Free ISACA CISA Practice Exams - Page 2 of 62

Question #11

An IS audit reveals an IT application is experiencing poor performance including data inconsistency and integrity issues.

What is the MOST likely cause?

A . Database clustering
B . Data caching
C . Reindexing of the database table
D . Load balancing

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Data caching is the most likely cause of poor performance, data inconsistency and integrity issues in an IT application, because it involves storing frequently accessed data in a temporary memory location (cache) to reduce the latency and bandwidth consumption of retrieving data from the original source. However, data caching can also introduce problems such as stale data (when the cache is not updated with changes made to the original source), cache coherence (when multiple caches store copies of the same data and need to be synchronized), and cache corruption (when the cache is damaged or tampered with).

Database clustering is not a likely cause of poor performance, data inconsistency and integrity issues, because it involves distributing data across multiple servers or nodes to improve availability, scalability and load balancing of database operations. Database clustering can also enhance data consistency and integrity by using replication and synchronization mechanisms to ensure that all nodes have the same view of the data.

Reindexing of the database table is not a likely cause of poor performance, data inconsistency and integrity issues, because it involves rebuilding or reorganizing indexes on tables or views to improve query performance and reduce fragmentation of index pages. Reindexing can also improve data consistency and integrity by ensuring that indexes reflect the current state of the data in the tables or views.

Load balancing is not a likely cause of poor performance, data inconsistency and integrity issues, because it involves distributing workloads across multiple servers or resources to optimize resource utilization, throughput and response time of applications. Load balancing can also enhance data consistency and integrity by using algorithms and protocols to route requests to the most appropriate server or resource based on availability, capacity and performance.

References:

Data Caching

Database Clustering

Reindexing Database Tables in SQL Server

[Load Balancing]

Question #12

Which of the following is MOST useful for determining the strategy for IT portfolio management?

A . IT metrics dashboards
B . IT roadmap
C . Capability maturity model
D . Life cycle cost-benefit analysis

Reveal Solution Hide Solution

Question #13

Which of the following BEST describes the role of a document owner when implementing a data classification policy in an organization?

A . Classifies documents to correctly reflect the level of sensitivity of information they contain
B . Defines the conditions under which documents containing sensitive information may be transmitted
C . Classifies documents in accordance with industry standards and best practices
D . Ensures documents are handled in accordance With the sensitivity of information they contain

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

The role of a document owner when implementing a data classification policy in an organization is to classify documents to correctly reflect the level of sensitivity of information they contain. A document owner is the person who is ultimately responsible for the creation, maintenance, and protection of a document, usually a member of senior management or a business unit1. A data classification policy is a plan that defines how the organization categorizes its data based on its value, risk, and regulatory requirements, and how it handles and secures each data category2.

According to the data classification policy template by Netwrix3, one of the roles and responsibilities of the document owner is to assign data classification labels based on the data’s potential impact level. Data classification labels are tags or markings that indicate the sensitivity level of the data, such as public, internal, confidential, or restricted. The document owner should apply the data classification labels to the documents that contain the data, either manually or automatically, using tools and methods such as metadata, watermarks, headers, footers, or encryption. The document owner should also review and update the data classification labels periodically or whenever there is a change in the data’s sensitivity level.

By classifying documents to correctly reflect the level of sensitivity of information they contain, the document owner can help to ensure that the documents are handled in accordance with the data classification policy. This means that the documents are stored, accessed, shared, transmitted, and disposed of in a secure and appropriate manner, based on the rules and controls defined for each data category. This can also help to prevent data loss, leakage, or breach incidents that may cause harm or damage to the organization or its stakeholders.

Therefore, option A is the correct answer.

References:

Data Classification Policy: Definition, Examples, & Free Template2

Data Classification Policy Template – Netwrix3

Data Classification and Handling Policy – University of Hull1

Question #14

An IS auditor is evaluating the progress of a web-based customer service application development project.

Which of the following would be MOST helpful for this evaluation?

A . Backlog consumption reports
B . Critical path analysis reports
C . Developer status reports
D . Change management logs

Reveal Solution Hide Solution

Question #15

During the implementation of a new system, an IS auditor must assess whether certain automated calculations comply with the regulatory requirements.

Which of the following is the BEST way to obtain this assurance?

A . Review sign-off documentation
B . Review the source code related to the calculation
C . Re-perform the calculation with audit software
D . Inspect user acceptance lest (UAT) results

Reveal Solution Hide Solution

Question #16

An IS auditor is reviewing a decision to consolidate processing for multiple applications onto a single large server.

Which of the following is the MOST significant impact from this decision?

A . Higher operating system license fees
B . More applications affected by a server outage
C . Simplified asset management
D . Fewer application servers requiring vulnerability scans

Reveal Solution Hide Solution

Question #17

Which of the following data would be used when performing a business impact analysis (BIA)?

A . Projected impact of current business on future business
B . Cost-benefit analysis of running the current business
C . Cost of regulatory compliance
D . Expected costs for recovering the business

Reveal Solution Hide Solution

Question #18

An IS auditor is providing input to an RFP to acquire a financial application system.

Which of the following is MOST important for the auditor to recommend?

A . The application should meet the organization’s requirements.
B . Audit trails should be included in the design.
C . Potential suppliers should have experience in the relevant area.
D . Vendor employee background checks should be conducted regularly.

Reveal Solution Hide Solution

Question #19

Which of the following BEST enables an IS auditor to combine and compare access control lists from various applications and devices?

A . Integrated test facility (ITF)
B . Snapshots
C . Data analytics
D . Audit hooks

Reveal Solution Hide Solution

Question #20

Which of the following should be the FIRST step in the incident response process for a suspected breach?

A . Inform potentially affected customers of the security breach
B . Notify business management of the security breach.
C . Research the validity of the alerted breach
D . Engage a third party to independently evaluate the alerted breach.

Reveal Solution Hide Solution