Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 74

  1. Which of the following provides the BEST assurance that security policies are applied across business operations?

    • Organizational standards are required to be formally accepted.
    • Organizational standards are enforced by technical controls.
    • Organizational standards are included in awareness training.
    • Organizational standards are documented in operational procedures.
  2. What should be a security manager’s PRIMARY objective in the event of a security incident?

    • Identify the source of the breach and how it was perpetrated.
    • Contain the threat and restore operations in a timely manner.
    • Ensure that normal operations are not disrupted.
    • Identify lapses in operational control effectiveness.
  3. Which of the following is the BEST indication that an information security program is effective?

    • The number of reported and confirmed security incidents has increased after awareness training.
    • The security awareness program was developed following industry best practices.
    • The security team has performed a risk assessment to understand the organization’s risk appetite.
    • The security team is knowledgeable and uses the best available tools.
  4. Which of the following would be of GREATEST concern to an IS auditor reviewing an organization’s security incident handling procedures?

    • Annual tabletop exercises are performed instead of functional incident response exercises.
    • Roles for computer emergency response team (CERT) members have not been formally documented.
    • Guidelines for prioritizing incidents have not been identified.
    • Workstation antivirus software alerts are not regularly reviewed.
  5. An organization has suffered a number of incidents in which USB flash drives with sensitive data have been lost. Which of the following would be MOST effective in preventing loss of sensitive data?

    • Modifying the disciplinary policy to be more stringent
    • Implementing a check-in/check-out process for USB flash drives
    • Issuing encrypted USB flash drives to staff
    • Increasing the frequency of security awareness training
  6. Which of the following backup schemes is the BEST option when storage media is limited?

    • Virtual backup
    • Real-time backup
    • Differential backup
    • Full backup
  7. Management has decided to include a compliance manager in the approval process for a new business that may require changes to the IT infrastructure. Which of the following is the GREATEST benefit of this approach?

    • Security breach incidents can be identified in early stages.
    • Regulatory risk exposures can be identified before they materialize.
    • Fewer reviews are needed when updating the IT compliance process.
    • Process accountabilities to external stakeholders are improved.
  8. The prioritization of incident response actions should be PRIMARILY based on which of the following?

    • Scope of disaster
    • Business impact
    • Availability of personnel
    • Escalation process
  9. In the review of a feasibility study for an IS acquisition, the MOST important step is to:

    • determine whether the cost-benefits are achievable.
    • ensure that a contingency plan is in place should the project fail.
    • ensure that the right to audit the vendor has been considered.
    • determine whether security and control requirements have been specified.
  10. Which of the following is a passive attack on a network?

    • Message service interruption
    • Message modification
    • Traffic analysis
    • Sequence analysis
  11. Which of the following is the MAIN purpose of an information security management system?

    • To enhance the impact of reports used to monitor information security incidents
    • To reduce the frequency and impact of information security incidents
    • To identify and eliminate the root causes of information security incidents
    • To keep information security policies and procedures up-to-date
  12. Which of the following would be an INAPPROPRIATE activity for a network administrator?

    • Analyzing network security incidents
    • Prioritizing traffic between subnets
    • Modifying a router configuration
    • Modifying router log files
  13. There is a concern that a salesperson may download an organization’s full customer list from the Software as a Service (SaaS) when leaving to work for a competitor. Which of the following would BEST help to identify this type of incident?

    • Monitor applications logs
    • Disable remote access to the application
    • Implement a web application firewall
    • Implement an intrusion detection system (IDS)
  14. Which of the following is the MOST important incident management consideration for an organization subscribing to a cloud service?

    • Decision on the classification of cloud-hosted data
    • Expertise of personnel providing incident response
    • Implementation of a SIEM in the organization
    • An agreement on the definition of a security incident
  15. Which of the following would be MOST useful to an information security manager when conducting a post-incident review of an attack?

    • Details from intrusion detection system logs
    • Method of operation used by the attacker
    • Cost of the attack to the organization
    • Location of the attacker
  16. An information security manager is preparing an incident response plan. Which of the following is the MOST important consideration when responding to an incident involving sensitive customer data?

    • The assignment of a forensics teams
    • The ability to recover from the incident in a timely manner
    • Following defined post-incident review procedures
    • The ability to obtain incident information in a timely manner
  17. An organization that has outsourced its incident management capabilities just discovered a significant privacy breach by an unknown attacker. Which of the following is the MOST important action of the security manager?

    • Follow the outsourcer’s response plan
    • Refer to the organization’s response plan
    • Notify the outsourcer of the privacy breach
    • Alert the appropriate law enforcement authorities
  18. The effectiveness of an incident response team will be GREATEST when:

    • the incident response process is updated based on lessons learned
    • incidents are identified using a security information and event monitoring (SIEM) system
    • the incident response team members are trained security personnel
    • the incident response team meets on a regular basis to review log files
  19. An external penetration test identified a serious security vulnerability in a critical business application. Before reporting the vulnerability to senior management, the information security manager’s BEST course of action should be to:

    • determine the potential impact with the business owner
    • initiate the incident response process
    • block access to the vulnerable business application
    • report the vulnerability to IT for remediation
  20. When conducting a post-incident review, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:

    • reduce the costs of future preventive controls
    • provide metrics for reporting to senior management
    • verify compliance with the service level agreement (SLA)
    • learn of potential areas of improvement