Last Updated on December 13, 2021 by Admin 3

CISA : Certified Information Systems Auditor : Part 83

  1. Which of the following should be the PRIMARY consideration for IT management when selecting a new information security tool that monitors suspicious file access patterns?

    • Integration with existing architecture
    • Ease of support and troubleshooting
    • Data correlation and visualization capabilities
    • Ability to contribute to key performance indicator data
  2. Which of the following is the MOST critical characteristic of a biometric system?

    • Registration time
    • Throughput rate
    • Accuracy
    • Ease of use
  3. Which of the following will BEST ensure that a proper cutoff has been established to reinstate transactions and records to their condition just prior to a computer system failure?

    • Maintaining system console logs in electronic format
    • Ensuring bisynchronous capabilities on all transmission lines
    • Using a database management system (DBMS) to dynamically back-out partially processed transactions
    • Rotating backup copies of transaction files offsite
  4. Which of the following is the MOST likely cause of a successful firewall penetration?

    • Use of a Trojan to bypass the firewall
    • Loophole in firewall vendor’s code
    • Virus infection
    • Firewall misconfiguration by the administrator
  5. Intrusion detection systems (IDSs) can:

    • substitute for a firewall.
    • compensate for weak authentication mechanisms.
    • conduct investigations of attacks from within the network.
    • provide information to enhance the security infrastructure.
  6. Which of the following is the GREATEST concern with conducting penetration testing on an internally developed application in the production environment?

    • The testing could create application availability issues.
    • The testing may identify only known operating system vulnerabilities.
    • The issues identified during the testing may require significant remediation efforts.
    • Internal security staff may not be qualified to conduct application penetration testing.
  7. What is the MOST important business concern when an organization is about to migrate a mission-critical application to a virtual environment?

    • The organization’s experience with virtual applications
    • Adequacy of the fallback procedures
    • Confidentiality of network traffic
    • Adequacy of the virtual architecture
  8. Which of the following is the PRIMARY reason for database optimization in an environment with a high volume of transactions?

    • Improving availability
    • Maintaining integrity
    • Preventing data leakage
    • Improving performance
  9. Which of the following tasks should be performed during an organization’s business continuity plan (BCP) test?

    • Evaluate the security at the offsite facility.
    • Review the coverage of insurance.
    • Assess the critical information retrieval capability.
    • Review the alternate processing site contract.
  10. A potential risk of executing a program on an Internet site is that it may:

    • install executable code on the computer.
    • lack version control, which may result in the use of an older program.
    • overwrite system files with older versions.
    • be browser-dependent, and therefore abort.
  11. Which of the following would be considered the BEST compensating control to use when an emergency process, rather than the established control procedures, is used for database changes?

    • Using an emergency user account with the access to make changes to the database
    • Using the administrator’s own account to make out-of-hours changes
    • Logging detailed before-and-after images for later review by the administrator
    • Logging user’s ID and change details for later review by the administrator
  12. What is the purpose of a hypervisor?

    • Monitoring the performance of virtual machines
    • Cloning virtual machines
    • Deploying settings to multiple machines simultaneously
    • Running the virtual machine environment
  13. Which of the following is the PRIMARY advantage of single sign-on (SSO)?

    • Improves system performance
    • Ensures good password practices
    • Improves security
    • Reduces administrative workload.
  14. An accounting department uses a spreadsheet to calculate sensitive financial transactions. Which of the following is the MOST important control for maintaining the security of data in the spreadsheet?

    • There is a reconciliation process between the spreadsheet and the finance system.
    • The spreadsheet is locked down to avoid inadvertent changes.
    • A separate copy of the spreadsheet is routinely backed up.
    • Access to the spreadsheet is given only to those who require access.
  15. Which of the following BEST ensures that only authorized software is moved into a production environment?

    • Restricting read/write access to production code to computer programmers only
    • Assigning programming managers to transfer tested programs to production
    • A librarian compiling source code into production after independent testing
    • Requiring programming staff to move tested code into production
  16. Which of the following is the BEST way to help ensure the security of privacy-related data stored by an organization?

    • Encrypt personally identifiable information (PII).
    • Publish the data classification scheme.
    • Inform data owners of the purpose of collecting information.
    • Classify privacy-related data as confidential.
  17. Which of the following controls is MOST appropriate against brute force attacks at login?
    • Storing password files using one-way encryption
    • Locking the account after three invalid passwords
    • Storing passwords under a one-way hash function
    • Increasing the minimum password length to 10 characters
  18. An organization has performance metrics to track how well IT resources are being used, but there has been little progress on meeting the organization’s goals. Which of the following would be MOST helpful to determine the underlying reason?

    • Conducting a root cause analysis
    • Re-evaluating organizational goals
    • Re-evaluating key performance indicators (KPIs)
    • Conducting a business impact analysis (BIA)
  19. Which of the following concerns is BEST addressed by securing production source libraries?

    • Production source and object libraries may not be synchronized.
    • Unauthorized changes can be moved into production.
    • Programs are not approved before production source libraries are updated.
    • Changes are applied to the wrong version of production source libraries.
  20. Which of the following is MOST important for successful incident response?

    • The timeless of attack recognition
    • The ability to trace the source of the attack
    • The quantity of data logged by the attack control tools
    • Blocking the attack route immediately