Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 1271:

  Which of the following cloud capabilities BEST enables an organization to meet unexpectedly high service demand?

  A. Scalability
  B. High availability
  C. Alternate routing
  D. Flexibility
  A. Scalability

  ---

  Explanation

• Question 1272:

  An organization is planning to implement a work-from-home policy that allows users to work remotely as needed. Which of the following is the BEST solution for ensuring secure remote access to corporate resources?

  A. Additional firewall rules
  B. Multi-factor authentication
  C. Virtual private network (VPN)
  D. Virtual desktop
  C. Virtual private network (VPN)

  ---

  Explanation

  The best solution for ensuring secure remote access to corporate resources is to use a virtual private network (VPN), as this creates an encrypted tunnel between the user's device and the corporate network, preventing unauthorized interception or modification of data in transit. Additional firewall rules may help to restrict access to certain ports or protocols, but they do not provide encryption or authentication. Multi-factor authentication may help to verify the identity of the user, but it does not protect the data in transit. Virtual desktop may help to provide a consistent user interface and access to applications, but it does not ensure the security of the communication channel.

  References: CISA Review Manual (Digital Version), Chapter 5: Protection of Information Assets, Section 5.2: Network Security Devices and Technologies

• Question 1273:

  Which of the following should be restricted from a network administrator's privileges in an adequately segregated IT environment?

  A. Monitoring network traffic
  B. Changing existing configurations for applications
  C. Hardening network ports
  D. Ensuring transmission protocols are functioning correctly
  B. Changing existing configurations for applications

  ---

  Explanation

• Question 1274:

  The operations team of an organization has reported an IS security attack Which of the following should be the FIRST step for the security incident response team?

  A. Report results to management
  B. Document lessons learned
  C. Perform a damage assessment
  D. Prioritize resources for corrective action
  C. Perform a damage assessment

  ---

  Explanation

  The first step for the security incident response team after an IS security attack is reported is to perform a damage assessment. This involves identifying the scope, impact and root cause of the incident, as well as collecting and preserving evidence for further analysis and investigation. Reporting results to management, documenting lessons learned and prioritizing resources for corrective action are important steps, but they should be done after the damage assessment is completed.

  References: CISA Review Manual (Digital Version), Chapter 6, Section 6.31

• Question 1275:

  A new system development project is running late against a critical implementation deadline Which of the following is the MOST important activity?

  A. Document last-minute enhancements
  B. Perform a pre-implementation audit
  C. Perform user acceptance testing (UAT)
  D. Ensure that code has been reviewed
  A. Document last-minute enhancements

  ---

  Explanation

  Performing user acceptance testing (UAT) is the most important activity before implementing a new system, as it ensures that the system meets the user requirements and expectations, and that it is free of major defects. Documenting last-minute enhancements, performing a pre-implementation audit, and ensuring that code has been reviewed are also important activities, but they are not as critical as UAT.

  References: CISA Review Manual (Digital Version), Chapter 4, Section 4.2.2

• Question 1276:

  Which of the following provides the MOST useful information to an IS auditor when selecting projects for inclusion in an IT audit plan?

  A. Project charter
  B. Project plan
  C. Project issue log
  D. Project business case
  D. Project business case

  ---

  Explanation

  A project business case is a document that describes the rationale and justification for initiating a project, based on its expected costs, benefits, risks, and feasibility. A project business case provides the most useful information to an IS

  auditor when selecting projects for inclusion in an IT audit plan, because it helps the IS auditor to:

  Understand the purpose, scope, objectives, and deliverables of the project Assess the alignment of the project with the organization's strategy, vision, and goals Evaluate the value proposition and return on investment of the project Identify

  the key stakeholders, sponsors, and owners of the project Analyze the potential risks and issues associated with the project Compare and prioritize the project with other competing projects The other possible options are:

  A. Project charter: A project charter is a document that formally authorizes and defines the high-level scope, roles, responsibilities, and authority of a project. A project charter provides some useful information to an IS auditor when selecting projects for inclusion in an IT audit plan, but it is not the most useful information. A project charter does not provide enough details about the costs, benefits, risks, and feasibility of the project, which are essential for evaluating its suitability for an IT audit plan.

  B. Project plan: A project plan is a document that outlines the detailed scope, schedule, budget, resources, quality, and communication plans of a project. A project plan provides some useful information to an IS auditor when selecting projects for inclusion in an IT audit plan, but it is not the most useful information. A project plan does not provide enough information about the rationale, justification, value proposition, and alignment of the project with the organization's strategy and goals, which are important for assessing its relevance for an IT audit plan.

  C. Project issue log: A project issue log is a document that records and tracks the issues that arise during a project's execution and how they are resolved. A project issue log provides some useful information to an IS auditor when selecting projects for inclusion in an IT audit plan, but it is not the most useful information. A project issue log does not provide enough information about the purpose, objectives, benefits, and feasibility of the project, which are critical for determining its priority for an IT audit plan.

• Question 1277:

  Which of the following BEST enables an IS auditor to combine and compare access control lists from various applications and devices?

