2020 Updated Isaca CISA Exam Dumps - CISA Dumps


John25519

Uploaded on May 4, 2020

Category Education

CISA dumps helps you to acquire high marks in your IT exam.This material has been verified by the experts and has shown good results. If you prepare from the given material and remain focused then you can pass your CISA exam with sure. Practice engine can also be helpful to solidify your learnt knowledge.It will enhance your confidence and boost your performance by training according to the real exam requirements.This online engine will work as a simulator that will give you an awareness of the real exam situation.Demo questions can be downloaded before CISA dumps material from realexamcollection.

Category Education

Comments

                     

2020 Updated Isaca CISA Exam Dumps - CISA Dumps

Isaca Exam CISA Certified Information Systems Auditor Verson: Demo [ Total Questions: 10 ] https://www.realexamcollection.com/isaca/cisa-dumps.html Isaca CISA : Practice Exam Topic break down Topic No. of Questions Topic 1: Main Questions (240 Main 1 Questions) Topic 3: IT GOVERNANCE (111 1 PRACTICE QUESTION) Topic 4: SYSTEMS AND 1 INFRASTRUCTURE LIFECYCLE MANAGEMENT (130 PRACTICE QUESTIONS) Topic 5: IT SERVICE DELIVERY AND 1 SUPPORT (116 PRACTICE QUESTIONS) Topic 6: PROTECTION OF 2 INFORMATION ASSETS (251 PRACTICE QUESTIONS) Topic 7: BUSINESS CONTINUITY AND 2 DISASTER RECOVERY (111 PRACTICE QUESTIONS) Topic 8: Mixed Questions 2 2 Isaca CISA : Practice Exam Topic 1, Main Questions (240 Main Questions) Question No : 1 - (Topic 1) What would an IS auditor expect to find in the console log? Choose the BEST answer. A. Evidence of password spoofing B. System errors C. Evidence of data copy activities D. Evidence of password sharing Answer: B Explanation: An IS auditor can expect to find system errors to be detailed in the console log. Topic 3, IT GOVERNANCE (111 PRACTICE QUESTION) Question No : 2 - (Topic 3) A benefit of open system architecture is that it: A. facilitates interoperability. B. facilitates the integration of proprietary components. C. will be a basis for volume discounts from equipment vendors. D. allows for the achievement of more economies of scale for equipment. Answer: A Explanation: Open systems are those for which suppliers provide components whose interfaces are defined by public standards, thus facilitating interoperability between systems made by different vendors. In contrast, closed system components are built to proprietary standards so that other suppliers' systems cannot or will not interface with existing systems. Topic 4, SYSTEMS AND INFRASTRUCTURE LIFECYCLE MANAGEMENT (130 PRACTICE QUESTIONS) Question No : 3 - (Topic 4) An IS auditor who has discovered unauthorized transactions during a review of EDI 3 Isaca CISA : Practice Exam transactions is likely to recommend improving the: A. EDI trading partner agreements. B. physical controls for terminals. C. authentication techniques for sending and receiving messages. D. program change control procedures. Answer: C Explanation: Authentication techniques for sending and receiving messages play a key role in minimizing exposure to unauthorized transactions. The EDI trading partner agreements would minimize exposure to legal issues. Topic 5, IT SERVICE DELIVERY AND SUPPORT (116 PRACTICE QUESTIONS) Question No : 4 - (Topic 5) Which of the following is a feature of Wi-Fi Protected Access (WPA) in wireless networks? A. Session keys are dynamic B. Private symmetric keys are used C. Keys are static and shared D. Source addresses are not encrypted or authenticated Answer: A Explanation: WPA uses dynamic session keys, achieving stronger encryption than wireless encryption privacy (WEP), which operates with static keys (same key is used for everyone in the wireless network). All other choices are weaknesses of WEP. Topic 6, PROTECTION OF INFORMATION ASSETS (251 PRACTICE QUESTIONS) Question No : 5 - (Topic 6) Which of the following would be the BEST access control procedure? A. The data owner formally authorizes access and an administrator implements the user authorization tables. B. Authorized staff implements the user authorization tables and the data owner sanctions them. 4 Isaca CISA : Practice Exam C. The data owner and an IS manager jointly create and update the user authorization tables. D. The data owner creates and updates the user authorization tables. Answer: A Explanation: The data owner holds the privilege and responsibility for formally establishing the access rights. An IS administrator should then implement or update user authorization tables. Choice B alters the desirable order. Choice C is not a formal procedurefor authorizing access. Question No : 6 - (Topic 6) To ensure authentication, confidentiality and integrity of a message, the sender should encrypt the hash of the message with the sender's: A. public key and then encrypt the message with the receiver's private key. B. private key and then encrypt the message with the receiver's public key. C. public key and then encrypt the message with the receiver's public key. D. private key and then encrypt the message with the receiver's private key. Answer: B Explanation: Obtaining the hash of the message ensures integrity; signing the hash of the message with the sender's private key ensures the authenticity of the origin, and encrypting the resulting message with the receiver's public key ensures confidentiality. The other choices are incorrect. Topic 7, BUSINESS CONTINUITY AND DISASTER RECOVERY (111 PRACTICE QUESTIONS) Question No : 7 - (Topic 7) Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist? A. Reviewing program code B. Reviewing operations documentation C. Turning off the UPS, then the power 5 Isaca CISA : Practice Exam D. Reviewing program documentation Answer: B Explanation: Operations documentation should contain recovery/restart procedures, so operations can return to normal processing in a timely manner. Turning off the uninterruptible power supply (UPS) and then turning off the power might create a situation for recovery and restart, but the negative effect on operations would prove this method to be undesirable. The review of program code and documentation generally does not provide evidence regarding recovery/restart procedures. Question No : 8 - (Topic 7) An IS auditor can verify that an organization's business continuity plan (BCP) is effective by reviewing the: A. alignment of the BCP with industry best practices. B. results of business continuity tests performed by IS and end-user personnel. C. off-site facility, its contents, security and environmental controls. D. annual financial cost of the BCP activities versus the expected benefit of implementation of the plan. Answer: B Explanation: The effectiveness of the business continuity plan (BCP) can best be evaluated by reviewing the results from previous business continuity tests for thoroughness and accuracy in accomplishing their stated objectives. All other choices do not provide the assurance of the effectiveness of the BCP. Topic 8, Mixed Questions Question No : 9 - (Topic 8) Talking about application system audit, focus should always be placed on: A. performance and controls of the system B. the ability to limit unauthorized access and manipulation C. input of data are processed correctly D. output of data are processed correctly E. changes to the system are properly authorized 6 Isaca CISA : Practice Exam F. None of the choices. Answer: A,B,C,D,E Explanation: Talking about application system audit, focus should be placed on the performance and controls of the system, its ability to limit unauthorized access and manipulation, that input and output of data are processed correctly on the system, that any changes to the system are authorized, and that users have access to the system. Question No : 10 - (Topic 8) Many WEP systems require a key in a relatively insecure format. What format is this? A. binary format. B. hexadecimal format. C. 128 bit format. D. 256 bit format. E. None of the choices. Answer: B Explanation: As part of the IEEE 802.11 standard ratified in September 1999, WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity. Many WEP systems require a key in hexadecimal format. If one chooses keys that spell words in the limited 0-9, A-F hex character set, these keys can be easily guessed. https://www.realexamcollection.com/isaca/cisa-dumps.html 7