NO.1 An IS auditor performing detailed network assessments and access control reviews should
FIRST:
A. evaluate users' access authorization.
B. determine the points of entry.
C. assess users' identification and authorization.
D. evaluate the domain-controlling server configuration.
Answer: B

CISA認定デベロッパー   CISA範囲   
Explanation:
In performing detailed network assessments and access control reviews, an IS auditor should first
determine the points of entry to the system and review the points of entry accordingly for
appropriate controls. Evaluation of user access authorization, assessment of user identification and
authorization, and evaluation of the domain-controlling server configuration are all implementation
issues for appropriate controls for the points of entry.

NO.2 Which of the following would effectively verify the originator of a transaction?
A. Using a portable document format (PDF) to encapsulate transaction content
B. Using a secret password between the originator and the receiver
C. Encrypting the transaction with the receiver's public key
D. Digitally signing the transaction with the source's private key
Answer: D

CISAクエリ   
Explanation:
A digital signature is an electronic identification of a person, created by using a public key algorithm,
to verify to a recipient the identity of the source of a transaction and the integrity of its content.
Since they are a 'shared secret' between the user and the system itself, passwords are considered a
weaker means of authentication. Encrypting the transaction with the recipient's public key will
provide confidentiality for the information, while using a portable document format(PDF) will probe
the integrity of the content but not necessarily authorship.

NO.3 Which of the following is the MOST important action in recovering from a cyberattack?
A. Use of cybenforensic investigators
B. Filing an insurance claim
C. Execution of a business continuity plan
D. Creation of an incident response team
Answer: C

CISA解答例   
Explanation:
The most important key step in recovering from cyberattacks is the execution of a business continuity
plan to quickly and cost-effectively recover critical systems, processes and datA. The incident
response team should exist prior to a cyberattack. When a cyberattack is suspected, cyberforensics
investigators should be used to set up alarms, catch intruders within the network, and track and trace
them over the Internet. After taking the above steps, an organization may have a residual risk
thatneeds to be insured and claimed for traditional and electronic exposures.

NO.4 When developing a security architecture, which of the following steps should be executed
FIRST?
A. Defining a security policy
B. Defining roles and responsibilities
C. Developing security procedures
D. Specifying an access control methodology
Answer: A

CISA資格認定試験   
Explanation:
Defining a security policy for information and related technology is the first step toward building a
security architecture. A security policy communicates a coherent security standard to users,
management and technical staff. Security policies willoften set the stage in terms of what tools and
procedures are needed for an organization. The other choices should be executed only after defining
a security policy.

JPexamはISACAのCISM学習に受かりたい各受験生に明確かつ顕著なソリューションを提供しました。当社はISACAのCISM学習の詳しい問題と解答を提供します。当社のIT専門家が最も経験と資格があるプロな人々で、我々が提供したテストの問題と解答は実際の認定試験と殆ど同じです。これは本当に素晴らしいことです。それにもっと大切なのは、JPexamのサイトは世界的でCISM学習によっての試験合格率が一番高いです。

人々は異なる目標がありますが、我々はあなたにISACAのCISA模擬試験に合格させるという同じ目標があります。この目標を達成するのは、あなたにとってIT分野での第一歩だけですが、我々のISACAのCISA模擬試験を開発するすべての意義です。だから、我々は尽力して我々の問題集を多くしてJPexamの専門かたちに研究させてあなたの合格する可能性を増大します。あなたの利用するISACAのCISA模擬試験が最新版のを保証するために、一年間の無料更新を提供します。

CISA模擬試験はIT業界の新たなターニングポイントの一つです。試験に受かったら、あなたはIT業界のエリートになることができます。情報技術の進歩と普及につれて、ISACAのCISA模擬試験と解答を提供するオンライン·リソースが何百現れています。その中で、JPexamが他のサイトをずっと先んじてとても人気があるのは、JPexamのISACAのCISA模擬試験が本当に人々に恩恵をもたらすことができて、速く自分の夢を実現することにヘルプを差し上げられますから。

購入前にお試し,私たちの試験の質問と回答のいずれかの無料サンプルをダウンロード：http://www.jpexam.com/CISA_exam.html