CISA Exam-Test 27 /30 202 Sorry, Your time is over. CISA EXAM-TEST 27 1 / 30 1. An IS auditor performing an application maintenance audit would review the log of program changes for the: authorization of program changes. creation date of a current source program. number of program changes actually made. creation date of a current object module. The auditor wants to ensure that only authorized changes have been made to the application. The auditor would therefore review the log of program changes to verify that all changes have been approved. 2 / 30 2. An organization is in the process of deciding whether to allow a bring your own device (BYOD) program. If approved, which of the following should be the FIRST control required before implementation'' Device registration An awareness program Device baseline configurations An acceptable use policy 3 / 30 3. Which of the following should be an IS auditor's GREATEST concern when a security audit reveals the organization's vulnerability assessment approach is limited to running a vulnerability scanner on its network? A scanner does not exploit the vulnerability in the systems. Some of the vulnerabilities discovered may be false positives. External risks in the organization's environment may go undetected. System performance may be degraded by the scanner. 4 / 30 4. An IS auditor is performing a review of a network, and users report that the network is slow and web pages periodically time out. The IS auditor confirms the users' feedback and reports the findings to the network manager. The most appropriate action for the network management team should be to FIRST: implement virtual LANs (VLANs) to segment the network and ensure performance. use a protocol analyzer to perform network analysis and review error logs of local area network (LAN) equipment. take steps to increase the bandwidth of the connection to the Internet. create a baseline using a protocol analyzer and implement quality of service (QoS) to ensure that critical business applications work as intended. In this case, the first step is to identify the problem through review and analysis of network traffic. Using a protocol analyzer and reviewing the log files of the related switches or routers will determine whether there is a configuration issue or hardware malfunction. 5 / 30 5. An IS auditor finds that periodic reviews of read-only users for a reporting system are not being performed. Which of the following should be the IS auditor's NEXT course of action? Review the list of end-users and evaluate for authorization Obtain a verbal confirmation from IT for this exemption Report this control process weakness to senior management. Verify management's approval for this exemption 6 / 30 6. An IS auditor has obtained a large complex data set for analysis. Which of the following activities will MOST improve the output from the use of data analytics tools? Data anonymization Data classification Data masking Data preparation 7 / 30 7. An IS auditor examining the security configuration of an operating system should review the: routing tables. transaction logs. parameter settings. authorization tables. Configuration parameters allow a standard piece of software to be customized for diverse environments and are important in determining how a system runs. The parameter settings should be appropriate to an organization's workload and control environment. Improper implementation and/or monitoring of operating systems can result in undetected errors and corruption of the data being processed, as well as lead to unauthorized access and inaccurate logging of system usage. 8 / 30 8. The development of an IS security policy is ultimately the responsibility of the: security administrator. IS department. CIpher lock board of directors. 9 / 30 9. The MAIN criterion for determining the severity level of a service disruption incident is: downtime. cost of recovery. geographic location. negative public opinion. The longer the period of time a client cannot be serviced, the greater the severity (impact) of the incident. 10 / 30 10. In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend? Automated logging of changes to development libraries Procedures that verify that only approved program changes are implemented Additional staff to provide separation of duties Access controls to prevent the operator from making program modifications An IS auditor must consider recommending a better process. An IS auditor should recommend a formal change control process that manages and could detect changes to production source and object code, such as code comparisons, so the changes can be reviewed on a regular basis by a third party. This would be a compensating control process. 11 / 30 11. Which of the following specifically addresses how to detect cyberattacks against an organization's IT systems and how to recover from an attack? An incident response plan (IRP) A business continuity plan (BCP) An IT contingency plan A continuity of operations plan (COOP) The incident response plan (IRP) determines the information security responses to incidents such as cyberattacks on systems and/or networks. This plan establishes procedures to enable security personnel to identify, mitigate and recover from malicious computer incidents such as unauthorized access to a system or data, denial of service (DoS) or unauthorized changes to system hardware or software. 12 / 30 12. If an IS auditor finds evidence of risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function, what is the auditor's primary responsibility? Segregation of duties is an administrative control not considered by an IS auditor To implement compensator controls To advise senior management. To reassign job functions to eliminate potential fraud 13 / 30 13. Vendors have released patches fixing security flaws in their software. Which of the following should an IS auditor recommend in this situation? Ask the vendors for a new software version with all fixes included. Decline to deal with these vendors in the future. Install the security patch immediately. Assess the impact of patches prior to installation. The effect of installing the patch should be immediately evaluated and installation should occur based on the results of the evaluation. There are numerous cases where a patch from one vendor has affected other systems; therefore, it is necessary to test the patches as much as possible before rolling them out to the entire organization. 14 / 30 14. How is the risk of improper file access affected upon implementing a database system? Risk varies. Risk is not affected. Risk is increased. Risk is reduced. 15 / 30 15. An IS auditor needs to review the procedures used to restore a software application to its state prior to an upgrade. Therefore, the auditor needs to assess: problem management procedures. incident management procedures. software development procedures. fallback procedures. Fallback procedures are used to restore a system to a previous state and are an important element of the change control process. The other choices are not related to the change control process—a process which specifies what procedures should be followed when software is being upgraded but the upgrade does not work and requires a fallback to its former state. 