Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 431:

  Which of the following is the BEST performance indicator for the effectiveness of an incident management program?

  A. Average time between incidents
  B. Incident alert meantime
  C. Number of incidents reported
  D. Incident resolution meantime
  D. Incident resolution meantime

  ---

  Explanation

  The best performance indicator for the effectiveness of an incident management program is the incident resolution meantime. This is the average time it takes to resolve an incident from the moment it is reported to the moment it is closed. The incident resolution meantime reflects how quickly and efficiently the incident management team can restore normal service and minimize the impact of incidents on the business operations and customer satisfaction. The average time between incidents (option A) is not a good performance indicator for the effectiveness of an incident management program, as it does not measure how well the incidents are handled or resolved. It only shows how frequently the incidents occur, which may depend on various factors beyond the control of the incident management team, such as the complexity and reliability of the systems, the security threats and vulnerabilities, and the user behavior and expectations. The incident alert meantime (option B) is the average time it takes to detect and report an incident. While this is an important metric for measuring the responsiveness and awareness of the incident management team, it does not indicate how effective the incident management program is in resolving the incidents and restoring normal service. The number of incidents reported (option C) is also not a good performance indicator for the effectiveness of an incident management program, as it does not reflect how well the incidents are handled or resolved. It only shows how many incidents are identified and recorded, which may vary depending on the reporting channels, tools, and procedures used by the incident management team and the users. Therefore, option D is the correct answer.

  References: Incident Management: Processes, Best Practices and Tools - Atlassian What is backup and disaster recovery? | IBM

• Question 432:

  When classifying information, it is MOST important to align the classification to:

  A. business risk
  B. security policy
  C. data retention requirements
  D. industry standards
  A. business risk

  ---

  Explanation

  When classifying information, it is most important to align the classification to business risk, because it ensures that the information is protected according to its value and impact to the organization34. Business risk considers factors such as legal, regulatory, contractual, operational, reputational, and financial implications of information disclosure or compromise34. Aligning information classification to business risk also helps to prioritize and allocate resources for information security measures. Security policy, data retention requirements, and industry standards are important considerations for information classification, but not as important as business risk.

  References: 3: CISA Review Manual (Digital Version), Chapter 5, Section 5.4.2 4: CISA Online Review Course, Module 5, Lesson 4

• Question 433:

  Which of the following MOST effectively reduces the risk of emails containing personally identifiable information (PII) being sent to unauthorized recipients?

  A. Multi-factor authentication (MFA)
  B. Intrusion detection system (IDS)
  C. Email audit trails
  D. Regular security awareness training
  D. Regular security awareness training

  ---

  Explanation

  Explanation

• Question 434:

  An IS auditor is examining a front-end subledger and a main ledger. Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?

  A. Double-posting of a single journal entry
  B. Inability to support new business transactions
  C. Unauthorized alteration of account attributes
  D. Inaccuracy of financial reporting
  D. Inaccuracy of financial reporting

  ---

  Explanation

  The greatest concern for an IS auditor if there are flaws in the mapping of accounts between a front-end subledger and a main ledger is the inaccuracy of financial reporting. A subledger is a detailed record of transactions for a specific account, such as accounts receivable, accounts payable, inventory, or fixed assets. A main ledger is a summary record of all transactions for all accounts in an accounting system. The mapping of accounts between a subledger and a main ledger is the process of linking or reconciling the transactions in the subledger with the corresponding entries in the main ledger. If there are flaws in the mapping of accounts, such as missing, duplicated, or incorrect transactions, the main ledger may not reflect the true financial position and performance of the organization. This may lead to inaccurate financial reporting, which may affect decision making, compliance, auditing, taxation, and stakeholder confidence. Double-posting of a single journal entry, inability to support new business transactions, and unauthorized alteration of account attributes are not the greatest concerns for an IS auditor if there are flaws in the mapping of accounts between a front-end subledger and a main ledger. These are possible consequences or causes of flaws in the mapping of accounts, but they do not have as significant an impact as inaccuracy of financial reporting. Double- posting of a single journal entry may result in errors or discrepancies in the main ledger balances. Inability to support new business transactions may indicate limitations or inefficiencies in the accounting system design or configuration. Unauthorized alteration of account attributes may suggest weaknesses or breaches in access control or segregation of duties.

