CISA Self-Study Guide for Becoming an Certified Information Systems Auditor Expert
CISA Study Guide Realistic Verified CISA Dumps
NEW QUESTION 200
Due to limited storage capacity, an organization has decided to reduce the actual retention period (or media containing completed low-value transactions. Which ol the following is MOST important lor the organization to ensure?
- A. The policy includes a strong risk-based approach.
- B. The retention period complies with data owner responsibilities.
- C. The total transaction amount has no impact on financial reporting
- D. The retention period allows for review during the year-end audit.
Answer: B
NEW QUESTION 201
Which of the following is a distinguishing feature at the highest level of a maturity model?
- A. A continuous improvement process is applied.
- B. There are formal standards and procedures.
- C. Projects are controlled with management supervision.
- D. Processes are monitored continuously.
Answer: A
Explanation:
Section: Governance and Management of IT
NEW QUESTION 202
Which of the following is an IS auditor s GREATEST concern when an organization does not regularly update software on individual workstations in the internal environment?
- A. The organization may not be in compliance with licensing agreement.
- B. The organization may be more susceptible to cyber-attacks.
- C. System functionality may not meet business requirements.
- D. The system may have version control issues.
Answer: D
NEW QUESTION 203
While conducting a review of project plans related to a new software development, an IS auditor finds the project initiation document (PID) is incomplete. What is the BEST way for the auditor to proceed?
- A. Escalate to the project steering committee.
- B. Prepare a finding for the audit report.
- C. Meet with the project sponsor to discuss the incomplete document.
- D. Inform audit management of possible risks associated with the deficiency.
Answer: C
NEW QUESTION 204
When preparing to evaluate the effectiveness of an organizations IT strategy, an IS auditor should FIRST review;
- A. Information security procedures.
- B. the most recent audit results.
- C. the IT governance fremework.
- D. the IT processes and procedures.
Answer: D
NEW QUESTION 205
Which of the following types of firewalls provide the GREATEST degree and granularity of control?
- A. Packet filter
- B. Screaming router
- C. Application gateway
- D. Circuit gateway
Answer: C
Explanation:
Explanation/Reference:
Explanation:
The application gateway is similar to a circuit gateway, but it has specific proxies for each service. To handle web services, it has an HTTP proxy that acts as an intermediary between externals and internals, but is specifically for HTTP. This means that it not only checks the packet IP addresses (layer 3) and the ports it is directed to (in this case port 80, or layer 4), it also checks every HTTP command (layers 5 and
7). Therefore, it works in a more detailed (granularity) way than the others. Screening router and packet filter (choices A and BJ work at the protocol, service and/or port level. This means that they analyze packets from layers 3 and 4, and not from higher levels. A circuit gateway (choice D) is based on a proxy or program that acts as an intermediary between external and internal accesses. This means that during an external access, instead of opening a single connection to the internal server, two connections are established-one from the external server to the proxy (which conforms the circuit-gateway) and one from the proxy to the internal server. Layers 3 and 4 (IP and TCP) and some general features from higher protocols are used to perform these tasks.
NEW QUESTION 206
Relatively speaking, firewalls operated at the application level of the seven layer OSI model are:
- A. None of the choices.
- B. almost always less effective.
- C. almost always less efficient.
- D. almost always less secure.
- E. almost always less costly to setup.
Answer: C
Explanation:
Section: Protection of Information Assets
Explanation:
Early attempts at producing firewalls operated at the application level of the seven-layer OSI model but this
required too much CPU processing power.
Packet filters operate at the network layer and function more efficiently because they only look at the
header part of a packet.
NEW QUESTION 207
An IS auditor has been asked to advise on the design and implementation of IT management best practices. Which of the following actions would impair the auditor's independence?
- A. Providing consulting advice for managing applications
- B. Designing an embedded audit module
- C. Evaluating the risk management process
- D. Implementing risk response on management's behalf
Answer: D
Explanation:
Section: Governance and Management of IT
NEW QUESTION 208
An IS auditor performing a review of an application's controls would evaluate the:
- A. application's optimization.
- B. business processes served by the application.
- C. impact of any exposures discovered.
- D. efficiency of the application in meeting the business processes.
Answer: C
Explanation:
Section: Protection of Information Assets
Explanation:
An application control review involves the evaluation of the application's automated controls and an
assessment of any exposures resulting from the control weaknesses. The other choices may be objectives
of an application audit but are not part of an audit restricted to a review of controls.
NEW QUESTION 209
Network environments often add to the complexity of program-to-program communication, making the implementation and maintenance of application systems more difficult. True or false?
