Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 601:

  Which of the following network communication protocols is used by network devices such as routers to send error messages and operational information indicating success or failure when communicating with another IP address?

  A. Transmission Control Protocol/Internet Protocol (TCP/IP)
  B. Internet Control Message Protocol
  C. Multipurpose Transaction Protocol
  D. Point-to-Point Tunneling Protocol
  B. Internet Control Message Protocol

  ---

  Explanation

• Question 602:

  An information systems security officer's PRIMARY responsibility for business process applications is to:

  A. authorize secured emergency access
  B. approve the organization's security policy
  C. ensure access rules agree with policies
  D. create role-based rules for each business process
  C. ensure access rules agree with policies

  ---

  Explanation

  Ensuring access rules agree with policies is an information systems security officer's primary responsibility for business process applications. An information systems security officer should verify that the access controls implemented for the business process applications are consistent with the organization's security policy and objectives. The other options are not the primary responsibility of an information systems security officer, but rather the tasks of an application owner, a senior management, or a business analyst.

  References: CISA Review Manual (Digital Version), Chapter 7, Section 7.3.11 CISA Review Questions, Answers and Explanations Database, Question ID 208

• Question 603:

  An organization wants to classify database tables according to its data classification scheme From an IS auditor's perspective the tables should be classified based on the:

  A. specific functional contents of each single table.
  B. frequency of updates to the table.
  C. descriptions of column names in the table.
  D. number of end users with access to the table.
  A. specific functional contents of each single table.

  ---

  Explanation

• Question 604:

  An IS auditor reviewing the throat assessment for a data cantor would be MOST concerned if:

  A. some of the identified threats are unlikely to occur.
  B. all identified threats relate to external entities.
  C. the exercise was completed by local management.
  D. neighboring organizations' operations have been included.
  B. all identified threats relate to external entities.

  ---

  Explanation

  An IS auditor reviewing the threat assessment for a data center would be most concerned if all identified threats relate to external entities. This indicates that the threat assessment is incomplete and biased, as it ignores the potential threats from internal sources, such as employees, contractors, vendors, or authorized visitors. Internal threats can pose significant risks to the data center, as they may have access to sensitive information, systems, or facilities, and may exploit their privileges for malicious or fraudulent purposes. According to a study by IBM, 60% of cyberattacks in 2015 were carried out by insiders Some of the identified threats are unlikely to occur is not a cause for concern, as it shows that the threat assessment is comprehensive and realistic, and considers all possible scenarios, regardless of their probability. A threat assessment should not exclude any potential threats based on subjective judgments or assumptions, as they may still have a high impact if they materialize. The exercise was completed by local management is not a cause for concern, as it shows that the threat assessment is conducted by the people who are most familiar with the data center's operations, environment, and risks. Local management may have more relevant and accurate information and insights than external parties, and may be more invested in the outcome of the threat assessment. Neighboring organizations' operations have been included is not a cause for concern, as it shows that the threat assessment is holistic and contextual, and considers the interdependencies and influences of external factors on the data center's security. Neighboring organizations' operations may pose direct or indirect threats to the data center, such as physical damage, network interference, or shared vulnerabilities.

• Question 605:

  When introducing a maturity model to the IT management process, it is BEST to align the maturity level to a point that reflects which of the following?

  A. Ideal business production level
  B. Minimum cost expenditure level
  C. Maximum risk tolerance level
  D. Industry-standard practice level
  A. Ideal business production level

  ---

  Explanation

• Question 606:

  Which of the following provides the MOST reliable audit evidence on the validity of transactions in a financial application?

  A. Walk-through reviews
  B. Substantive testing
  C. Compliance testing
  D. Design documentation reviews
  B. Substantive testing

  ---

  Explanation

  Substantive testing provides the most reliable audit evidence on the validity of transactions in a financial application. Substantive testing is an audit procedure that examines the financial statements and supporting documentation to see if they contain errors or misstatements. Substantive testing can help to verify that the transactions recorded in the financial application are authorized, complete, accurate, and properly classified. Substantive testing can include methods such as vouching, confirmation, analytical procedures, or physical examination.

• Question 607:

  Which of the following is the GREATEST risk of using a reciprocal site for disaster recovery?

  A. Inability to utilize the site when required
  B. Inability to test the recovery plans onsite
  C. Equipment compatibility issues at the site
  D. Mismatched organizational security policies
  A. Inability to utilize the site when required

  ---

  Explanation

  The greatest risk of using a reciprocal site for disaster recovery is the inability to utilize the site when required. A reciprocal site is an agreement between two organizations to provide backup facilities for each other in case of a disaster. However, this arrangement may not be reliable or enforceable, especially if both organizations are affected by the same disaster or have conflicting priorities. Therefore, the IS auditor should recommend that management consider alternative options for disaster recovery, such as dedicated sites or cloud services12.

  References: CISA Review Manual, 27th Edition, page 3381 CISA Review Questions, Answers and Explanations Database - 12 Month Subscription

• Question 608:

  An organization's business function wants to capture customer data and must comply with global data protection regulations. Which of the following should be considered FIRST?

  A. The location of data storage
  B. The encryption method for the data
  C. The attributes of collected data
  D. The legal basis for collecting the data
  D. The legal basis for collecting the data

  ---

  Explanation

• Question 609:

  What is MOST important to verify during an external assessment of network vulnerability?

  A. Update of security information event management (SIEM) rules
  B. Regular review of the network security policy
  C. Completeness of network asset inventory
  D. Location of intrusion detection systems (IDS)
  C. Completeness of network asset inventory

  ---

  Explanation

  An external assessment of network vulnerability is a process of identifying and evaluating the weaknesses and risks that affect the security and availability of a network from an outsider's perspective. The most important factor to verify during

  this process is the completeness of network asset inventory, which is a list of all the devices, systems, and software that are connected to or part of the network. A complete and accurate network asset inventory can help identify the scope

  and boundaries of the network, the potential attack vectors and entry points, the critical assets and dependencies, and the existing security controls and gaps. Without a complete network asset inventory, an external assessment of network

  vulnerability may miss some important assets or vulnerabilities, leading to inaccurate or incomplete results and recommendations.

  References:

  1 explains what is an external vulnerability scan and why it is important to have a complete network asset inventory.

  2 provides a guide on how to conduct a full network vulnerability assessment and emphasizes the importance of knowing the network assets. 3 compares internal and external vulnerability scanning and highlights the need for a

  comprehensive network asset inventory for both types.

• Question 610:

  When conducting a review of security incident management, an IS auditor found there are no defined escalation processes. All incidents are managed by the service desk. Which of the following should be the auditor's PRIMARY concern?

  A. Inefficient use of service desk resources
  B. Management's lack of high impact incidents
  C. Delays in resolving low priority trouble tickets
  D. Management's inability to follow up on incident resolution
  B. Management's lack of high impact incidents

  ---

  Explanation