CISA Exam-Test 27 /30 206 Sorry, Your time is over. CISA EXAM-TEST 27 1 / 30 1. The development of an IS security policy is ultimately the responsibility of the: security administrator. IS department. CIpher lock board of directors. 2 / 30 2. An IS auditor examining the security configuration of an operating system should review the: transaction logs. authorization tables. routing tables. parameter settings. Configuration parameters allow a standard piece of software to be customized for diverse environments and are important in determining how a system runs. The parameter settings should be appropriate to an organization's workload and control environment. Improper implementation and/or monitoring of operating systems can result in undetected errors and corruption of the data being processed, as well as lead to unauthorized access and inaccurate logging of system usage. 3 / 30 3. An IS auditor finds that periodic reviews of read-only users for a reporting system are not being performed. Which of the following should be the IS auditor's NEXT course of action? Verify management's approval for this exemption Obtain a verbal confirmation from IT for this exemption Review the list of end-users and evaluate for authorization Report this control process weakness to senior management. 4 / 30 4. Vendors have released patches fixing security flaws in their software. Which of the following should an IS auditor recommend in this situation? Assess the impact of patches prior to installation. Decline to deal with these vendors in the future. Ask the vendors for a new software version with all fixes included. Install the security patch immediately. The effect of installing the patch should be immediately evaluated and installation should occur based on the results of the evaluation. There are numerous cases where a patch from one vendor has affected other systems; therefore, it is necessary to test the patches as much as possible before rolling them out to the entire organization. 5 / 30 5. After discovering a security vulnerability in a third-party application that interfaces with several external systems, a patch is applied to a significant number of modules. Which of the following tests should an IS auditor recommend? System Black box Stress Interface Given the extensiveness of the patch and its interfaces to external systems, system testing is most appropriate. System testing will test all the functionality and interfaces between modules. 6 / 30 6. An IS auditor performing an application maintenance audit would review the log of program changes for the: creation date of a current source program. authorization of program changes. number of program changes actually made. creation date of a current object module. The auditor wants to ensure that only authorized changes have been made to the application. The auditor would therefore review the log of program changes to verify that all changes have been approved. 7 / 30 7. The FIRST step in the execution of a problem management mechanism should be: issue analysis. exception ranking. root cause analysis. exception reporting. The reporting of operational issues is normally the first step in tracking problems. 8 / 30 8. Which of the following would BEST maintain the integrity of a firewall log? Sending log information to a dedicated third-party log server Capturing log events in the operating system layer Granting access to log information only to administrators Writing dual logs onto separate storage media Establishing a dedicated third-party log server and logging events in it is the best procedure for maintaining the integrity of a firewall log. When access control to the log server is adequately maintained, the risk of unauthorized log modification will be mitigated, therefore improving the integrity of log information. 9 / 30 9. Which of the following should be an IS auditor's GREATEST concern when a security audit reveals the organization's vulnerability assessment approach is limited to running a vulnerability scanner on its network? External risks in the organization's environment may go undetected. Some of the vulnerabilities discovered may be false positives. A scanner does not exploit the vulnerability in the systems. System performance may be degraded by the scanner. 10 / 30 10. Which of the following should an incident response team address FIRST after a major incident in an information processing facility? Documentation of the facility Containment at the facility Monitoring of the facility Restoration at the facility The first priority (after addressing life safety) is the containment of the incident at the facility so that spread of the damage is minimized. The incident team must gain control of the situation. 11 / 30 11. Which of the following is the BEST way to confirm that a digital signature is valid? Confirm that the sender's public key certificate is from a trusted certificate authority (CA). Compare the hash value of the digital signature manually Request a valid private key from the sender and compare it with the public key Verify the digital signature by obtaining the senders public key 12 / 30 12. Which of the following specifically addresses how to detect cyberattacks against an organization's IT systems and how to recover from an attack? An IT contingency plan A continuity of operations plan (COOP) A business continuity plan (BCP) An incident response plan (IRP) The incident response plan (IRP) determines the information security responses to incidents such as cyberattacks on systems and/or networks. This plan establishes procedures to enable security personnel to identify, mitigate and recover from malicious computer incidents such as unauthorized access to a system or data, denial of service (DoS) or unauthorized changes to system hardware or software. 13 / 30 13. The PRIMARY objective of performing a postincident review is that it presents an opportunity to: improve internal control procedures. highlight the importance of incident response management to management. improve employee awareness of the incident response process. harden the network to industry good practices. A postincident review examines both the cause and response to an incident. The lessons learned from the review can be used to improve internal controls. Understanding the purpose and structure of postincident reviews and follow-up procedures enables the information security manager to continuously improve the security program. Improving the incident response plan based on the incident review is an internal (corrective) control. 14 / 30 14. An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls? Use the DBA user account to make changes, log the changes and review the change log the following day. Make changes to the database after granting access to a normal user account. Use the normal user account to make changes, log the changes and review the change log the following day. Allow changes to be made only with the database administrator (DBA) user account. The use of a DBA user account is normally set up to log all changes made and is most appropriate for changes made outside of normal hours. The use of a log, which records the changes, allows changes to be reviewed. Because an abbreviated number of steps are used, this represents an adequate set of compensating controls. 15 / 30 15. How is the risk of improper file access affected upon implementing a database system? Risk varies. Risk is increased. Risk is not affected. Risk is reduced. 