Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 75

  1. When developing an incident response plan, the information manager should:

    • allow IT to decide which systems can be removed from the infrastructure
    • include response scenarios that have been approved previously by business management
    • require IT to invoke the business continuity plan
    • determine recovery time objectives (RTOs)
  2. Which of the following should be done FIRST when handling multiple confirmed incidents raised at the same time?

    • Categorize incidents by the value of the affected asset.
    • Inform senior management.
    • Update the business impact assessment.
    • Activate the business continuity plan.
  3. Which of the following is the BEST indication of a successful information security culture?

    • Penetration testing is done regularly and findings remediated.
    • End users know how to identify and report incidents.
    • Individuals are given access based on job functions.
    • The budget allocated for information security is sufficient.
  4. Which of the following is MOST influential when defining disaster recovery strategies?

    • Existing server redundancies
    • Maximum tolerable downtime
    • Data classification scheme
    • Annual loss expectancy
  5. Which of the following should be of MOST concern to an IS auditor reviewing an organization’s disaster recovery plan (DRP)?

    • The responsibility for declaring a disaster is not identified.
    • The disaster recovery steps are not detailed.
    • The CIO has not signed off on the DRP.
    • Copies of the DRP are not kept in a secure offsite location.
  6. Which of the following is MOST important for an IS auditor to verify during a disaster recovery audit?

    • Disaster recovery tests are carries out.
    • Regular backups are made and stored offsite.
    • The disaster recovery plan is updated on a regular basis.
    • Media are stored in fireproof cabinets.
  7. An IS auditor observes that an organization’s critical IT systems have experienced several failures throughout the year. Which of the following is the BEST recommendation?

    • Perform a disaster recovery test.
    • Perform a root cause analysis.
    • Contract for a hot site.
    • Implement redundant systems.
  8. Of the following procedures for testing a disaster recovery plan (DRP), which should be used MOST frequently?

    • Unannounced shutdown of the primary computing facility.
    • Review of documented backup and recovery procedures
    • Testing at a secondary site using offsite data backups
    • Preplanned shutdown of the computing facility during an off-peak period
  9. When reviewing a disaster recovery plan (DRP), an IS auditor should examine the:

    • access to the computer site by backup staff.
    • offsite data file storage.
    • uninterruptible power supply (UPS).
    • fire-fighting equipment.
  10. Since data storage of a critical business application is on a redundant array of inexpensive disks (RAID), backups are not considered essential. The IS auditor should recommend proper backups because RAID:

    • relies on proper maintenance.
    • cannot offer protection against disk corruption.
    • cannot recover from a natural disaster.
    • disks cannot be hot-swapped for quick recovery.
  11. Which of the following would be the GREATEST concern when an organization’s disaster recovery strategy utilizes a cold site?

    • The lack of electrical power connections
    • The lack of networking infrastructure
    • The lack of appropriate environmental controls
    • The lack of hardware components availability
  12. Which of the following would be MOST helpful in ensuring security procedures are followed by employees in a multinational organization?

    • Security architecture review
    • Regular clean desk reviews
    • Comprehensive end-user training
    • Regular policy updates by management
  13. Which of the following BEST describes the relationship between vulnerability scanning and penetration testing?

    • For entities with regulatory drivers the two tests must be the same.
    • Both are labor-intensive in preparation, planning and execution.
    • Both utilize a risk-based analysis that considers treats scenarios.
    • The scope of both is determined primarily by the likelihood of exploitation.
  14. An IS audit manager finds that data manipulation logic developed by the audit analytics team leads to incorrect conclusions. This inaccurate logic is MOST likely an indication of which of the following?

    • Incompatibility between data volume and analytics processing capacity.
    • Poor security controls that grant inappropriate access to analysis produced.
    • The team’s poor understanding of the business process being analyzed.
    • Poor change controls over data sets collected from the business.
  15. Which of the following would be the MOST effective method to identify high risk areas in the business to be included in the audit plan?

    • Validate current risk from prior internal audit findings.
    • Review industry reports to identify common risk areas.
    • Engage with management to understand the business.
    • Review external audit reports of the business.
  16. Which of the following approaches would utilize data analytics to facilitate the testing of a new account creation process?

    • Review the business requirements document for date of birth field requirements.
    • Review new account applications submitted in the past month for invalid dates of birth.
    • Evaluate configuration settings for the date of birth field requirements.
    • Attempt to submit new account applications with invalid dates of birth.
  17. Which of the following would be the PRIMARY benefit of replacing physical keys with an electronic badge system for access to a data center?

    • Increasing accountability
    • Maintaining compliance
    • Tracking employee work hours
    • Increasing reliability
  18. Outsourcing the development of business systems is MOST likely to result in the loss of:

    • control over strategic direction.
    • accountability for end products.
    • in-house competencies.
    • responsibility for IT security.
  19. Overall responsibility for approving logical access rights to information assets should reside with the:

    • data and systems owners.
    • systems delivery and operations group.
    • security administrator.
    • systems administrator.
  20. In a complex IS environment, which of the following tasks should be performed by the data owner?

    • Perform technical database maintenance.
    • Perform data restoration when necessary.
    • Review data classifications periodically.
    • Test the validity of backup data.