Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 61

  1. Which of the following strategies BEST optimizes data storage without compromising data retention practices?

    • Limiting the size of the file attachments being sent via email
    • Automatically deleting emails older than one year
    • Moving emails to a virtual email vault after 30 days
    • Allowing employees to store large emails on flash drives
  2. Which of the following provides the MOST reliable audit evidence on the validity of transactions in a financial application?

    • Substantive testing
    • Walk-through reviews
    • Compliance testing
    • Design documentation reviews
  3. Which of the following BEST helps to identify errors during data transfer?

    • Decrease the size of data transfer packets.
    • Test the integrity of the data transfer.
    • Review and verify the data transfer sequence numbers.
    • Enable a logging process for data transfer.
  4. To create a digital signature in a message using asymmetric encryption, it is necessary to:

    • first use a symmetric algorithm for the authentication sequence.
    • encrypt the authentication sequence using a public key.
    • transmit the actual digital signature in unencrypted clear text.
    • encrypt the authentication sequence using a private key.
  5. What is the PRIMARY benefit of prototyping as a method of system development?

    • Reduces the need for testing.
    • Minimizes the time the IS auditor has to review the system.
    • Increases the likelihood of user satisfaction.
    • Eliminates the need for documentation.
  6. To ensure confidentiality through the use of asymmetric encryption, a message is encrypted with which of the following?

    • Sender’s private key
    • Recipient’s private key
    • Sender’s public key
    • Recipient’s public key
  7. Which of the following methods BEST ensures that a comprehensive approach is used to direct information security activities?

    • Creating communication channels
    • Promoting security training
    • Establishing a steering committee
    • Holding periodic meetings with business owners
  8. An organization’s marketing department has requested access to cloud-based collaboration sites for exchanging media files with external marketing companies. As a result, the information security manager has been asked to perform a risk assessment. Which of the following should be the MOST important consideration?

    • The information to be exchanged
    • Methods for transferring the information
    • Reputations of the external marketing companies
    • The security of the third-party cloud provider
  9. Which of the following is the BEST reason for delaying the application of a critical security patch?

    • Lack of vulnerability management
    • Conflicts with software development life cycle
    • Technology interdependencies
    • Resource limitations
  10. Which of the following is the MOST important reason to document information security incidents that are reported across the organization?

    • Prevent incident recurrence.
    • Support business investments in security.
    • Identify unmitigated risk.
    • Evaluate the security posture of the organization.
  11. A message is being sent with a hash. The risk of an attacker changing the message and generating an authentic hash value can be mitigated by:

    • requiring the recipient to use a different hash algorithm.
    • generating hash output that is the same size as the original message.
    • using a secret key in conjunction with the hash algorithm.
    • using the sender’s public key to encrypt the message.
  12. Which of the following is the MOST effective data loss control when connecting a personally owned mobile device to the corporate email system?

    • A senior manager must approve each new connection.
    • Email synchronization must be prevented when connected to a public Wi-Fi hotspot.
    • Email must be stored in an encrypted format on the mobile device.
    • Users must agree to allow the mobile device to be wiped if it is lost.
  13. A payroll application system accepts individual user sign-on IDs and then connects to its database using a single application ID. The GREATEST weakness under this system architecture is that:

    • an incident involving unauthorized access to data cannot be tied to a specific user.
    • when multiple sessions with the same application ID collide, the database locks up.
    • users can gain direct access to the application ID and circumvent data controls.
    • the database becomes unavailable if the password of the application ID expires.
  14. Which of the following is the MOST effective mitigation strategy to protect confidential information from insider threats?

    • Implementing authentication mechanisms
    • Performing an entitlement review process
    • Defining segregation of duties
    • Establishing authorization controls.
  15. A contract bid is digitally signed and electronically mailed. The PRIMARY advantage to using a digital signature is that:

    • the bid cannot be forged even if the keys are compromised.
    • the bid and the signature can be copied from one document to another.
    • the signature can be authenticated even if no encryption is used.
    • any alteration of the bid will invalidate the signature.
  16. Which of the following functions is MOST critical when initiating the removal of system access for terminated employees?

    • Legal
    • Help desk
    • Human resources
    • Information security
  17. Labeling information according to its security classification:

    • reduces the need to identify baseline controls for each classification.
    • reduces the number and type of countermeasures required.
    • enhances the likelihood of people handling information securely.
    • affects the consequences if information is handled insecurely.
  18. Which of the following MOST effectively prevents internal users from modifying sensitive data?

    • Network segmentation
    • Multi-factor authentication
    • Acceptable use policies
    • Role-based access controls
  19. Which of the following is the PRIMARY benefit to an organization using an automated event monitoring solution?

    • Enhanced forensic analysis
    • Improved response time to incidents
    • Improved network protection
    • Reduced need for manual analysis
  20. Which of the following would present the GREATEST need to revise information security policies?

    • An increase in reported incidents
    • A merger with a competing company
    • Implementation of a new firewall
    • Changes in standards and procedures