ISACA 新增的官方习题50道Word格式文档下载.docx
- 文档编号:6841989
- 上传时间:2023-05-07
- 格式:DOCX
- 页数:12
- 大小:20.17KB
ISACA 新增的官方习题50道Word格式文档下载.docx
《ISACA 新增的官方习题50道Word格式文档下载.docx》由会员分享,可在线阅读,更多相关《ISACA 新增的官方习题50道Word格式文档下载.docx(12页珍藏版)》请在冰点文库上搜索。
D.providedconsultingadviceconcerningapplicationsystembestpractices.
3.APRIMARYbenefitderivedfromanorganizationemployingcontrolself-assessment(CSA)techniquesisthatit:
A.canidentifyhigh-riskareasthatmightneedadetailedreviewlater.
B.allowsISauditorstoindependentlyassessrisk.
C.canbeusedasareplacementfortraditionalaudits.
D.allowsmanagementtorelinquishresponsibilityforcontrol.
4.Withregardtotheevidencegatheredduringacomputerforensicinvestigation,anISauditorshouldbeMOSTconcernedwith:
A.analysis.
B.evaluation.
C.preservation.
D.disclosure.
5.WhichofthefollowingBESTdescribestheearlystagesofanISaudit?
A.Observingkeyorganizationalfacilities
B.AssessingtheISenvironment
C.Understandingthebusinessprocessandenvironmentapplicabletothereview
D.ReviewingpriorISauditreports
6.Duringthecourseofanaudit,anISauditorobservesthatdutiesarenotproperlysegregated.Undersuchacircumstance,theISauditorshouldlookfor:
A.overlappingcontrols.
B.preventivecontrols.
C.compensatingcontrols.
D.logicalaccesscontrols.
7.BeforeimplementinganITbalancedscorecard,anorganizationmust:
A.delivereffectiveandefficientservices.
B.definekeyperformanceindicators.
C.providebusinessvaluetoITprojects.
D.controlITexpenses.
8.ToassistanorganizationinplanningforITinvestments,theISauditorshouldrecommendtheuseof:
A.projectmanagementtools.
B.anobjectorientedarchitecture.
C.tacticalplanning.
D.enterprisearchitecture.
9.AnISauditorshouldexpectwhichofthefollowingitemstobeincludedintherequestforproposal(RFP)whenISisprocuringservicesfromanindependentserviceprovider(ISP)?
A.Referencesfromothercustomers
B.Servicelevelagreement(SLA)template
C.Maintenanceagreement
D.Conversionplan
10.ITgovernanceensuresthatanorganizationalignsitsITstrategywith:
A.enterpriseobjectives.
B.ITobjectives.
C.auditobjectives.
D.controlobjectives.
11.AnISauditorshouldensurethatITgovernanceperformancemeasures:
A.evaluatetheactivitiesofIToversightcommittees.
B.providestrategicITdrivers.
C.adheretoregulatoryreportingstandardsanddefinitions.
D.evaluatetheITdepartment.
12.WhichofthefollowingwouldbeincludedinanISstrategicplan?
A.Specificationsforplannedhardwarepurchases
B.Analysisoffuturebusinessobjectives
C.Targetdatesfordevelopmentprojects
D.AnnualbudgetarytargetsfortheISdepartment
13.Whenreviewingasystemdevelopmentprojectattheprojectinitiationstage,anISauditorfindsthattheprojectteamisfollowingtheorganization’squalitymanual.Tomeetcriticaldeadlinestheprojectteamproposestofasttrackthevalidationandverificationprocesses,commencingsomeelementsbeforethepreviousdeliverableiscomplete.Underthesecircumstances,theISauditorshould:
A.reportthisasacriticalfindingtoseniormanagement.
B.acceptthatdifferentqualityprocessescanbeadoptedforeachproject.
C.reporttoISmanagementtheteam’sfailuretofollowqualityprocedures.
D.reporttherisksassociatedwithfasttrackingtotheprojectsteeringcommittee.
14.Whichofthefollowingriskscouldresultfrominadequatesoftwarebaselining?
A.Scopecreep
B.Sign-offdelays
C.Softwareintegrityviolations
D.Inadequatecontrols
15.Whichofthefollowingiscriticaltotheselectionandacquisitionofthecorrectoperatingsystemsoftware?
A.Competitivebids
B.Userdepartmentapproval
C.Hardwareconfigurationanalysis
D.Purchasingdepartmentapproval
16.Whenconductingareviewofbusinessprocessreengineering,anISauditorfoundthatakeypreventivecontrolhadbeenremoved.TheISauditorshould:
A.informmanagementofthefindinganddeterminewhethermanagementiswillingtoacceptthepotentialmaterialriskofnothavingthatpreventivecontrol.
B.determineifadetectivecontrolhasreplacedthepreventivecontrolduringtheprocessand,ifithas,notreporttheremovalofthepreventivecontrol.
