Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 1981:

  Which of the following is the MOST important consideration when defining an operational log management strategy?

  A. Audit recommendations
  B. Industry benchmarking
  C. Event response procedures
  D. Stakeholder requirements
  D. Stakeholder requirements

  ---

  Explanation

  The most important consideration when defining an operational log management strategy is understanding and meeting stakeholder requirements. This ensures that the strategy aligns with organizational needs and regulatory requirements,

  providing relevant and actionable information for security and compliance.

  References:

  ISACA CISA Review Manual 27th Edition, Page 273-274 (Log Management)

• Question 1982:

  An IS auditor discovers an option in a database that allows the administrator to directly modify any table. This option is necessary to overcome bugs in the software, but is rarely used. Changes to tables are automatically logged. The IS auditor's FIRST action should be to:

  A. recommend that the option to directly modify the database be removed immediately.
  B. recommend that the system require two persons to be involved in modifying the database.
  C. determine whether the log of changes to the tables is backed up.
  D. determine whether the audit trail is secured and reviewed.
  D. determine whether the audit trail is secured and reviewed.

  ---

  Explanation

  The IS auditor's first action after discovering an option in a database that allows the administrator to directly modify any table should be to determine whether the audit trail is secured and reviewed. This is because direct modification of database tables can pose a significant risk to data integrity, security, and accountability. An audit trail is a record of all changes made to database tables, including who made them, when they were made, and what was changed. An audit trail can help to detect unauthorized or erroneous changes, provide evidence for investigations or audits, and support data recovery or restoration. The IS auditor should assess whether the audit trail is protected from tampering or deletion, and whether it is regularly reviewed for anomalies or exceptions.

• Question 1983:

  An IS auditor is mapping controls to risk for an accounts payable system. What is the BEST control to detect errors in the system?

  A. Alignment of the process to business objectives
  B. Quality control review of new payments
  C. Management approval of payments
  D. Input validation
  D. Input validation

  ---

  Explanation

• Question 1984:

  An IS auditor found that operations personnel failed to run a script contributing to year-end financial statements. Which of the following is the BEST recommendation?

  A. Retrain operations personnel.
  B. Implement a closing checklist.
  C. Update the operations manual.
  D. Bring staff with financial experience into operations.
  B. Implement a closing checklist.

  ---

  Explanation

  The best recommendation for the IS auditor to make is to implement a closing checklist, as this will help to ensure that all the required tasks and scripts are performed and verified during the year-end closing process. A closing checklist can also help to prevent errors, omissions, and delays that could affect the accuracy and timeliness of the financial statements

• Question 1985:

  A new regulation requires organizations to report significant security incidents to the regulator within 24 hours of identification. Which of the following is the IS auditor's BEST recommendation to facilitate compliance with the regulation?

  A. Include the requirement in the incident management response plan.
  B. Establish key performance indicators (KPIs) for timely identification of security incidents.
  C. Enhance the alert functionality of the intrusion detection system (IDS).
  D. Engage an external security incident response expert for incident handling.
  A. Include the requirement in the incident management response plan.

  ---

  Explanation

  The best recommendation to facilitate compliance with the regulation that requires organizations to report significant security incidents to the regulator within 24 hours of identification is to include the requirement in the incident management response plan. An incident management response plan is a document that defines the roles, responsibilities, procedures, and tools for managing security incidents effectively and efficiently. Including the requirement in the incident management response plan can help ensure that security incidents are identified, classified, reported, and escalated in accordance with the regulation. The other options are not as effective as including the requirement in the incident management response plan, as they do not address all aspects of incident management or compliance. Establishing key performance indicators (KPIs) for timely identification of security incidents is a monitoring technique that can help measure and improve the performance of incident management processes, but it does not ensure compliance with the regulation. Enhancing the alert functionality of the intrusion detection system (IDS) is a technical control that can help detect and notify security incidents faster, but it does not ensure compliance with the regulation. Engaging an external security incident response expert for incident handling is a contingency measure that can help augment the organization's internal capabilities and resources for managing security incidents, but it does not ensure compliance with the regulation.

  References: CISA Review Manual (Digital Version), Chapter 4, Section 4.2.2

• Question 1986:

  The use of which of the following is an inherent risk in the application container infrastructure?

