ExamGecko
Search Search Login
Home Home / Isaca / CISA

Isaca CISA Practice Test - Questions Answers, Page 70

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
The FIRST step in an incident response plan is to:
An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?
Which of the following poses the GREATEST risk to the use of active RFID tags?
An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, which of the following should present the GREATEST concern to the auditor?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?
An IS auditor is reviewing the backup procedures in an organization that has high volumes of data with frequent changes to transactions. Which of the following is the BEST backup scheme to recommend given the need for a shorter restoration time in the event of a disruption?
Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?

Question 691

Report
Export
Collapse

Which type of attack targets security vulnerabilities in web applications to gain access to data sets?

A.
Denial of service (DOS)
A.
Denial of service (DOS)
Answers
B.
SQL injection
B.
SQL injection
Answers
C.
Phishing attacks
C.
Phishing attacks
Answers
D.
Rootkits
D.
Rootkits
Answers
Suggested answer: B

Explanation:

A SQL injection attack is a type of attack that targets security vulnerabilities in web applications to gain access to data sets. A SQL injection attack exploits a flaw in the web application code that allows an attacker to inject malicious SQL statements into the input fields or parameters of the web application. These SQL statements can then execute on the underlying database server and manipulate or retrieve sensitive data from the database. A SQL injection attack can result in data theft, data corruption, unauthorized access, denial of service or even complete takeover of the database server. A denial of service (DOS) attack is a type of attack that aims to disrupt the availability or functionality of a web application or a network service by overwhelming it with excessive requests or traffic. A phishing attack is a type of attack that uses deceptive emails or websites to trick users into revealing their personal or financial information or credentials. A rootkit is a type of malware that hides itself from detection and grants unauthorized access or control over a compromised system.Reference:IS Audit and Assurance Tools and Techniques,CISA Certification | Certified Information Systems Auditor | ISACA

Question 692

Report
Export
Collapse

An organization that operates an e-commerce website wants to provide continuous service to its customers and is planning to invest in a hot site due to service criticality. Which of the following is the MOST important consideration when making this decision?

A.
Maximum tolerable downtime (MTD)
A.
Maximum tolerable downtime (MTD)
Answers
B.
Recovery time objective (RTO)
B.
Recovery time objective (RTO)
Answers
C.
Recovery point objective (RPO)
C.
Recovery point objective (RPO)
Answers
D.
Mean time to repair (MTTR)
D.
Mean time to repair (MTTR)
Answers
Suggested answer: B

Explanation:

The recovery time objective (RTO) is the most important consideration when making a decision to invest in a hot site due to service criticality. The RTO is the maximum acceptable time that an IT service or process can be unavailable or disrupted before it causes significant damage to the business operations and objectives. A hot site is a fully equipped and operational backup facility that can be activated immediately in the event of a disaster or disruption. A hot site can help an organization achieve a very low RTO, as it can resume the service with minimal or no downtime. The maximum tolerable downtime (MTD) is the maximum acceptable time that an IT service or process can be unavailable or disrupted before it causes intolerable damage to the business operations and objectives. The MTD is usually longer than the RTO, as it represents the worst-case scenario. The recovery point objective (RPO) is the maximum acceptable amount of data loss that an IT service or process can tolerate in the event of a disaster or disruption. The RPO is measured in terms of time, such as hours or minutes, and indicates how frequently the data should be backed up or replicated. The mean time to repair (MTTR) is the average time that it takes to restore an IT service or process after a failure or disruption. The MTTR is a measure of the efficiency and effectiveness of the recovery process, but it does not reflect the service criticality or the business impact.Reference:IS Audit and Assurance Tools and Techniques,CISA Certification | Certified Information Systems Auditor | ISACA

Question 693

Report
Export
Collapse

Which of the following is an IS auditor's BEST recommendation for mitigating risk associated with inadvertent disclosure of sensitive information by employees?