  A. Integrated test facility (ITF)
  B. Snapshots
  C. Data analytics
  D. Audit hooks
  C. Data analytics

  ---

  Explanation

  Data analytics is the process of analyzing large and complex data sets to discover patterns, trends, and insights that can support decision making and problem solving. Data analytics can enable an IS auditor to combine and compare access control lists from various applications and devices by using techniques such as data extraction, transformation, loading, cleansing, integration, aggregation, visualization, and reporting. Data analytics can help an IS auditor to identify and assess the risks and controls related to access management, such as unauthorized or excessive access, segregation of duties violations, access policy compliance, access activity monitoring, and access review and remediation. The other options are not as effective or relevant as data analytics for combining and comparing access control lists from various applications and devices. Integrated test facility (ITF) is a technique for testing the validity and accuracy of application processing by inserting fictitious transactions into the system and verifying the results. ITF does not directly involve the analysis of access control lists. Snapshots are records of selected information at a specific point in time that can be used to monitor system activity or performance. Snapshots can provide some information about access control lists, but they are not sufficient to combine and compare them across different sources. Audit hooks are software routines embedded in an application that can trigger an alert or a report when certain conditions are met. Audit hooks can help to detect anomalies or exceptions in access control lists, but they do not provide a comprehensive or integrated view of them.

  References: ISACA, CISA Review Manual, 27th Edition, 2019, p. 2361 ISACA, ITAF: A Professional Practices Framework for IS Audit/Assurance, 3rd Edition, 2014, p. 882 Data Analytics for Auditing Access Control3

• Question 1278:

  An IS auditor determines that a business continuity plan has not been reviewed and approved by management. Which of the following is the MOST significant risk associated with this situation?

  A. Continuity planning may be subject to resource constraints.
  B. The plan may not be aligned with industry best practice.
  C. Critical business processes may not be addressed adequately.
  D. The plan has not been reviewed by risk management.
  D. The plan has not been reviewed by risk management.

  ---

  Explanation

• Question 1279:

  Which of the following testing method examines internal structure or working of an application?

  A. White-box testing
  B. Parallel Test
  C. Regression Testing
  D. Pilot Testing
  A. White-box testing

  ---

  Explanation

  White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of testing software that tests internal structures or workings of an application, as opposed to its functionality (i.e.

  black-box testing). In white-box testing an internal perspective of the system, as well as programming skills, are used to design test cases. The tester chooses inputs to exercise paths through the code and determine the appropriate outputs.

  This is analogous to testing nodes in a circuit, e.g. in-circuit testing (ICT).

  White-box testing can be applied at the unit, integration and system levels of the software testing process. Although traditional testers tended to think of white-box testing as being done at the unit level, it is used for integration and system

  testing more frequently today. It can test paths within a unit, paths between units during integration, and between subsystems during a systemevel test. Though this method of test design can uncover many errors or problems, it has the

  potential to miss unimplemented parts of the specification or missing requirements.

  For your exam you should know the information below:

  Alpha and Beta Testing - An alpha version is early version is an early version of the application system submitted to the internal user for testing. The alpha version may not contain all the features planned for the final version. Typically,

  software goes to two stages testing before it consider finished. The first stage is called alpha testing is often performed only by the user within the organization developing the software. The second stage is called beta testing, a form of user

  acceptance testing, generally involves a limited number of external users. Beta testing is the last stage of testing, and normally involves real world exposure, sending the beta version of the product to independent beta test sites or offering it

  free to interested user.

  Pilot Testing -A preliminary test that focuses on specific and predefined aspect of a system. It is not meant to replace other testing methods, but rather to provide a limited evaluation of the system. Proof of concept are early pilot tests ?usually

  over interim platform and with only basic functionalities.

  White box testing - Assess the effectiveness of a software program logic. Specifically, test data are used in determining procedural accuracy or conditions of a program's specific logic path. However, testing all possible logical path in large

  information system is not feasible and would be cost prohibitive, and therefore is used on selective basis only.

  Black Box Testing - An integrity based form of testing associated with testing components of an information system's "functional" operating effectiveness without regards to any specific internal program structure. Applicable to integration and

  user acceptance testing.

  Function/validation testing ?It is similar to system testing but it is often used to test the functionality of the system against the detailed requirements to ensure that the software that has been built is traceable to customer requirements.

  Regression Testing -The process of rerunning a portion of a test scenario or test plan to ensure that changes or corrections have not introduced new errors. The data used in regression testing should be same as original data.

  Parallel Testing - This is the process of feeding test data into two systems ?the modified system and an alternative system and comparing the result.

  Sociability Testing -The purpose of these tests is to confirm that new or modified system can operate in its target environment without adversely impacting existing system. This should cover not only platform that will perform primary

  application processing and interface with other system but, in a client server and web development, changes to the desktop environment. Multiple application may run on the user's desktop, potentially simultaneously, so it is important to test

  the impact of installing new dynamic link libraries (DLLs), making operating system registry or configuration file modification, and possibly extra memory utilization.