• Question 435:

  During an IT governance audit, an IS auditor notes that IT policies and procedures are not regularly reviewed and updated. The GREATEST concern to the IS auditor is that policies and procedures might not:

  A. reflect current practices.
  B. include new systems and corresponding process changes.
  C. incorporate changes to relevant laws.
  D. be subject to adequate quality assurance (QA).
  A. reflect current practices.

  ---

  Explanation

  The greatest concern for an IS auditor when reviewing IT policies and procedures that are not regularly reviewed and updated is that policies and procedures might not reflect current practices. Policies are documents that define the goals, objectives, and guidelines for an organization's information systems and resources. Procedures are documents that describe the steps, tasks, or activities for implementing or executing policies. Policies and procedures should be regularly reviewed and updated to ensure that they are relevant, accurate, consistent, and effective for the organization's information systems and resources. Policies and procedures that are not regularly reviewed and updated might not reflect current practices, as they might be outdated, obsolete, or incompatible with the current state or needs of the organization's information systems and resources. This can cause confusion, inconsistency, inefficiency, or noncompliance among users or stakeholders who rely on policies and procedures for guidance or direction. Policies and procedures might not include new systems and corresponding process changes is a possible concern for an IS auditor when reviewing IT policies and procedures that are not regularly reviewed and updated, but it is not the greatest one. Policies and procedures might not include new systems and corresponding process changes, as they might be unaware of or unresponsive to the introduction or modification of information systems or resources within the organization. This can cause gaps, overlaps, or conflicts among policies and procedures that affect different information systems or resources.

• Question 436:

  An IS auditor reviewing an organization's data privacy controls observes that privacy notices do not clearly state how the organization uses customer data for its processing operations. Which of the following data protection principles MUST be implemented to address this gap?

  A. Maintenance of data integrity
  B. Access to collected data
  C. Retention of consent documentation
  D. Purpose for data collection
  B. Access to collected data

  ---

  Explanation

• Question 437:

  From a risk management perspective, which of the following is the BEST approach when implementing a large and complex data center IT infrastructure?

  A. Simulating the new infrastructure before deployment
  B. Prototyping and a one-phase deployment
  C. A deployment plan based on sequenced phases
  D. A big bang deployment with a successful proof of concept
  C. A deployment plan based on sequenced phases

  ---

  Explanation

  The best approach from a risk management perspective when implementing a large and complex data center IT infrastructure is to use a deployment plan based on sequenced phases, as this will allow the organization to break down the

  project into manageable and measurable stages, and to monitor and control the progress, quality, and outcomes of each phase12. A phased deployment plan can also help to reduce the risks of errors, failures, or disruptions that could affect

  the entire infrastructure, and to implement corrective actions or contingency plans as needed34.

  References:

  1: Data Center Project Planning: A Guide to Success2 2: Data Center Project Planning: A Guide to Success4 3: Data Center Migration: A Step-by-Step Guide3 4: Data Center Migration: A Step-by-Step Guide1

• Question 438:

  Which of the following system attack methods is executed by entering malicious code into the search box of a vulnerable website, causing the server to reveal restricted information?

  A. Man-m-the-middle
  B. Denial of service (DoS)
  C. SQL injection
  D. Cross-site scripting
  C. SQL injection

  ---

  Explanation

  Explanation

  SQL injection attacks exploit vulnerabilities in web applications by inserting malicious SQL code into input fields, such as a search box. This can cause the server to execute unintended commands, often revealing restricted information.

  Manin- the-Middle (Option A):This intercepts communication but does not involve code injection.

  Denial of Service (DoS) (Option B):This aims to disrupt service, not extract information.

  Cross-Site Scripting (Option D):Involves injecting malicious scripts to execute in a user's browser but does not extract server-side data.

  ISACA CISA Review Manual, Job Practice Area 4: Protection of Information Assets.

• Question 439:

  Two organizations will share ownership of a new enterprise resource management (ERM) system. To help ensure the successful implementation of the system, it is MOST important to define:

  A. access to data
  B. the governance model
  C. custody of assets
  D. appropriate procedures
  A. access to data

  ---

  Explanation

• Question 440:

  An IS auditor discovers instances where software with the same license key is deployed to multiple workstations, in breach of the licensing agreement. Which of the following is the auditor's BEST recommendation?

  A. Evaluate the business case for funding of additional licenses.
  B. Require business owner approval before granting software access.
  C. Remove embedded keys from offending packages.
  D. Implement software licensing monitoring to manage duplications.
  D. Implement software licensing monitoring to manage duplications.

  ---

  Explanation