A.
Intrusion prevention system (IPS) and firewalls
A.
Intrusion prevention system (IPS) and firewalls
Answers
B.
Data loss prevention (DLP) technologies
B.
Data loss prevention (DLP) technologies
Answers
C.
Cryptographic protection
C.
Cryptographic protection
Answers
D.
Email phishing simulation exercises
D.
Email phishing simulation exercises
Answers
Suggested answer: B

Explanation:

DLP technologies are designed to prevent the unauthorized transmission or leakage of sensitive data, such as PII, intellectual property, or financial information, by employees or other insiders. DLP technologies can monitor, detect, and block data in motion, data at rest, and data in use across various channels, such as email, web, cloud, or removable devices. DLP technologies can also help enforce data security policies and compliance requirements.

Reference

ISACA CISA Review Manual, 27th Edition, page 253

The role of disclosures in risk assessment and mitigation

Mitigate Risk Strategy for Information Management

Question 694

Report
Export
Collapse

Which of the following will provide the GREATEST assurance to IT management that a quality management system (QMS) is effective?

A.
A high percentage of stakeholders satisfied with the quality of IT
A.
A high percentage of stakeholders satisfied with the quality of IT
Answers
B.
Ahigh percentage of incidents being quickly resolved
B.
Ahigh percentage of incidents being quickly resolved
Answers
C.
Ahigh percentage of IT processes reviewed by quality assurance (QA)
C.
Ahigh percentage of IT processes reviewed by quality assurance (QA)
Answers
D.
Ahigh percentage of IT employees attending quality training
D.
Ahigh percentage of IT employees attending quality training
Answers
Suggested answer: A

Explanation:

Stakeholder satisfaction is a key indicator of the effectiveness of a QMS, as it reflects the extent to which the QMS meets the expectations and priorities of the customers and other interested parties. A high percentage of stakeholder satisfaction implies that the QMS is delivering consistent and reliable products or services that meet the quality standards and requirements.

Reference

ISACA CISA Review Manual, 27th Edition, page 253

The Four Main Components of A Quality Management System

The Road to Developing an Effective Quality Management System (QMS)

Question 695

Report
Export
Collapse

Which of the following is the GREATEST risk associated with hypervisors in virtual environments?

A.
Availability issues
A.
Availability issues
Answers
B.
Virtual sprawl
B.
Virtual sprawl
Answers
C.
Single point of failure
C.
Single point of failure
Answers
D.
Lack of patches
D.
Lack of patches
Answers
Suggested answer: C

Explanation:

A single point of failure is a component or system that, if it fails, will cause the entire system to stop functioning. In virtual environments, the hypervisor is the software layer that enables multiple virtual machines to run on a single physical host. If the hypervisor is compromised, corrupted, or unavailable, all the virtual machines running on that host will be affected. This can result in data loss, downtime, or security breaches.

Reference

ISACA CISA Review Manual, 27th Edition, page 254

Virtualization: What are the security risks?

What Is a Hypervisor? (Definition, Types, Risks)

Question 696

Report
Export
Collapse

Which of the following is MOST important for an IS auditor to confirm when reviewing an organization's incident response management program?

A.
All incidents have a severity level assigned.
A.
All incidents have a severity level assigned.
Answers
B.
All identified incidents are escalated to the CEO and the CISO.
B.
All identified incidents are escalated to the CEO and the CISO.
Answers
C.
Incident response is within defined service level agreements (SLAs).
C.
Incident response is within defined service level agreements (SLAs).
Answers
D.
The alerting tools and incident response team can detect incidents.
D.
The alerting tools and incident response team can detect incidents.
Answers
Suggested answer: D

Explanation:

The most important aspect of an incident response management program is the ability to detect incidents in a timely and accurate manner. Without effective detection, the organization cannot respond to incidents, mitigate their impact, or prevent their recurrence. The alerting tools and incident response team are responsible for monitoring the IT environment, identifying anomalies or threats, and notifying the appropriate stakeholders.

Reference

ISACA CISA Review Manual, 27th Edition, page 255

What is an incident response plan? And why do you need one?

ISACA CISA Certified Information Systems Auditor Exam ... - PUPUWEB

Question 697

Report
Export
Collapse

Which of the following is MOST appropriate to review when determining if the work completed on an IT project is in alignment with budgeted costs?