  The following answers are incorrect:

  Parallel Testing - This is the process of feeding test data into two systems ?the modified system and an alternative system and comparing the result.

  Regression Testing -The process of rerunning a portion of a test scenario or test plan to ensure that changes or corrections have not introduced new errors. The data used in regression testing should be same as original data.

  Pilot Testing -A preliminary test that focuses on specific and predefined aspect of a system. It is not meant to replace other testing methods, but rather to provide a limited evaluation of the system. Proof of concept are early pilot tests ?usually over interim platform and with only basic functionalities

  CISA review manual 2014 Page number 167 Official ISC2 guide to CISSP CBK 3rd Edition Page number 176

• Question 1280:

  Which device acting as a translator is used to connect two networks or applications from layer 4 up to layer 7 of the ISO/OSI Model?

  A. Bridge
  B. Repeater
  C. Router
  D. Gateway
  D. Gateway

  ---

  Explanation

  A gateway is used to connect two networks using dissimilar protocols at the lower layers or it could also be at the highest level of the protocol stack.

  Important Note:

  For the purpose of the exam, you have to remember that a gateway is not synonymous to the term firewall.

  The second thing you must remembers is the fact that a gateway act as a translation device.

  It could be used to translate from IPX to TCP/IP for example. It could be used to convert different types of applications protocols and allow them to communicate together. A gateway could be at any of the OSI layers but usually tend to be

  higher up in the stack.

  For your exam you should know the information below:

  Repeaters

  A repeater provides the simplest type of connectivity, because it only repeats electrical signals between cable segments, which enables it to extend a network. Repeaters work at the physical layer and are add-on devices for extending a

  network connection over a greater distance. The device amplifies signals because signals attenuate the farther they have to travel. Repeaters can also work as line conditioners by actually cleaning up the signals. This works much better

  when amplifying digital signals than when amplifying analog signals, because digital signals are discrete units, which makes extraction of background noise from them much easier for the amplifier. If the device is amplifying analog signals,

  any accompanying noise often is amplified as well, which may further distort the signal. A hub is a multi-port repeater. A hub is often referred to as a concentrator because it is the physical communication device that allows several computers

  and devices to communicate with each other. A hub does not understand or work with IP or MAC addresses. When one system sends a signal to go to another system connected to it, the signal is broadcast to all the ports, and thus to all the

  systems connected to the concentrator.

  Repeater

  

  Bridges A bridge is a LAN device used to connect LAN segments. It works at the data link layer and therefore works with MAC addresses. A repeater does not work with addresses; it just forwards all signals it receives. When a frame arrives at a bridge, the bridge determines whether or not the MAC address is on the local network segment. If the MAC address is not on the local network segment, the bridge forwards the frame to the necessary network segment.

  Bridge

  

  Routers Routers are layer 3, or network layer, devices that are used to connect similar or different networks. (For example, they can connect two Ethernet LANs or an Ethernet LAN to a Token Ring LAN.) A router is a device that has two or more interfaces and a routing table so it knows how to get packets to their destinations. It can filter traffic based on access control lists (ACLs), and it fragments packets when necessary. Because routers have more network-level knowledge, they can perform higher-level functions, such as calculating the shortest and most economical path between the sending and receiving hosts.

  Router and Switch

  

  Switches Switches combine the functionality of a repeater and the functionality of a bridge. A switch amplifies the electrical signal, like a repeater, and has the built-in circuitry and intelligence of a bridge. It is a multi-port connection device that provides connections for individual computers or other hubs and switches.

  Gateways Gateway is a general term for software running on a device that connects two different environments and that many times acts as a translator for them or somehow restricts their interactions. Usually a gateway is needed when one environment speaks a different language, meaning it uses a certain protocol that the other environment does not understand. The gateway can translate Internetwork Packet Exchange (IPX) protocol packets to IP packets, accept mail from one type of mail server and format it so another type of mail server can accept and understand it, or connect and translate different data link technologies such as FDDI to Ethernet. Gateway Server The following answers are incorrect:

  

  Repeater - A repeater provides the simplest type of connectivity, because it only repeats electrical signals between cable segments, which enables it to extend a network. Repeaters work at the physical layer and are add-on devices for extending a network connection over a greater distance. The device amplifies signals because signals attenuate the farther they have to travel.

  Bridges - A bridge is a LAN device used to connect LAN segments. It works at the data link layer and therefore works with MAC addresses. A repeater does not work with addresses; it just forwards all signals it receives. When a frame arrives at a bridge, the bridge determines whether or not the MAC address is on the local network segment. If the MAC address is not on the local network segment, the bridge forwards the frame to the necessary network segment.

  Routers - Routers are layer 3, or network layer, devices that are used to connect similar or different networks. (For example, they can connect two Ethernet LANs or an Ethernet LAN to a Token Ring LAN.) A router is a device that has two or more interfaces and a routing table so it knows how to get packets to their destinations. It can filter traffic based on access control lists (ACLs), and it fragments packets when necessary.

  CISA review manual 2014 Page number 263 Official ISC2 guide to CISSP CBK 3rd Edition Page number 229 and 230