Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 141:

  Which of the following is an IS auditor's BEST approach when low-risk anomalies have been identified?

  A. Reprioritize further testing of the anomalies and refocus on issues with higher risk
  B. Update the audit plan to include the information collected during the audit
  C. Ask auditees to promptly remediate the anomalies
  D. Document the anomalies in audit workpapers
  D. Document the anomalies in audit workpapers

  ---

  Explanation

  Documenting anomalies in audit workpapers (D) is the best approach because it ensures traceability, supports findings in the audit report, and allows for future reference if similar issues arise.Even if an anomaly is low-risk, proper

  documentation is a fundamental audit practice.

  Other options:

  Reprioritizing testing (A)is a valid audit approach but does not address documentation needs.

  Updating the audit plan (B)may be necessary but does not replace documentation. Prompt remediation (C)is an operational concern but is not always the auditor's primary role.

  ISACA CISA Review Manual, Audit Process

• Question 142:

  The PRIMARY objective of the disaster recovery planning process is to:

  A. comply with regulatory requirements.
  B. ensure data can be recovered completely.
  C. minimize the operational interruption.
  D. align incident response time with industry best practices.
  C. minimize the operational interruption.

  ---

  Explanation

  Explanation

• Question 143:

  Which of the following should be the GREATEST concern to an IS auditor reviewing the information security framework of an organization?

  A. The information security policy has not been updated in the last two years.
  B. Senior management was not involved in the development of the information security policy.
  C. A list of critical information assets was not included in the information security policy.
  D. The information security policy is not aligned with regulatory requirements.
  D. The information security policy is not aligned with regulatory requirements.

  ---

  Explanation

  The effectiveness of an organization's security awareness program can be measured by capturing data on changes in the way people react to threats, such as the ability to recognize and avoid social engineering attacks1. An increase in the

  number of phishing emails reported by employees indicates that they are more aware of the signs and risks of phishing, and are more likely to take appropriate actions to prevent or mitigate the impact of such attacks23.

  References:

  1: The Importance Of Measuring Security Awareness 2: Measuring the effectiveness of your security awareness program 3: How effective is security awareness training?

• Question 144:

  Which of the following should be of GREATEST concern to an IS auditor when using data analytics?

  A. The data source lacks integrity.
  B. The data analytics software is open source.
  C. The data set contains irrelevant fields.
  D. The data was not extracted by the auditor.
  A. The data source lacks integrity.

  ---

  Explanation

• Question 145:

  The scheduling of audit follow-ups should be based PRIMARILY on:

  A. costs and audit efforts involved.
  B. auditee and auditor time commitments.
  C. the risk and exposure involved.
  D. control and detection processes.
  C. the risk and exposure involved.

  ---

  Explanation

• Question 146:

  Implementing which of the following would BEST address issues relating to the aging of IT systems?

  A. IT project management
  B. Release management
  C. Application portfolio management
  D. Configuration management
  A. IT project management

  ---

  Explanation

• Question 147:

  Which of the following is the BEST control to mitigate the malware risk associated with an instant messaging (IM) system?

  A. Blocking attachments in IM
  B. Blocking external IM traffic
  C. Allowing only corporate IM solutions
  D. Encrypting IM traffic
  C. Allowing only corporate IM solutions

  ---

  Explanation

  Allowing only corporate IM solutions is the best control to mitigate the malware risk associated with an IM system, because it can prevent unauthorized or malicious IM applications from accessing the network and infecting the system with malware. Corporate IM solutions can also enforce security policies and standards, such as encryption, authentication, and logging, to protect the IM system from malware attacks. Blocking attachments in IM, blocking external IM traffic, and encrypting IM traffic are also possible controls to mitigate the malware risk, but they are not as effective as allowing only corporate IM solutions.

  References: CISA Review Manual (Digital Version), Chapter 5, Section 5.4.4

• Question 148:

  Which of the following should an IS auditor be MOST concerned with when a system uses radio frequency identification (RFID)?

  A. Scalability
  B. Maintainability
  C. Nonrepudiation
  D. Privacy
  C. Nonrepudiation

  ---

  Explanation

• Question 149:

  Which of the following should be an IS auditor's PRIMARY focus when evaluating the response process for cybercrimes?

  A. Communication with law enforcement
  B. Notification to regulators
  C. Root cause analysis
  D. Evidence collection
  D. Evidence collection

  ---

  Explanation

  Evidence collection is the process of identifying, acquiring, preserving, and documenting digital evidence from various sources, such as computers, networks, mobile devices, or cloud services, that can be used to support the investigation and

  prosecution of cybercrimes. Evidence collection is an IS auditor's primary focus when evaluating the response process for cybercrimes, because it determines the quality and validity of the evidence that can be used to prove or disprove the

  facts of the case, identify the perpetrators, and recover the losses. Evidence collection should follow the standards and best practices for digital forensics, such as ISO/IEC 270371, which provide guidelines for ensuring the integrity,

  authenticity, reliability, and admissibility of the evidence2. The other possible options are:

  A. Communication with law enforcement: This is the process of reporting, cooperating, and coordinating with law enforcement agencies that have the jurisdiction and authority to investigate and prosecute cybercrimes. Communication with law enforcement is an important aspect of the response process for cybercrimes, but it is not an IS auditor's primary focus when evaluating it. Communication with law enforcement depends on the legal and regulatory requirements, the nature and severity of the incident, and the organizational policies and procedures. Communication with law enforcement should be done after evidence collection, to avoid compromising or contaminating the evidence3.

  B. Notification to regulators: This is the process of informing and updating the relevant regulatory bodies or authorities that oversee or supervise the organization's activities or industry sector about the cybercrime incident. Notification to regulators is an important aspect of the response process for cybercrimes, but it is not an IS auditor's primary focus when evaluating it. Notification to regulators depends on the legal and regulatory requirements, the nature and impact of the incident, and the organizational policies and procedures. Notification to regulators should be done after evidence collection, to avoid disclosing sensitive or confidential information4.

  C. Root cause analysis: This is the process of identifying and analyzing the underlying factors or causes that led to or contributed to the cybercrime incident. Root cause analysis is an important aspect of the response process for cybercrimes, but it is not an IS auditor's primary focus when evaluating it. Root cause analysis helps to prevent or mitigate future incidents, improve security controls and processes, and learn from mistakes. Root cause analysis should be done after evidence collection, to avoid interfering with or affecting the investigation5.

• Question 150:

  An IS auditor is reviewing the operational database management of an organization that uses cloud systems for hosting. Which of the following should be the auditor's PRIMARY area of focus?

  A. Cloud vendor security certifications
  B. Auto-scaling of provisioning costs
  C. Security settings configuration
  D. Large-scale data transfers
  C. Security settings configuration

  ---

  Explanation

  Explanation