Free Access to ISACA.CISA.v2024-03-31.q980 with Valid Practice Test (Page 140)

Request Exam Contact

Home
View All Exams
New QA's
Upload

PRACTICE EXAMS:

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce
Other

Oracle
Fortinet
Juniper
Microsoft
Cisco
Citrix
CompTIA
VMware
SAP
EMC
PMI
HP
Salesforce

Home
ISACA Certification
CISA Exam
ISACA.CISA.v2024-03-31.q980 Dumps

««
«
…
135
136
137
138
139
140
141
142
143
144
…
»
»»

Question 691

Which of the following is the key benefit of control self-assessment (CSA)?

A.Management ownership of the internal controls supporting business objectives is reinforced.
B.Audit expenses are reduced when the assessment results are an input to external audit work.
C.Improved fraud detection since internal business staff are engaged in testing controls
D.Internal auditors can shift to a consultative approach by using the results of the assessment.

Correct Answer: A

The objective of control self-assessment is to have business management become more aware of the importance of internal control and their responsibility in terms of corporate governance. Reducing audit expenses is not a key benefit of control self-assessment (CSA). improved fraud detection is important, but not as important as ownership, and is not a principal objective of CSA. CSA may give more insights to internal auditors, allowing them to take a more consultative role; however, this is an additional benefit, not the key benefit.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 692

Which of the following are examples of tools for launching Distributed DoS Attack (choose all that apply):

A.TFN
B.TFN2K
C.Trin00
D.Stacheldracht
E.Tripwire

Correct Answer: A,B,C,D

Explanation/Reference:
Explanation:
Distributed DoS Attack is a network-based attack from many servers used remotely to send packets.
Examples of tools for conducting such attack include TFN, TFN2K, Trin00, Stacheldracht, and variants.
The best defense is to make sure all systems patches are up-to-date. Also make sure your firewalls are configured appropriately.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 693

An IS auditor finds that a DBA has read and write access to production data. The IS auditor should:

A.accept the DBA access as a common practice.
B.assess the controls relevant to the DBA function.
C.recommend the immediate revocation of the DBA access to production data.
D.review user access authorizations approved by the DBA.

Correct Answer: B

Section: Protection of Information Assets
Explanation:
It is good practice when finding a potential exposure to look for the best controls. Though granting the
database administrator (DBA) access to production data might be a common practice, the IS auditor should
evaluate the relevant controls. The DBA should have access based on a need-to- know and need-to-do
basis; therefore, revocation may remove the access required. The DBA, typically, may need to have access
to some production data. Granting user authorizations is the responsibility of the data owner and not the
DBA.

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 694

Which of the following methodologies is MOST appropriate to use for developing software with incomplete requirements?

A.Waterfall
B.Critical chain
C.Process-based
D.Agile

Correct Answer: A

Comment: *

Name: *

Email: *

Verification: *

insert code

Question 695

Which audit technique provides the BEST evidence of the segregation of duties in an IS department?

A.Discussion with management
B.Review of the organization chart
C.Observation and interviews
D.Testing of user access rights

Correct Answer: C

Explanation/Reference:
Explanation:
By observing the IS staff performing their tasks, an IS auditor can identify whether they are performing any incompatible operations, and by interviewing the IS staff, the auditor can get an overview of the tasks performed. Based on the observationsand interviews the auditor can evaluate the segregation of duties.
Management may not be aware of the detailed functions of each employee in the IS department; therefore, discussion with the management would provide only limited information regardingsegregation of duties. An organization chart would not provide details of the functions of the employees. Testing of user rights would provide information about the rights they have within the IS systems, but would not provide complete information about the functions they perform.

Comment: *

Name: *

Email: *

Verification: *

insert code

««
«
…
135
136
137
138
139
140
141
142
143
144
…
»
»»

[×]

Download PDF File

Enter your email address to download ISACA.CISA.v2024-03-31.q980 Dumps

Email:

Our website provides the Largest and the most Latest vendors Certification Exam materials around the world.

Using dumps we provide to Pass the Exam, we has the Valid Dumps with passing guranteed just which you need.

DMCA
About
Contact Us
Privacy Policy
Terms & Conditions

©2026 FreeQAs

www.freeqas.com materials do not contain actual questions and answers from Cisco's certification exams.

Web Analytics Made Easy - Statcounter