CISA Exam
Gap Analysis would be the best method to identify issues that need to be addressed in the reengineering process. Gap analysis indicates which parts of current processes conform to best practices (desired state) and which do not.
An application gateway firewall is effective in preventing applications such as File Transfer Protocols (FTPs) from entering the organization's network.
Inform appropriate personnel immediately
The first thing an IS auditor should do after detecting the virus is to alert the organization to its presence, then wait for their response.
The MAIN reason for requiring that all computer clocks across an organization be sychronized is to:
During an investigation of incidents, audit logs used as evidence, and the time stamp information in them is useful. If the checks are not synchronized investigations will be more difficult because a time line of event occurring on different systems might
An Is auditor is assessing services provided by an internet service provider (ISP) during an IS compliance audit of a nationwide corporation that operates a governmental program. Which of the following is MOST Important?
A service level agreement (SLA) provides the basis for adequate assessment of the degree to which the provider is meeting the level of agreed-on service.
When performing a database review, an Is auditor notices that some tables in the database are not normalized. The IS auditor should next:
If the database is not normalized, the IS auditor should review the justification because, in some situations, denormalization is recommended for performance reasons.
The objecting of concurrency control in a database system is to:
Concurrency controls prevent data integrity problems. which can arise when two update processes access the same data them at the same time
Which of the following BEST limits the impacts of server failures in a distributed environment?
Clustering allows two or more servers to work as a unit so that when one of them fails, the other takes over.
During an audit of a small enterprise, the IS auditor noted that the IS director has superuser-privilege access that allows the director to process requests for changes to the application access roles (access types). Which of the following should the IS a
The IS auditor should recommend implementation of processes that could prevent or detect improper changes from being made to the major application roles. The application role change request process should start and be approved by the business owner; then,
An IS auditor reviewing a cloud computing environment managed by a third party should be MOST concerned when:
Administration of cloud computing occurs over the Internet and involves more than one participating entity. It is the responsibility of each of the partners in the cloud computing environment to take care of security issues in their own environments. when
An IS auditor discovers that some hard drives disposed of by an enterprise were not sanitized in a manner that would reasonably ensure the data could not be recovered. In addition, enterprise doesn't have a written policy on data disposal. The IS auditor
Even though a policy is not available, the IS auditor should make a determination as to the nature of the information on the hard drives to quantify, as much as possible, the risk.
What is the BEST backup strategy for a large database with data supporting online sales
Mirrored hard disks will ensure that all data are backed up to more than one disk so that a failure of one disk will not result in loss of data.
And organization is reviewing its contract with a cloud computing provider. For which of the following reasons would the organization want to remove a lock-in clause from the contract?
When drawing up a contract with a cloud service provider, the ideal practice is to remove the customer lock-in clause. It may be important for the client to secure portability of their system assets, i.e., the right to transfer from one vendor to another.
In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend?
An IS auditor must consider recommending a better process. An IS auditor should recommend a formal change control process that manages and could detect changes to production source and object code, such as code comparisons, so the changes can be reviewed
Which of the following backup techniques is the MOST appropriate when an organization requires extremely granular data restore points, as defined in the recovery point objective (RPO)?
Recovery point objective (RPO) is based on the acceptable data loss in the case of a disruption. In this scenario the organization needs a short RPO and continuous data backup is the best option.
An IS auditor find that DBAs have access to the log location on the database server and the ability to purge logs from the system. What is the BEST audit recommendation to ensure that DBA activity is effectively monitored?
To protect the availability and integrity of the database logs, it is feasible to forward the database logs to a centralized log server to which the DBAs do not have access.
The purpose of code signing is to provide assurance that:The software has not been subsequently modified *Not The private key of the signer has not been compromised
Code signing ensures that the executable code came from a reputable source and has not been modified after being signed
Doing which of the following during peak production hours could result in unexpected downtime?Promoting applications from development to the staging environment *Not Promoting applications from development to the staging environment.
Preventive maintenance activities should be scheduled for non peak times of the day, and preferably during a maintenance window time period. A mishap or incident caused by a maintenance worker could result in unplanned downtime.
Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions?
The cyclic reduncancy check (CRC) can check for a block of transmitted data. The workstations generate the CRC and transmit it with the data. The receiving workstation computes a CRC and compares it to the transmitted CRC. If both of them are equal, then
Parity check (known as vertical redundancy check) alsi involves a bit (known as the parity bit to each character during transmission. In this case, where there is a presence of bursts of errors (i.e., Impulsing noise during high transmission rates), it ha
Echo checks detect line errors by retransmitting data to the sending device for comparison with the orginal tranmission
A block sum check is a form of parity checking and has a low level of reliability
The PRIMARY benefit of an IT manager monitoring technical capacity is to:
Capacity monitoring has multiple objectives; however, the primary objective is to ensure compliance with the internal service level agreement (SLA) between the business and IT.
