Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 651:

  Which of the following is the BEST control to minimize the risk of unauthorized access to lost company-owned mobile devices?

  A. Password/PIN protection
  B. Device tracking software
  C. Device encryption
  D. Periodic backup
  C. Device encryption

  ---

  Explanation

  The best control to minimize the risk of unauthorized access to lost company-owned mobile devices is device encryption. Device encryption is a process that transforms data on a device into an unreadable format using a cryptographic key. Device encryption protects the data stored on the device from being accessed by unauthorized parties, even if they bypass the password or PIN protection. Device encryption can also prevent data leakage if the device is disposed of or recycled without proper data sanitization. Password or PIN protection is a basic control that prevents unauthorized access to the device by requiring a secret code or pattern to unlock it. However, password or PIN protection can be easily compromised by brute force attacks, shoulder surfing, or social engineering. Device tracking software is a tool that allows the device owner or administrator to locate, lock, or wipe the device remotely in case of loss or theft. However, device tracking software depends on the device's network connectivity and GPS functionality, which may not be available or reliable in some situations. Periodic backup is a process that copies the data from the device to another storage location for recovery purposes. Periodic backup can help restore the data in case of loss or damage of the device, but it does not prevent unauthorized access to the data on the device itself.

  References: CISA Review Manual (Digital Version), Chapter 5: Protection of Information Assets, Section 5.4: Mobile Devices

• Question 652:

  When an IS audit reveals that a firewall was unable to recognize a number of attack attempts, the auditor's BEST recommendation is to place an intrusion detection system (IDS) between the firewall and:

  A. the organization's web server.
  B. the demilitarized zone (DMZ).
  C. the organization's network.
  D. the Internet
  D. the Internet

  ---

  Explanation

  The best recommendation is to place an intrusion detection system (IDS) between the firewall and the Internet. An IDS is a device or software that monitors network traffic for malicious activity and alerts the network administrator or takes preventive action. By placing an IDS between the firewall and the Internet, the IS auditor can enhance the security of the network perimeter and detect any attack attempts that the firewall was unable to recognize. The other options are not as effective as placing an IDS between the firewall and the Internet: Placing an IDS between the firewall and the organization's web server would not protect the web server from external attacks that bypass the firewall. The web server should be placed in a demilitarized zone (DMZ), which is a separate network segment that isolates public-facing servers from the internal network. Placing an IDS between the firewall and the demilitarized zone (DMZ) would not protect the DMZ from external attacks that bypass the firewall. The DMZ should be protected by two firewalls, one facing the Internet and one facing the internal network, with an IDS monitoring both sides of each firewall. Placing an IDS between the firewall and the organization's network would not protect the organization's network from external attacks that bypass the firewall. The organization's network should be protected by a firewall that blocks unauthorized traffic from entering or leaving the network, with an IDS monitoring both sides of the firewall.

• Question 653:

  Which of the following provides the BEST audit evidence that a firewall is configured in compliance with the organization's security policy?

  A. Analyzing how the configuration changes are performed
  B. Analyzing log files
  C. Reviewing the rule base
  D. Performing penetration testing
  C. Reviewing the rule base

  ---

  Explanation

  The best audit evidence that a firewall is configured in compliance with the organization's security policy is to review the rule base. The rule base is a set of rules that defines the criteria for allowing or denying network traffic through the firewall. By reviewing the rule base, the auditor can verify if the firewall configuration matches the security policy requirements and objectives. Analyzing how the configuration changes are performed, analyzing log files, and performing penetration testing are useful audit techniques, but they do not provide direct evidence of the firewall configuration compliance.

  References: CISA Review Manual (Digital Version)1, page 383.

• Question 654:

  Which of the following weaknesses would have the GREATEST impact on the effective operation of a perimeter firewall?

  A. Use of stateful firewalls with default configuration
  B. Ad hoc monitoring of firewall activity
  C. Misconfiguration of the firewall rules
  D. Potential back doors to the firewall software
  C. Misconfiguration of the firewall rules

  ---

  Explanation

• Question 655:

  Which of the following is an analytical review procedure for a payroll system?

