Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 561:

  An organization has partnered with a third party to transport backup drives to an offsite storage facility. Which of the following is MOST important before sending the drives?

  A. Creating a chain of custody to accompany the drive in transit
  B. Ensuring data protection is aligned with the data classification policy
  C. Encrypting the drive with strong protection standards
  D. Ensuring the drive is placed in a tamper-evident mechanism
  C. Encrypting the drive with strong protection standards

  ---

  Explanation

  Before sending backup drives to an offsite storage facility, the most important thing to do is to encrypt the drive with strong protection standards. This is because encryption ensures effective security where information cannot be intercepted and used to harm the organization or its customers. Encryption also protects the data from unauthorized access, modification, or deletion in case the drive is lost, stolen, or damaged during transit or storage. Encryption of backup drives is especially important for public safety organizations that handle sensitive or personally identifiable information, such as medical records, criminal records, or emergency communications.

• Question 562:

  A database administrator (DBA) extracts a user listing for an auditor as testing evidence. Which of the following will provide the GREATEST assurance that the user listing is reliable?

  A. Requesting a query that returns the count of the users.
  B. Requesting a copy of the query that generated the user listing
  C. Obtaining sign-off from the DBA to attest that the list is complete
  D. Witnessing the DBA running the query in-person
  C. Obtaining sign-off from the DBA to attest that the list is complete

  ---

  Explanation

• Question 563:

  A recent audit has identified that security controls required by the organization's policies have not been implemented for a particular application. What should the information security manager do NEXT to address this issue?

  A. Deny access to the application until the issue is resolved.
  B. Discuss the issue with data custodians to determine the reason for the exception.
  C. Report the issue to senior management and request funding to fix the issue.
  D. Discuss the issue with data owners to determine the reason for the exception.
  D. Discuss the issue with data owners to determine the reason for the exception.

  ---

  Explanation

• Question 564:

  Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?

  A. Legal
  B. Help desk
  C. Human resources
  D. Information security
  D. Information security

  ---

  Explanation

• Question 565:

  An IS auditor has completed the fieldwork phase of a network security review and is preparing the initial following findings should be ranked as the HIGHEST risk?

  A. Network penetration tests are not performed
  B. The network firewall policy has not been approved by the information security officer.
  C. Network firewall rules have not been documented.
  D. The network device inventory is incomplete.
  A. Network penetration tests are not performed

  ---

  Explanation

  The finding that should be ranked as the highest risk is that network penetration tests are not performed. Network penetration tests are simulated cyberattacks that aim to identify and exploit the vulnerabilities and weaknesses of the network security controls, such as firewalls, routers, switches, servers, and devices. Network penetration tests are essential for assessing the effectiveness and resilience of the network security posture, and for providing recommendations for improvement and remediation. If network penetration tests are not performed, the organization may not be aware of the existing or potential threats and risks to its network, and may not be able to prevent or respond to real cyberattacks, which can result in data breaches, service disruptions, financial losses, reputational damage, and legal or regulatory penalties. The other findings are also important, but not as risky as the lack of network penetration tests, because they either do not directly affect the network security controls, or they can be addressed by documentation or approval processes.

  References: CISA Review Manual (Digital Version)1, Chapter 5, Section 5.2.4

• Question 566:

  Which of the following should be an IS auditor's GREATEST concern when an international organization intends to roll out a global data privacy policy?

  A. Requirements may become unreasonable.
  B. The policy may conflict with existing application requirements.
  C. Local regulations may contradict the policy.
  D. Local management may not accept the policy.
  C. Local regulations may contradict the policy.

  ---

  Explanation

  The greatest concern for an IS auditor when an international organization intends to roll out a global data privacy policy is that local regulations may contradict the policy. Data privacy regulations vary across different countries and regions, and they may impose different or conflicting requirements on how personal data can be collected, processed, stored, transferred, and disclosed. The organization should ensure that its global data privacy policy complies with the applicable local regulations in each jurisdiction where it operates, or risk facing legal sanctions or reputational damage. Requirements may become unreasonable, but this is not a major concern for an IS auditor, as it is a business decision that should be based on a cost-benefit analysis. The policy may conflict with existing application requirements, but this is not a serious concern for an IS auditor, as it can be resolved by modifying or updating the applications to align with the policy. Local management may not accept the policy, but this is not a critical concern for an IS auditor, as it can be mitigated by providing adequate training and awareness on the policy and its benefits.

