Isaca CISA Online Practice Questions and Exam Preparation

Isaca CISA Online Questions & Answers

• Question 811:

  An organization is implementing a new data loss prevention (DLP) tool. Which of the following will BEST enable the organization to reduce false positive alerts?

  A. Using the default policy and tool rule sets
  B. Configuring a limited set of rules
  C. Deploying the tool in monitor mode
  D. Reducing the number of detection points
  B. Configuring a limited set of rules

  ---

  Explanation

  To reduce false positive alerts, it is essential to carefully configure a limited set of rules tailored to the organization's specific data loss prevention needs. This ensures that the DLP tool accurately identifies true positives and reduces the

  occurrence of false alarms.

  References:

  ISACA CISA Review Manual 27th Edition, Page 304-305 (DLP Tool Configuration)

• Question 812:

  Which of the following operational log management considerations is MOST important for an organization undergoing a digital transformation?

  A. Changes in operating costs for log management
  B. Centralization of current log management
  C. Tuning of log reviews to provide enhanced oversight
  D. IT resource capability to manage application uptime
  B. Centralization of current log management

  ---

  Explanation

• Question 813:

  An IS auditor has discovered that a software system still in regular use is years out of date and no longer supported. The auditee has stated that it will take six months until the software is running on the current version. Which of the following is the BEST way to reduce the immediate risk associated with using an unsupported version of the software?

  A. Verify all patches have been applied to the software system's outdated version.
  B. Close all unused ports on the outdated software system.
  C. Monitor network traffic attempting to reach the outdated software system.
  D. Segregate the outdated software system from the main network.
  D. Segregate the outdated software system from the main network.

  ---

  Explanation

  The best way to reduce the immediate risk associated with using an unsupported version of the software is to segregate the outdated software system from the main network. This will limit the exposure of the system to potential attacks and prevent it from compromising other systems on the network. Segregating the system will also reduce the impact of any security incidents that may occur on the system. Monitoring network traffic attempting to reach the outdated software system (option C) is not the best way to reduce the risk, as it will not prevent or stop any attacks on the system. It will only provide visibility into the network activity and alert the auditee of any suspicious or malicious traffic. Verifying all patches have been applied to the software system's outdated version (option A) and closing all unused ports on the outdated software system (option B) are also not the best ways to reduce the risk, as they will not address the underlying issue of using an unsupported version of the software. Patches and ports may still have vulnerabilities that are not fixed by the vendor, and attackers may exploit them to gain access to the system. Therefore, option D is the correct answer.

  References: Introduction (Part 1 of 7: Mitigating Risks of Unsupported Operating Systems) Summary (Part 7 of 7: Mitigating Risks of Unsupported Operating Systems) Upgrade, Retire, or Replace Unsupported Software (Part 4 of 7: Mitigating Risks of Unsupported Operating Systems)

• Question 814:

  Which of the following is the BEST method to prevent wire transfer fraud by bank employees?

  A. Independent reconciliation
  B. Re-keying of wire dollar amounts
  C. Two-factor authentication control
  D. System-enforced dual control
  D. System-enforced dual control

  ---

  Explanation

  The best method to prevent wire transfer fraud by bank employees is system-enforced dual control. System-enforced dual control is a segregation of duties control that requires two or more individuals to perform or authorize a transaction or activity using a system that enforces this requirement. System-enforced dual control can prevent wire transfer fraud by requiring independent verification and approval of payment requests, amounts, and recipients by different bank employees using a system that does not allow any single employee to complete the transaction alone. The other options are not as effective as system-enforced dual control in preventing wire transfer fraud, as they do not involve independent checks or approvals using a system. Independent reconciliation is a detective control that can help compare and confirm payment records with bank statements, but it does not prevent wire transfer fraud from occurring. Re-keying of wire dollar amounts is an input control that can help detect any errors or discrepancies in payment amounts, but it does not prevent wire transfer fraud from occurring. Two-factor authentication control is an access control that can help verify the identity and authorization of bank employees, but it does not prevent wire transfer fraud from occurring.

  References: CISA Review Manual (Digital Version), Chapter 3, Section 3.2

• Question 815:

  Which of the following would be to MOST concern when determine if information assets are adequately safequately safeguarded during transport and disposal?

  A. Lack of appropriate labelling
  B. Lack of recent awareness training.
  C. Lack of password protection
  D. Lack of appropriate data classification
  D. Lack of appropriate data classification

  ---

  Explanation

  The most concerning issue when determining if information assets are adequately safeguarded during transport and disposal is lack of appropriate data classification. Data classification is a process that assigns categories or levels of sensitivity to different types of information assets based on their value, criticality, or risk to the organization. Data classification can help safeguard information assets during transport and disposal by providing criteria and guidelines for identifying, labeling, handling, and protecting information assets according to their sensitivity. Lack of appropriate data classification can compromise the security and confidentiality of information assets during transport and disposal by exposing them to unauthorized access, disclosure, theft, damage, or destruction. The other options are not as concerning as lack of appropriate data classification in safeguarding information assets during transport and disposal, as they do not affect the identification, labeling, handling, or protection of information assets according to their sensitivity. Lack of appropriate labeling is a possible factor that may increase the risk of misplacing, losing, or mishandling information assets during transport and disposal, but it does not affect the classification of information assets according to their sensitivity. Lack of recent awareness training is a possible factor that may affect the knowledge or behavior of staff involved in transporting or disposing of information assets, but it does not affect the classification of information assets according to their sensitivity. Lack of password protection is a possible factor that may affect the security or confidentiality of information assets stored on devices during transport and disposal, but it does not affect the classification of information assets according to their sensitivity.

