersecurity. During an IT control review to support a financial statement audit, users of the general ledger GL complained to the IS auditor about the considerable delay in accessing data.

The MOST appropriate action for the IS auditor is to note the delay as a control deficiency that could be improved recommend the use of load balancing to improve throughput include complaints in the management letter exclude complaints from an audit opinion about the IT controls 2. How are the purchase orders validated? Reviewing if unauthorized personnel are changing application parameters Checking the list of purchase orders Comparing receipts of purchase against purchase orders Checking the application logs 3.

Which of these is the most effective control over a guest wireless ID given to the vendor staff? A human resources HR company provides free wireless Internet access to its guests by authenticating with a generic user ID and password. Which of these controls BEST addresses the situation? The password for the wireless network is changed on a weekly basis A stateful inspection firewall is used between the public wireless and company networks The public wireless network is physically segregated from the company network An intrusion detection system IDS is deployed within the wireless network 5.

A CISA has found an inadequate policy definition for data and systems ownership during audit. What is the primary concern? The IS administrator will be overburdened Specific data owners are unknown, so accountability could be an issue Unapproved users may have access to originate, modify, or delete data Security Policies and procedures are incomplete 6.

A CISA needs to appraise whether there have been unapproved program changes since the last software version was released. Which of the following audit techniques could be used? Review change control logs Automated code comparison Check migration procedures from development to operation environment 7. IR teams fix a retention date on a file. A CISA during an audit has found that employees are issued security tokens in addition to a personalized identification number PIN for access to the corporate virtual private network VPN.

What would be of primary concern to the auditor? During a compliance audit of an organization, the IS auditor notes that both the IT and accounting functions are being performed by the same user of the financial system. Which of the following reviews conducted by a supervisor would represent the BEST compensating control? Audit trails that show the date and time of the transaction A summary daily report with the total numbers and dollar amounts of each transaction User account administration Computer log files that show individual transactions in the financial system Why are IT control objectives useful to IS auditors?

When reviewing the desktop software compliance of an organization, the IS auditor should be MOST concerned if the installed software was installed, but not documented in the IT department records was installed and the license has expired is not listed in the approved software standards document license will expire in the next 15 days How will an IS auditor review the firewall and VPN permissions for an application that is retrieved through the Internet?

Documented risk analysis Method used in earlier audits IS auditing guidelines The management observes these changes affect the achievement of the predefined goals.

What controls should an IS auditor recommend to improve the project management process? Periodic performance monitoring Adequate segmentation of activities Senior management approval An IS auditor is reviewing a software application that is built on the principles of service oriented architecture SOA.

What is the BEST first step? Understanding services and their allocation to business processes by reviewing the service repository documentation Sampling the use of service security standards as represented by the Security Assertions Markup Language SAML Reviewing the service level agreements SLAs Auditing any single service and its dependencies with others A CISA who is testing employee access to a large financial system selects a sample from the current employee list.

Which among these is the most reliable evidence to support the test? An IS auditor is validating a control that involves a review of the system-generated exception reports.

What is the BEST evidence for effectiveness of the control? An IS auditor is reviewing the process performed for the protection of digital evidence. The owner of the system was not present at the time of the evidence retrieval The system was powered off by an investigator There are no documented logs of the transportation of evidence The contents of the random access memory RAM were not backed up The MOST likely explanation for the use of applets in an Internet application is: it is sent by the server over the network the program does not run and no output is available they improve the performance of the web server and network JAVA servlet downloaded and executed by client A CISA detects that a corrective action is taken by an auditee instantly after a finding mentioned in the audit report.

In an organization, the top management has decided to formulate and deploy an IS security policy, and has asked the Head of IS to undertake the process. Who is accountable for the policy? Top Management Security administrators Network administrators Which sampling method could be used to verify whether purchase orders issued to vendors have been authorized as per the authorization list?

Attribute sampling.


CISA Practice Question Database v12 free

Malakasa Yes I am aware there are dummy questions in each exam. ALayering perimeter network protection by configuring the firewall as a screened host in a screened subnet behind the bastion host provides a higher level of protection from external attack than all other answers. I took the test on Saturday and will receive the results of databass test in ten weeks. Spent two hours on the questions. I was not sure how it was going since like others I felt as if many questions had multiple correct answers. But i heard from my friends who got their result. Managing IT infrastructure of an organization h.





ISACA CISA Certification Sample Questions


Related Articles