Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 631:

  During the discussion of a draft audit report IT management provided suitable evidence that a process has been implemented for a control that had been concluded by the IS auditor as ineffective Which of the following is the auditor's BEST action?

  A. Explain to IT management that the new control will be evaluated during follow-up
  B. Add comments about the action taken by IT management in the report
  C. Change the conclusion based on evidence provided by IT management
  D. Re-perform the audit before changing the conclusion
  D. Re-perform the audit before changing the conclusion

  ---

  Explanation

  The auditor's best action is to re-perform the audit before changing the conclusion, because the auditor needs to obtain sufficient and appropriate evidence to support the audit opinion. The evidence provided by IT management may not be reliable or relevant, and it may not reflect the actual effectiveness of the control during the audit period. Therefore, the auditor should verify the evidence independently and test the control again to ensure that it meets the audit criteria and objectives. The other options are not appropriate, because they either ignore or accept the evidence provided by IT management without verification, which may compromise the quality and integrity of the audit.

  References: ISACA, CISA Review Manual, 27th Edition, chapter 1, section 1.51 ISACA, IT Audit and Assurance Standards, Guidelines and Tools and Techniques for IS Audit and Assurance Professionals, section 12062

• Question 632:

  Data analytics tools and techniques are MOST helpful to an IS auditor during which of the following audit activities?

  A. Audit follow-up
  B. Walk-through testing
  C. Substantive testing
  D. Audit and resource planning
  C. Substantive testing

  ---

  Explanation

• Question 633:

  In a public key cryptographic system, which of the following is the PRIMARY requirement to address the risk of man-in-the-middle attacks through spoofing?

  A. Strong encryption algorithms
  B. Kerberos authentication
  C. Registration authority
  D. Certificate authority (CA)
  D. Certificate authority (CA)

  ---

  Explanation

  Explanation

  A certificate authority (CA) is critical in a public key cryptographic system for mitigating man-in-the-middle (MITM) attacks. It ensures that public keys are authentic by issuing digital certificates, which bind a public key to an entity. The CA's

  role in verifying identities and providing trust anchors prevents attackers from spoofing keys. Strong Encryption Algorithms (Option A):Encryption ensures confidentiality but does not address spoofing risks.

  Kerberos Authentication (Option B):Useful for mutual authentication but not central to public key infrastructure (PKI).

  Registration Authority (Option C):Supports the CA but does not directly prevent MITM attacks.

  ISACA CISA Review Manual, Job Practice Area 4: Protection of Information Assets.

• Question 634:

  An IS auditor is reviewing database fields updated in real-time and displayed through other applications in multiple organizational functions. When validating business approval for these various use cases, which of the following sources of information would be the BEST starting point?

  A. Network map from the network administrator
  B. Historical database change log records
  C. List of integrations from the database administrator (DBA)
  D. Business process flow from management
  D. Business process flow from management

  ---

  Explanation

  Understanding the business process flow is crucial as it provides insights into how different applications and organizational functions use and update the database fields in real-time. This perspective helps the auditor validate that appropriate

  business approvals are in place for these use cases.

  References:

  ISACA CISA Review Manual 27th Edition, Page 128-129 (Business Process Flow)

• Question 635:

  The BEST way to preserve data integrity through all phases of application containerization is to ensure which of the following?

  A. Developers are educated about how their roles relate to application security best practices.
  B. The development team performs regular patching of application containers.
  C. Segregation of duties is developed and maintained in the application container environment.
  D. Information security roles are defined and communicated in the information security policy.
  C. Segregation of duties is developed and maintained in the application container environment.

  ---

  Explanation

• Question 636:

  Providing security certification for a new system should include which of the following prior to the system's implementation?

