Last Updated on December 26, 2021 by Admin 3

 CISA : Certified Information Systems Auditor : Part 167

  1. Which of the following BEST guards against the risk of attack by hackers?

    • Tunneling
    • Firewalls
    • Encryption
    • Message validation



  2. Due to a global pandemic, a health organization has instructed its employees to work from home as much as possible. The employees communicate using instant messaging. Which of the following is the GREATEST risk in this situation?

    • Employee productivity may decrease when working from home.
    • The capacity of servers may not allow all users to connect simultaneously.
    • Employees may exchange patient information through less secure methods.
    • Home office setups may not be compliant with workplace health and safety requirements.
  3. An IS auditor finds that a document related to a client has been leaked. Which of the following should be the auditor’s NEXT step?

    • Notify appropriate law enforcement.
    • Report data leakage finding to senior management.
    • Report data leakage finding to regulatory authorities.
    • Determine the classification of data leaked.
  4. A financial institution is launching a mobile banking service utilizing multi-factor authentication. This access control is an example of which of the following?

    • Directive control
    • Detective control
    • Preventive control
    • Corrective control
  5. Which of the following is the BEST way to ensure that business continuity plans (BCPs) will work effectively in the event of a major disaster?

    • Regularly update business impact assessments.
    • Make senior managers responsible for their plan sections.
    • Prepare detailed plans for each business function.
    • Involve staff at all levels in periodic paper walk-through exercises.
  6. Which of the following is the PRIMARY reason for using a digital signature?

    • Authenticate the sender of a message
    • Provide confidentiality to the transmission
    • Provide availability to the transmission
    • Verify the integrity of the data and the identity of the recipient
  7. Which of the following is MOST important to include in a contract to outsource data processing that involves customer personally identifiable information (PII)?

    • The vendor must provide an independent report of its data processing facilities.
    • The vendor must sign a nondisclosure agreement (NDA) with the organization.
    • The vendor must compensate the organization if service levels are not met.
    • The vendor must comply with the organization’s legal and regulatory requirements.
  8. The activation of a pandemic response plan has resulted in a remote workforce situation. Which of the following technologies poses the GREATEST risk to data confidentiality?

    • Rapid increase in the number of virtual private network (VPN) users
    • Remotely managed network switches
    • BYOD devices without adequate endpoint protection
    • On-premise employee workstations left unattended
  9. Which of the following techniques would provide the BEST assurance to an IS auditor that all necessary data has been successfully migrated from a legacy system to a modern platform?

    • Interviews with migration staff
    • Statistical sampling
    • Review of logs from the migration process
    • Data analytics
  10. Which of the following are examples of detective controls?

    • Continuity of operations planning and backup procedures
    • Use of access control software and deploying encryption software
    • Check points in production jobs and rerun procedures
    • Source code review and echo checks in telecommunications
  11. Which of the following is the BEST way to reduce sampling risk?

    • Align the sampling approach with the one used by external auditors.
    • Plan the audit in accordance with generally accepted auditing principles.
    • Assign experienced auditors to the sampling process.
    • Ensure each item has an equal chance to be selected.
  12. Which of the following would be of GREATEST concern to an IS auditor reviewing backup and recovery controls?

    • Restores from backups are not periodically tested.
    • Weekly and monthly backups are stored onsite.
    • Backup procedures are not documented.
    • Backups are stored in an external hard drive.
  13. During a database security audit, an IS auditor is reviewing the process used to upload source data. Which of the following is the MOST significant risk area for the auditor to focus on?

    • Data integrity
    • Data sensitivity
    • Data resilience
    • Data normalization
  14. Which of the following is the BEST way to ensure payment transaction data is restricted to the appropriate users?

    • Using a single menu for sensitive application transactions
    • Restricting access to transactions using network security software
    • Implementing two-factor authentication
    • Implementing role-based access at the application level
  15. Which of the following is the GREATEST advantage of vulnerability scanning over penetration testing?

    • Custom-developed applications can be tested more accurately.
    • The testing produces a lower number of false positive results.
    • The testing process can be automated to cover large groups of assets.
    • Network bandwidth is utilized more efficiently.
  16. Which of the following statements appearing in an organization’s acceptable use policy BEST demonstrates alignment with data classification standards related to the protection of information assets?

    • Information assets should only be accessed by persons with a justified need
    • All information assets must be encrypted when stored on the organization’s systems
    • Any information assets transmitted over a public network must be approved by executive management
    • All information assets will be assigned a clearly defined level to facilitate proper employee handling
  17. As part of business continuity planning, which of the following is MOST important to assess when conducting a business impact analysis (BIA)?

    • Risk appetite
    • Recovery scenarios
    • Completeness of critical asset inventory
    • Critical applications in the cloud
  18. Which of the following is the PRIMARY protocol for protecting outbound content from tampering and eavesdropping?

    • Transport Layer Security (TLS)
    • Point-to-Point Protocol (PPP)
    • Secure Shell (SSH)
    • Internet Key Exchange (IKE)
  19. Which of the following would BEST protect the confidentiality of sensitive data in transit between multiple offices?

    • Public key infrastructure (PKI)
    • Kerberos
    • Digital signatures
    • Hash algorithms
  20. Which of the following recommendations by an IS auditor is the BEST control to protect an organization’s corporate network from the guest wireless network?

    • Hide the service set identifier (SSID) of the guest network
    • Place the guest network in its own virtual local area network (LAN)
    • Authenticate devices connecting to the guest network
    • Ensure the guest access point is running the latest software