  A. Shared registries
  B. Host operating system
  C. Shared data
  D. Shared kernel
  D. Shared kernel

  ---

  Explanation

  Application containers are a form of operating system virtualization that share the same kernel as the host operating system. This means that any vulnerability or compromise in the kernel can affect all the containers running on the same host, as well as the host itself. Additionally, containers may have privileged access to the kernel resources and functions, which can pose a risk of unauthorized or malicious actions by the container processes. Therefore, securing the kernel is a critical aspect of application container security. Shared registries (option A) are not an inherent risk in the application container infrastructure, but they are a potential risk that depends on how they are configured and managed. Shared registries are repositories that store and distribute container images. They can be public or private, and they can have different levels of security and access controls. Shared registries can pose a risk of exposing sensitive data, distributing malicious or vulnerable images, or allowing unauthorized access to images. However, these risks can be mitigated by using secure connections, authentication and authorization mechanisms, image signing and scanning, and encryption. Host operating system (option B) is not an inherent risk in the application container infrastructure, but it is a potential risk that depends on how it is configured and maintained. Host operating system is the underlying platform that runs the application containers and provides them with the necessary resources and services. Host operating system can pose a risk of exposing vulnerabilities, misconfigurations, or malware that can affect the containers or the host itself. However, these risks can be mitigated by using minimal and hardened operating systems, applying patches and updates, enforcing security policies and controls, and isolating and monitoring the host. Shared data (option C) is not an inherent risk in the application container infrastructure, but it is a potential risk that depends on how it is stored and accessed. Shared data is the information that is used or generated by the application containers and that may be shared among them or with external entities. Shared data can pose a risk of leaking confidential or sensitive data, corrupting or losing data integrity, or violating data privacy or compliance requirements. However, these risks can be mitigated by using secure storage solutions, encryption and decryption mechanisms, access control and auditing policies, and backup and recovery procedures. Therefore, option D is the correct answer.

  References: Application Container Security Guide | NIST CSA for a Secure Application Container Architecture Application Container Security: Risks and Countermeasures

• Question 1987:

  Before concluding that internal controls can be relied upon, the IS auditor should:

  A. discuss the internal control weaknesses with the auditee
  B. document application controls
  C. conduct tests of compliance
  D. document the system of internal control
  D. document the system of internal control

  ---

  Explanation

• Question 1988:

  Which of the following is the MOST important responsibility of data owners when implementing a data classification process?

  A. Reviewing emergency changes to data
  B. Authorizing application code changes
  C. Determining appropriate user access levels
  D. Implementing access rules over database tables
  C. Determining appropriate user access levels

  ---

  Explanation

  The most important responsibility of data owners when implementing a data classification process is determining appropriate user access levels (option C). This is because:

  Data owners are the persons or entities that have the authority and responsibility for the business processes and functions that collect, use, store, and dispose of data. Data owners are accountable for ensuring that the data is handled in

  compliance with the applicable laws, regulations, policies, and standards, such as the GDPR and the PIPEDA.

  Data owners are in the best position to determine the purpose and necessity of collecting and retaining data, as well as the risks and benefits associated with it. Data owners should consult with other stakeholders, such as the risk manager,

  the database administrator (DBA), and the privacy manager, to establish and implement appropriate data classification policies and procedures. Data classification is the process of organizing data in groups based on their attributes and

  characteristics, and then assigning class labels that describe a set of attributes that hold true for the corresponding data sets. Data classification helps organizations to identify, manage, protect, and understand their data, as well as to comply

  with modern data privacy regulations. Data classification also helps to determine appropriate user access levels, which means defining who can access, modify, share, or delete data based on their roles, responsibilities, and needs.

  Determining appropriate user access levels is the most important responsibility of data owners when implementing a data classification process, as it ensures that only authorized and legitimate users can access sensitive or important data.

  This provides confidentiality, integrity, availability, and accountability of data. Reviewing emergency changes to data (option A), authorizing application code changes (option B), and implementing access rules over database tables (option D)

  are not the most important responsibilities of data owners when implementing a data classification process. These are more related to the operational aspects of data management, which are usually delegated to other roles, such as the DBA

  or the IT staff. The data owner should oversee and approve these activities, but not perform them directly.

• Question 1989:

  Which of the following provides the MOST protection against emerging threats?

  A. Demilitarized zone (DMZ)
  B. Heuristic intrusion detection system (IDS)
  C. Real-time updating of antivirus software
  D. Signature-based intrusion detection system (IDS)
  B. Heuristic intrusion detection system (IDS)

  ---

  Explanation

  A heuristic intrusion detection system (IDS) provides the most protection against emerging threats, as it uses behavioral analysis and anomaly detection to identify unknown or zero-day attacks. A heuristic IDS can adapt to changing patterns and learn from previous incidents, making it more effective than a signature-based IDS, which relies on predefined rules and signatures to detect known attacks. A demilitarized zone (DMZ) is a network segment that separates the internal network from the external network, and it can provide some protection against external threats, but not against internal or emerging threats. Real-time updating of antivirus software is important to protect against malware, but it may not be sufficient to prevent new or sophisticated attacks that exploit unknown vulnerabilities.

  References: CISA Review Manual (Digital Version) 1, page 452-453.

• Question 1990:

  Which of the following is the PRIMARY objective of a control self-assessment (CSA)?

  A. To shift some control monitoring responsibilities to functional areas
  B. To create cohesive teams through employee involvement
  C. To improve the audit rating process
  D. To reduce control costs associated with a specific function
  C. To improve the audit rating process

  ---

  Explanation