ExamGecko
Search Search Login
Home Home / Isaca / CISA

Isaca CISA Practice Test - Questions Answers, Page 75

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?
Which of the following is the BEST way to ensure that an application is performing according to its specifications?
The FIRST step in an incident response plan is to:
An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?
Which of the following poses the GREATEST risk to the use of active RFID tags?
An IS auditor is reviewing a contract for the outsourcing of IT facilities. If missing, which of the following should present the GREATEST concern to the auditor?
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?
An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?
Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?
An IS auditor is reviewing the backup procedures in an organization that has high volumes of data with frequent changes to transactions. Which of the following is the BEST backup scheme to recommend given the need for a shorter restoration time in the event of a disruption?

Question 741

Report
Export
Collapse

During an organization's implementation of a data loss prevention (DLP) solution, which of the following activities should be completed FIRST?

A.
Configuring reports
A.
Configuring reports
Answers
B.
Configuring rule sets
B.
Configuring rule sets
Answers
C.
Enabling detection points
C.
Enabling detection points
Answers
D.
Establishing exceptions workflow
D.
Establishing exceptions workflow
Answers
Suggested answer: B

Explanation:

Configuring rule sets is the first activity that should be completed during the implementation of a DLP solution, because rule sets define the criteria and actions for identifying, monitoring, and preventing data loss incidents12.Rule sets are based on the organization's data classification, policies, and requirements, and they help to ensure that the DLP solution is aligned with the business objectives and risk appetite34.Configuring rule sets before enabling detection points, establishing exceptions workflow, or configuring reports helps to avoid false positives, false negatives, or unnecessary alerts5.

Reference

1: 3.13: Deploy a Data Loss Prevention Solution - Read the Docs

2: Plan and implement data loss prevention (DLP) [Guided] - NICCS

3: CONTINUOUS DIAGNOSTICS AND MITIGATION PROGRAM DATA PROTECTION ... - CISA

4: Continuous Diagnostics and Mitigation Program Technical ... - CISA

5: Data Loss Prevention Best Practices - ISACA Journal

Question 742

Report
Export
Collapse

A new regulation has been enacted that mandates specific information security practices for the protection of customer data. Which of the following is MOST useful for an IS auditor to review when auditing against the regulation?

A.
Compliance gap analysis
A.
Compliance gap analysis
Answers
B.
Customer data protection roles and responsibilities
B.
Customer data protection roles and responsibilities
Answers
C.
Customer data flow diagram
C.
Customer data flow diagram
Answers
D.
Benchmarking studies of adaptation to the new regulation
D.
Benchmarking studies of adaptation to the new regulation
Answers
Suggested answer: A

Explanation:

A compliance gap analysis is a detailed review of an organization's current state of compliance against a specific regulation or standard.It helps identify the areas and controls that are not meeting the requirements, assess their risk levels, and determine the corrective actions that can be taken to achieve compliance12. A compliance gap analysis is the most useful tool for an IS auditor to review when auditing against a new regulation, as it provides a clear and comprehensive picture of the compliance status, gaps, and remediation plan of the organization.

Reference

1: Information Security Architecture: Gap Assessment and Prioritization - ISACA

2: How to perform Compliance Gap Analysis? - Sprinto

Question 743

Report
Export
Collapse

An external attacker spoofing an internal Internet Protocol (IP) address can BEST be detected by which of the following?

A.
Comparing the source address to the domain name server (DNS) entry
A.
Comparing the source address to the domain name server (DNS) entry
Answers
B.
Using static IP addresses for identification
B.
Using static IP addresses for identification
Answers
C.
Comparing the source address to the interface used as the entry point
C.
Comparing the source address to the interface used as the entry point
Answers
D.
Using a state table to compare the message states of each packet as it enters the system
D.
Using a state table to compare the message states of each packet as it enters the system
Answers
Suggested answer: D

Question 744

Report
Export
Collapse

During the audit of an enterprise resource planning (ERP) system, an IS auditor found an applicationpatch was applied to the production environment. It is MOST

important for the IS auditor to verify approval from the:

A.
information security officer.
A.
information security officer.
Answers
B.
system administrator.
B.
system administrator.
Answers
C.
information asset owner.
C.
information asset owner.
Answers
D.
project manager.
D.
project manager.
Answers
Suggested answer: D

Question 745

Report
Export
Collapse

Which of the following would be of GREATEST concern to an IS auditor reviewing the feasibility study for a new application system?

A.
Security requirements have not been defined.
A.
Security requirements have not been defined.
Answers
B.
Conditions under which the system will operate are unclear.
B.
Conditions under which the system will operate are unclear.
Answers
C.
The business case does not include well-defined strategic benefits.
C.
The business case does not include well-defined strategic benefits.
Answers
D.
System requirements and expectations have not been clarified.
D.
System requirements and expectations have not been clarified.
Answers
Suggested answer: D

Question 746

Report
Export
Collapse

When an intrusion into an organization's network is detected, which of the following should be done FIRST?

A.
Notify senior management.
A.
Notify senior management.
Answers
B.
Block all compromised network nodes.
B.
Block all compromised network nodes.
Answers
C.
Identify nodes that have been compromised.
C.
Identify nodes that have been compromised.
Answers
D.
Contact law enforcement.
D.
Contact law enforcement.
Answers
Suggested answer: D

Question 747

Report
Export
Collapse

Data from a system of sensors located outside of a network is received by the open ports on a server. Which of the following is the BEST way to ensure the integrity of the data being collected from the sensor system?

A.
Implement network address translation on the sensor system.
A.
Implement network address translation on the sensor system.
Answers
B.
Route the traffic from the sensor system through a proxy server.
B.
Route the traffic from the sensor system through a proxy server.
Answers
C.
Hash the data that is transmitted from the sensor system.
C.
Hash the data that is transmitted from the sensor system.
Answers
D.
Transmit the sensor data via a virtual private network (VPN) to the server.
D.
Transmit the sensor data via a virtual private network (VPN) to the server.
Answers
Suggested answer: D

Question 748

Report
Export
Collapse

Which of the following provides the BEST assurance that vendor-supported software remains up to date?

A.
Release and patch management
A.
Release and patch management
Answers
B.
Licensing agreement and escrow
B.
Licensing agreement and escrow
Answers
C.
Software asset management
C.
Software asset management
Answers
D.
Version management
D.
Version management
Answers
Suggested answer: A

Question 749

Report
Export
Collapse

If a recent release of a program has to be backed out of production, the corresponding changes within the delta version of the code should be:

A.
filed in production for future reference in researching the problem.
A.
filed in production for future reference in researching the problem.
Answers
B.
applied to the source code that reflects the version in production.
B.
applied to the source code that reflects the version in production.
Answers
C.
eliminated from the source code that reflects the version in production.
C.
eliminated from the source code that reflects the version in production.
Answers
D.
reinstalled when replacing the version back into production.
D.
reinstalled when replacing the version back into production.
Answers
Suggested answer: C

Explanation:

When a program release needs to be backed out of production, the changes introduced by that release must be removed from the source code to ensure the system returns to its prior state. This approach ensures that the source code reflects the stable version without the problematic changes.

Reference

ISACA CISA Review Manual 27th Edition, Page 244-245 (Change Management)

Question 750

Report
Export
Collapse

A senior IS auditor suspects that a PC may have been used to perpetrate fraud in a finance department. The auditor should FIRST report this suspicion to:

A.
the audit committee.
A.
the audit committee.
Answers
B.
audit management.
B.
audit management.
Answers
C.
auditee line management.
C.
auditee line management.
Answers
D.
the police.
D.
the police.
Answers
Suggested answer: B
Total 1.198 questions
Go to page: of 120
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms