Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 501:

  Which of the following communication modes should be of GREATEST concern to an IS auditor evaluating end-user networking?

  A. System-to-system
  B. Peer-to-peer
  C. Host-to-host
  D. Client-to-server
  B. Peer-to-peer

  ---

  Explanation

• Question 502:

  Which of the following should an IS auditor ensure is classified at the HIGHEST level of sensitivity?

  A. Server room access history
  B. Emergency change records
  C. IT security incidents
  D. Penetration test results
  D. Penetration test results

  ---

  Explanation

  The IS auditor should ensure that penetration test results are classified at the highest level of sensitivity, because they contain detailed information about the vulnerabilities and weaknesses of the IT systems and networks, as well as the methods and tools used by the testers to exploit them. Penetration test results can be used by malicious actors to launch cyberattacks or cause damage to the organization if they are disclosed or accessed without authorization. Therefore, they should be protected with the highest level of confidentiality, integrity and availability. The other options are not as sensitive as penetration test results, because they either do not reveal as much information about the IT security posture, or they are already known or reported by the organization.

  References: CISA Review Manual (Digital Version)1, Chapter 5, Section 5.2.4

• Question 503:

  Which of the following techniques BEST mitigates the risk of pervasive network attacks?

  A. Segmentation
  B. Configuration assessment
  C. Encryption
  D. Demilitarized zone (DMZ)
  A. Segmentation

  ---

  Explanation

  Explanation

• Question 504:

  Which of the following would BEST detect that a distributed denial of service (DDoS) attack is occurring?

  A. Customer service complaints
  B. Automated monitoring of logs
  C. Server crashes
  D. Penetration testing
  B. Automated monitoring of logs

  ---

  Explanation

  The best way to detect that a distributed denial of service (DDoS) attack is occurring is to use automated monitoring of logs. A DDoS attack disrupts the operations of a server, service, or network by flooding it with unwanted Internet traffic2. Automated monitoring of logs can help pinpoint potential DDoS attacks by analyzing network traffic patterns, monitoring traffic spikes or other unusual activity, and alerting administrators or security teams of any anomalies or malicious requests, protocols, or IP blocks3. Automated monitoring of logs can also help identify the source, type, and impact of the DDoS attack, and provide evidence for further investigation or mitigation. The other options are not as effective as automated monitoring of logs for detecting DDoS attacks. Customer service complaints are an indirect and delayed indicator of a DDoS attack, as they rely on users reporting problems with accessing a website or service. Customer service complaints may also be caused by other factors unrelated to DDoS attacks, such as server errors or network issues. Server crashes are an extreme and undesirable indicator of a DDoS attack, as they indicate that the server has already been overwhelmed by the attack and has stopped functioning. Server crashes may also result in data loss or corruption, service disruption, or reputational damage. Penetration testing is a proactive and preventive measure for assessing the security posture of a system or network, but it does not detect ongoing DDoS attacks. Penetration testing may involve simulating DDoS attacks to test the resilience or vulnerability of a system or network, but it does not monitor real-time traffic or identify actual attackers.

  References: ISACA CISA Review Manual 27th Edition (2019), page 254 How to prevent DDoS attacks | Methods and tools | Cloudflare2 Understanding Denial-of-Service Attacks | CISA3

• Question 505:

  During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period. Which of the following is the auditor's MOST important course of action?

  A. Document the finding and present it to management.
  B. Determine if a root cause analysis was conducted.
  C. Confirm the resolution time of the incidents.
  D. Validate whether all incidents have been actioned.
  B. Determine if a root cause analysis was conducted.

  ---

  Explanation

  The IS auditor's most important course of action after finding that several similar incidents were logged during the audit period is to determine if a root cause analysis was conducted. A root cause analysis is a systematic process that identifies the underlying causes of system failures or incidents. A root cause analysis can help to prevent recurrence of similar incidents, improve system performance and reliability, and enhance incident management processes. The IS auditor should evaluate whether a root cause analysis was performed for each incident, whether it was timely and thorough, and whether it resulted in effective corrective actions.

• Question 506:

  Which of the following provides an IS auditor assurance that the interface between a point- of-sale (POS) system and the general ledger is transferring sales data completely and accurately?

  A. Electronic copies of customer sales receipts are maintained.
  B. Monthly bank statements are reconciled without exception.
  C. Nightly batch processing has been replaced with real-time processing.
  D. The data transferred over the POS interface is encrypted.
  A. Electronic copies of customer sales receipts are maintained.

  ---

  Explanation

  The best option to provide an IS auditor assurance that the interface between a point-of- sale (POS) system and the general ledger is transferring sales data completely and accurately is A. Electronic copies of customer sales receipts are maintained. Electronic copies of customer sales receipts are records of the transactions that occurred at the POS system, which can be compared with the data transferred to the general ledger. This can help detect any errors, omissions, or discrepancies in the data transfer process and ensure that the sales data is complete and accurate. The other options are not as effective as A in providing assurance that the interface between the POS system and the general ledger is transferring sales data completely and accurately.

  B. Monthly bank statements are reconciled without exception. Monthly bank statements are records of the cash inflows and outflows of the organization, which may not match with the sales data recorded by the POS system and the general ledger. For example, there may be delays, discounts, returns, or refunds that affect the cash flow but not the sales revenue. Therefore, reconciling monthly bank statements without exception does not necessarily mean that the sales data is complete and accurate.

