CISA Exam
Gap Analysis - Answer Gap Analysis would be the best method to identify issues that
need to be addressed in the reengineering process. Gap analysis indicates which parts
of current processes conform to best practices (desired state) and which do not.
Application Gateway - Answer An application gateway firewall is effective in preventing
applications such as File Transfer Protocols (FTPs) from entering the organization's
network.
Inform appropriate personnel immediately - Answer The first thing an IS auditor should
do after detecting the virus is to alert the organization to its presence, then wait for their
response.
The MAIN reason for requiring that all computer clocks across an organization be
sychronized is to:
Support the incident investigation process - Answer During an investigation of incidents,
audit logs used as evidence, and the time stamp information in them is useful. If the
checks are not synchronized investigations will be more difficult because a time line of
event occurring on different systems might not be easily established.
An Is auditor is assessing services provided by an internet service provider (ISP) during
an IS compliance audit of a nationwide corporation that operates a governmental
program. Which of the following is MOST Important?
Review the Service Level Agreement (SLA) - Answer A service level agreement (SLA)
provides the basis for adequate assessment of the degree to which the provider is
meeting the level of agreed-on service.
When performing a database review, an Is auditor notices that some tables in the
database are not normalized. The IS auditor should next:
review the justification - Answer If the database is not normalized, the IS auditor should
review the justification because, in some situations, denormalization is recommended
for performance reasons.
The objecting of concurrency control in a database system is to:
Prevent integrity problems when two processes attempt to update the same data at the
same time - Answer Concurrency controls prevent data integrity problems. which can
arise when two update processes access the same data them at the same time
(Concurrency is a property of systems in which several computations are executing
simultaneously, and potentially interacting with each other)
,Which of the following BEST limits the impacts of server failures in a distributed
environment?
Clustering - Answer Clustering allows two or more servers to work as a unit so that
when one of them fails, the other takes over.
During an audit of a small enterprise, the IS auditor noted that the IS director has
superuser-privilege access that allows the director to process requests for changes to
the application access roles (access types). Which of the following should the IS auditor
recommend?
Implement a properly documented process for application role change requests -
Answer The IS auditor should recommend implementation of processes that could
prevent or detect improper changes from being made to the major application roles. The
application role change request process should start and be approved by the business
owner; then, the IS director can make the changes to the application.
An IS auditor reviewing a cloud computing environment managed by a third party
should be MOST concerned when:
The service level agreement does not address the responsibility of the vendor in the
case of a security breach - Answer Administration of cloud computing occurs over the
Internet and involves more than one participating entity. It is the responsibility of each of
the partners in the cloud computing environment to take care of security issues in their
own environments. when there is a security breach, the party responsible for the breach
should be identified and made accountable. this is not possible if the SLA does not
address the responsibilities of the partners during a security breach
An IS auditor discovers that some hard drives disposed of by an enterprise were not
sanitized in a manner that would reasonably ensure the data could not be recovered. In
addition, enterprise doesn't have a written policy on data disposal. The IS auditor should
FIRST:
Determine the sensitivity of the information on the hard drives. - Answer Even though a
policy is not available, the IS auditor should make a determination as to the nature of
the information on the hard drives to quantify, as much as possible, the risk.
*An IS Auditor should not develop policies
What is the BEST backup strategy for a large database with data supporting online
sales
Mirrored Hard disks - Answer Mirrored hard disks will ensure that all data are backed up
to more than one disk so that a failure of one disk will not result in loss of data.
And organization is reviewing its contract with a cloud computing provider. For which of
the following reasons would the organization want to remove a lock-in clause from the
contract?
,Portability - Answer When drawing up a contract with a cloud service provider, the ideal
practice is to remove the customer lock-in clause. It may be important for the client to
secure portability of their system assets, i.e., the right to transfer from one vendor to
another.
In a small organization, an employee performs computer operations and, when the
situation demands, program modifications. Which of the following should the IS auditor
recommend?
Procedures that verify that only approved program changes are implemented - Answer
An IS auditor must consider recommending a better process. An IS auditor should
recommend a formal change control process that manages and could detect changes to
production source and object code, such as code comparisons, so the changes can be
reviewed on a regular basis by a third party. This would be a compensating control
process.
