Home

Home / Isaca / CISA

Question list

List of questions

Question 1

(0)

What would be an IS auditor's BEST recommendation upon finding that a third-party IT service provider hosts the organization's human resources (HR) system in a foreign country?

Question 2

(0)

Which of the following is the BEST way to enforce the principle of least privilege on a server containing data with different security classifications?

Question 3

(0)

The PRIMARY benefit of automating application testing is to:

Question 4

(0)

Which of the following BEST addresses the availability of an online store?

Question 5

(0)

Which of the following is the BEST way to prevent social engineering incidents?

Question 6

(0)

The PRIMARY purpose of a configuration management system is to:

Question 7

(0)

Which of the following is the MOST important consideration when evaluating the data retention policy for a global organization with regional offices in multiple countries?

Question 8

(0)

Which of the following BEST enables alignment of IT with business objectives?

Question 9

(0)

Which of the following are used in a firewall to protect the entity's internal resources?

Question 10

(0)

Which of the following would be MOST impacted if an IS auditor were to assist with the implementation of recommended control enhancements?

Open VPLUS File

Convert VPLUS to PDF

Related questions

Which of the following is the BEST indicator of the effectiveness of an organization's incident response program?

Which of the following is the BEST way to ensure that an application is performing according to its specifications?

An IS auditor is reviewing a client's outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?

Which of the following poses the GREATEST risk to the use of active RFID tags?

The FIRST step in an incident response plan is to:

An IS audit manager was temporarily tasked with supervising a project manager assigned to the organization's payroll application upgrade. Upon returning to the audit department, the audit manager has been asked to perform an audit to validate the implementation of the payroll application. The audit manager is the only one in the audit department with IT project management experience. What is the BEST course of action?

Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?

Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?

Which of the following is MOST appropriate to prevent unauthorized retrieval of confidential information stored in a business application system?

Which of the following findings from a database security audit presents the GREATEST risk of critical security exposures?

Question 75 - CISA discussion

Report

Which of the following is the BEST way to mitigate the impact of ransomware attacks?

A.

Invoking the disaster recovery plan (DRP)

B.

Backing up data frequently

C.

Paying the ransom

D.

Requiring password changes for administrative accounts

Suggested answer: B

Explanation:

Ransomware is a type of malicious software that encrypts the victim's data and demands a ransom for its decryption1.Ransomware attacks can cause significant damage to an organization's operations, reputation, and finances1. Therefore, it is important to mitigate the impact of ransomware attacks by implementing effective prevention and recovery strategies.

One of the best ways to mitigate the impact of ransomware attacks is to back up data frequently12345.Data backups are copies of the organization's data that are stored in a separate location or medium, such as an external hard drive, cloud storage, or tape2.Data backups can help the organization restore its data in case of a ransomware attack, without paying the ransom or losing valuable information2.Data backups should be performed regularly, preferably daily or weekly, depending on the criticality and volume of the data2.Data backups should also be tested periodically to ensure their integrity and usability2.

The other options are not as effective as backing up data frequently in mitigating the impact of ransomware attacks.Invoking the disaster recovery plan (DRP) is a reactive measure that can help the organization resume its operations after a ransomware attack, but it does not prevent or reduce the damage caused by the attack3. Paying the ransom is not a recommended option, as it does not guarantee the decryption of the data or the deletion of the stolen data by the attackers.Paying the ransom also encourages further attacks and funds criminal activities14. Requiring password changes for administrative accounts is a good security practice, but it is not sufficient to prevent or recover from ransomware attacks.Ransomware attacks can exploit other vulnerabilities, such as phishing emails, outdated software, or weak network security15.

Show Answer

asked 18/09/2024

Sundarrajan Mugunthan

34 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first