C.recommendthatthisandallcontrolproceduresthatexistedbeforetheprocesswasreengineeredbeincludedinthenewprocess.
D.developacontinuousauditapproachtomonitortheeffectsoftheremovalofthepreventivecontrol.
17.Toassistintestingacorebankingsystembeingacquired,anorganizationhasprovidedthevendorwithsensitivedatafromitsexistingproductionsystem.AnISauditor'
sPRIMARYconcernisthatthedatashouldbe:
A.sanitized.
B.complete.
C.representative
D.current.
18.Anorganizationdecidestopurchaseapackageinsteadofdevelopingit.Insuchacase,thedesignanddevelopmentphasesofatraditionalsoftwaredevelopmentlifecycle(SDLC)wouldbereplacedwith:
A.selectionandconfigurationphases.
B.feasibilityandrequirementsphases.
C.implementationandtestingphases.
D.nothing;
replacementisnotrequired.
19.AnISauditorisperformingaprojectreviewtoidentifywhetheranewapplicationhasmetbusinessobjectives.Whichofthefollowingtestreportsoffersthemostassurancethatbusinessobjectivesaremet?
A.Useracceptance
B.Performance
C.Sociability
D.Penetration
20.Whenreviewinginputcontrols,anISauditorobservesthatinaccordancewithcorporatepolicy,proceduresallowsupervisoryoverrideofdatavalidationedits.TheISauditorshould:
A.notbeconcernedsincetheremaybeothercompensatingcontrolstomitigatetherisks.
B.ensurethatoverridesareautomaticallyloggedandsubjecttoreview.
C.verifywhetherallsuchoverridesarereferredtoseniormanagementforapproval.
D.recommendthatoverridesnotbepermitted.
21.CapacitymonitoringsoftwareisMAINLYusedtoensure:
A.maximumuseofavailablecapacity.
B.thatfutureacquisitionsmeetuserneeds.
C.concurrentusebyalargenumberofusers.
D.continuityofefficientoperations.
22.WhichofthefollowingexposuresassociatedwiththespoolingofsensitivereportsforofflineprintingshouldanISauditorconsidertobetheMOSTserious?
A.Sensitivedatacanbereadbyoperators.
B.Datacanbeamendedwithoutauthorization.
C.Unauthorizedreportcopiescanbeprinted.
D.Outputcanbelostintheeventofsystemfailure.
23.Thedatabaseadministratorhasdecidedtodisablecertainnormalizationcontrolsinthedatabasemanagementsystem(DBMS)softwaretoprovideuserswithincreasedqueryperformance.ThiswillMOSTlikelyincreasetheriskof:
A.lossofaudittrails.
B.redundancyofdata.
C.lossofdataintegrity.
D.unauthorizedaccesstodata.
24.AnISauditorevaluatingtheresilienceofahigh-availabilitynetworkshouldbeMOSTconcernedif:
A.thesetupisgeographicallydispersed.
B.thenetworkserversareclusteredinasite.
C.ahotsiteisreadyforactivation.
D.diverseroutingisimplementedforthenetwork.
25.Whenreviewingaservicelevelagreementforanoutsourcedcomputercenter,anISauditorshouldFIRSTdeterminethat:
A.thecostproposedfortheservicesisreasonable.
B.securitymechanismsarespecifiedintheagreement.
C.theservicesintheagreementarebasedonananalysisofbusinessneeds.
D.auditaccesstothecomputercenterisallowedundertheagreement.
26.AnISauditorshouldrecommendtheuseoflibrarycontrolsoftwaretoprovidereasonableassurancethat:
A.programchangeshavebeenauthorized.
B.onlythoroughlytestedprogramsarereleased.
C.modifiedprogramsareautomaticallymovedtoproduction.
D.sourceandexecutablecodeintegrityismaintained.
27.WhichofthefollowingprovidestheBESTmethodfordeterminingthelevelofperformanceprovidedbysimilarinformation-processing-facilityenvironments?
A.Usersatisfaction
B.Goalaccomplishment
C.Benchmarking
D.Capacityandgrowthplanning
28.Whichofthefollowingsatisfiesatwo-factoruserauthentication?
A.Irisscanningplusfingerprintscanning
B.TerminalIDplusglobalpositioningsystem
C.Asmartcardrequiringtheuser'
sPIN
D.UserIDalongwithpassword
29.Namingconventionsforsystemresourcesareimportantforaccesscontrolbecausethey:
A.ensurethatresourcenamesarenotambiguous.
B.reducethenumberofrulesrequiredtoadequatelyprotectresources.
C.ensurethatuseraccesstoresourcesisclearlyanduniquelyidentified.
D.ensurethatinternationallyrecognizednamesareusedtoprotectresources.
30.WhichofthefollowingwouldMOSTeffectivelyreducesocialengineeringincidents?
A.Securityawarenesstraining
B.Increasedphysicals
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- ISACA 新增的官方习题50道 新增 官方 习题 50