  A. End-user authorization to use the system in production
  B. External audit sign-off on financial controls
  C. Testing of the system within the production environment
  D. An evaluation of the configuration management practices
  D. An evaluation of the configuration management practices

  ---

  Explanation

  Providing security certification for a new system should include an evaluation of the configuration management practices prior to the system's implementation. Configuration management is a process that ensures that the system's components are identified, controlled, and tracked throughout the system's lifecycle. Configuration management helps to maintain the security and integrity of the system by preventing unauthorized or unintended changes. End-user authorization to use the system in production is not part of security certification, but rather a post-implementation activity that grants access rights to authorized users. External audit sign-off on financial controls is not part of security certification, but rather a verification activity that ensures that the system complies with financial reporting standards. Testing of the system within the production environment is not part of security certification, but rather a validation activity that ensures that the system meets the functional and performance requirements.

  References: CISA Review Manual, 27th Edition, pages 449-4501 CISA Review Questions, Answers and Explanations Database, Question ID: 2572

• Question 637:

  A security review focused on data loss prevention (DLP) revealed the organization has no visibility to data stored in the cloud. What is the IS auditor's BEST recommendation to address this issue?

  A. Enhance the firewall at the network perimeter.
  B. Implement a file system scanner to discover data stored in the cloud.
  C. Employ a cloud access security broker (CASB).
  D. Utilize a DLP tool on desktops to monitor user activities.
  C. Employ a cloud access security broker (CASB).

  ---

  Explanation

  Here's the breakdown, considering the need for DLP visibility in the cloud: Verified Answer

  C. Employ a cloud access security broker (CASB).

  Very Short

  Explanation

  CASBs are specifically designed to enhance visibility and control over cloud-based data. They can monitor data flows, enforce security policies, and often have DLP capabilities built-in, making them the ideal solution in this scenario.

  References:

  ISACA Resources (Glossary): Definitions of Cloud Access Security Broker (CASB) highlight their role in cloud security and governance. Industry Research (Gartner, etc.): Research on CASB tools emphasizes their ability to address visibility

  and control challenges for cloud data.

• Question 638:

  An IS auditor concludes that an organization has a quality security policy. Which of the following is MOST important to determine next? The policy must be:

  A. well understood by all employees.
  B. based on industry standards.
  C. developed by process owners.
  D. updated frequently.
  A. well understood by all employees.

  ---

  Explanation

  The most important thing to determine next after concluding that an organization has a quality security policy is whether the policy is well understood by all employees. A security policy is a document that defines the objectives, scope, roles,

  responsibilities, and rules for information security within an organization. A quality security policy is one that is clear, concise, consistent, comprehensive, and aligned with business goals and requirements. However, a quality security policy is

  useless if it is not well understood by all employees who are expected to comply with it. Therefore, the IS auditor should assess the level of awareness and understanding of the security policy among employees and identify any gaps or

  issues that need to be addressed. The other options are not as important as ensuring that the security policy is well understood by all employees, as they do not directly affect the implementation and effectiveness of the security policy.

  References:

  CISA Review Manual, 27th Edition, page 317

• Question 639:

  Which of the following is the BEST method to delete sensitive information from storage media that will be reused?

  A. Crypto-shredding
  B. Multiple overwriting
  C. Reformatting
  D. Re-partitioning
  B. Multiple overwriting

  ---

  Explanation

  The best method to delete sensitive information from storage media that will be reused is multiple overwriting. This is because multiple overwriting ensures that the data is practically unrecoverable by any software or hardware means. Multiple overwriting involves writing 0s, 1s, or random patterns onto all sectors of the storage media several times, making the original data unreadable or inaccessible. There are various software programs available that can securely delete files from storage media using multiple overwriting techniques1. Crypto-shredding is not the best method because it only works for encrypted data. Crypto- shredding involves deleting the encryption key used to encrypt the data, making the data unreadable and unrecoverable. However, if the data is not encrypted, crypto-shredding will not erase it. Reformatting and re-partitioning are not the best methods because they do not erase the data completely. Reformatting and re-partitioning only delete the file system structures and pointers that make the data accessible, but the data itself remains on the storage media and can be recovered using data recovery software

• Question 640:

  Which of the following threats is mitigated by a firewall?

  A. Intrusion attack
  B. Asynchronous attack
  C. Passive assault
  D. Trojan horse
  A. Intrusion attack

  ---

  Explanation