Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 1321:

  A multinational organization is integrating its existing payroll system with a human resource information system. Which of the following should be of GREATEST concern to the IS auditor?

  A. System documentation
  B. Currency conversion
  C. Application interfaces
  D. Scope creep
  C. Application interfaces

  ---

  Explanation

• Question 1322:

  Which of the following should be the PRIMARY concern for the it department head when implementing operational log management?

  A. Diversity of log formats generated by different IT resources
  B. Retention and storage issues due to log volume
  C. Resistance by operational users
  D. Impact on performance of IT resources
  B. Retention and storage issues due to log volume

  ---

  Explanation

• Question 1323:

  Which of the following would be of GREATEST concern when reviewing an organization's security information and event management (SIEM) solution?

  A. SIEM reporting is customized.
  B. SIEM configuration is reviewed annually
  C. The SIEM is decentralized.
  D. SIEM reporting is ad hoc.
  C. The SIEM is decentralized.

  ---

  Explanation

  The greatest concern that the IS auditor should have when reviewing an organization's security information and event management (SIEM) solution is that the SIEM is decentralized. This is because a decentralized SIEM can pose challenges for collecting, correlating, analyzing and reporting on security events and incidents from multiple sources and locations. A decentralized SIEM can also increase the complexity and cost of maintaining and updating the SIEM components, as well as the risk of inconsistent or incomplete security monitoring and response. The IS auditor should recommend that the organization adopts a centralized or hybrid SIEM architecture that can provide a holistic and integrated view of the security posture and activities across the organization. The other findings are not as concerning as a decentralized SIEM, because they can be addressed by implementing best practices and standards for SIEM reporting and configuration.

  References: CISA Review Manual (Digital Version)1, Chapter 5, Section 5.2.4

• Question 1324:

  Which of the following is the role of audit leadership in ensuring the quality of audit and engagement performance?

  A. Ensuring audit customers remain highly satisfied with the quality of audit performance
  B. Reviewing identified risks to ensure associated processes are included in the audit program
  C. Reviewing key performance results to ensure process improvements are implemented
  D. Ensuring the scope of peer quality assurance (QA) reviews is sufficient to address board concerns
  C. Reviewing key performance results to ensure process improvements are implemented

  ---

  Explanation

• Question 1325:

  An IS auditor learns the organization has experienced several server failures in its distributed environment. Which of the following is the BEST recommendation to limit the potential impact of server failures in the future?

  A. Redundant pathways
  B. Clustering
  C. Failover power
  D. Parallel testing
  B. Clustering

  ---

  Explanation

  Clustering is a technique that allows multiple servers to work together as a single system, providing high availability, load balancing, and fault tolerance. Clustering can limit the potential impact of server failures in a distributed environment, as it can automatically switch the workload to another server in the cluster if one server fails, without interrupting the service. Redundant pathways, failover power, and parallel testing are also useful for improving the reliability and availability of servers, but they do not directly address the issue of server failures.

• Question 1326:

  Which of the following provides the BEST evidence of the validity and integrity of logs in an organization's security information and event management (SIEM) system?

