CISA試験無料問題集（1394題）「ISACA Certified Information Systems Auditor 認定」

出題：1

Which of the following controls BEST provides confidentiality and nonrepudiation for an online business looking for digital payment data security?

A. Public Key Infrastructure (PKI)

B. Data Encryption Standard (DES)

C. Virtual Private Network (VPN)

D. Advanced Encryption Standard (AES)

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：2

An IS audit learn is evaluating the documentation related to the most recent application user-access review performed by IT and business management It is determined that the user list was not system-generated. Which of the following should be the GREATEST concern?

A. Completeness of the user list reviewed

B. Source of the user list reviewed

C. Confidentiality of the user list reviewed

D. Availability of the user list reviewed

正解：B 解答を投票する

出題：3

When reviewing a business case for a proposed implementation of a third-party system, which of the following should be an IS auditor's GREATEST concern?

A. Lack of plan for pilot implementation

B. Lack of training materials

C. Lack of detailed work breakdown structure

D. Lack of ongoing maintenance costs

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

An organization wants to use virtual desktops to deliver corporate applications to its end users. Which of the following should an IS auditor recommend to prevent domain name system (DNS) poisoning in their cloud environment?

A. Configure ONS servers to create appropriately sized responses to domain resolution requests.

B. Enable verification of administrators to protect against impersonators modifying DNS tables.

C. Ensure DNS changes are propagated across all servers in the organization's cloud account.

D. Provide corporate laptops to end users with built-in antivirus tools that scan for DNS vulnerabilities.

正解：B 解答を投票する

出題：5

What Is the BEST method to determine if IT resource spending is aligned with planned project spending?

A. Earned value analysis (EVA)

B. Gantt chart

C. Critical path analysis

D. Return on investment (ROI) analysis

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：6

Which of the following should be of GREATEST concern to an IS auditor assessing an organization's patch management program?

A. Patches are deployed from multiple deployment servers.

B. Patches for medium- and low-risk vulnerabilities are omitted.

C. There is no process in place to quarantine servers that have not been patched.

D. There is no process in place to scan the network to identify missing patches.

正解：D 解答を投票する

出題：7

Which of the following is the BEST way to strengthen the security of smart devices to prevent data leakage?

A. Review access logs to the organization's sensitive data in a timely manner.

B. Require employees to formally acknowledge security procedures.

C. Include usage restrictions in bring your own device (BYOD) security procedures.

D. Enforce strong security settings on smart devices.

正解：D 解答を投票する

出題：8

While conducting a follow-up on an asset management audit, the IS auditor finds paid invoices for IT devices not recorded in the organization's inventory. Which of the following is the auditor's BEST course of action?

A. Ask the asset management staff where the devices are.

B. Ignore the invoices since they are not part of the follow-up.

C. Make a note of the evidence to include it in the scope of a future audit.

D. Alert both audit and operations management about the discrepancy.

正解：D 解答を投票する

出題：9

Which of the following documents should define roles and responsibilities within an IT audit organization?

A. Audit charter

B. Audit scope letter

C. Annual audit plan

D. Engagement letter

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

Following a breach, what is the BEST source to determine the maximum amount of time before customers must be notified that their personal information may have been compromised?

A. Industry regulations

B. Information security policy

C. Incident response plan

D. Industry standards

正解：A 解答を投票する

出題：11

A source code repository should be designed to:

A. prevent changes from being incorporated into existing code.

B. provide secure versioning and backup capabilities for existing code.

C. provide automatic incorporation and distribution of modified code.

D. prevent developers from accessing secure source code.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：12

Which of the following is the GREATEST risk associated with utilizing spreadsheets for financial reporting in end-user computing (EUC)?

A. Increase in regulatory violations

B. Lack of processing integrity

C. Increase in operational incidents

D. Lack of password protection

正解：B 解答を投票する

出題：13

Which of the following is MOST important for an IS auditor to confirm when reviewing an organization's plans to implement robotic process automation (RPA> to automate routine business tasks?

A. Roles and responsibilities are defined for the business processes in scope.

B. The end-to-end process is understood and documented.

C. A request for proposal (RFP) has been issued to qualified vendors.

D. A benchmarking exercise of industry peers who use RPA has been completed.

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：14

When developing customer-facing IT applications, in which stage of the system development life cycle (SDLC) is it MOST beneficial to consider data privacy principles?

A. Requirements definition

B. Systems design and architecture

C. User acceptance testing (UAT)

D. Software selection and acquisition

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：15

Which of the following will MOST likely compromise the control provided By a digital signature created using RSA encryption?

A. Altering the plaintext message

B. Deciphering the receiver's public key

C. Reversing the hash function using the digest

D. Obtaining the sender's private key

正解：D 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：16

Due to limited storage capacity, an organization has decided to reduce the actual retention period for media containing completed low-value transactions. Which of the following is MOST important for the organization to ensure?

A. The retention period complies with data owner responsibilities.

B. The policy includes a strong risk-based approach.

C. The total transaction amount has no impact on financial reporting

D. The retention period allows for review during the year-end audit.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：17

For an organization that has plans to implement web-based trading, it would be MOST important for an IS auditor to verify the organization's information security plan includes:

A. security requirements for the new application.

B. the firewall configuration for the web server.

C. attributes for system passwords.

D. security training prior to implementation.

正解：A 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

CISA試験無料問題集「ISACA Certified Information Systems Auditor 認定」