  References: CISA Review Manual (Digital Version), Chapter 5, Section 5.3.2

• Question 816:

  An accounts receivable data entry routine prevents the entry of the same customer with different account numbers. Which of the following is the BEST way to test if this programmed control is effective?

  A. Implement a computer-assisted audit technique (CAAT).
  B. Compare source code against authorized software.
  C. Review a sorted customer list for duplicates.
  D. Attempt to create a duplicate customer.
  D. Attempt to create a duplicate customer.

  ---

  Explanation

• Question 817:

  A manager Identifies active privileged accounts belonging to staff who have left the organization. Which of the following is the threat actor In this scenario?

  A. Terminated staff
  B. Unauthorized access
  C. Deleted log data
  D. Hacktivists
  A. Terminated staff

  ---

  Explanation

  A threat actor is an entity or individual that poses a potential harm or danger to an organization's information systems or data. Terminated staff are the threat actors in this scenario, as they are former employees who may still have active privileged accounts that grant them access to sensitive or critical information or resources of the organization. Terminated staff may abuse their access privileges or credentials to compromise the confidentiality, integrity, or availability of the information systems or data, either intentionally or unintentionally. Unauthorized access is a threat event or action that occurs when an unauthorized entity or individual gains access to an organization's information systems or data without permission or authorization. Unauthorized access is not a threat actor, but rather a result of a threat actor's activity. Deleted log data is a threat consequence or impact that occurs when log data, which are records of events or activities that occur on an information system or network, are erased or corrupted by a threat actor. Deleted log data can affect the auditability, accountability, and visibility of the information system or network, and prevent detection or investigation of security incidents. Deleted log data is not a threat actor, but rather a result of a threat actor's activity. Hacktivists are threat actors who use hacking techniques to promote a political or social cause or agenda. Hacktivists are not the threat actors in this scenario, as there is no indication that they are involved in this case.

• Question 818:

  Which of the following would MOST likely jeopardize the independence of a quality assurance (QA} team and could lead to conflict of interest?

  A. Cross checking testing assumptions with the solution design
  B. Inspecting code to ensure proper documentation
  C. Ensuring compliance with development methodologies
  D. Correcting coding errors during the testing process
  D. Correcting coding errors during the testing process

  ---

  Explanation

• Question 819:

  Attribute sampling is BEST suited to estimate:

  A. the true monetary value of a population.
  B. the total error amount in the population.
  C. the degree of compliance with approved procedures
  D. standard deviation from the mean.
  C. the degree of compliance with approved procedures

  ---

  Explanation

• Question 820:

  What would be an IS auditor's BEST course of action when an auditee is unable to close all audit recommendations by the time of the follow-up audit?

  A. Ensure the open issues are retained in the audit results.
  B. Terminate the follow-up because open issues are not resolved
  C. Recommend compensating controls for open issues.
  D. Evaluate the residual risk due to open issues.
  D. Evaluate the residual risk due to open issues.

  ---

  Explanation

  The best course of action for an IS auditor when an auditee is unable to close all audit recommendations by the time of the follow-up audit is to evaluate the residual risk due to open issues. Residual risk is the risk that remains after the implementation of controls or mitigating actions. Evaluating the residual risk due to open issues can help the IS auditor assess the impact and likelihood of the potential threats and vulnerabilities that have not been addressed by the auditee, as well as the adequacy and effectiveness of the existing controls or mitigating actions. Evaluating the residual risk due to open issues can also help the IS auditor prioritize and communicate the open issues to the auditee and other stakeholders, such as senior management or audit committee, and recommend appropriate actions or escalation procedures. Ensuring the open issues are retained in the audit results is a course of action for an IS auditor when an auditee is unable to close all audit recommendations by the time of the follow-up audit, but it is not the best one. Ensuring the open issues are retained in the audit results can help the IS auditor document and report the status and progress of the audit recommendations, as well as provide a basis for future follow-up audits. However, ensuring the open issues are retained in the audit results does not provide an analysis or evaluation of the residual risk due to open issues, which is more important for informing decision- making and action-taking. Terminating the follow-up because open issues are not resolved is not a course of action for an IS auditor when an auditee is unable to close all audit recommendations by the time of the follow-up audit, but rather a consequence or outcome of it. Terminating the follow-up because open issues are not resolved may indicate that the auditee has failed to comply with the agreed-upon actions or deadlines, or that the IS auditor has encountered significant obstacles or resistance from the auditee. Terminating the follow-up because open issues are not resolved may also trigger further actions or sanctions from the IS auditor or other authorities, such as issuing a qualified or adverse opinion, withholding certification, or imposing penalties. Recommending compensating controls for open issues is not a course of action for an IS auditor when an auditee is unable to close all audit recommendations by the time of the follow-up audit, but rather a possible outcome or result of it. Compensating controls are alternative or additional controls that are implemented to reduce or eliminate the risk associated with a weakness or deficiency in another control. Recommending compensating controls for open issues may be appropriate when the auditee is unable to implement the original audit recommendations due to technical, operational, financial, or other constraints, and when the compensating controls can provide a similar or equivalent level of assurance. However, recommending compensating controls for open issues requires a prior evaluation of the residual risk due to open issues, which is more important for determining whether compensating controls are necessary and feasible.

  References: Follow-up Audits - Canadian Audit and Accountability Foundation 1 Conducting The Audit Follow-Up: When To Verify - The Auditor 2 Internal Audit Follow Ups: Are They Really Worth The Effort