Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 271:

  Which of the following is a detective control that can be used to uncover unauthorized access to information systems?

  A. Requiring long and complex passwords for system access
  B. Implementing a security information and event management (SIEM) system
  C. Requiring internal audit to perform periodic reviews of system access logs
  D. Protecting access to the data center with multifactor authentication
  B. Implementing a security information and event management (SIEM) system

  ---

  Explanation

• Question 272:

  A new application will require multiple interfaces. Which of the following testing methods can be used to detect interface errors early in the development life cycle1?

  A. Bottom up
  B. Acceptance
  C. Top down
  D. Sociability
  D. Sociability

  ---

  Explanation

• Question 273:

  Which of the following establishes the PRIMARY difference between a business continuity plan (BCP) and a disaster recovery plan (DRP)?

  A. The annual testing requirements
  B. The focus on system recovery
  C. The timeframe for plan activation
  D. The involvement of senior management
  C. The timeframe for plan activation

  ---

  Explanation

  Theprimarydifference between aBusiness Continuity Plan (BCP)and aDisaster Recovery Plan (DRP)lies in theirtimeframe for activationand overall scope.

  BCP (Business Continuity Plan):

  DRP (Disaster Recovery Plan):

  Thetimeframefor activation is the key difference because:

  BCPis implementedimmediatelyto ensure business continuity. DRPis implementedafterthe disaster to restore IT operations. A. The annual testing requirements Both BCP and DRP require regular testing, so this is not the key differentiator.

  B.

  The focus on system recovery Only DRP focuses on system recovery, but the BCP covers more than just IT. The key difference is still the timeframe.

  D. The involvement of senior management Senior management is involved in both plans,

  so this is not the primary distinction.

  ISACA CISA Review Manual, 28th Edition, Chapter 4:Information Systems Operations and Business Resilience

  Why Not the Other Options?

  References:

• Question 274:

  To confirm integrity for a hashed message, the receiver should use:

  A. the same hashing algorithm as the sender's to create a binary image of the file.
  B. a different hashing algorithm from the sender's to create a binary image of the file.
  C. the same hashing algorithm as the sender's to create a numerical representation of the file.
  D. a different hashing algorithm from the sender's to create a numerical representation of the file.
  A. the same hashing algorithm as the sender's to create a binary image of the file.

  ---

  Explanation

  To confirm integrity for a hashed message, the receiver should use the same hashing algorithm as the sender's to create a binary image of the file. A hashing algorithm is a mathematical function that transforms an input data into a fixed-

  length output value, called a hash or a digest. A hashing algorithm has two main properties: it is one- way, meaning that it is easy to compute the hash from the input, but hard to recover the input from the hash; and it is collision-resistant,

  meaning that it is very unlikely to find two different inputs that produce the same hash. These properties make hashing algorithms useful for verifying the integrity of data, as any change in the input data will result in a different hash value.

  Therefore, to confirm integrity for a hashed message, the receiver should use the same hashing algorithm as the sender's to create a binary image of the file, which is a representation of the file in bits (0s and 1s). The receiver should then

  compare this binary image with the hash value sent by the sender. If they match, then the message has not been altered in transit. If they do not match, then the message has been corrupted or tampered with.

  References:

  Ensuring Data Integrity with Hash Codes Message Integrity

• Question 275:

  What should an IS auditor ensure when a financial organization intends to utilize production data in the testing environment?

  A. The data utilized is de-identified.
  B. The data utilized is accurate.
  C. The data utilized is complete.
  D. The data utilized is current.
  A. The data utilized is de-identified.

  ---

  Explanation

  Explanation

• Question 276:

  Which of the following should be included in emergency change control procedures?

  A. Use an emergency ID to move production programs into development.
  B. Request that the help desk make the changes.
  C. Update production source libraries to reflect changes.
  D. Obtain user management approval before implementing the changes.
  D. Obtain user management approval before implementing the changes.

  ---

  Explanation

• Question 277:

  An IS auditor notes that several employees are spending an excessive amount of time using social media sites for personal reasons. Which of the following should the auditor recommend be performed FIRST?

  A. Implement a process to actively monitor postings on social networking sites.
  B. Adjust budget for network usage to include social media usage.
  C. Use data loss prevention (DLP) tools on endpoints.
  D. implement policies addressing acceptable usage of social media during working hours.
  D. implement policies addressing acceptable usage of social media during working hours.

  ---

  Explanation

  The first course of action that the auditor should recommend after finding that several employees are spending an excessive amount of time using social media sites for personal reasons is to implement policies addressing acceptable usage of social media during working hours. Policies can help define the scope, purpose, rules, and expectations of using social media in the workplace, both for personal and professional reasons. Policies can also specify the consequences of violating the policies, such as disciplinary actions or termination. Policies can help deter employees from misusing social media at work, which could affect their productivity, performance, or security. Policies can also help protect the organization from legal liabilities or reputational damages that could arise from inappropriate or unlawful employee behavior on social media.

• Question 278:

  During an audit of a multinational bank's disposal process, an IS auditor notes several findings. Which of the following should be the auditor's GREATEST concern?

  A. Backup media are not reviewed before disposal.
  B. Degaussing is used instead of physical shredding.
  C. Backup media are disposed before the end of the retention period
  D. Hardware is not destroyed by a certified vendor.
  C. Backup media are disposed before the end of the retention period

  ---

  Explanation

  During an audit of a multinational bank's disposal process, an IS auditor should be most concerned about backup media being disposed before the end of the retention period. This is because backup media contain sensitive and critical data that may be required for business continuity, legal compliance, or forensic purposes. Disposing backup media prematurely may result in data loss, unavailability, or corruption, which may have severe consequences for the bank's reputation, operations, and security. Backup media not being reviewed before disposal, degaussing being used instead of physical shredding, and hardware not being destroyed by a certified vendor are also findings that may pose some risks to the bank's disposal process, but they are not as critical as backup media being disposed before the end of the retention period.

  References: ISACA CISA Review Manual 27th Edition, page 302.

• Question 279:

  When implementing an upgraded ERP system, which of the following is the MOST important consideration for a go-live decision?

  A. Test cases
  B. Rollback strategy
  C. Business case
  D. Post-implementation review objectives
  C. Business case

  ---

  Explanation

• Question 280:

  A programmer has made unauthorized changes to key fields in a payroll system report. Which of the following control weaknesses would have contributed MOST to this problem?

  A. The programmer did not involve the user in testing.
  B. The user requirements were not documented.
  C. Payroll files were not under the control of a librarian.
  D. The programmer has access to the production programs.
  D. The programmer has access to the production programs.

  ---

  Explanation

  The programmer having access to the production programs is the most likely control weakness that would have contributed to the unauthorized changes to the payroll system report. This is because the programmer could modify the production code without proper authorization, documentation, or testing, and bypass the change management process. This could result in errors, fraud, or data integrity issues in the payroll system. The programmer should only have access to the development or test environment, and the production programs should be under the control of a librarian or a change manager.

  References: ISACA CISA Review Manual, 27th Edition, page 254, 4 Types of Internal Control Weaknesses ACCT 4631 - Internal Auditing: CIA Quiz Topic 6 Flashcards