ExamGecko
Search Search Login
Home Home / Isaca / CISA

Isaca CISA Practice Test - Questions Answers, Page 74

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
The FIRST step in an incident response plan is to:
An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?
Which of the following poses the GREATEST risk to the use of active RFID tags?
An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, which of the following should present the GREATEST concern to the auditor?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?
An IS auditor is reviewing the backup procedures in an organization that has high volumes of data with frequent changes to transactions. Which of the following is the BEST backup scheme to recommend given the need for a shorter restoration time in the event of a disruption?
Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?

Question 731

Report
Export
Collapse

From a risk management perspective, which of the following is the BEST approach when implementing a large and complex data center IT infrastructure?

A.
Simulating the new infrastructure before deployment
A.
Simulating the new infrastructure before deployment
Answers
B.
Prototyping and a one-phase deployment
B.
Prototyping and a one-phase deployment
Answers
C.
A deployment plan based on sequenced phases
C.
A deployment plan based on sequenced phases
Answers
D.
A big bang deployment with a successful proof of concept
D.
A big bang deployment with a successful proof of concept
Answers
Suggested answer: C

Explanation:

The best approach from a risk management perspective when implementing a large and complex data center IT infrastructure is to use a deployment plan based on sequenced phases, as this will allow the organization to break down the project into manageable and measurable stages, and to monitor and control the progress, quality, and outcomes of each phase12.A phased deployment plan can also help to reduce the risks of errors, failures, or disruptions that could affect the entire infrastructure, and to implement corrective actions or contingency plans as needed34.

Reference

1: Data Center Project Planning: A Guide to Success22: Data Center Project Planning: A Guide to Success43: Data Center Migration: A Step-by-Step Guide34: Data Center Migration: A Step-by-Step Guide1

Question 732

Report
Export
Collapse

Which of the following is the BEST way to mitigate risk to an organization's network associated with devices permitted under a bring your own device (BYOD) policy?

A.
Require personal devices to be reviewed by IT staff.
A.
Require personal devices to be reviewed by IT staff.
Answers
B.
Enable port security on all network switches.
B.
Enable port security on all network switches.
Answers
C.
Implement a network access control system.
C.
Implement a network access control system.
Answers
D.
Ensure the policy requires antivirus software on devices.
D.
Ensure the policy requires antivirus software on devices.
Answers
Suggested answer: C

Explanation:

The best way to mitigate risk to an organization's network associated with devices permitted under a BYOD policy is to implement a network access control system, as this will allow the organization to monitor, authenticate, and authorize the devices that connect to the network, and to enforce security policies and compliance requirements12.A network access control system can help to prevent unauthorized or compromised devices from accessing sensitive data or resources, and to detect and isolate any potential threats or vulnerabilities34.

Reference

1: Network Access Control (NAC) - ISACA2: Network Access Control (NAC) - Cisco3: BYOD Security Risks: 6 Ways to Protect Your Organization - ReliaQuest54: How to Mitigate BYOD Risks and Challenges - CIOReview6

Question 733

Report
Export
Collapse

How does a continuous integration/continuous development (CI/CD) process help to reduce software failure risk?

A.
Easy software version rollback
A.
Easy software version rollback
Answers
B.
Smaller incremental changes
B.
Smaller incremental changes
Answers
C.
Fewer manual milestones
C.
Fewer manual milestones
Answers
D.
Automated software testing
D.
Automated software testing
Answers
Suggested answer: B

Explanation:

A continuous integration/continuous development (CI/CD) process helps to reduce software failure risk by enabling smaller incremental changes to the software code, rather than large and infrequent updates12.Smaller incremental changes allow developers to detect and fix errors, bugs, or vulnerabilities more quickly and easily, and to ensure that the software is always in a working state34.Smaller incremental changes also reduce the complexity and uncertainty of the software development process, and improve the quality and reliability of the software product5.

Reference

1: What is CI/CD?Continuous integration and continuous delivery explained12: 5 CI/CD challenges---and how to solve them | TechBeacon43: Continuous Integration vs Continuous Delivery vs Continuous Deployment24: 7 CI/CD Challenges & their Must-Know Solutions | BrowserStack35: 5 common pitfalls of CI/CD---and how to avoid them | InfoWorld5

Question 734

Report
Export
Collapse

An IS auditor is reviewing an organization's incident management processes and procedures. Which of the following observations should be the auditor's GREATEST concern?

A.
Ineffective post-incident review
A.
Ineffective post-incident review
Answers
B.
Ineffective incident prioritization
B.
Ineffective incident prioritization
Answers
C.
Ineffective incident detection
C.
Ineffective incident detection
Answers
D.
Ineffective incident classification
D.
Ineffective incident classification
Answers
Suggested answer: C

Question 735

Report
Export
Collapse

An IS auditor finds ad hoc vulnerability scanning is in place with no clear alignment to the organization's wider security threat and vulnerability management program.

Which of the following would BEST enable the organization to work toward improvement in this area?

A.
Implementing security logging to enhance threat and vulnerability management
A.
Implementing security logging to enhance threat and vulnerability management
Answers
B.
Maintaining a catalog of vulnerabilities that may impact mission-critical systems
B.
Maintaining a catalog of vulnerabilities that may impact mission-critical systems
Answers
C.
Using a capability maturity model to identify a path to an optimized program
C.
Using a capability maturity model to identify a path to an optimized program
Answers
D.
Outsourcing the threat and vulnerability management function to a third party
D.
Outsourcing the threat and vulnerability management function to a third party
Answers
Suggested answer: C

Explanation:

The best way to enable the organization to work toward improvement in its security threat and vulnerability management program is to use a capability maturity model to identify a path to an optimized program.A capability maturity model is a framework that helps organizations assess their current level of performance and maturity in a specific domain, and provides guidance and best practices to achieve higher levels of excellence12.A capability maturity model for vulnerability management can help the organization to evaluate its current practices, identify gaps and weaknesses, and implement improvement actions based on the defined criteria and objectives34.

Reference

1: What is a Capability Maturity Model?12: Capability Maturity Model - Wikipedia23: Vulnerability Management Maturity Model - SANS Institute44: 5 Stages Of Vulnerability Management Maturity Model - SecPod Blog3

Question 736

Report
Export
Collapse

Which of the following controls is BEST implemented through system configuration?

A.
Network user accounts for temporary workers expire after 90 days.
A.
Network user accounts for temporary workers expire after 90 days.
Answers
B.
Application user access is reviewed every 180 days for appropriateness.
B.
Application user access is reviewed every 180 days for appropriateness.
Answers
C.
Financial data in key reports is traced to source systems for completeness and accuracy.
C.
Financial data in key reports is traced to source systems for completeness and accuracy.
Answers
D.
Computer operations personnel initiate batch processing jobs daily.
D.
Computer operations personnel initiate batch processing jobs daily.
Answers
Suggested answer: A

Explanation:

This control is best implemented through system configuration because it can be enforced automatically by setting a parameter in the network operating system or directory service.This ensures that temporary workers do not have access to the network beyond their authorized period, and reduces the risk of unauthorized or malicious use of their accounts12.

Reference 1: Configuration and Change Management - CISA 2: What is IT Governance? - Definition from Techopedia

Question 737

Report
Export
Collapse

The business case for an information system investment should be available for review until the:

A.
information system investment is retired.
A.
information system investment is retired.
Answers
B.
information system has reached end of life.
B.
information system has reached end of life.
Answers
C.
formal investment decision is approved.
C.
formal investment decision is approved.
Answers
D.
benefits have been fully realized.
D.
benefits have been fully realized.
Answers
Suggested answer: D

Explanation:

The business case for an information system investment is a document that provides the rationale and justification for the investment, based on the expected costs, benefits, risks, and impacts of the project12.The business case should be available for review until the benefits have been fully realized, because it serves as a baseline for measuring the actual performance and outcomes of the project against the planned ones34.This helps to evaluate the success and value of the investment, and to identify any gaps or issues that need to be addressed5.