- A. True
- B. False
Answer: A
Explanation:
Explanation/Reference:
Explanation:
Network environments often add to the complexity of program-to-program communication, making application systems implementation and maintenance more difficult.
NEW QUESTION 210
Which of the following term in business continuity determines the maximum acceptable amount of data loss measured in time?
- A. RTO
- B. RPO
- C. MTD
- D. WRT
Answer: B
Explanation:
Explanation/Reference:
A recovery point objective, or "RPO", is defined by business continuity planning. It is the maximum tolerable period in which data might be lost from an IT service due to a major incident. The RPO gives systems designers a limit to work to. For instance, if the RPO is set to four hours, then in practice, off-site mirrored backups must be continuously maintained - a daily off-site backup on tape will not suffice. Care must be taken to avoid two common mistakes around the use and definition of RPO. Firstly, BC staff use business impact analysis to determine RPO for each service - RPO is not determined by the existent backup regime. Secondly, when any level of preparation of off-site data is required, rather than at the time the backups are offsite, the period during which data is lost very often starts near the time of the beginning of the work to prepare backups which are eventually offsite.
For your exam you should know below information about RPO, RTO, WRT and MTD:
Stage 1: Business as usual
Business as usual
Image Reference - http://defaultreasoning.files.wordpress.com/2013/12/bcdr-01.png At this stage all systems are running production and working correctly.
Stage 2: Disaster occurs
Disaster Occurs
Image Reference - http://defaultreasoning.files.wordpress.com/2013/12/bcdr-02.png On a given point in time, disaster occurs and systems needs to be recovered. At this point the Recovery Point Objective (RPO) determines the maximum acceptable amount of data loss measured in time. For example, the maximum tolerable data loss is 15 minutes.
Stage 3: Recovery
Recovery
Image Reference - http://defaultreasoning.files.wordpress.com/2013/12/bcdr-03.png At this stage the system are recovered and back online but not ready for production yet. The Recovery Time Objective (RTO) determines the maximum tolerable amount of time needed to bring all critical systems back online. This covers, for example, restore data from back-up or fix of a failure. In most cases this part is carried out by system administrator, network administrator, storage administrator etc.
Stage 4: Resume Production
Resume Production
Image Reference - http://defaultreasoning.files.wordpress.com/2013/12/bcdr-04.png At this stage all systems are recovered, integrity of the system or data is verified and all critical systems can resume normal operations. The Work Recovery Time (WRT) determines the maximum tolerable amount of time that is needed to verify the system and/or data integrity. This could be, for example, checking the databases and logs, making sure the applications or services are running and are available.
In most cases those tasks are performed by application administrator, database administrator etc. When all systems affected by the disaster are verified and/or recovered, the environment is ready to resume the production again.
MTD
Image Reference - http://defaultreasoning.files.wordpress.com/2013/12/bcdr-05.png The sum of RTO and WRT is defined as the Maximum Tolerable Downtime (MTD) which defines the total amount of time that a business process can be disrupted without causing any unacceptable consequences. This value should be defined by the business management team or someone like CTO, CIO or IT manager.
The following answers are incorrect:
RTO - The Recovery Time Objective (RTO) determines the maximum tolerable amount of time needed to bring all critical systems back online. This covers, for example, restore data from back-up or fix of a failure.
In most cases this part is carried out by system administrator, network administrator, storage administrator etc.
WRT - The Work Recovery Time (WRT) determines the maximum tolerable amount of time that is needed to verify the system and/or data integrity. This could be, for example, checking the databases and logs, making sure the applications or services are running and are available. In most cases those tasks are performed by application administrator, database administrator etc. When all systems affected by the disaster are verified and/or recovered, the environment is ready to resume the production again.
MTD - The sum of RTO and WRT is defined as the Maximum Tolerable Downtime (MTD) which defines the total amount of time that a business process can be disrupted without causing any unacceptable consequences. This value should be defined by the business management team or someone like CTO, CIO or IT manager.
The following reference(s) were/was used to create this question:
CISA review manual 2014 page number 284
http://en.wikipedia.org/wiki/Recovery_point_objective
http://defaultreasoning.com/2013/12/10/rpo-rto-wrt-mtdwth/
NEW QUESTION 211
When responding to an ongoing denial of service (DoS) attack, an organization's FIRST course of action should be to:
- A. restore service
- B. minimize impact
- C. investigate damage
- D. analyze the attack path
Answer: B
Explanation:
Section: Information System Operations, Maintenance and Support
NEW QUESTION 212
During an audit, an IS auditor notes that an organization's business continuity plan (BCP) does not
adequately address information confidentiality during a recovery process. The IS auditor should
recommend that the plan be modified to include:
- A. change management procedures for information security that could affect business continuity
arrangements. - B. information security roles and responsibilities in the crisis management structure.
