Free Access to ISACA.CISA.v2024-03-31.q980 with Valid Practice Test (Page 113)

Request Exam Contact

Home
View All Exams
New QA's
Upload

PRACTICE EXAMS:

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce
Other

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce

Home
ISACA Certification
CISA Exam
ISACA.CISA.v2024-03-31.q980 Dumps

««
«
…
108
109
110
111
112
113
114
115
116
117
…
»
»»

Question 556

When auditing the proposed acquisition of a new computer system, an IS auditor should FIRST establish that:

A.a clear business case has been approved by management.
B.corporate security standards will be met.
C.users will be involved in the implementation plan.
D.the new system will meet all required user functionality.

Correct Answer: A

Section: Protection of Information Assets
Explanation:
The first concern of an IS auditor should be to establish that the proposal meets the needs of the business, and this should be established by a clear business case. Although compliance with security standards is essential, as is meeting the needs of the users and having users involved in the implementation process, it is too early in the procurement process for these to be an IS auditor's first concern.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 557

An IS auditor usually places more reliance on evidence directly collected. What is an example of such
evidence?

A.Evidence collected through personal observation
B.Evidence collected through systems logs provided by the organization's security administration
C.Evidence collected through surveys collected from internal staff
D.Evidence collected through transaction reports provided by the organization's IT administration

Correct Answer: A

Section: Protection of Information Assets
Explanation:
An IS auditor usually places more reliance on evidence directly collected, such as through personal
observation.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 558

A malicious code that changes itself with each file it infects is called a:

A.logic bomb.
B.stealth virus.
C.trojan horse.
D.polymorphic virus.

Correct Answer: D

Explanation/Reference:
Explanation:
A polymorphic virus has the capability of changing its own code, enabling it to have many different variants. Since they have no consistent binary pattern, such viruses are hard to identify.
Incorrect answers:
A. A logic bomb is code that is hidden in a program or system which will cause something to happen when the user performs a certain action or when certain conditions are met. A logic bomb, which can be downloaded along with a corrupted shareware or freeware program, may destroy data, violate system security, or erase the hard drive.
B. A stealth virus is a virus that hides itself by intercepting disk access requests. When an antivirus program tries to read files or boot sectors to find the virus, the stealth virus feeds the antivirus program a clean image of the file or boot sector.
C. A trojan horse is a virus program that appears to be useful and harmless but which has harmful side effects such as destroying data or breaking the security of the system on which it is run.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 559

The use of cookies constitutes the MOST significant security threat when they are used lor

A.forwarding email and Internet protocol (IP) addresses
B.obtaining a public key from a certification authority (CA)
C.authenticating using username and password
D.downloading files from the host server

Correct Answer: C

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 560

Which audit technique provides the BEST evidence of the segregation of duties in an IS department?

A.Discussion with management
B.Review of the organization chart
C.Observation and interviews
D.Testing of user access rights

Correct Answer: C

By observing the IS staff performing their tasks, an IS auditor can identify whether they are performing any incompatible operations, and by interviewing the IS staff, the auditor can get an overview of the tasks performed. Based on the observationsand interviews the auditor can evaluate the segregation of duties. Management may not be aware of the detailed functions of each employee in the IS department; therefore, discussion with the management would provide only limited information regardingsegregation of duties. An organization chart would not provide details of the functions of the employees. Testing of user rights would provide information about the rights they have within the IS systems, but would not provide complete information about the functions they perform.

Comment: *

Name: *

Email: *

Verification: *

insert code

««
«
…
108
109
110
111
112
113
114
115
116
117
…
»
»»

[×]

Download PDF File

Enter your email address to download ISACA.CISA.v2024-03-31.q980 Dumps

Email:

Our website provides the Largest and the most Latest vendors Certification Exam materials around the world.

Using dumps we provide to Pass the Exam, we has the Valid Dumps with passing guranteed just which you need.

DMCA
About
Contact Us
Privacy Policy
Terms & Conditions

©2026 FreeQAs

www.freeqas.com materials do not contain actual questions and answers from Cisco's certification exams.

Web Analytics Made Easy - Statcounter