A.
Return on investment (ROI) analysis
A.
Return on investment (ROI) analysis
Answers
B.
Earned value analysis (EVA)
B.
Earned value analysis (EVA)
Answers
C.
Financial value analysis
C.
Financial value analysis
Answers
D.
Business impact analysis (BIA)
D.
Business impact analysis (BIA)
Answers
Suggested answer: B

Explanation:

EVA is a project management technique that measures the performance of a project by comparing the actual work completed, the actual costs incurred, and the planned costs for the work scheduled. EVA can help determine if the project is on track, ahead of schedule, or behind schedule, and if the project is under budget, over budget, or on budget. EVA can also help forecast the final cost and schedule of the project based on the current performance.

Reference

ISACA CISA Review Manual, 27th Edition, page 255

18. Project Completion -- Project Management -- 2nd Edition

How to Measure Project Success | Smartsheet

Question 698

Report
Export
Collapse

The PRIMARY reason to perform internal quality assurance (QA) for an internal audit function is to ensure:

A.
audit resources are used most effectively.
A.
audit resources are used most effectively.
Answers
B.
internal audit activity conforms with audit standards and methodology.
B.
internal audit activity conforms with audit standards and methodology.
Answers
C.
the audit function is adequately governed and meets performance metrics.
C.
the audit function is adequately governed and meets performance metrics.
Answers
D.
inherent risk in audits is minimized.
D.
inherent risk in audits is minimized.
Answers
Suggested answer: B

Explanation:

The primary reason to perform internal QA for an internal audit function is to ensure that the internal audit activity adheres to the Definition of Internal Auditing and the International Standards for the Professional Practice of Internal Auditing (Standards) issued by the Institute of Internal Auditors (IIA), as well as the internal audit methodology and policies of the organization. A QA program enables an evaluation of the internal audit activity's performance, efficiency, effectiveness, and value, and identifies opportunities for improvement. A QA program also helps to enhance the credibility and reputation of the internal audit function among the stakeholders.

Reference

Quality Assurance - The Institute of Internal Auditors or The IIA

Benefits of a quality assurance review for internal audit

Optimize your internal audit function with a quality assurance review ...

Question 699

Report
Export
Collapse

A source code repository should be designed to:

A.
prevent changes from being incorporated into existing code.
A.
prevent changes from being incorporated into existing code.
Answers
B.
prevent developers from accessing secure source code.
B.
prevent developers from accessing secure source code.
Answers
C.
provide secure versioning and backup capabilities for existing code.
C.
provide secure versioning and backup capabilities for existing code.
Answers
D.
provide automatic incorporation and distribution of modified code.
D.
provide automatic incorporation and distribution of modified code.
Answers
Suggested answer: C

Explanation:

A source code repository is a system that stores and manages the source code of a software project. A source code repository should be designed to provide secure versioning and backup capabilities for existing code, as these are essential features for concurrent development, code quality, and disaster recovery. Versioning allows developers to track, compare, and revert changes to the code over time. Backup ensures that the code is safely stored and can be restored in case of data loss or corruption.

Reference

Source Code Repositories: What is a Source Code Repository?

Git Source Code Repository Design Considerations

Best practices for repositories - GitHub Docs

Question 700

Report
Export
Collapse

Which of the following would a digital signature MOST likely prevent?

A.
Repudiation
A.
Repudiation
Answers
B.
Unauthorized change
B.
Unauthorized change
Answers
C.
Corruption
C.
Corruption
Answers
D.
Disclosure
D.
Disclosure
Answers
Suggested answer: B

Explanation:

A digital signature is a cryptographic technique that uses the sender's private key to generate a unique code for a message or document. The receiver can use the sender's public key to verify the authenticity and integrity of the message or document. A digital signature can prevent unauthorized change, as any modification to the message or document will invalidate the signature and alert the receiver of tampering.

Reference

What is a digital signature?

Digital Signature - an overview | ScienceDirect Topics

ISACA CISA Review Manual, 27th Edition, page 253

Total 1.198 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms