Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 291:

  During an IT operations audit multiple unencrypted backup tapes containing sensitive credit card information cannot be found Which of the following presents the GREATEST risk to the organization?

  A. Reputational damage due to potential identity theft
  B. Business disruption if a data restore cannot be completed
  C. The cost of recreating the missing backup tapes
  D. Human resource cost of responding to the incident
  B. Business disruption if a data restore cannot be completed

  ---

  Explanation

• Question 292:

  Which of the following are BEST suited for continuous auditing?

  A. Low-value transactions
  B. Real-lime transactions
  C. Irregular transactions
  D. Manual transactions
  B. Real-lime transactions

  ---

  Explanation

  Continuous auditing is a method of performing audit-related activities on a real-time or near real-time basis. Continuous auditing is best suited for real-time transactions, such as online banking, e-commerce, or electronic funds transfer, that require immediate verification and assurance. Low-value transactions are not necessarily suitable for continuous auditing, as they may not pose significant risks or require frequent monitoring. Irregular transactions are not suitable for continuous auditing, as they may not occur frequently or consistently enough to justify the use of continuous auditing techniques. Manual transactions are not suitable for continuous auditing, as they may not be captured or processed by automated systems that enable continuous auditing.

  References: CISA Review Manual, 27th Edition, pages 307-3081 CISA Review Questions, Answers and Explanations Database, Question ID: 253

• Question 293:

  In an online application, which of the following would provide the MOST information about the transaction audit trail?

  A. System/process flowchart
  B. File layouts
  C. Data architecture
  D. Source code documentation
  C. Data architecture

  ---

  Explanation

  In an online application, data architecture provides the most information about the transaction audit trail, as it describes how data are created, stored, processed, accessed and exchanged among different components of the application. Data architecture includes data models, schemas, dictionaries, metadata, standards and policies that define the structure, quality, integrity, security and governance of data. Data architecture can help the IS auditor to trace the origin, flow, transformation and destination of data in an online transaction, and to identify the key data elements, attributes and relationships that are relevant for audit purposes. A system/process flowchart is a graphical representation of the sequence of steps or activities that are performed by a system or process. A system/process flowchart can provide some information about the transaction audit trail, but it is not as detailed or comprehensive as data architecture. A system/process flowchart shows the inputs, outputs, decisions and actions of a system or process, but it does not show the data elements, attributes and relationships that are involved in each step or activity. A file layout is a specification of the format and structure of a data file. A file layout can provide some information about the transaction audit trail, but it is not as detailed or comprehensive as data architecture. A file layout shows the fields, types, lengths and positions of data in a file, but it does not show the origin, flow, transformation and destination of data in an online transaction. Source code documentation is a description of the logic, functionality and purpose of a program or module written in a programming language. Source code documentation can provide some information about the transaction audit trail, but it is not as detailed or comprehensive as data architecture. Source code documentation shows the instructions, variables and parameters that are used to perform calculations and operations on data, but it does not show the data elements, attributes and relationships that are involved in each instruction or operation.

  References: CISA Review Manual (Digital Version) 1, Chapter 4: Information Systems Operations and Business Resilience, Section 4.2: Data Administration Practices.

• Question 294:

  Which of the following measures BEST mitigates the risk of data exfiltration during a cyberattack?

  A. Data loss prevention (DLP) system
  B. Network access controls (NAC)
  C. Perimeter firewall
  D. Hashing of sensitive data
  A. Data loss prevention (DLP) system

  ---

  Explanation

• Question 295:

  Which of the following methods BEST ensures that a comprehensive approach is used to direct information security activities?

  A. Creating communication channels
  B. Promoting security training
  C. Establishing a steering committee
  D. Holding periodic meetings with business owners
  B. Promoting security training

  ---

  Explanation

• Question 296:

  Which of the following is the BEST source of information when assessing the amount of time a project will take?

  A. GANTT chart
  B. Workforce estimate
  C. Critical path analysis
  D. Scheduling budget
  A. GANTT chart

  ---

  Explanation

• Question 297:

  Which of the following would MOST effectively ensure the integrity of data transmitted over a network?

  A. Message encryption
  B. Certificate authority (CA)
  C. Steganography
  D. Message digest
  D. Message digest

  ---

  Explanation

  The most effective way to ensure the integrity of data transmitted over a network is to use a message digest. A message digest is a cryptographic function that generates a unique and fixed-length value (also known as a hash or checksum) from any input data. The message digest can be used to verify that the data has not been altered or corrupted during transmission by comparing it with the message digest generated at the destination. Message encryption is a method of protecting the confidentiality of data transmitted over a network by transforming it into an unreadable format using a secret key. Message encryption does not ensure the integrity of data, as it does not prevent or detect unauthorized modifications. Certificate authority (CA) is an entity that issues and manages digital certificates that bind public keys to identities. CA does not ensure the integrity of data, as it does not prevent or detect unauthorized modifications. Steganography is a technique of hiding data within other data, such as images or audio files. Steganography does not ensure the integrity of data, as it does not prevent or detect unauthorized modifications.

  References: CISA Review Manual, 27th Edition, pages 383-3841 CISA Review Questions, Answers and Explanations Database, Question ID: 258

• Question 298:

  Which of the following should be an IS auditor's GREATEST concern when reviewing an organization's security controls for policy compliance?

  A. The security policy has not been reviewed within the past year.
  B. Security policy documents are available on a public domain website.
  C. Security policies are not applicable across all business units.
  D. End users are not required to acknowledge security policy training.
  B. Security policy documents are available on a public domain website.

  ---

  Explanation

• Question 299:

  When assessing a business case as part of a post-implementation review, the IS auditor must ensure that the:

  A. feasibility of alternative project approaches has been assessed.
  B. business case has not been amended since project approval.
  C. quality assurance measures have been applied throughout the project.
  D. amendments to the business case have been approved.
  D. amendments to the business case have been approved.

  ---

  Explanation

• Question 300:

  Afire alarm system has been installed in the computer room The MOST effective location for the fire alarm control panel would be inside the

  A. computer room closest to the uninterruptible power supply (UPS) module
  B. computer room closest to the server computers
  C. system administrators' office
  D. booth used by the building security personnel
  D. booth used by the building security personnel

  ---

  Explanation

  A fire alarm system is a device that detects and alerts people of the presence of fire or smoke in a building. A fire alarm control panel is the central unit that monitors and controls the fire alarm system. The most effective location for the fire

  alarm control panel would be inside the booth used by the building security personnel. This is because:

  The security personnel can quickly and easily access the fire alarm control panel in case of an emergency, and take appropriate actions such as notifying the fire department, evacuating the building, or resetting the system. The fire alarm

  control panel can be protected from unauthorized access, tampering, or damage by the security personnel, who can also monitor its status and performance regularly. The fire alarm control panel can be isolated from the computer room,

  which may be exposed to higher risks of fire or smoke due to the presence of electrical equipment, such as uninterruptible power supply (UPS) modules or server computers.

  The fire alarm control panel can be connected to the computer room through a dedicated communication line, which can ensure reliable and timely transmission of signals and information between the two locations.

  References:

  [1]: Fire Alarm Control Panel - an overview | ScienceDirect Topics [2]: Fire Alarm Control Panel - What is it and how does it work? | Fire Protection Online [3]: Fire Alarm Control Panel Installation Guide - XLS3000 - Honeywell