Ensurepass

 

QUESTION 31

As compared to understanding an organization’s IT process from evidence directly collected, how valuable are prior audit reports as evidence?

 

A.

The same value.

B.

Greater value.

C.

Lesser value.

D.

Prior audit reports are not relevant.

 

Correct Answer: C

Explanation:

Prior audit reports are considered of lesser value to an IS auditor attempting to gain an understanding of an organization’s IT process than evidence directly collected.

 

 

QUESTION 32

Off-site data storage should be kept synchronized when preparing for recovery of time- sensitive data such as that resulting from which of the following? Choose the BEST answer.

 

A.

Financial reporting

B.

Sales reporting

C.

Inventory reporting

D.

Transaction processing

 

Correct Answer: D

Explanation:

Off-site data storage should be kept synchronized when preparing for the recovery of timesensitive data such as that resulting from transaction processing.

 

 

QUESTION 33

What is/are used to measure and ensure proper network capacity management and availability of services? Choose the BEST answer.

 

A.

Network performance-monitoring tools

B.

Network component redundancy

C.

Syslog reporting

D.

IT strategic planning

 

Correct Answer: A

Explanation:

Network performance-monitoring tools are used to measure and ensure proper network capacity management and availability of services.

 

 

QUESTION 34

Which type of major BCP test only requires representatives from each operational area to meet to review the plan?

 

A.

Parallel

B.

Preparedness

C.

Walk-thorough

D.

Paper

 

Correct Answer: C

Explanation:

Of the three major types of BCP tests (paper, walk-through, and preparedness), a walk-through test requires only that represent
atives from each operational area meet to review the plan.

 

 

 

 

 

QUESTION 35

The purpose of business continuity planning and disaster-recovery planning is to:

 

A.

Transfer the risk and impact of a business interruption or disaster

B.

Mitigate, or reduce, the risk and impact of a business interruption or disaster

C.

Accept the risk and impact of a business

D.

Eliminate the risk and impact of a business interruption or disaster

 

Correct Answer: B

Explanation:

The primary purpose of business continuity planning and disaster-recovery planning is to mitigate, or reduce, the risk and impact of a business interruption or disaster. Total elimination of risk is impossible.

 

 

QUESTION 36

After identifying potential security vulnerabilities, what should be the IS auditor’s next step?

 

A.

To evaluate potential countermeasures and compensatory controls

B.

To implement effective countermeasures and compensatory controls

C.

To perform a business impact analysis of the threats that would exploit the vulnerabilities

D.

To immediately advise senior management of the findings

 

Correct Answer: C

Explanation:

After identifying potential security vulnerabilities, the IS auditor’s next step is to perform a business impact analysis of the threats that would exploit the vulnerabilities.

 

 

QUESTION 37

A LAN administrator normally would be restricted from:

 

A.

having end-user responsibilities.

B.

reporting to the end-user manager.

C.

having programming responsibilities.

D.

being responsible for LAN security administration.< /font>

 

Correct Answer: C

Explanation:

A LAN administrator should not have programming responsibilities but may have end-user responsibilities. The LAN administrator may report to the director of the IPF or, in a decentralized operation, to the end-user manager. In small organizations, the LAN administrator also may be responsible for security administration over the LAN.

 

 

QUESTION 38

Which of the following provide(s) near-immediate recoverability for time-sensitive systems and transaction processing?

 

A.

Automated electronic journaling and parallel processing

B.

Data mirroring and parallel processing

C.

Data mirroring

D.

Parallel processing

Correct Answer: B

Explanation:

Data mirroring and parallel processing are both used to provide near-immediate recoverability for time-sensitive systems and transaction processing.

 

 

QUESTION 39

What is the key distinction between encryption and hashing algorithms?

 

A.

Hashing algorithms ensure data confidentiality.

B.

Hashing algorithms are irreversible.

C.

Encryption algorithms ensure data integrity.

D.

Encryption algorithms are not irreversible.

 

Correct Answer: B

Explanation:

A key distinction between encryption and hashing algorithms is that hashing algorithms are irreversible.

 

 

QUESTION 40

What influences decisions regarding criticality of assets?

 

A.

The business criticality of the data to be protected

B.

Internal corporate politics

C.

The business criticality of the data to be protected, and the scope of the impact upon the organization as a whole

D.

The business impact analysis

 

Correct Answer: C

Explanation:

Criticality of assets is often influenced by the business criticality of the data to be protected and by the scope of the impact upon the organization as a whole. For example, the loss of a network backbone creates a much greater impact on the organization as a whole than the loss of data on a typical user’s workstation.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

Comments are closed.