  A. Compliance testing
  B. Stop-or-go sampling
  C. Substantive testing
  D. Variable sampling
  C. Substantive testing

  ---

  Explanation

  Substantive testing ?provides the best evidence of the validity and integrity of logs in an organization's security information and event management (SIEM) system, because it is a type of audit testing that directly examines the accuracy, completeness, and reliability of the data and transactions recorded in the logs. Substantive testing can involve various methods, such as re-performance, inspection, observation, inquiry, or computer-assisted audit techniques (CAATs), to verify the existence, occurrence, valuation, ownership, presentation, and disclosure of the log data1. Substantive testing can also detect any errors, omissions, alterations, or manipulations of the log data that may indicate fraud or misstatement. Compliance testing (A) is not the best evidence of the validity and integrity of logs in an organization's SIEM system, because it is a type of audit testing that evaluates the design and effectiveness of the internal controls that are implemented to ensure compliance with laws, regulations, policies, and procedures. Compliance testing can involve various methods, such as walkthroughs, questionnaires, checklists, or flowcharts, to assess the adequacy, consistency, and operation of the internal controls1. Compliance testing can provide assurance that the log data are generated and processed in accordance with the established rules and standards, but it does not directly verify the accuracy and reliability of the log data itself. Stop-or-go sampling (B) is not a type of audit testing, but a type of sampling technique that auditors use to select a sample from a population for testing. Stop-or-go sampling is a sequential sampling technique that allows auditors to stop testing before reaching the predetermined sample size if the results are satisfactory or conclusive. Stop-or-go sampling can reduce the audit cost and time by avoiding unnecessary testing, but it can also increase the sampling risk and uncertainty by relying on a smaller sample3. Stop-or-go sampling does not provide any evidence of the validity and integrity of logs in an organization's SIEM system by itself; it depends on the type and quality of the audit tests performed on the selected sample. Variable sampling (D) is not a type of audit testing, but a type of sampling technique that auditors use to estimate a numerical characteristic of a population for testing. Variable sampling is a statistical sampling technique that allows auditors to measure the amount or rate of error or deviation in a population by using quantitative methods. Variable sampling can provide precise and objective results by using mathematical formulas and confidence intervals4. Variable sampling does not provide any evidence of the validity and integrity of logs in an organization's SIEM system by itself; it depends on the type and quality of the audit tests performed on the selected sample.

  References: Audit Testing Procedures - 5 Types and Their Use Cases 5 Types of Testing Methods Used During Audit Procedures | I.S. Partners Stop-or-Go Sampling Definition Variable Sampling Definition

• Question 1327:

  Which of the following is the MOST important consideration for an IS auditor when assessing the adequacy of an organization's information security policy?

  A. Alignment with the IT tactical plan
  B. IT steering committee minutes
  C. Compliance with industry best practice
  D. Business objectives
  D. Business objectives

  ---

  Explanation

  The most important consideration for an IS auditor when assessing the adequacy of an organization's information security policy is its alignment with the business objectives. The information security policy is a high-level document that defines the organization's vision, goals, principles, and responsibilities for protecting its information assets. The information security policy should support and enable the achievement of the business objectives, such as increasing customer satisfaction, enhancing competitive advantage, or complying with legal requirements. The information security policy should also be consistent with other relevant policies, standards, and frameworks that guide the organization's governance, risk management, and compliance activities.

• Question 1328:

  Which of the following is the BEST way to mitigate the risk associated with technology obsolescence?

  A. Invest in current technology
  B. Create a technology watch team that evaluates emerging trends.
  C. Make provisions In the budgets for potential upgrades.
  D. Create tactical and strategic IS plans
  D. Create tactical and strategic IS plans

  ---

  Explanation

• Question 1329:

  What is the PRIMARY reason to adopt a risk-based IS audit strategy?

  A. To achieve synergy between audit and other risk management functions
  B. To prioritize available resources and focus on areas with significant risk
  C. To reduce the time and effort needed to perform a full audit cycle
  D. To identify key threats, risks, and controls for the organization
  B. To prioritize available resources and focus on areas with significant risk

  ---

  Explanation

• Question 1330:

  As part of business continuity planning, which of the following is MOST important to assess when conducting a business impact analysis (B1A)?

  A. Risk appetite
  B. Critical applications m the cloud
  C. Completeness of critical asset inventory
  D. Recovery scenarios
  C. Completeness of critical asset inventory

  ---

  Explanation

  The most important thing to assess when conducting a business impact analysis (BIA) is the completeness of critical asset inventory. This is because the critical asset inventory is the basis for identifying and prioritizing the business processes, functions, and resources that are essential for the continuity of operations. The critical asset inventory should include both tangible and intangible assets, such as hardware, software, data, personnel, facilities, contracts, and reputation. The critical asset inventory should also be updated regularly to reflect any changes in the business environment or needs.

  References: CISA Review Manual (Digital Version), Chapter 5, Section 5.41 CISA Online Review Course, Domain 3, Module 3, Lesson 12