  C. Nightly batch processing has been replaced with real-time processing. Nightly batch processing is a method of transferring data from the POS system to the general ledger in batches at a scheduled time, usually at night. Real-time processing is a method of transferring data from the POS system to the general ledger as soon as the transactions occur. Real-time processing may improve the timeliness and efficiency of the data transfer process, but it does not guarantee that the sales data is complete and accurate. There may still be errors, omissions, or discrepancies in the data transfer process that need to be detected and corrected.

  D. The data transferred over the POS interface is encrypted. Encryption is a process of transforming data into an unreadable form using a secret key or algorithm, so that only authorized parties can access the original data. Encryption protects the confidentiality and security of the data transferred over the POS interface, but it does not ensure that the sales data is complete and accurate. There may still be errors, omissions, or discrepancies in the data transfer process that need to be detected and corrected.

  References: ISACA, CISA Review Manual, 27th Edition, 2019, p. 2471 ISACA, CISA Review Questions, Answers and Explanations Database - 12 Month Subscription2 Sales Audit Overview - Oracle3 Notes on Audit of Ledgers - Guidelines to Auditors - Accountlearning

• Question 507:

  The PRIMARY objective of value delivery in reference to IT governance is to:

  A. promote best practices
  B. increase efficiency.
  C. optimize investments.
  D. ensure compliance.
  C. optimize investments.

  ---

  Explanation

  The primary objective of value delivery in reference to IT governance is to optimize investments. Value delivery is one of the five focus areas of IT governance that aims to ensure that IT delivers expected benefits to stakeholders and enables business value creation. Value delivery involves aligning IT investments with business objectives and strategies, managing IT performance and benefits realization, optimizing IT costs and risks, and enhancing IT innovation and agility. Value delivery helps to maximize the return on investment (ROI) and value for money (VFM) of IT resources and capabilities.

  References: CISA Review Manual (Digital Version) CISA Questions, Answers and Explanations Database

• Question 508:

  Which of the following would minimize the risk of losing transactions as a result of a disaster?

  A. Sending a copy of the transaction logs to offsite storage on a daily basis
  B. Storing a copy of the transaction logs onsite in a fireproof vault
  C. Encrypting a copy of the transaction logs and store on a local server
  D. Signing a copy of the transaction logs and store on a local server
  A. Sending a copy of the transaction logs to offsite storage on a daily basis

  ---

  Explanation

  Sending a copy of the transaction logs to offsite storage on a daily basis would minimize the risk of losing transactions as a result of a disaster. This is because offsite storage provides a backup of the data that can be recovered in case of a catastrophic event that destroys or damages the onsite data. Storing a copy of the transaction logs onsite in a fireproof vault (B) would not protect the data from other types of disasters, such as floods, earthquakes, or theft. Encrypting ?or signing (D) a copy of the transaction logs and storing them on a local server would not prevent the loss of data if the server is affected by the disaster. Encryption and digital signatures are security measures that protect the confidentiality and integrity of the data, but not the availability.

• Question 509:

  The use of control totals reduces the risk of:

  A. posting to the wrong record.
  B. incomplete processing.
  C. improper backup.
  D. improper authorization.
  B. incomplete processing.

  ---

  Explanation

  Control totals are a method of verifying the accuracy and completeness of data processing by comparing the totals of key fields in input and output records1. Control totals can be used to reduce the risk of incomplete processing, which is the

  failure to process all the data or transactions that are expected or required.

  Incomplete processing can result in data loss, inconsistency, or incompleteness, which can affect the quality and reliability of the information system and its outputs. Incomplete processing can be caused by various factors, such as:

  Hardware or software failures that interrupt the processing or transmission of data2 Human errors or omissions that skip or miss some data or transactions2 Malicious attacks or unauthorized access that delete or modify some data or

  transactions Environmental hazards or disasters that damage or destroy some data or transactions2 Control totals can help detect and prevent incomplete processing by:

  Providing a benchmark or reference point to compare the input and output data or transactions

  Identifying any discrepancies or deviations from the expected or required totals Alerting the users or operators to investigate and resolve the causes of incomplete processing Ensuring that all the data or transactions are properly transmitted,

  converted, and processed

  The other options are not as relevant as control totals for reducing the risk of incomplete processing. Posting to the wrong record is the error of assigning or transferring data or transactions to an incorrect account, file, or record. Improper

  backup is the failure to create, store, or restore copies of data or transactions in case of loss, corruption, or damage4. Improper authorization is the lack of proper permission or approval to access, modify, or process data or transactions.

  Control totals may not be able to prevent or detect these errors or failures, as they are not related to the completeness of data processing.

  Therefore, option B is the correct answer.

  References:

  control totals - Barrons Dictionary - AllBusiness.com What is control total amount? - Sage Advice US

  Posting Error Definition

  Backup Definition

  [Authorization Definition]

• Question 510:

  An organization implemented a mandatory information security awareness training program a year ago. What is the BEST way to determine its effectiveness?

  A. Analyze responses from an employee survey on training satisfaction.
  B. Analyze results from training completion reports.
  C. Analyze results of a social engineering test.
  D. Analyze findings from previous audit reports.
  C. Analyze results of a social engineering test.

  ---

  Explanation