16 / 30 16. An IS auditor reviewing database controls discovered that changes to the database during normal working hours were handled through a standard set of procedures. However, changes made after normal hours required only an abbreviated number of steps. In this situation, which of the following would be considered an adequate set of compensating controls? Use the DBA user account to make changes, log the changes and review the change log the following day. Make changes to the database after granting access to a normal user account. Use the normal user account to make changes, log the changes and review the change log the following day. Allow changes to be made only with the database administrator (DBA) user account. The use of a DBA user account is normally set up to log all changes made and is most appropriate for changes made outside of normal hours. The use of a log, which records the changes, allows changes to be reviewed. Because an abbreviated number of steps are used, this represents an adequate set of compensating controls. 17 / 30 17. After discovering a security vulnerability in a third-party application that interfaces with several external systems, a patch is applied to a significant number of modules. Which of the following tests should an IS auditor recommend? Black box System Stress Interface Given the extensiveness of the patch and its interfaces to external systems, system testing is most appropriate. System testing will test all the functionality and interfaces between modules. 18 / 30 18. Which of the following is a MAJOR concern during a review of help desk activities? The help desk instant messaging has been down for over six months Certain calls could not be resolved by the help desk team. A dedicated line is not assigned to the help desk team. Resolved incidents are closed without reference to end users. The help desk function is a service-oriented unit. The end users must sign off before an incident can be regarded as closed. 19 / 30 19. The PRIMARY objective of performing a postincident review is that it presents an opportunity to: harden the network to industry good practices. improve internal control procedures. improve employee awareness of the incident response process. highlight the importance of incident response management to management. A postincident review examines both the cause and response to an incident. The lessons learned from the review can be used to improve internal controls. Understanding the purpose and structure of postincident reviews and follow-up procedures enables the information security manager to continuously improve the security program. Improving the incident response plan based on the incident review is an internal (corrective) control. 20 / 30 20. Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures? Ensure that only appropriate staff can migrate changes into production. Review software migration records and verify approvals. Identify changes that have occurred and verify approvals. Review change control documentation and verify approvals. The most effective method is to determine what changes have been made (check logs and modified dates) and then verify that they have been approved. 21 / 30 21. . Which of the following is the BEST way to address ongoing concerns with the quality and accuracy of internal audits? Require peer reviews of audit work papers. Engage an independent review of the audit function Implement performance management for IS auditors Require IS audit management to lead exit meetings 22 / 30 22. A programmer maliciously modified a production program to change data and then restored the original code. Which of the following would MOST effectively detect the malicious activity? Reviewing system log files Reviewing executable and source code integrity Comparing source code Comparing object code Reviewing system log files is the only trail that may provide information about the unauthorized activities in the production library. 23 / 30 23. Which of the following should an incident response team address FIRST after a major incident in an information processing facility? Restoration at the facility Monitoring of the facility Containment at the facility Documentation of the facility The first priority (after addressing life safety) is the containment of the incident at the facility so that spread of the damage is minimized. The incident team must gain control of the situation. 24 / 30 24. Which of the following would an IS auditor consider to be MOST helpful when evaluating the effectiveness and adequacy of a preventive computer maintenance program? Regularly scheduled maintenance log Vendors' reliability figures A system downtime log A written preventive maintenance schedule A system downtime log provides information regarding the effectiveness and adequacy of computer preventive maintenance programs. The log is a detective control, but because it is validating the effectiveness of the maintenance program, it is validating a preventive control. 25 / 30 25. The FIRST step in the execution of a problem management mechanism should be: issue analysis. exception reporting. exception ranking. root cause analysis. The reporting of operational issues is normally the first step in tracking problems. 26 / 30 26. Which of the following would BEST maintain the integrity of a firewall log? Capturing log events in the operating system layer Granting access to log information only to administrators Sending log information to a dedicated third-party log server Writing dual logs onto separate storage media Establishing a dedicated third-party log server and logging events in it is the best procedure for maintaining the integrity of a firewall log. When access control to the log server is adequately maintained, the risk of unauthorized log modification will be mitigated, therefore improving the integrity of log information. 27 / 30 27. Which of the following is the BEST way to confirm that a digital signature is valid? Confirm that the sender's public key certificate is from a trusted certificate authority (CA). Request a valid private key from the sender and compare it with the public key Compare the hash value of the digital signature manually Verify the digital signature by obtaining the senders public key 28 / 30 28. Which of the following controls would be MOST effective in ensuring that production source code and object code are synchronized? Date and time-stamp reviews of source and object code Library control software restricting changes to source code Restricted access to source code and object code Release-to-release source and object comparison reports Date and time-stamp reviews of source and object code would ensure that source code, which has been compiled, matches the production object code. This is the most effective way to ensure that the approved production source code is compiled and is the one being used. 29 / 30 29. An IS auditor is evaluating the effectiveness of the organization's change management process. What is the MOST important control that the IS auditor should look for to ensure system availability? User acceptance testing (UAT) is performed and properly documented. Capacity planning is performed as part of each development project. Test plans and procedures exist and are closely followed. Changes are authorized by IT managers at all times. The most important control for ensuring system availability is to implement a sound test plan and procedures that are followed consistently. 30 / 30 30. An IS auditor is assigned to review the development of a specific application. Which of the following would be the MOST significant step following the feasibility study? Assist users in the design of proper acceptance-testing procedures Attend project progress meetings to monitor timely implementation of the application. Follow up with project sponsor for project's budgets and actual costs. Review functional design to determine that appropriate controls are planned. Your score is LinkedIn Facebook Twitter Exit