Last Updated on December 13, 2021 by Admin 3

 CISA : Certified Information Systems Auditor : Part 134

  1. An organization’s current end-user computing practices include the use of a spreadsheet for financial statements. Which of the following is the GREATEST concern?

    • Formulas are not protected against unintended changes.
    • The spreadsheet contains numerous macros.
    • Operational procedures have not been reviewed in the current fiscal year.
    • The spreadsheet is not maintained by IT.
  2. A government organization uses standard Wi-Fi Protected Access 2 (WPA2) to protect confidential information transmitted to a file server. Which of the following is the IS auditor’s BEST recommendation to further strengthen security?

    • Certificate-based authentication
    • Network address translation (NAT)
    • Media access control (MAC) address filtering
    • Service set identifier (SSID) masking
  3. An IS auditor is assessing an organization’s data loss prevention (DLP) solution for protecting intellectual property from insider theft. Which of the following would the auditor consider MOST important for effective data protection?

    • Employee training on information handling
    • Creation of DLP policies and procedures
    • Encryption of data copied to flash drives
    • Identification and classification of sensitive data
  4. An IS auditor finds that the process for removing access for terminated employees is not documented. What is the MOST significant risk from this observation?

    • Procedures may not align with best practices.
    • HR records may not match system access.
    • Unauthorized access cannot be identified.
    • Access rights may not be removed in a timely manner.
  5. Which of the following scenarios would enable a forensic investigation?

    • The suspected computer was rebooted, and the evidence log file was converted to a readable format for further analysis.
    • The incident response team prepared a final report for the forensic investigator and deleted the original file securely to avoid further damage.
    • The media in question was preserved using imaging, and chain of custody was documented according to the organization’s incident response plan.
    • Incident response team members extracted the logs showing the suspicious activity and added their notes before submitting for investigation.
  6. What is an IS auditor’s BEST recommendation to management if a review of the incident management process finds multiple instances of incident tickets remaining open for an unusually long time?

    • Implement reporting of key performance indicators (KPIs) for ticket closure.
    • Increase the number of help desk staff to enable faster ticket closure.
    • Manually review the identified tickets and mark as closed in the system.
    • Configure the system to automatically close tickets after a defined period.
  7. An organization recently experienced a phishing attack that resulted in a breach of confidential information. Which of the following would be MOST relevant for an IS auditor to review when determining the root cause of the incident?

    • Email configurations
    • Simple mail transfer protocol (SMTP) logging
    • Browser configurations
    • Audit logging
  8. Which of the following is MOST important to include in an organization’s incident response plan to help prevent similar incidents from happening in the future?

    • Documentation of incident details
    • Incident closure procedures
    • Containment and neutralization actions
    • Post-incident review
  9. An IS auditor reviewing security incident processes realizes incidents are resolved and closed, but root causes are not investigated. Which of the following should be the MAJOR concern with this situation?

    • Abuses by employees have not been reported.
    • Vulnerabilities have not been properly addressed.
    • Security incident policies are out of date.
    • Lessons learned have not been properly documented.
  10. Which of the following is the BEST indication of an effective incident management process?

    • Percentage of incidents where root cause has been identified
    • Percentage of incidents closed without escalation
    • Number of calls to the help desk
    • Number of incidents reviewed by the IT management
  11. Which of the following metrics would be MOST helpful to an IS auditor in evaluating an organization’s security incident response management capability?

    • Number of business interruptions due to IT security incidents per year.
    • Number of IT security incidents reported per month
    • Number of malware infections in business applications detected per day.
    • Number of alerts generated by intrusion detection systems (IDS) per minute.
  12. The MAIN reason an organization’s incident management procedures should include a post-incident review is to:

    • ensure evidence is collected for possible post-event litigation.
    • take appropriate action when procedures are not followed.
    • enable better reporting for executives and the audit committee.
    • improve processes by learning from identified weaknesses.
  13. Which of the following is MOST important for the improvement of an organization’s incident response processes?

    • Post-event reviews by the incident response team
    • Regular upgrades to incident management software
    • Ongoing incident response training for users
    • Periodic walk-through of incident response procedures
  14. An IS auditor has discovered that unauthorized customer management software was installed on a workstation. The auditor determines the software has been uploading customer data to an external party. Which of the following is the IS auditor’s BEST course of action?

    • Review other workstations to determine the extent of the incident.
    • Determine the number of customer records that were uploaded.
    • Notify the incident response team.
    • Present the issue at the next audit progress meeting.
  15. The PRIMARY reason an IS department should analyze past incidents and problems is to:

    • determine if all incidents and problems are reported.
    • assign responsibility for problems.
    • assess help desk performance.
    • identify the causes of recurring incidents and problems.
  16. Which of the following is the MAIN purpose of implementing an incident response process?

    • Provide substantial audit-trail evidence.
    • Assign roles and responsibilities.
    • Comply with policies and procedures.
    • Manage impact due to breaches.
  17. An IS auditor learns a server administration team regularly applies workarounds to address repeated failures of critical data processing services. Which of the following would BEST enable the organization to resolve this issue?

    • Service level management
    • Change management
    • Problem management
    • Incident management
  18. When an intrusion into an organization’s network is detected, which of the following should be performed FIRST?

    • Block all compromised network nodes.
    • Protect information in the compromised systems.
    • Develop a response to the incident.
    • Identify nodes that have been compromised.
  19. Which of the following is MOST important for an IS auditor to consider when reviewing the effectiveness of an incident response program?

    • Incidents are categorized according to industry standards.
    • Lessons learned are incorporated into incident response processes.
    • Incidents are escalated to senior management in a timely manner.
    • The plan is reviewed and updated annually.
  20. Which of the following is the GREATEST benefit of implementing an incident management process?

    • Opportunity for frequent reassessment of incidents
    • Reduction in security threats
    • Reduction in the business impact of incidents
    • Reduction of costs by the efficient use of resources