Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 62

  1. When information security management is receiving an increased number of false positive incident reports, which of the following is MOST important to review?

    • The security awareness programs
    • Post-incident analysis results
    • The risk management processes
    • Firewall logs
  2. What should the information security manager do FISRT when end users express that new security controls are too restrictive?

    • Perform a risk assessment on modifying the control environment.
    • Perform a cost-benefit analysis on modifying the control environment.
    • Conduct a business impact analysis (BIA).
    • Obtain process owner buy-in to remove the controls.
  3. Which of the following is the BEST method to defend against social engineering attacks?

    • Periodically perform antivirus scans to identify malware.
    • Communicate guidelines to limit information posted to public sites.
    • Monitor for unauthorized access attempts and failed logins.
    • Employ the use of a web-content filtering solution.
  4. Which of the following BEST reduces the likelihood of leakage of private information via email?

    • Strong user authentication protocols
    • Email encryption
    • Prohibition on the personal use of email
    • User awareness training
  5. Which of the following should be PRIMARILY included in a security training program for business process owners?

    • Application vulnerabilities
    • List of security incidents reported
    • Application recovery time
    • Impact of security risks
  6. What is the MOST effective way to ensure information security incidents will be managed effectively and in a timely manner?

    • Obtain senior management commitment.
    • Test incident response procedures regularly.
    • Communicate incident response procedures to staff.
    • Establish and measure key performance indicators (KPIs).
  7. During an annual security review of an organization’s servers, it was found that the customer service team’s file server, which contains sensitive customer data, is accessible to all user IDs in the organization. Which of the following should the information security manager do FIRST?

    • Report the situation to the data owner.
    • Remove access privileges to the folder containing the data.
    • Train the customer service team on properly controlling file permissions.
    • Isolate the server from the network.
  8. Which of the following is the BEST way to improve the timely reporting of information security incidents?

    • Perform periodic simulations with the incident response team.
    • Incorporate security procedures in help desk processes.
    • Integrate an intrusion detection system (IDS) in the DMZ.
    • Regularly reassess and update the incident response plan.
  9. Which of the following is the PRIMARY purpose of red team testing?

    • To determine the organization’s preparedness for an attack
    • To confirm the risk profile of the organization
    • To assess the vulnerability of employees to social engineering
    • To establish a baseline incident response program
  10. The MOST important reason to use a centralized mechanism to identify information security incidents is to:

    • prevent unauthorized changes to networks.
    • comply with corporate policies.
    • detect potential fraud.
    • detect threats across environments.
  11. When recommending a preventive control against cross-site scripting in web applications, an information security manager is MOST likely to suggest:

    • using https in place of http.
    • hardening of the web server’s operating system.
    • consolidating multiple sites into a single portal.
    • coding standards and code review.
  12. An organization has detected sensitive data leakage caused by an employee of a third-party contractor. What is the BEST course of action to address this issue?

    • Include security requirements in outsourcing contracts.
    • Activate the organization’s incident response plan.
    • Limit access to the third-party contractor.
    • Terminate the agreement with the third-party contractor.
  13. Which of the following external entities would provide the BEST guidance to an organization facing advanced attacks?

    • Recognized threat intelligence communities
    • Open-source reconnaissance
    • Disaster recovery consultants widely endorsed in industry forums
    • Incident response experts from highly regarded peer organizations
  14. A validated patch to address a new vulnerability that may affect a mission-critical server has been released. What should be done immediately?

    • Add mitigating controls.
    • Check the server’s security and install the patch.
    • Conduct an impact analysis.
    • Take the server off-line and install the patch.
  15. Which of the following would be an information security manager’s PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

    • End user acceptance
    • Mobile application control
    • Configuration management
    • Disparate device security
  16. Which of the following is the MOST significant risk associated with the use of virtualization?

    • Insufficient network bandwidth
    • Single point of failure
    • Inadequate configuration
    • Performance issues of hosts
  17. Which of the following is the MOST effective way to verify an organization’s ability to continue its essential business operations after a disruption event?

    • Analysis of end-to-end recovery flow
    • Analysis of recovery point objectives (RPOs)
    • Analysis of call tre
    • Analysis of business impact
  18. During an IS audit of a data center, it was found that programmers are allowed to make emergency fixes to operational programs. Which of the following should be the IS auditor’s PRIMARY recommendation?

    • Bypass use ID procedures should be put in place to ensure that the changes are subject to after-the-event approval and testing
    • The ability to undertake emergency fixes should be restricted to selected key personnel
    • Programmers should be allowed to implement emergency fixes only after obtaining verbal agreement from the application owner
    • Emergency program changes should be subject to program migration and testing procedures before they are applied to operational systems
  19. An IS auditor observes that routine backups of operational databases are taking longer than before. Which of the following would MOST effectively help to reduce backup and recovery times for operational databases?

    • Utilizing database technologies to achieve efficiencies
    • Using solid storage device (SSD) media
    • Requiring a combination of weekly full backups and daily differential backups
    • Archiving historical data in accordance with the data retention policy
  20. Which of the following is the GREATEST concern associated with control self-assessments?

    • Employees may have insufficient awareness of controls
    • Controls may not be assessed objectively
    • Communication between operational management and senior management may not be effective
    • The assessment may not provide sufficient assurance to stakeholders