CISA無料問題集「ISACA Certified Information Systems Auditor」

質問 1

If a recent release of a program has to be backed out of production, the corresponding changes within the delta version of the code should be:

（A）eliminated from the source code that reflects the version in production.

（B）reinstalled when replacing the version back into production.

（C）filed in production for future reference in researching the problem.

（D）applied to the source code that reflects the version in production.

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

Which of the following would be of GREATEST concern to an IS auditor reviewing the feasibility study for a new application system?

（A）Conditions under which the system will operate are unclear.

（B）System requirements and expectations have not been clarified.

（C）Security requirements have not been defined.

（D）The business case does not include well-defined strategic benefits.

正解：B 解答を投票する

質問 3

Which of the following should be the IS auditor's PRIMARY focus when evaluating an organizations offsite storage facility?

（A）Adequacy of physical and environmental controls

（B）Results of business continuity plan (BCP) tests

（C）Retention policy and period

（D）Shared facilities

正解：A 解答を投票する

質問 4

An organization is concerned about duplicate vendor payments on a complex system with a high volume of transactions. Which of the following would be MOST helpful to an IS auditor to determine whether duplicate vendor payments exist?

（A）Process walk-through

（B）Statistical sampling

（C）Stratified sampling

（D）Computer-assisted audit technique (CAAT)

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

Which of the following should be the FIRST consideration when deciding whether data should be moved to a cloud provider for storage?

（A）Data classification

（B）Service level agreements (SLAs)

（C）Vendor cloud certification

（D）Data storage costs

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 6

Which of the following is the BEST control to help ensure the completeness of outbound transactions?

（A）Ensure the validity of the recipient ID and use auto-numbered reports.

（B）Verify transactions are sequentially numbered in the header record.

（C）Perform edit checks to identify erroneous, unusual, or invalid transactions.

（D）Maintain a log of the number of messages sent and validate periodically.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

Which of the following components of a risk assessment is MOST helpful to management in determining the level of risk mitigation to apply?

（A）Impact assessment

（B）Risk classification

（C）Control self-assessment (CSA)

（D）Risk identification

正解：A 解答を投票する

質問 8

During which stage of the penetration test cycle does the tester utilize identified vulnerabilities to attempt to access the target system?

（A）Exploitation

（B）Scanning

（C）Reconnaissance

（D）Exfiltration

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

A security administrator is called in the middle of the night by the on-call programmer A number of programs have failed, and the programmer has asked for access to the live system. What IS the BEST course of action?

（A）Give the programmer an emergency ID for temporary access and review the activity

（B）Give the programmer read-only access to investigate the problem

（C）Require that a change request be completed and approved

（D）Review activity logs the following day and investigate any suspicious activity

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

What should be the PRIMARY focus during a review of a business process improvement project?

（A）Continuous monitoring plans

（B）Business project plan

（C）The cost of new controls

（D）Business impact

正解：D 解答を投票する

質問 11

Which of the following provides IS audit professionals with the BEST source of direction for performing audit functions?

（A）Audit best practices

（B）Audit charter

（C）Information security policy

（D）IT steering committee

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

Which of the following statements appearing in an organization's acceptable use policy BEST demonstrates alignment with data classification standards related to the protection of information assets?

（A）All information assets will be assigned a clearly defined level to facilitate proper employee handling.

（B）Any information assets transmitted over a public network must be approved by executive management.

（C）Information assets should only be accessed by persons with a justified need.

（D）All information assets must be encrypted when stored on the organization's systems.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

Which of the following is the MOST important determining factor when establishing appropriate timeframes for follow-up activities related to audit findings?

（A）Remediation dates included in management responses

（B）Complexity of business processes identified in the audit

（C）Peak activity periods for the business

（D）Availability of IS audit resources

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 14

The IS auditor has recommended that management test a new system before using it in production mode. The BEST approach for management in developing a test plan is to use processing parameters that are:

（A）provided by the vendor of the application.

（B）simulated by production entities and customers.

（C）randomly selected by a test generator.

（D）randomly selected by the user.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 15

Which of the following is a challenge in developing a service level agreement (SLA) for network services?

（A）Ensuring that network components are not modified by the client

（B）Establishing a well-designed framework for network servirces.

（C）Reducing the number of entry points into the network

（D）Finding performance metrics that can be measured properly

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 16

Which of the following is the MOST important success factor for implementing a data loss prevention (DLP) tool?

（A）Assigning responsibilities for maintaining the tool to applicable data owners and stakeholders

（B）Defining and configuring policies and tool rule sets to monitor sensitive data movement

（C）Implementing the tool in monitor mode to avoid unnecessary blocking of communication

（D）Testing the tool in a test environment before moving to the production environment

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 17

External audits have identified recurring exceptions in the user termination process, despite similar internal audits having reported no exceptions in the past. Which of the following is the IS auditor's BEST course of action to improve the internal audit process in the future?

（A）Review the internal audit sampling methodology.

（B）Review control self-assessment (CSA) results.

（C）Include the user termination process in all upcoming audits.

（D）Review user termination process changes.

正解：A 解答を投票する

質問 18

An organization has decided to build a data warehouse using source data from several disparate systems to support strategic decision-making.
Which of the following is the BEST way to ensure the accuracy and completeness of the data used to support business decisions?

（A）The source data is from the current year of operations so that irrelevant data from prior years is not included.

（B）The source data is modified in the data warehouse to remove confidential or sensitive information.

（C）The source data is pre-selected so that it already supports senior management's desired business decision outcome.

（D）The source data is standardized and cleansed before loading into the data warehouse.

正解：D 解答を投票する

CISA 無料問題集「ISACA Certified Information Systems Auditor」

弊社を連絡する

関連リンク

トップ試験