Reference

1: The Business Case for Security - CISA

2: Beyond the Business Case: New Approaches to IT Investment

3: #HowTo: Build a Business Case for Cybersecurity Investment

4: ISACA CISA Certified Information Systems Auditor Exam ... - PUPUWEB

5: The Business Case for Security | CISA

Question 738

Report
Export
Collapse

Which of the following BEST demonstrates alignment of the IT department with the corporate mission?

A.
Analysis of IT department functionality
A.
Analysis of IT department functionality
Answers
B.
Biweekly reporting to senior management
B.
Biweekly reporting to senior management
Answers
C.
Annual board meetings
C.
Annual board meetings
Answers
D.
Quarterly steering committee meetings
D.
Quarterly steering committee meetings
Answers
Suggested answer: D

Explanation:

Quarterly steering committee meetings best demonstrate alignment of the IT department with the corporate mission because they provide a regular forum for strategic planning, decision making, and communication between IT leaders and business stakeholders12.Steering committee meetings help to ensure that IT goals and initiatives are aligned with the business vision, mission, and objectives, and that IT performance and value are monitored and evaluated34.

Reference

1: IT Governance and the Balanced Scorecard - ISACA Journal

2: IT Steering Committee Best Practices: A Recipe for Success

3: What is IT Governance?- Definition from Techopedia

4: CISA Cybersecurity Strategic Plan | CISA

Question 739

Report
Export
Collapse

An IS auditor noted a recent production incident in which a teller transaction system incorrectly charged fees to customers due to a defect from a recent release. Which of the following should be the auditor's NEXT step?

A.
Evaluate developer training.
A.
Evaluate developer training.
Answers
B.
Evaluate the incident management process.
B.
Evaluate the incident management process.
Answers
C.
Evaluate the change management process.
C.
Evaluate the change management process.
Answers
D.
Evaluate secure code practices.
D.
Evaluate secure code practices.
Answers
Suggested answer: C

Explanation:

The change management process is the set of procedures and activities that ensure that changes to the information system are authorized, tested, documented, and implemented in a controlled manner12.A defect in a recent release indicates that there may be issues with the quality assurance, testing, or approval of the changes, which could affect the reliability, security, and performance of the system3. Therefore, the auditor's next step should be to evaluate the change management process and identify the root cause of the defect, as well as the impact and remediation of the incident.

Reference

1: Change Management - CISA

2: What is Change Management?- Definition from Techopedia

3: How to Audit Change Management - ISACA Journal

: The Business Case for Security | CISA

Question 740

Report
Export
Collapse

Which of the following is the PRIMARY reason for using a digital signature?

A.
Provide availability to the transmission
A.
Provide availability to the transmission
Answers
B.
Authenticate the sender of a message
B.
Authenticate the sender of a message
Answers
C.
Provide confidentiality to the transmission
C.
Provide confidentiality to the transmission
Answers
D.
Verify the integrity of the data and the identity of the recipient
D.
Verify the integrity of the data and the identity of the recipient
Answers
Suggested answer: B

Explanation:

A digital signature is a mathematical algorithm that validates the authenticity and integrity of a message or document by generating a unique hash of the message or document and encrypting it using the sender's private key1.The primary reason for using a digital signature is to authenticate the sender of a message, as only the sender has access to their private key and can produce a valid signature2.A digital signature also verifies the integrity of the data, as any modification to the message or document will result in a different hash value and invalidate the signature1.However, a digital signature does not provide availability or confidentiality to the transmission, as it does not prevent denial-of-service attacks or encrypt the entire message or document3.

Reference

1: Understanding Digital Signatures | CISA

2: Signature Verification | CISA

3: SECFND: Digital Signatures from Skillsoft | NICCS

Total 1.198 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms