Last Updated on December 13, 2021 by Admin 3
CISA : Certified Information Systems Auditor : Part 136
- CISA : Part 1 - 40
- CISA : Part 41 - 80
- CISA : Part 81 - 120
- CISA : Part 121 - 160
- CISA : Part 161 - 172
-
Which of the following is the MOST effective control to ensure electronic records beyond their retention periods are deleted from IT systems?
- Review the record retention register regularly to initiate data deletion.
- Build in system logic to trigger data deletion at predefined times.
- Perform a sample check of current data against the retention schedule.
- Execute all data deletions at a predefined month during the year.
-
Which of the following management decisions presents the GREATEST risk associated with data leakage?
- Security awareness training is not provided to staff.
- There is no requirement for desktops to be encrypted.
- Security policies have not been updated in the past year.
- Staff are allowed to work remotely.
-
Capacity management enables organizations to:
- establish the capacity of network communication links.
- determine business transaction volumes.
- forecast technology trends.
- identify the extent to which components need to be upgraded.
-
The lack of which of the following represents the GREATEST risk to the quality of developed software?
- Code reviews
- Periodic internal audits
- Load testing
- An enterprise architecture
-
An enterprise receiving email should have procedures to control:
- insufficient end-points.
- unsolicited executable code.
- outdated protocols.
- insufficient connectivity.
-
Which of the following provides the BEST audit evidence that a firewall is configured in compliance with the organization’s security policy?
- Analyzing how the configuration changes are performed
- Performing penetration testing
- Analyzing log files
- Reviewing the rule base
-
Nonrepudiation of the client for e-commerce transactions is accomplished through which of the following control mechanisms?
- Password security
- Internet protocol (IP) address verification
- Public key infrastructure (PKI)
- Secure Sockets Layer (SSL)
-
A sales representative is reviewing the organization’s feedback blog and gets redirected to a site that sells illegal prescription drugs. The blog site is MOST likely susceptible to which of the following types of attacks?
- Directory harvesting
- SQL injection
- Cross-site scripting
- Phishing attack.
-
To ensure the integrity of a recovered database, which of the following would be MOST useful?
- Before-and-after transaction images
- Database defragmentation tools
- A copy of the data dictionary
- Application transaction logs
-
Reorganization of databases is undertaken PRIMARILY to:
- reduce backout and recovery times.
- eliminate duplicates and perform data backup.
- reduce simultaneous update time and index validation.
- improve data access and retrieval times.
-
The PRIMARY benefit of using secure shell (SSH) to access a server on a network is that it:
- provides better session reliability.
- prevents man-in-the-middle attacks.
- provides confidentiality of transmitted data.
- facilitates communication across platforms.
-
Which of the following would BEST detect that a distributed-denial-of-service attack (DDoS) is occurring?
- Server crashes
- Automated monitoring of logs
- Penetration testing
- Customer service complaints
-
Due to the cost restrains, a company defers the replacement of hardware supporting core application. Which of the following represents the GREATEST risk?
- Maintenance costs may rise.
- Future upgrades may not be possible.
- Systems availability may suffer.
- Eventual replacement may be more expensive.
-
Which of the following is the BEST source of information for assessing the effectiveness of IT process monitoring?
- Participative management techniques
- Quality assurance (QA) reviews
- Performance data
- Real-time audit software
-
Attribute sampling is BEST suited to estimate:
- compliance with approved procedures.
- the true monetary value of a population.
- the total error amount in the population.
- whether a recorded balance is within limits of materiality.
-
Which of the following methods should be used to effectively erase sensitive data from portable storage devices that are to be reused?
- Formatting the portable device
- Using media sanitization software
- Overwriting the sensitive data
- Exposing the portable device to a magnetic field
-
A database audit reveals an issue with the way data ownership for client data is defined. Which of the following roles should be accountable for this finding?
- Business management
- Database administrator (DBA)
- Information security management
- Privacy manager
-
Which of the following would be the MOST appropriate reason for an organization to purchase fault-tolerant hardware?
- Reducing hardware maintenance costs.
- Improving system performance.
- Minimizing business loss.
- Compensating for the lack of contingency planning
-
Which of the following is the PRIMARY purpose of documenting and approving an information security policy?
- To communicate management’s intent for securing the organization’s information assets
- To mitigate the organization’s information security risk to an acceptable level
- To ensure awareness of disciplinary procedures for security breaches by authorized users
- To determine the best approach for implementing information security within the organization
-
Which of the following is the BEST method for uncovering shadow IT within an organization?
- Analyze help desk tickets.
- Review secondary approval thresholds.
- Use a cloud access security broker (CASB).
- Review business processes.
- CISA : Part 1 - 40
- CISA : Part 41 - 80
- CISA : Part 81 - 120
- CISA : Part 121 - 160
- CISA : Part 161 - 172