CISA試験について
CISAの試験は毎年行われます。最新のCISA業務分析から生み出された、5つの実務領域に関する多肢選択方式の問題200問で構成され、4時間かけて実施されます。下記の実務領域とパーセントは、試験に出る質問の重要度を示します。この業務分析は、著名な業界リーダー、当該問題の専門家、業界の実務家が考案および検証しています。
実務領域
下記は、試験の実務領域と定義です。
1. 情報システム監査のプロセス(14%)—IT監査基準に従って、組織における情報システムの保護とコントロールを支援するための監 査サービスを提供する。
2. ITガバナンスとマネジメント(14%)—目標を達成し、組織の戦略を支援するために必要とされるリーダーシップ、組織構造、およびプロ セスを備えているという保証を提供する。
3. 情報システムの取得、開発、導入(19%)—情報システムの調達、開発、テスト、導入の各業務が組織の戦略と目標を満たしているという保証を提供する。
4. 情報システムの運用、保守、サポート(23%)—情報システムの運用、保守、およびサポートのプロセスが、組織の戦略と目標を満たしているという保証を提供する。
5. 情報資産の保護(30%)—組織のセキュリティポリシー、基準、手順、コントロールが、情報資産の機密性、完全性、可用性を確保しているという保証を提供する。
CISA試験の問題は、情報システムの監査、コントロール、保証およびセキュリティ実務における個々人の熟練度を正確に評価できるよう、注意深く作成および管理されています。
多くの人々は高い難度のIT認証試験に合格するのは専門の知識が必要だと思います。それは確かにそうですが、その知識を身につけることは難しくないとといわれています。IT業界ではさらに強くなるために強い専門知識が必要です。ISACA CISA関連資料に合格することが簡単ではなくて、ISACA CISA関連資料証明書は君にとってはIT業界に入るの一つの手づるになるかもしれません。しかし必ずしも大量の時間とエネルギーで復習しなくて、弊社が丹精にできあがった問題集を使って、試験なんて問題ではありません。
あなたはインターネットでISACAのCISA関連資料の練習問題と解答の試用版を無料でダウンロードしてください。そうしたらあなたはJapanCertが用意した問題集にもっと自信があります。早くJapanCertの問題集を君の手に入れましょう。
試験番号:CISA 試験過去問試験科目:「Certified Information Systems Auditor」
最近更新時間:2016-02-24
問題と解答:1178
NO.1 An IS auditor performing detailed network assessments and access control reviews should
FIRST:
A. determine the points of entry.
B. assess users' identification and authorization.
C. evaluate the domain-controlling server configuration.
D. evaluate users' access authorization.
Answer: A
CISA学習指導
Explanation:
In performing detailed network assessments and access control reviews, an IS auditor should first
determine the points of entry to the system and review the points of entry accordingly for
appropriate controls. Evaluation of user access authorization, assessment of user identification and
authorization, and evaluation of the domain-controlling server configuration are all implementation
issues for appropriate controls for the points of entry.
NO.2 Which of the following could lead to an unintentional loss of confidentiality? Choose the BEST
answer.
A. A momentary lapse of reason
B. Failure to comply with a company's information security policy
C. Lack of security policy enforcement procedures
D. Lack of employee awareness of a company's information security policy
Answer: D
CISA口コミ
Explanation:
Lack of employee awareness of a company's information security policy could lead to an
unintentional loss of confidentiality.
NO.3 Which of the following BEST describes the role of a directory server in a public key
infrastructure (PKI)?
A. Makes other users' certificates available to applications
B. Facilitates the implementation of a password policy
C. Encrypts the information transmitted over the network
D. Stores certificate revocation lists (CRLs)
Answer: A
CISAトレーニング費用 CISA試験スクール
Explanation:
A directory server makes other users' certificates available to applications. Encrypting the
information transmitted over the network and storing certificate revocation lists (CRLs) are roles
performed by a security server. Facilitating the implementation of a password policy is not relevant
to public key infrastructure (PKl).
NO.4 What are intrusion-detection systems (IDS) primarily used for?
A. To identify intrusion attempts to a network
B. To prevent intrusion attempts to a network
C. To identify AND prevent intrusion attempts to a network
D. Forensic incident response
Answer: A
CISA無料更新
Explanation:
Intrusion-detection systems (IDS) are used to identify intrusion attempts on a network.
NO.5 When developing a security architecture, which of the following steps should be executed
FIRST?
A. Specifying an access control methodology
B. Defining roles and responsibilities
C. Defining a security policy
D. Developing security procedures
Answer: C
CISAキャッシュ CISA虎の巻
Explanation:
Defining a security policy for information and related technology is the first step toward building a
security architecture. A security policy communicates a coherent security standard to users,
management and technical staff. Security policies willoften set the stage in terms of what tools and
procedures are needed for an organization. The other choices should be executed only after defining
a security policy.
NO.6 An IS auditor analyzing the audit log of a database management system (DBMS) finds that
some transactions were partially executed as a result of an error, and are not rolled back. Which of
the following transaction processing features has been violated?
A. Isolation
B. Consistency
C. Durability
D. Atomicity
Answer: D
CISA試験解答
Explanation:
Atomicity guarantees that either the entire transaction is processed or none of it is. Consistency
ensures that the database is in a legal state when the transaction begins and ends, isolation means
that, while in an intermediate state, the transaction data is invisible to external operations. Durability
guarantees that a successful transaction will persist, and cannot be undone.
NO.7 The Secure Sockets Layer (SSL) protocol addresses the confidentiality of a message through:
A. symmetric encryption.
B. message authentication code.
C. hash function.
D. digital signature certificates.
Answer: A
CISA返済
Explanation:
SSL uses a symmetric key for message encryption. A message authentication code is used for
ensuring data integrity. Hash function is used for generating a message digest; it does not use public
key encryption for message encryption. Digital signature certificates are used by SSL for server
authentication.
NO.8 Which of the following applet intrusion issues poses the GREATEST risk of disruption to an
organization?
A. A program that deposits a virus on a client machine
B. Applets opening connections from the client machine
C. Downloaded code that reads files on a client's hard drive
D. Applets recording keystrokes and, therefore, passwords
Answer: B
CISA資格取得
Explanation:
An applet is a program downloaded from a web server to the client, usually through a web browser
that provides functionality for database access, interactive web pages and communications with
other users. Applets opening connections from the client machine to other machines on the network
and damaging those machines, as a denial-of-service attack, pose the greatest threat to an
organization and could disrupt business continuity. A program that deposits a virus on a client
machine is referred toas a malicious attack (i.e., specifically meant to cause harm to a client
machine), but may not necessarily result in a disruption of service. Applets that record keystrokes,
and therefore, passwords, and downloaded code that reads files on a client's hard drive relate more
to organizational privacy issues, and although significant, are less likely to cause a significant
disruption of service.
JapanCertは最新のC9560-655問題集と高品質のJN0-691問題と回答を提供します。JapanCertのMB6-703 VCEテストエンジンとC9560-568試験ガイドはあなたが一回で試験に合格するのを助けることができます。高品質のC2090-012 PDFトレーニング教材は、あなたがより迅速かつ簡単に試験に合格することを100%保証します。試験に合格して認証資格を取るのはそのような簡単なことです。
CISA学習資料: http://cisa.jpcert.com