  References: CISA Review Manual, 27th Edition, pages 406-4071 CISA Review Questions, Answers and Explanations Database, Question ID: 2592

• Question 567:

  An organization that has suffered a cyber-attack is performing a forensic analysis of the affected users' computers. Which of the following should be of GREATEST concern for the IS auditor reviewing this process?

  A. An imaging process was used to obtain a copy of the data from each computer.
  B. The legal department has not been engaged.
  C. The chain of custody has not been documented.
  D. Audit was only involved during extraction of the Information
  C. The chain of custody has not been documented.

  ---

  Explanation

  The chain of custody has not been documented is a finding that should be of greatest concern for an IS auditor reviewing a forensic analysis process of an organization that has suffered a cyber attack. The chain of custody is a record of who handled, accessed, or modified the evidence during a forensic investigation. Documenting the chain of custody is essential to preserve the integrity, authenticity, and admissibility of the evidence in a court of law. The other options are less concerning findings that may not affect the validity or reliability of the forensic analysis process.

  References: CISA Review Manual (Digital Version), Chapter 7, Section 7.51 CISA Review Questions, Answers and Explanations Database, Question ID 220

• Question 568:

  Which of the following is the PRIMARY role of the IT steering committee?

  A. Granting authorization for periodic IT audits
  B. Periodically reporting to business units about IT performance
  C. Facilitating collaboration between business and IT
  D. Ensuring business units are supporting IT objectives
  C. Facilitating collaboration between business and IT

  ---

  Explanation

  Explanation

• Question 569:

  Which of the following is the MOST important consideration for patching mission critical business application servers against known vulnerabilities?

  A. Patches are implemented in a test environment prior to rollout into production.
  B. Network vulnerability scans are conducted after patches are implemented.
  C. Vulnerability assessments are periodically conducted according to defined schedules.
  D. Roles and responsibilities for implementing patches are defined
  A. Patches are implemented in a test environment prior to rollout into production.

  ---

  Explanation

  The most important consideration for patching mission critical business application servers against known vulnerabilities is A. Patches are implemented in a test environment prior to rollout into production. This is because patching mission critical business application servers involves a high level of risk and complexity, and requires careful planning and testing before applying the patches to the live environment. Patches may introduce new bugs, errors, or conflicts that could affect the functionality, performance, or security of the application servers, and cause system downtime, data loss, or business disruption. Therefore, it is essential to implement patches in a test environment first, where the patches can be verified and validated for their effectiveness and compatibility, and any issues or defects can be identified and resolved before they impact the production environment.

• Question 570:

  The PRIMARY purpose of requiring source code escrow in a contractual agreement is to:

  A. comply with vendor management policy
  B. convert source code to new executable code.
  C. satisfy regulatory requirements.
  D. ensure the source code is available.
  D. ensure the source code is available.

  ---

  Explanation

  The primary purpose of requiring source code escrow in a contractual agreement is to ensure the source code is available. Source code escrow is a service that involves depositing the source code of a software or system with a third-party agent or escrow provider, who can release it to a designated beneficiary under specific conditions, such as bankruptcy, termination, or breach of contract by the software vendor or developer. Source code escrow can help to protect the interests and rights of the software user or licensee, who may need access to the source code for maintenance, modification, enhancement, or troubleshooting purposes. The IS auditor should verify that the contractual agreement specifies the terms and conditions for source code escrow, such as the escrow agent, the escrow fees, the deposit frequency and format, the release events and procedures, and the verification and audit requirements.

  References: CISA Review Manual (Digital Version)1, Chapter 3, Section 3.2.2