Which of the following should be the MOST important criterion in evaluating a backup solution for sensitive data that must be retained for a long period of time due to regulatory requirementsMedia reliability*Not Full backup window*Not Media costs *Not
To comply with regulatory requirements, the media should be reliable enough to ensure an organization's ability to recover the data should they be required for any reason.
When reviewing the configuration of network devices, an IS auditor should FIRST identify:The importance of the network devices in the topology*Not- the best practices for the type of network devices deployed *Not- whether components of the network are m
The first step is to understand the importance and role of the network device within the organization's network topology
In a disaster recovery situation, which of the following is the MOST important metric to ensure that data are synchronized between critical systems?A-Recovery point objectiveB-Recovery Time objectiveC- Recovery service resilience D- Recovery service sc
A-Recovery Point Objective (RPO)
Which of the following is a network diagnostic tool that monitors and reocrds network information?A- Online monitorB- Downtime reportC- Help desk report D- Protocol analyzer
D- Protocol Analyzer
Which of the following is widely accepted as one of the critical components in networking management?A- Configuration managementB- Topological MappingsC- Application of monitoring tools D- Proxy server troubleshooting
A- Configuration Management
During the audit of a database server, which of the following would be considered the GREATEST exposure?A- The password on the administrator account does not expireB- Default global security settings for the database remain unchanged. C- Old data have n
B- Default global security settings for the database remain unchanged.
Which of the following would BEST support 24/7 availability?A- Daily backupB- Offsite storageC- Mirroring D- Periodic testing
C- Mirroring
A new business requirement required an enterprise to change database vendors. Which is the following areas should the IS auditor PRIMARILY examine in relation to this implementation?A. integrity od the dataB. timing of the cutover C. Authorization level
A. Integrity of the data
An IS auditor discovers that develops have operator access to the command line of a production environment operating system. Which of the following controls would BEST mitigate the risk of undetected and unauthorized program changes to the production envi
B- Hash keys are calculated periodically for programs and matched against hash keys calculated for the most recent authorized versions of the programs.
Which of the following will be MOST effective in reducing the risk that unauthorized software on a backup server is distributed to the production server?A- Manually copy files to accomplish replication B- Review changes in the software version control sy
B- Review changes in the software version control system
Which of the following would an IS auditor consider to be MOST helpful when evaluating the effectiveness and adequacy of a preventive computer maintenance program?A. A system downtime logB. Vendors' reliability figures C. Regularly scheduled maintenance
You answered B. The correct answer is A.
Which of the following is the MOST likely reason an organization implements an emergency change to an application using the emergency change control process?A. The application owner requested new functionality. B. Changes are developed using an agile met
You answered D. The correct answer is C.A. Requests for new functionality by the application owner generally follow normal change control procedures, unless they have an impact on the business function. B. The agile system development methodology breaks
Which of the following is the MOST efficient strategy for the backup of large quantities of mission-critical data when the systems need to be online to take sales orders 24 hours a day?A. Implementing a fault-tolerant disk-to-disk backup solution B. Maki
You answered D. The correct answer is A.
A large chain of shops with electronic funds transfer (EFT) at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor?
You are correct, the answer is D.A. Offsite storage of backups would not help, because electronic funds transfer (EFT) tends to be an online process and offsite storage will not replace the dysfunctional processor. B. The provision of an alternate proces
During a data center audit, an IS auditor observes that some parameters in the tape management system are set to bypass or ignore tape header records. Which of the following is the MOST effective compensating control for this weakness?
You answered B. The correct answer is A.
Which of the following ways is the BEST for an IS auditor to verify that critical production servers are running the latest security updates released by the vendor?A. Ensure that automatic updates are enabled on critical production servers. B. Verify man
You answered A. The correct answer is D.A. Ensuring that automatic updates are enabled on production servers may be a valid way to manage the patching process; however, this would not provide assurance that all servers are being patched appropriately. B.
