Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 63

  1. The BEST test to determine whether an application’s internal security controls are configured in compliance with the organization’s security standards is an evaluation of the:

    • availability and frequency of security reports
    • intrusion detection system (IDS) logs
    • application’s user accounts and passwords
    • business application’s security parameter settings
  2. Which of the following could provide an organization with the fastest resumption of processing following a disk failure?

    • Server load balancing
    • Mirroring
    • Open database connectivity (ODBC) of the backup server
    • Replication
  3. The members of an emergency incident response team should be:

    • selected from multiple departments
    • assigned at the time of each incident
    • restricted to IT personnel
    • appointed by the CISO
  4. What is the MOST important role of a Certificate Authority (CA) when a private key becomes compromised?

    • Issue a new private key to the user
    • Refresh the key information database in the certificate publishing server
    • Publish the certificate revocation lists (CRL) into the repository
    • Refresh the metadata of the certificates
  5. Which of the following is the BEST way to increase the effectiveness of security incident detection?

    • Determining containment activities based on the type of incident
    • Establishing service level agreements (SLAs) with appropriate forensic service providers
    • Educating end users on identifying suspicious activity
    • Documenting root cause analysis procedures
  6. Several remote users have been unable to communicate with a secured network news transfer protocol (NNTP) server. Of the following, the MOST likely cause is:

    • the use of a password cracker
    • a hacker impersonating the server
    • a hacker using a sniffer
    • a replay attack by an eavesdropper
  7. Which of the following MOST effectively provides assurance of ongoing service delivery by a vendor?

    • Regular status reporting provided by the vendor
    • Short incident response time by the vendor
    • Pre-defined service and operational level agreements
    • Regular monitoring by service management team
  8. Which of the following tests is MOST likely to detect an error in one subroutine resulting from a recent change in another subroutine?

    • Stress testing
    • Regression testing
    • User acceptance testing
    • Black-box testing
  9. Reconciliations have identified data discrepancies between an enterprise data warehouse and a revenue system for key financial reports. What is the GREATEST risk to the organization in this situation?

    • The key financial reports may no longer be produced
    • Financial reports may be delayed
    • Undetected fraud may occur
    • Decisions may be made based on incorrect information
  10. Which of the following is the MOST important feature of access control software?

    • Authentication
    • Violation reporting
    • Nonrepudiation
    • Identification
  11. The BEST access strategy while configuring a firewall would be to:

    • permit access to all and log the activity
    • deny access to all but permit selected
    • permit access to all but deny selected
    • deny access to all except authorized programs
  12. For several years, a vendor has been providing offsite backup media and record storage for a bank. Due to familiarity with bank employees, the vendor does not consistently require authorization forms from them to retrieve media. Which of the following is the GREATEST risk from this situation?

    • Bank employees can inappropriately obtain sensitive records
    • Backup tapes may not be available
    • Chain of custody could not be validated
    • The vendor provides the incorrect media to employees
  13. Following a successful attack on an organization’s web server, which of the following actions should be performed FIRST?

    • Review the boundary configuration rules to ensure that outbound packets are limited
    • Evaluate and deploy an intrusion detection system
    • Periodically scan the network for systems with well-known vulnerabilities
    • Establish reference systems using cryptographic checksum tools
  14. Which of the following application input controls would MOST likely detect data input errors in the customer account number field during the processing of an accounts receivable transaction?

    • Validity check
    • Reasonableness check
    • Parity check
    • Limit check
  15. A firewall has been installed on the company’s web server. Which concern does the firewall address?

    • Availability of the information
    • Unauthorized modification of information by internal users
    • Accessing information by the outside world
    • Connectivity to the Internet
  16. An organization is within a jurisdiction where new regulations have recently been announced to restrict cross-border data transfer of personally identifiable information (PII). Which of the following IT decisions will MOST likely need to be assessed in the context of this change?

    • Hosting the payroll system at an external cloud service provider
    • Purchasing cyber insurance from an overseas insurance company
    • Applying encryption to database hosting PII data
    • Hiring IT consultants from overseas
  17. A recent audit concluded that an organization’s information security system was weak and that monitoring would likely fail to detect penetration. Which of the following would be the MOST appropriate recommendation?

    • Look continually for new criminal behavior and attacks on sensitive data
    • Establish a clear policy related to security and the handling of sensitive data
    • Encrypt sensitive data while strengthening the system
    • Identify and periodically remove sensitive data that is no longer needed
  18. A data breach has occurred at a third-party vendor used by an organization to outsource the processing of its customer data. What should be management’s FIRST course of action?

    • Activate the disaster recovery plan
    • Notify the insurance company of the potential claim
    • Activate the incident management process
    • Take legal action against the service provider for reputation damage
  19. Which of the following should be performed immediately after a computer security incident has been detected and analyzed by an incident response team?

    • Assess the impact of the incident on critical systems
    • Categorize the incident
    • Eradicate the component that caused the incident
    • Contain the incident before it spreads
  20. An advantage of installing a thin client architecture in a local area network (LAN) is that this would:

    • stabilize network bandwidth requirements
    • facilitate the updating of software versions
    • ensure application availability when the server is down
    • reduce the risk of a single point of failure