Last Updated on December 13, 2021 by Admin 3

 CISA : Certified Information Systems Auditor : Part 136

  1. Which of the following is the MOST effective control to ensure electronic records beyond their retention periods are deleted from IT systems?

    • Review the record retention register regularly to initiate data deletion.
    • Build in system logic to trigger data deletion at predefined times.
    • Perform a sample check of current data against the retention schedule.
    • Execute all data deletions at a predefined month during the year.
  2. Which of the following management decisions presents the GREATEST risk associated with data leakage?

    • Security awareness training is not provided to staff.
    • There is no requirement for desktops to be encrypted.
    • Security policies have not been updated in the past year.
    • Staff are allowed to work remotely.
  3. Capacity management enables organizations to:

    • establish the capacity of network communication links.
    • determine business transaction volumes.
    • forecast technology trends.
    • identify the extent to which components need to be upgraded.
  4. The lack of which of the following represents the GREATEST risk to the quality of developed software?

    • Code reviews
    • Periodic internal audits
    • Load testing
    • An enterprise architecture
  5. An enterprise receiving email should have procedures to control:

    • insufficient end-points.
    • unsolicited executable code.
    • outdated protocols.
    • insufficient connectivity.
  6. Which of the following provides the BEST audit evidence that a firewall is configured in compliance with the organization’s security policy?

    • Analyzing how the configuration changes are performed
    • Performing penetration testing
    • Analyzing log files
    • Reviewing the rule base
  7. Nonrepudiation of the client for e-commerce transactions is accomplished through which of the following control mechanisms?

    • Password security
    • Internet protocol (IP) address verification
    • Public key infrastructure (PKI)
    • Secure Sockets Layer (SSL)
  8. A sales representative is reviewing the organization’s feedback blog and gets redirected to a site that sells illegal prescription drugs. The blog site is MOST likely susceptible to which of the following types of attacks?

    • Directory harvesting
    • SQL injection
    • Cross-site scripting
    • Phishing attack.
  9. To ensure the integrity of a recovered database, which of the following would be MOST useful?

    • Before-and-after transaction images
    • Database defragmentation tools
    • A copy of the data dictionary
    • Application transaction logs
  10. Reorganization of databases is undertaken PRIMARILY to:

    • reduce backout and recovery times.
    • eliminate duplicates and perform data backup.
    • reduce simultaneous update time and index validation.
    • improve data access and retrieval times.
  11. The PRIMARY benefit of using secure shell (SSH) to access a server on a network is that it:

    • provides better session reliability.
    • prevents man-in-the-middle attacks.
    • provides confidentiality of transmitted data.
    • facilitates communication across platforms.
  12. Which of the following would BEST detect that a distributed-denial-of-service attack (DDoS) is occurring?

    • Server crashes
    • Automated monitoring of logs
    • Penetration testing
    • Customer service complaints
  13. Due to the cost restrains, a company defers the replacement of hardware supporting core application. Which of the following represents the GREATEST risk?

    • Maintenance costs may rise.
    • Future upgrades may not be possible.
    • Systems availability may suffer.
    • Eventual replacement may be more expensive.
  14. Which of the following is the BEST source of information for assessing the effectiveness of IT process monitoring?

    • Participative management techniques
    • Quality assurance (QA) reviews
    • Performance data
    • Real-time audit software
  15. Attribute sampling is BEST suited to estimate:

    • compliance with approved procedures.
    • the true monetary value of a population.
    • the total error amount in the population.
    • whether a recorded balance is within limits of materiality.
  16. Which of the following methods should be used to effectively erase sensitive data from portable storage devices that are to be reused?

    • Formatting the portable device
    • Using media sanitization software
    • Overwriting the sensitive data
    • Exposing the portable device to a magnetic field
  17. A database audit reveals an issue with the way data ownership for client data is defined. Which of the following roles should be accountable for this finding?

    • Business management
    • Database administrator (DBA)
    • Information security management
    • Privacy manager
  18. Which of the following would be the MOST appropriate reason for an organization to purchase fault-tolerant hardware?

    • Reducing hardware maintenance costs.
    • Improving system performance.
    • Minimizing business loss.
    • Compensating for the lack of contingency planning
  19. Which of the following is the PRIMARY purpose of documenting and approving an information security policy?

    • To communicate management’s intent for securing the organization’s information assets
    • To mitigate the organization’s information security risk to an acceptable level
    • To ensure awareness of disciplinary procedures for security breaches by authorized users
    • To determine the best approach for implementing information security within the organization
  20. Which of the following is the BEST method for uncovering shadow IT within an organization?

    • Analyze help desk tickets.
    • Review secondary approval thresholds.
    • Use a cloud access security broker (CASB).
    • Review business processes.