CISA無料問題集「ISACA Certified Information Systems Auditor」

質問 1

Which of the following is the PRIMARY objective of a control self-assessment (CSA)?

（A）To reduce control costs associated with a specific function

（B）To improve the audit rating process

（C）To shift some control monitoring responsibilities to functional areas

（D）To create cohesive teams through employee involvement

正解：B 解答を投票する

質問 2

An IS auditor reviewing a job scheduling tool notices performance and reliability problems. Which of the following is MOST likely affecting the tool?

（A）Maintenance patches and the latest enhancement upgrades are missing.

（B）Administrator passwords do not meet organizational security and complexity requirements.

（C）The number of support staff responsible for job scheduling has been reduced.

（D）The scheduling tool was not classified as business-critical by the IT department.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

During a follow-up engagement, an IS auditor confirms evidence of a problem that was not an issue in the original audit. Which of the following is the auditor's BEST course of action?

（A）Include the evidence as part of a future audit.

（B）Expand the follow-up scope to include examining the evidence.

（C）Report the risk to management in the follow-up report.

（D）Report only on the areas within the scope of the follow-up.

正解：C 解答を投票する

質問 4

Which of the following is the BEST security control to validate the integrity of data communicated between production databases and a big data analytics system?

（A）Hashing in-scope data sets

（B）Encrypting in-scope data sets

（C）Running and comparing the count function within the in-scope data sets

（D）Hosting a digital certificate for in-scope data sets

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

Which of the following should be of MOST concern to an IS auditor reviewing an organization's operational log management?

（A）Data formats have not been standardized across all logs.

（B）Applications are logging events into multiple log files.

（C）Log file size has grown year over year.

（D）Critical events are being logged to immutable log files.

正解：A 解答を投票する

質問 6

An IS auditor should look for which of the following to ensure the risk associated with scope creep has been mitigated during software development?

（A）Project change management controls

（B）Existence of an architecture review board

（C）Configuration management

（D）Source code version control

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Which of the following types of firewalls provide the GREATEST degree of control against hacker intrusion?

（A）Screening router

（B）Application level gateway

（C）Packet filtering router

（D）Circuit gateway

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

Which of the following would BEST protect the confidentiality of sensitive data in transit between multiple offices?

（A）Hash algorithms

（B）Public key infrastructure (PKI)

（C）Digital signatures

（D）Kerberos

正解：B 解答を投票する

質問 9

During an audit of a multinational bank's disposal process, an IS auditor notes several findings. Which of the following should be the auditor's GREATEST concern?

（A）Backup media are not reviewed before disposal.

（B）Degaussing is used instead of physical shredding.

（C）Hardware is not destroyed by a certified vendor.

（D）Backup media are disposed before the end of the retention period

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

Which of the following biometric access controls has the HIGHEST rate of false negatives?

（A）Face recognition

（B）Iris recognition

（C）Retina scanning

（D）Fingerprint scanning

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

Which of the following is a challenge in developing a service level agreement (SLA) for network services?

（A）Ensuring that network components are not modified by the client

（B）Establishing a well-designed framework for network servirces.

（C）Reducing the number of entry points into the network

（D）Finding performance metrics that can be measured properly

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

An IS auditor Is reviewing a recent security incident and is seeking information about me approval of a recent modification to a database system's security settings Where would the auditor MOST likely find this information?

（A）System event correlation report

（B）Change log

（C）Database log

（D）Security incident and event management (SIEM) report

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

CISA 無料問題集「ISACA Certified Information Systems Auditor」

弊社を連絡する

関連リンク

トップ試験