- C. the level of information security required when business recovery procedures are invoked.
- D. information security resource requirements.
Answer: C
Explanation:
Section: Protection of Information Assets
Explanation:
Business should consider whether information security levels required during recovery should be the same,
lower or higher than when business is operating normally. In particular, any special rules for access to
confidential data during a crisis need to be identified. The other choices do not directly address the
information confidentiality issue.
NEW QUESTION 213
An IS auditor is evaluating the risk associated with moving from one database management system (DBMS) to another. Which of the following would be MOST helpful to ensure the integrity of the system throughout the change?
- A. Preserving the same data classifications
- B. Preserving the same data interfaces
- C. Preserving the same data structure
- D. Preserving the same data inputs
Answer: D
NEW QUESTION 214
Which of the following is MOST important for the improvement of an organization's incident response processes
- A. Ongoing incident response training for users
- B. Periodic walk-through of incident response procedures
- C. Post-event reviews by the incident response team
- D. Regular upgrades to incident management software
Answer: C
NEW QUESTION 215
Which of the following is a detective control that can be used to uncover unauthorized access to information systems?
- A. Requiring long and complex passwords for system access
- B. Implementing a security information and event management (SIEM) system
- C. Protecting access to the data center with multifactor authentication
- D. Requiring internal audit to perform periodic reviews of system access logs
Answer: B
Explanation:
Section: Information System Acquisition, Development and Implementation
NEW QUESTION 216
When conducting a requirements analysis for a project the BEST approach would be to:
- A. consult key stakeholders.
- B. test operational deliverables.
- C. prototype the requirements.
- D. conduct a control self-assessment.
Answer: A
Explanation:
Section: Information System Acquisition, Development and Implementation
NEW QUESTION 217
When preparing an audit report the IS auditor should ensure that the results are supported by:
- A. an organizational control self-assessment.
- B. sufficient and appropriate audit evidence.
- C. statements from IS management.
- D. workpapers of other auditors.
Answer: B
Explanation:
Explanation/Reference:
Explanation:
ISACA's standard on 'reporting' requires the IS auditor have sufficient and appropriate audit evidence to support the reported results. Statements from IS management provide a basis for obtaining concurrence on matters that cannot be verified with empirical evidence. The report should be based on evidence collected during the course of the review even though the auditor may have access to the work papers of other auditors. The results of an organizational control self-assessment (CSA) could supplement the audit findings. Choices A, B and C might be referenced during an audit but, of themselves, would not be considered a sufficient basis for issuing a report.
NEW QUESTION 218
Which of the following management decisions presents the GREATEST risk associated with data leakage?
- A. Security policies have not been updated in the past year
- B. Staff are allowed to work remotely.
- C. There is no requirement for desktops to be encrypted.
- D. Security awareness training is not provided to staff.
Answer: D
NEW QUESTION 219
Which of the following should be of GREATEST concern to an organization's board when reviewing the internal audit department's quality assurance and improvement program?
- A. The program has not been approved by senior management.
- B. Program metrics have not been updated in over two years.
- C. The program does not include periodic external assessments.
- D. The program does not incorporate recommendations from prior audits.
Answer: A
Explanation:
Section: Information System Acquisition, Development and Implementation
NEW QUESTION 220
An IS auditor evaluating the resilience of a high-availability network should be MOST concerned if:
- A. diverse routing is implemented for the network.
- B. the setup is geographically dispersed.
- C. the network servers are clustered in a site.
- D. a hot site is ready for activation.
Answer: C
Explanation:
Explanation/Reference:
Explanation:
A clustered setup in one location makes the entire network vulnerable to natural disasters or other disruptive events. Dispersed geographical locations and diverse routing provide backup if a site has been destroyed. A hot site would also be a good alternative for a single point-of-failure site.
NEW QUESTION 221
Which of the Mowing is MOST important to include in a contract with a software development service provider7
- A. Ownership of intellectual property
- B. A list or hey performance indicators (KPis)
- C. Service level agreement (SLA)
- D. Explicit contact termination requirements
Answer: A
NEW QUESTION 222
Which of the following is the BEST way for an IT forensics investigator to detect evidence of steganography?
- A. Identify and analyze emergent properties within a file system's metadata.
- B. Scan computer operating systems using administrative tools.
- C. Compare file hashes between original and modified image files.
- D. Recover deleted files from a suspected hard drive utilizing forensics software.
Answer: C
NEW QUESTION 223
......
Valid CISA Exam Dumps Ensure you a HIGH SCORE: https://examcollection.prep4sureguide.com/CISA-prep4sure-exam-guide.html