Which of the following is MOST directly affected by network performance monitoring tools?A. IntegrityB. AvailabilityC. Completeness D. Confidentiality
You answered C. The correct answer is B.A. Network monitoring tools can be used to detect errors that are propagating through a network, but their primary focus is on network reliability so that the network is available when required. B. Network monitori
An IS auditor finds out-of-range data in some tables of a database. Which of the following controls should the IS auditor recommend to avoid this situation?A. Log all table update transactions.B. Implement before-and-after image reporting. C. Use tracin
You are correct, the answer is D.A. Logging all table update transactions is a detective control that would not help avoid invalid data entry. B. Implementing before-and-after image reporting is a detective control that would not help avoid the situation
Due to resource constraints, a developer requires full access to production data to support certain problems reported by production users. Which of the following choices would be a good compensating control for controlling unauthorized changes in producti
You answered D. The correct answer is A.
During the review of an enterprise's preventive maintenance process for systems at a data center, the IS auditor has determined that adequate maintenance is being performed on all critical computing, power and cooling systems. Additionally, it is MOST imp
You are correct, the answer is C.
Recovery procedures for an information processing facility are BEST based on:A. recovery time objective (RTO).B. recovery point objective (RPO).C. maximum tolerable outage (MTO). D. information security policy.
You are correct, the answer is A.
An IS auditor notes during an audit that an organization's business continuity plan (BCP) does not adequately address information confidentiality during the recovery process. The IS auditor should recommend that the plan be modified to include:
You are correct, the answer is A.
A database administrator has detected a performance problem with some tables, which could be solved through denormalization. This situation will increase the risk of:A. concurrent access.B. deadlocks.C. unauthorized access to data. D. a loss of data in
You are correct, the answer is D.A. Denormalization will have no effect on concurrent access to data in a database; concurrent access is resolved through locking.B. Deadlocks are a result of locking of records. This is not related to normalization. C. A
A company with a limited budget has a recovery time objective (RTO) of 72 hours and a recovery point objective (RPO) of 24 hours. Which of the following would BEST meet the requirements of the business?A. A hot siteB. A cold siteC. A mirrored site D. A
You answered B. The correct answer is D.
While performing a review of a critical third-party application, an IS auditor would be MOST concerned with discovering:A. inadequate procedures for ensuring adequate system portability.B. inadequate operational documentation for the system. C. an inade
You are correct, the answer is D.
An IS auditor examining the security configuration of an operating system should review the:A. transaction logs.B. authorization tables.C. parameter settings. D. routing tables.
You are correct, the answer is C.A. Transaction logs are used to track and analyze transactions related to an application or system interface, but that is not the primary source of audit evidence in an OS audit. B. Authorization tables are used to verify
An IS auditor evaluating the resilience of a high-availability network should be MOST concerned if:A. the setup is geographically dispersed.B. the network servers are clustered in one site.C. a hot site is ready for activation. D. diverse routing is im
You are correct, the answer is B.A. Dispersed geographic locations provide backup if a site has been destroyed.B. A clustered setup in one location makes the entire network vulnerable to natural disasters or other disruptive events. C. A hot site would
Which of the following is the GREATEST concern when an organization's backup facility is at a warm site?A. Timely availability of hardwareB. Availability of heat, humidity and air conditioning equipmentC. Adequacy of electrical power connections D. Eff
You are correct, the answer is A.
Which of the following would BEST maintain the integrity of a firewall log?A. Granting access to log information only to administratorsB. Capturing log events in the operating system layerC. Writing dual logs onto separate storage media D. Sending log
You answered B. The correct answer is D.A. To enforce segregation of duties, administrators should not have access to log files. This primarily contributes to the assurance of confidentiality rather than integrity. B. There are many ways to capture log i
During an application audit, the IS auditor finds several problems related to corrupt data in the database. Which of the following is a corrective control that the IS auditor should recommend?Select an answer: A. Define the standards, and closely monitor
You answered A. The correct answer is D.A. Establishing standards is a preventive control, and monitoring for compliance is a detective control.B. Ensuring that only authorized personnel can update the database is a preventive control. C. Establishing c
During a human resources (HR) audit, an IS auditor is informed that there is a verbal agreement between the IT and HR departments as to the level of IT services expected. In this situation, what should the IS auditor do FIRST?
You are correct, the answer is C.
An IS auditor is reviewing the network infrastructure of a call center and determines that the internal telephone system is based on Voice-over Internet Protocol (VoIP) technology. Which of the following is the GREATEST concern?
You answered C. The correct answer is B.
Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network?A. The use of diskless workstationsB. Periodic checking of hard drivesC. The use of current antivirus software D. Policies that resu
You answered C. The correct answer is B.A. Diskless workstations act as a preventive control and are not totally effective in preventing users from accessing illegal software over the network. B. The periodic checking of hard drives would be the most eff
While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/backup at an offsite location would be:A. shadow file processing.B. electronic vaulting.C. hard-disk mirroring. D. hot-si
You answered C. The correct answer is A.
Which of the following recovery strategies is MOST appropriate for a business having multiple offices within a region and a limited recovery budget?A. A hot site maintained by the businessB. A commercial cold site C. A reciprocal arrangement between its
You answered A. The correct answer is C.A. A hot site maintained by the business would be a costly solution but would provide a high degree of confidence. B. Multiple cold sites leased for the multiple offices would lead to an ineffective solution with p
What's a Hot site, Cold site, and warm site?
Which of the following inputs would PRIMARILY help in designing the data backup strategy in case of potential natural disasters?A. Recovery point objective (RPO)B. Volume of data to be backed upC. Data backup technologies D. Recovery time objective (RT
You answered D. The correct answer is A.
An IS auditor is to assess the suitability of a service level agreement (SLA) between the organization and the supplier of outsourced services. To which of the following observations should the IS auditor pay the MOST attention? The SLA does not contain a
You answered C. The correct answer is A.
Which of the following is the MOST critical element of an effective disaster recovery plan (DRP)?A. Offsite storage of backup dataB. Up-to-date list of key disaster recovery contactsC. Availability of a replacement data center D. Clearly defined recove
You answered D. The correct answer is A.A. Remote storage of backups is the most critical disaster recovery plan (DRP) element of the items listed because access to backup data is required to restore systems. B. Having a list of key contacts is important
Business units are concerned about the performance of a newly implemented system. Which of the following should an IS auditor recommend?A. Develop a baseline and monitor system usage.B. Define alternate processing procedures. C. Prepare the maintenance
You are correct, the answer is A.A. An IS auditor should recommend the development of a performance baseline and monitor the system's performance against the baseline to develop empirical data upon which decisions for modifying the system can be made. B.
Which of the following is the BEST method to ensure that critical IT system failures do not recur?A. Invest in redundant systems.B. Conduct a follow-up audit.C. Monitor system performance. D. Perform root cause analysis.
You answered C. The correct answer is D.A. Redundancy may be a solution; however, a root cause analysis enables an educated decision to address the origin of the problem instead of simply assuming that system redundancy is the solution. B. While an audit
In addition to the backup considerations for all systems, which of the following is an important consideration in providing backup for online systems?A. Maintaining system software parametersB. Ensuring periodic dumps of transaction logs C. Ensuring gra
You answered C. The correct answer is B.A. Maintaining system software parameters is important for all systems, not just online systems. B. Ensuring periodic dumps of transaction logs is the only safe way of preserving timely historic data. Because onlin
Which of the following database controls would ensure that the integrity of transactions is maintained in an online transaction processing system's database?A. Authentication controlsB. Data normalization controlsC. Read/write access log controls D. Co
You answered A. The correct answer is D.A. Authentication controls would ensure that only authorized personnel can make changes, but would not ensure the integrity of the changes. B. Data normalization is not used to protect the integrity of online trans
An IS auditor observed that users are occasionally granted the authority to change system data. This elevated system access is not consistent with company policy yet is required for smooth functioning of business operations. Which of the following control
You answered A. The correct answer is C.
An enterprise uses privileged accounts to process configuration changes for mission-critical applications. Which of the following would be the BEST and appropriate control to limit the risk in such a situation?
You answered B. The correct answer is D.A. Audit trails are a detective control and, in many cases, can be altered by those with privileged access. B. Staff proficiency is important and good training may be somewhat of a deterrent, but supervisory approv
A financial institution has decided to outsource its customer service division to an offshore vendor. The MOST important consideration would be to ensure that the contract contains:A. a limited liability clause.B. a right-to-audit clause. C. a data owne
You answered B. The correct answer is C.
