Last Updated on December 13, 2021 by Admin 3

 CISA : Certified Information Systems Auditor : Part 122

  1. When an operating system is being hardened, it is MOST important for an information security manager to ensure that:

    • default passwords are changed.
    • anonymous access is removed.
    • file access is restricted.
    • system logs are activated.
  2. What should be the PRIMARY objective of conducting interviews with business unit managers when developing an information security strategy?

    • Obtain information on department goals.
    • Classify information assets.
    • Identify data and system ownership.
    • Determine information types.
  3. Which of the following will BEST provide an organization with ongoing assurance of the information security services provided by a cloud provider?

    • Continuous monitoring of an information security risk profile
    • Evaluating the provider’s security incident response plan
    • Requiring periodic self-assessment by the provider
    • Ensuring the provider’s roles and responsibilities are established
  4. Meeting which of the following security objectives BEST ensures that information is protected against unauthorized modification?

    • Availability
    • Authenticity
    • Confidentiality
    • Integrity
  5. Which of the following is MOST effective against system intrusions?

    • Continuous monitoring
    • Layered protection
    • Penetration testing
    • Two-factor authentication
  6. Which of the following is MOST important to consider when developing a disaster recovery plan?

    • Business continuity plan (BCP)
    • Feasibility assessment
    • Business impact analysis (BIA)
    • Cost-benefit analysis
  7. Within the confidentiality, integrity, and availability (CIA) triad, which of the following activities BEST supports the concept of integrity?

    • Ensuring encryption for data in transit
    • Implementing a data classification schema
    • Utilizing a formal change management process
    • Enforcing service level agreements (SLAs)
  8. Which of the following is the MOST effective approach for integrating security into application development?

    • Including security in user acceptance testing sign-off
    • Performing vulnerability scans
    • Developing security models in parallel
    • Defining security requirements
  9. Which of the following threats is prevented by using token-based authentication?

    • Password sniffing attack on the network
    • Session eavesdropping attack on the network
    • Man-in-the-middle attack on the client
    • Denial of service attack over the network
  10. Which of the following tools BEST demonstrate the effectiveness of the information security program?

    • A security balanced scorecard
    • Management satisfaction surveys
    • Risk heat map
    • Key risk indicators (KRIs)
  11. Which of the following is the PRIMARY reason social media has become a popular target for attack?

    • The accessibility of social media from multiple locations
    • The prevalence of strong perimeter protection
    • The reduced effectiveness of access controls
    • The element of trust created by social media
  12. Which of the following is an example of a change to the external threat landscape?

    • Organizational security standards have been modified.
    • A commonly used encryption algorithm has been compromised.
    • New legislation has been enacted in a region where the organization does business.
    • Infrastructure changes to the organization have been implemented.
  13. Which of the following would MOST likely require a business continuity plan to be invoked?

    • A distributed denial of service attack on an email server
    • An unauthorized visitor discovered in the data center
    • An epidemic preventing staff from performing job functions
    • A hacker holding personally identifiable information hostage.
  14. Which of the following is the PRIMARY objective of a business impact analysis (BIA)?

    • Define the recovery point objective (RPO).
    • Analyze vulnerabilities.
    • Confirm control effectiveness.
    • Determine recovery priorities.
  15. Which of the following roles should be PRIMARILY responsible for assigning sensitivity levels to an organization’s financial and payroll databases?

    • Information security manager
    • Data owner
    • Systems administrator
    • Database administrator
  16. The PRIMARY benefit of integrating information security activities into change management processes is to:

    • protect the organization from unauthorized changes.
    • ensure required controls are included in changes.
    • provide greater accountability for security-related changes in the business.
    • protect the business from collusion and compliance threats.
  17. Which of the following provides the BEST indication that the information security program is in alignment with enterprise requirements?

    • The security strategy is benchmarked with similar organizations.
    • The information security manager reports to the chief executive officer.
    • An IT governance committee is in place.
    • Security strategy objectives are defined in business terms.
  18. Following a malicious security incident, an organization has decided to prosecute those responsible. Which of the following will BEST facilitate the forensic investigation?

    • Identifying the affected environment
    • Performing a backup of affected systems
    • Determining the degree of loss
    • Maintaining chain of custody
  19. Which of the following would BEST justify spending for a compensating control?

    • Peer benchmarking
    • Risk analysis
    • Threat analysis
    • Vulnerability analysis
  20. The PRIMARY purpose of vulnerability assessments is to:

    • detect deficiencies that could lead to a system compromise.
    • provide clear evidence that the system is sufficiently secure.
    • test intrusion detection systems (IDS) and response procedures.
    • determine the impact of potential threats.