Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 1031:

  Which of the following is the MOST effective way to detect as many abnormalities as possible during an IS audit?

  A. Conduct a walk-through of the process.
  B. Perform substantive testing on sampled records.
  C. Perform judgmental sampling of key processes.
  D. Use a data analytics tool to identify trends.
  D. Use a data analytics tool to identify trends.

  ---

  Explanation

  A data analytics tool is the most effective way to detect as many abnormalities as possible during an IS audit, as it can process large volumes of data, perform complex calculations, and generate visualizations that reveal patterns, outliers,

  anomalies, or deviations from expected results. A data analytics tool can also help the auditor to test the entire population of data, rather than a sample, and to perform continuous auditing and monitoring.

  References:

  ISACA CISA Review Manual, 27th Edition, page 256

  What is Problem Solving? Steps, Process and Techniques | ASQ Data Analytics for Auditors - IIA

• Question 1032:

  During an audit of an organization's incident management process, an IS auditor learns that the security operations team includes detailed reports of recent attacks in its communications to employees. Which of the following is the GREATEST concern with this situation?

  A. Employees may fail to understand the severity of the threats.
  B. The reports may be too complex for a nontechnical audience.
  C. Employees may misuse the information in the reports.
  D. There is not a documented procedure to communicate the reports.
  C. Employees may misuse the information in the reports.

  ---

  Explanation

• Question 1033:

  Which of the following is MOST important to determine during the planning phase of a cloud-based messaging and collaboration platform acquisition?

  A. Role-based access control policies
  B. Types of data that can be uploaded to the platform
  C. Processes for on-boarding and off-boarding users to the platform
  D. Processes for reviewing administrator activity
  B. Types of data that can be uploaded to the platform

  ---

  Explanation

  The most important thing to determine during the planning phase of a cloud- based messaging and collaboration platform acquisition is the types of data that can be uploaded to the platform. This is because different types of data may have different security, privacy, and compliance requirements, depending on the nature, sensitivity, and value of the data. For example, personal data, financial data, health data, or intellectual property data may be subject to various laws and regulations that govern how they can be collected, stored, processed, and shared in the cloud. Therefore, it is essential to identify and classify the types of data that will be uploaded to the platform, and ensure that the platform meets the organization's policies and standards for data protection1. The other options are not as important as the types of data that can be uploaded to the platform during the planning phase of a cloud-based messaging and collaboration platform acquisition. Option A, role-based access control policies, is a mechanism that defines who can access what data and resources on the platform based on their roles and responsibilities. Role-based access control policies are important for ensuring data security and accountability, but they can be designed and implemented after the platform is acquired2. Option C, processes for on-boarding and off-boarding users to the platform, are procedures that enable or disable user accounts and access rights on the platform. Processes for on-boarding and off-boarding users are important for managing user identities and lifecycles, but they can be developed and executed after the platform is acquired3. Option D, processes for reviewing administrator activity, are methods that monitor and audit the actions and events performed by administrators on the platform. Processes for reviewing administrator activity are important for detecting and preventing unauthorized or malicious activities, but they can be established and performed after the platform is acquired4.

  References: Cloud Messaging and Collaboration Services - Maryland.gov DoIT4 MessageBird acquires real-time notifications and in-app messaging platform Pusher for $35M | TechCrunch2 Symphony to lead financial market communications with the acquisition of Cloud9 Technologies3 Cloud messaging and collaboration | Sumo Logic

• Question 1034:

  Which of the following issues identified during a postmortem analysis of the IT security incident response process should be of GREATEST concern?

  A. The incident response team did not initiate actions to limit the impact of the incident
  B. Incident response team members' contact details were not up to date.
  C. The root cause of the incident was not properly identified and documented
  D. The incident was caused by an attacker that exploited a zero-day vulnerability.
  A. The incident response team did not initiate actions to limit the impact of the incident

  ---

  Explanation

• Question 1035:

  During an IS audit of a data center, it was found that programmers are allowed to make emergency fixes to operational programs. Which of the following should be the IS auditor's PRIMARY recommendation?

  A. Programmers should be allowed to implement emergency fixes only after obtaining verbal agreement from the application owner.
  B. Emergency program changes should be subject to program migration and testing procedures before they are applied to operational systems.
  C. Bypass user ID procedures should be put in place to ensure that the changes are subject to after-the-event approval and testing.
  B. Emergency program changes should be subject to program migration and testing procedures before they are applied to operational systems.

  ---

  Explanation

• Question 1036:

  Which of the following sites would be MOST appropriate in the case of a very short recovery time objective (RTO)?

  A. Mobile
  B. Redundant
  C. Shared
  D. Warm
  B. Redundant

  ---

  Explanation

• Question 1037:

  During a security audit, an IS auditor is tasked with reviewing log entries obtained from an enterprise intrusion prevention system (IPS). Which type of risk would be associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration?

  A. Sampling risk
  B. Detection risk
  C. Control risk
  D. Inherent risk
  B. Detection risk

  ---

  Explanation

  The type of risk associated with the potential for the auditor to miss a sequence of logged events that could indicate an error in the IPS configuration is detection risk. Detection risk is the risk that the auditor's procedures will not detect a material misstatement or error that exists in an assertion or a control. Detection risk can be affected by factors such as the nature, timing, and extent of the audit procedures, the quality and sufficiency of the audit evidence, and the auditor's professional judgment and competence. Detection risk can be reduced by applying appropriate audit techniques, such as sampling, testing, observation, inquiry, and analysis.

  References: CISA Review Manual (Digital Version) CISA Questions, Answers and Explanations Database

• Question 1038:

  Which of the following is the GREATEST risk associated with the use of instant messaging (IM)?

  A. Data leakage
  B. Loss of employee productivity
  C. Internet Protocol (IP) address spoofing
  D. Excess bandwidth consumption
  A. Data leakage

  ---

  Explanation

• Question 1039:

  The GREATEST risk when performing data normalization is:

  A. the increased complexity of the data model
  B. duplication of audit logs
  C. reduced data redundancy
  D. decreased performance
  A. the increased complexity of the data model

  ---

  Explanation

• Question 1040:

  An IS audit report highlighting inadequate network internal controls is challenged because no serious incident has ever occurred. Which of the following actions performed during the audit would have BEST supported the findings?

  A. Compliance testing
  B. Threat risk assessment
  C. Penetration testing
  D. Vulnerability assessment
  C. Penetration testing

  ---

  Explanation