A financial institution that processes millions of transactions each day has a central communications processor (switch) for connecting to automated teller machines (ATMs). Which of the following would be the BEST contingency plan for the communications p
You are correct, the answer is C.A. Reciprocal agreements make an organization dependent on the other organization and raise privacy, competition and regulatory issues. B. Having an alternate processor in the same location resolves the equipment problem,
While conducting an audit on the customer relationship management (CRM) application, the IS auditor observes that it takes a significantly long time for users to log on to the system during peak business hours as compared with other times of the day. Once
You are correct, the answer is D.A. The IS auditor recommending nothing is not the right choice because a delayed login process has a negative impact on employee productivity. B. Network bandwidth may or may not be the root cause of this issue. Performan
In a small organization, developers may release emergency changes directly to production. Which of the following will BEST control the risk in this situation?A. Approve and document the change the next business day. B. Limit developer access to productio
You answered C. The correct answer is A.A. It may be appropriate to allow programmers to make emergency changes as long as they are documented and approved after the fact. B. Restricting release time frame may help somewhat; however, it would not apply t
An organization has outsourced its help desk function. Which of the following indicators would be the BEST to include in the service level agreement (SLA)?A. Overall number of users supportedB. Percentage of incidents solved in the first call C. Number
You answered D. The correct answer is B.A. The contract price will usually be based on the number of users supported, but the performance metrics should be based on the ability to provide effective support and address user problems rapidly. B. Because it
Which of the following will prevent dangling tuples in a database?A. Cyclic integrityB. Domain integrityC. Relational integrity D. Referential integrity
You answered B. The correct answer is D.A. Cyclical checking is the control technique for the regular checking of accumulated data on a file against authorized source documentation. There is no cyclical integrity testing. B. Domain integrity testing ensu
Which of the following choices would MOST likely ensure that a disaster recovery (DR) effort is successful?A. The tabletop test was performed.B. Data restoration was completed.C. Recovery procedures are approved. D. Appropriate staff resources are comm
You are correct, the answer is B.A. Performing a tabletop test is extremely helpful, but does not ensure that the recovery process is working properly. B. The most reliable method to determine whether a backup is valid would be to restore it to a system.
The PRIMARY objective of performing a postincident review is that it presents an opportunity to:A. improve internal control procedures.B. harden the network to industry best practices. C. highlight the importance of incident response management to manag
You are correct, the answer is A.
Segmenting a highly sensitive database results in:A. reduced exposure.B. reduced threat.C. less criticality. D. less sensitivity.
You answered C. The correct answer is A.A. Segmenting data reduces the quantity of data exposed as a result of a particular event.B. The threat may remain constant, but each segment may represent a different vector against which it must be directed. C.
A database has suffered a catastrophic failure that caused the loss of all data since the last backup was done four hours earlier. How can the data for the last four hours be recovered promptly?
You answered B. The correct answer is C.A. Most database management systems create transaction logs while updating transactions in the database. These can be used to update the database since the last backup. B. It would rarely be possible to manually re
An offsite information processing facility with electrical wiring, air conditioning and flooring, but no computer or communications equipment, is a:A. cold site.B. warm site.C. dial-up site. D. duplicate processing facility.
You answered D. The correct answer is A.A. A cold site is ready to receive equipment but does not offer any components at the site in advance of the need. B. A warm site is an offsite backup facility that is partially configured with network connections
An IS auditor is performing a review of the disaster recovery hot site used by a financial institution. Which of the following would be the GREATEST concern?A. System administrators use shared accounts which never expire at the hot site. B. Disk space ut
You answered A. The correct answer is B.A. While it is not a best practice for security administrators to share accounts that do not expire, the greater risk in this scenario would be running out of disk space. B. Not knowing how much disk space is in us
Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures?A. Review software migration records and verify approvals. B. Identify changes that have occurr
You answered C. The correct answer is B.A. Software migration records may not have all changes listed�changes could have been made that were not included in the migration records. B. The most effective method is to determine what changes have been made (
To verify that the correct version of a data file was used for a production run, an IS auditor should review:A. operator problem reports.B. operator work schedules.C. system logs. D. output distribution reports.
You are correct, the answer is C.A. Operator problem reports are used by operators to log computer operation problems.B. Operator work schedules are maintained to assist in human resource planning. C. System logs are automated reports which identify mos
Which of the following issues should be a MAJOR concern to an IS auditor who is reviewing a service level agreement (SLA)?A. A service adjustment resulting from an exception report took a day to implement. B. The complexity of application logs used for s
You are correct, the answer is C.
An IS auditor is reviewing the backup strategy and the backup technology in use by an organization. The IS auditor would be MOST concerned if:A. data restoration tests are not being regularly performed. B. disk subsystems are being backed up to other dis
You answered D. The correct answer is A.A. The only way to ensure with certainty that a backup is working is to perform a data restoration test. If this were not being done regularly, it would be a concern. B. Current backup technology utilizes disk-to-d
An IS auditor is assisting in the design of the emergency change control procedures for an organization with a limited budget. Which of the following recommendations BEST helps to establish accountability for the system support personnel?
You answered D. The correct answer is A. |