16 / 30 16. A programmer maliciously modified a production program to change data and then restored the original code. Which of the following would MOST effectively detect the malicious activity? Reviewing system log files Comparing object code Reviewing executable and source code integrity Comparing source code Reviewing system log files is the only trail that may provide information about the unauthorized activities in the production library. 17 / 30 17. In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend? Automated logging of changes to development libraries Additional staff to provide separation of duties Procedures that verify that only approved program changes are implemented Access controls to prevent the operator from making program modifications An IS auditor must consider recommending a better process. An IS auditor should recommend a formal change control process that manages and could detect changes to production source and object code, such as code comparisons, so the changes can be reviewed on a regular basis by a third party. This would be a compensating control process. 18 / 30 18. An IS auditor needs to review the procedures used to restore a software application to its state prior to an upgrade. Therefore, the auditor needs to assess: problem management procedures. incident management procedures. fallback procedures. software development procedures. Fallback procedures are used to restore a system to a previous state and are an important element of the change control process. The other choices are not related to the change control process—a process which specifies what procedures should be followed when software is being upgraded but the upgrade does not work and requires a fallback to its former state. 19 / 30 19. Which of the following would an IS auditor consider to be MOST helpful when evaluating the effectiveness and adequacy of a preventive computer maintenance program? Vendors' reliability figures A written preventive maintenance schedule Regularly scheduled maintenance log A system downtime log A system downtime log provides information regarding the effectiveness and adequacy of computer preventive maintenance programs. The log is a detective control, but because it is validating the effectiveness of the maintenance program, it is validating a preventive control. 20 / 30 20. Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures? Identify changes that have occurred and verify approvals. Ensure that only appropriate staff can migrate changes into production. Review change control documentation and verify approvals. Review software migration records and verify approvals. The most effective method is to determine what changes have been made (check logs and modified dates) and then verify that they have been approved. 21 / 30 21. An IS auditor is performing a review of a network, and users report that the network is slow and web pages periodically time out. The IS auditor confirms the users' feedback and reports the findings to the network manager. The most appropriate action for the network management team should be to FIRST: take steps to increase the bandwidth of the connection to the Internet. create a baseline using a protocol analyzer and implement quality of service (QoS) to ensure that critical business applications work as intended. implement virtual LANs (VLANs) to segment the network and ensure performance. use a protocol analyzer to perform network analysis and review error logs of local area network (LAN) equipment. In this case, the first step is to identify the problem through review and analysis of network traffic. Using a protocol analyzer and reviewing the log files of the related switches or routers will determine whether there is a configuration issue or hardware malfunction. 22 / 30 22. An IS auditor is assigned to review the development of a specific application. Which of the following would be the MOST significant step following the feasibility study? Follow up with project sponsor for project's budgets and actual costs. Attend project progress meetings to monitor timely implementation of the application. Review functional design to determine that appropriate controls are planned. Assist users in the design of proper acceptance-testing procedures 23 / 30 23. Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized? Release-to-release source and object comparison reports Library control software restricting changes to source code Date and time-stamp reviews of source and object code Restricted access to source code and object code Date and time-stamp reviews of source and object code would ensure that source code, which has been compiled, matches the production object code. This is the most effective way to ensure that the approved production source code is compiled and is the one being used. 24 / 30 24. Which of the following is a MAJOR concern during a review of help desk activities? Certain calls could not be resolved by the help desk team. A dedicated line is not assigned to the help desk team. The help desk instant messaging has been down for over six months Resolved incidents are closed without reference to end users. The help desk function is a service-oriented unit. The end users must sign off before an incident can be regarded as closed. 25 / 30 25. An organization is in the process of deciding whether to allow a bring your own device (BYOD) program. If approved, which of the following should be the FIRST control required before implementation'' An awareness program Device registration An acceptable use policy Device baseline configurations 26 / 30 26. . Which of the following is the BEST way to address ongoing concerns with the quality and accuracy of internal audits? Require IS audit management to lead exit meetings Require peer reviews of audit work papers. Implement performance management for IS auditors Engage an independent review of the audit function 27 / 30 27. An IS auditor is evaluating the effectiveness of the organization's change management process. What is the MOST important control that the IS auditor should look for to ensure system availability? Capacity planning is performed as part of each development project. Changes are authorized by IT managers at all times. Test plans and procedures exist and are closely followed. User acceptance testing (UAT) is performed and properly documented. The most important control for ensuring system availability is to implement a sound test plan and procedures that are followed consistently. 28 / 30 28. The MAIN criterion for determining the severity level of a service disruption incident is: negative public opinion. downtime. geographic location. cost of recovery. The longer the period of time a client cannot be serviced, the greater the severity (impact) of the incident. 29 / 30 29. If an IS auditor finds evidence of risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function, what is the auditor's primary responsibility? To implement compensator controls To reassign job functions to eliminate potential fraud To advise senior management. Segregation of duties is an administrative control not considered by an IS auditor 30 / 30 30. An IS auditor has obtained a large complex data set for analysis. Which of the following activities will MOST improve the output from the use of data analytics tools? Data masking Data classification Data preparation Data anonymization Your score is LinkedIn Facebook Twitter Exit