  A. Performing reasonableness tests by multiplying the number of employees by the average wage rate
  B. Evaluating the performance of the payroll system using benchmarking software
  C. Performing penetration attempts on the payroll system
  D. Testing hours reported on time sheets
  A. Performing reasonableness tests by multiplying the number of employees by the average wage rate

  ---

  Explanation

• Question 656:

  An organization performs nightly backups but does not have a formal policy. An IS auditor should FIRST:

  A. evaluate current backup procedures
  B. escalate to senior management
  C. document a policy for the organization
  D. recommend automated backup
  A. evaluate current backup procedures

  ---

  Explanation

• Question 657:

  Which of the following is the BEST way to detect system security breaches?

  A. Conducting frequent vulnerability scans
  B. Conducting continuous monitoring with an automated system security tool
  C. Ensuring maximum interoperability among systems throughout the organization
  D. Performing intrusion tests on a regular basis
  B. Conducting continuous monitoring with an automated system security tool

  ---

  Explanation

• Question 658:

  After the merger of two organizations, which of the following is the MOST important task for an IS auditor to perform?

  A. Verifying that access privileges have been reviewed
  B. investigating access rights for expiration dates
  C. Updating the continuity plan for critical resources
  D. Updating the security policy
  A. Verifying that access privileges have been reviewed

  ---

  Explanation

  The most important task for an IS auditor to perform after the merger of two organizations is to verify that access privileges have been reviewed. Access privileges are the permissions granted to users, groups, or roles to access, modify, or manage IT resources, such as systems, applications, data, or networks. After a merger, the IS auditor should ensure that the access privileges of both organizations are aligned with the new business objectives, policies, and processes, and that there are no conflicts, overlaps, or gaps in the access rights. The IS auditor should also verify that the access privileges are based on the principle of least privilege, which means that users are granted only the minimum level of access required to perform their tasks. The other options are not as important as verifying that access privileges have been reviewed: Investigating access rights for expiration dates is a useful task, but it is not the most important one. Expiration dates are the dates when access rights are automatically revoked or suspended after a certain period of time or after a specific event. The IS auditor should check that the expiration dates are set appropriately and enforced consistently, but this is not as critical as reviewing the access privileges themselves. Updating the continuity plan for critical resources is a necessary task, but it is not the most urgent one. A continuity plan is a document that outlines the procedures and actions to be taken in the event of a disruption or disaster that affects the availability of IT resources. The IS auditor should update the continuity plan to reflect the changes and dependencies introduced by the merger, but this can be done after verifying that the access privileges are secure and compliant. Updating the security policy is an essential task, but it is not the most immediate one. A security policy is a document that defines the rules and guidelines for securing IT resources and protecting information assets. The IS auditor should update the security policy to incorporate the best practices and standards of both organizations, and to address any new risks or threats posed by the merger, but this can be done after verifying that the access privileges are aligned with the policy.

• Question 659:

  During a follow-up audit, an IS auditor finds that senior management has implemented a different remediation action plan than what was previously agreed upon. Which of the following is the auditor's BEST course of action?

  A. Report the deviation by the control owner in the audit report.
  B. Evaluate the implemented control to ensure it mitigates the risk to an acceptable level.
  C. Cancel the follow-up audit and reschedule for the next audit period.
  D. Request justification from management for not implementing the recommended control.
  B. Evaluate the implemented control to ensure it mitigates the risk to an acceptable level.

  ---

  Explanation

  The IS auditor's best course of action is to evaluate the implemented control to ensure it mitigates the risk to an acceptable level. This is because the objective of a follow-up audit is to verify that corrective actions have been accomplished as scheduled and that they are effective in preventing or minimizing future recurrence1. If senior management has implemented a different remediation action plan than what was previously agreed upon, the IS auditor should assess whether the alternative control is adequate and appropriate for the situation. Requesting justification from management for not implementing the recommended control (option D) may be a secondary step, but it is not the best course of action. Reporting the deviation by the control owner in the audit report (option A) may be premature and unnecessary if the implemented control is satisfactory. Canceling the follow- up audit and rescheduling for the next audit period (option C) is not advisable, as it would delay the verification of the effectiveness of the implemented control and potentially expose the organization to further risks.

  References: 1: Follow-up Audits - Canadian Audit and Accountability Foundation

• Question 660:

  Which of the following should the IS auditor do FIRST to ensure data transfer integrity for Internet of Things (IoT) devices?

  A. Verify access control lists to the database where collected data is stored.
  B. Confirm that acceptable limits of data bandwidth are defined for each device.
  C. Ensure that message queue telemetry transport (MQTT) is used.
  D. Determine how devices are connected to the local network.
  D. Determine how devices are connected to the local network.

  ---

  Explanation