Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 110

  1. Which of the following is the GREATEST advantage of application penetration testing over vulnerability scanning?

    • Penetration testing does not require a special skill set to be executed.
    • Penetration testing provides a more accurate picture of gaps in application controls.
    • Penetration testing can be conducted in a relatively short time period.
    • Penetration testing creates relatively smaller risks to application availability and integrity.
  2. A bank is relocating its servers to a vendor that provides data center hosting services to multiple clients. Which of the following controls would restrict other clients from physical access to the bank’s servers?

    • Closed-circuit television cameras
    • Locking server cages
    • Biometric access at all data center entrances
    • 24-hour security guards
  3. Which of the following is the BEST approach to identify whether a vulnerability is actively being exploited?

    • Implement key performance indicators (KPIs).
    • Conduct a penetration test.
    • Review service desk reports.
    • Perform log analysis.
  4. Which of the following validation techniques would BEST prevent duplicate electronic vouchers?

    • Cyclic redundancy check
    • Edit check
    • Reasonableness check
    • Sequence check
  5. On a daily basis, an in-house development team moves duplicate copies of production data containing personally identifiable information (PII) to the test environment. Which of the following is the BEST way to mitigate the privacy risk involved?

    • Require data owners to sign off on production data.
    • Encrypt the data file.
    • Obtain customer opt-in acceptances.
    • Sanitize the data in the test environment.
  6. Which of the following is the BEST indicator of the effectiveness of signature-based intrusion detection systems (IDSs)?

    • An increase in the number of identified false positives
    • An increase in the number of unfamiliar sources of intruders
    • An increase in the number of detected incidents not previously identified
    • An increase in the number of internally reported critical incidents
  7. Which of the following would BEST detect logic bombs in the new programs?

    • Final acceptance testing by users
    • Parallel/pilot testing
    • Regression testing
    • Independent program review
  8. Which of the following is the MOST effective way to prevent unauthorized changes from being moved into production?

    • Conduct periodic review of change tickets to ensure all change documentation is attached.
    • Enforce segregation of duties between developers and migrators.
    • Perform thorough testing of changes in the test environment.
    • Require approval of changes by the appropriate business process owners.
  9. The FIRST course of action an investigator should take when a computer is being attacked is to:

    • terminate all active processes.
    • copy the contents of the hard drive.
    • disconnect it from the network.
    • disconnect the power source.
  10. In which phase of penetration testing would host detection and domain name system (DNS) interrogation be performed?

    • Reporting
    • Attacks
    • Discovery
    • Planning
  11. Which of the following would be the MOST likely reason for an intrusion prevention system (IPS) being unable to block an ongoing web attack?

    • The firewall is not configured properly.
    • The network design contains flaws.
    • Monitoring personnel are not proactive.
    • Signatures are outdated.
  12. Which of the following will BEST protect the confidentiality of data stored on the hard drive of a laptop computer?

    • Encryption of the data
    • A boot password
    • Physical locks and alarms
    • Biometric access control
  13. Due to the increasing size of a database, user access times and daily backups continue to increase. Which of the following is the BEST way to address this situation?

    • Data modeling
    • Data visualization
    • Data mining
    • Data purging
  14. Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:

    • business impact analysis (BIA).
    • threat and risk assessment.
    • business continuity plan (BCP).
    • disaster recovery plan (DRP).
  15. Which of the following protects against the impact of temporary and rapid decreases or increases in electricity?

    • Redundant power supply
    • Emergency power-off switch
    • Stand-by generator
    • Uninterruptible power supply (UPS)
  16. An organization using instant messaging to communicate with customers can prevent legitimate customers from being impersonated by:

    • using call monitoring.
    • using firewalls to limit network traffic to authorized ports.
    • logging conversations.
    • authenticating users before conversations are initiated.
  17. During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST:

    • perform a business impact analysis (BIA).
    • issue an intermediate report to management.
    • evaluate the impact on current disaster recovery capability.
    • сonduct additional compliance testing.
  18. During the testing of the business continuity plan (BCP), which of the following methods of results analysis provides the BEST assurance that the plan is workable?

    • Measurement of accuracy
    • Elapsed time for completion of critical tasks
    • Quantitatively measuring the results of the test
    • Evaluation of the observed test results

    Explanation: 
    It is important to have ways to measure the success of the plan and tests against the stated objectives. Therefore, results must be quantitatively gauged as opposed to an evaluation based only on observation. Quantitatively measuring the results of the test involves a generic statement measuring all the activities performed during BCP, which gives the best assurance of an effective plan. Although choices A and B are also quantitative, they relate to specific areas, or an analysis of results from one viewpoint, namely the accuracy of the results and the elapsed time.
    Reference: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 5: Disaster Recovery and Business Continuity (page 269).

  19. Which of the following statements regarding an off-site information processing facility is TRUE?

    • It should have the same amount of physical access restrictions as the primary processing site.
    • It should be located in proximity to the originating site so that it can quickly be made operational.
    • It should be easily identified from the outside so in the event of an emergency it can be easily found.
    • Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive.
    Explanation:

    It is very important that the offsite has the same restrictions in order to avoided misuse.

    The following answers are incorrect because:

    It should be located in proximity to the originating site so that it can quickly be made operational is incorrect as the offsite is also subject to the same disaster as of the primary site.

    It should be easily identified from the outside so in the event of an emergency it can be easily found is also incorrect as it should not be easily identified to prevent intentional sabotage.

    Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive is also incorrect as it should be like its primary site.

    Reference: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, chapter 5: Disaster Recovery and Business Continuity (page 265).

  20. Business Continuity Planning (BCP) is not defined as a preparation that facilitates:

    • the rapid recovery of mission-critical business operations
    • the continuation of critical business functions
    • the monitoring of threat activity for adjustment of technical controls
    • the reduction of the impact of a disaster
    Explanation:

    The following answers are incorrect:
    All of the other choices are facilitated by a BCP:

    the continuation of critical business functions
    the rapid recovery of mission-critical business operations
    the reduction of the impact of a disaster