Which of the following backup techniques is the MOST appropriate when an
organization requires extremely granular data restore points, as defined in the recovery
point objective (RPO)?
Continuous data backup - Answer Recovery point objective (RPO) is based on the
acceptable data loss in the case of a disruption. In this scenario the organization needs
a short RPO and continuous data backup is the best option.
An IS auditor find that DBAs have access to the log location on the database server and
the ability to purge logs from the system. What is the BEST audit recommendation to
ensure that DBA activity is effectively monitored?
Forward database logs to a centralized log server - Answer To protect the availability
and integrity of the database logs, it is feasible to forward the database logs to a
centralized log server to which the DBAs do not have access.
The purpose of code signing is to provide assurance that:
The software has not been subsequently modified
*Not The private key of the signer has not been compromised - Answer Code signing
ensures that the executable code came from a reputable source and has not been
modified after being signed
Doing which of the following during peak production hours could result in unexpected
downtime?
Promoting applications from development to the staging environment
, *Not Promoting applications from development to the staging environment. - Answer
Preventive maintenance activities should be scheduled for non peak times of the day,
and preferably during a maintenance window time period. A mishap or incident caused
by a maintenance worker could result in unplanned downtime.
Which of the following controls will MOST effectively detect the presence of bursts of
errors in network transmissions?
Cyclic Redundancy Check (CRC) - Answer The cyclic reduncancy check (CRC) can
check for a block of transmitted data. The workstations generate the CRC and transmit
it with the data. The receiving workstation computes a CRC and compares it to the
transmitted CRC. If both of them are equal, then the block is assumed error free. In this
case (such as in parity error echo check), multiple errors can be detected. In general,
CRC can detect all single-bit and double-bit errors
Parity check - Answer Parity check (known as vertical redundancy check) alsi involves a
bit (known as the parity bit to each character during transmission. In this case, where
there is a presence of bursts of errors (i.e., Impulsing noise during high transmission
rates), it has reliability of appproximately 50 percent. In higher transmission rates, this
limitation is significant.
Echo check - Answer Echo checks detect line errors by retransmitting data to the
sending device for comparison with the orginal tranmission
Block sum check - Answer A block sum check is a form of parity checking and has a low
level of reliability
The PRIMARY benefit of an IT manager monitoring technical capacity is to:
ensure that the service level agreement (SLA) requirements are met. - Answer Capacity
monitoring has multiple objectives; however, the primary objective is to ensure
compliance with the internal service level agreement (SLA) between the business and
IT.
Which of the following should be the MOST important criterion in evaluating a backup
solution for sensitive data that must be retained for a long period of time due to
regulatory requirements
Media reliability
*Not Full backup window
*Not Media costs
*Not Restore window - Answer To comply with regulatory requirements, the media
should be reliable enough to ensure an organization's ability to recover the data should
they be required for any reason.
Gap Analysis - Answer Gap Analysis would be the best method to identify issues that
need to be addressed in the reengineering process. Gap analysis indicates which parts
of current processes conform to best practices (desired state) and which do not.
Application Gateway - Answer An application gateway firewall is effective in preventing
applications such as File Transfer Protocols (FTPs) from entering the organization's
network.
Inform appropriate personnel immediately - Answer The first thing an IS auditor should
do after detecting the virus is to alert the organization to its presence, then wait for their
response.
The MAIN reason for requiring that all computer clocks across an organization be
sychronized is to:
Support the incident investigation process - Answer During an investigation of incidents,
audit logs used as evidence, and the time stamp information in them is useful. If the
checks are not synchronized investigations will be more difficult because a time line of
event occurring on different systems might not be easily established.
An Is auditor is assessing services provided by an internet service provider (ISP) during
an IS compliance audit of a nationwide corporation that operates a governmental
program. Which of the following is MOST Important?
Review the Service Level Agreement (SLA) - Answer A service level agreement (SLA)
provides the basis for adequate assessment of the degree to which the provider is
meeting the level of agreed-on service.
When performing a database review, an Is auditor notices that some tables in the
database are not normalized. The IS auditor should next:
review the justification - Answer If the database is not normalized, the IS auditor should
review the justification because, in some situations, denormalization is recommended
for performance reasons.
The objecting of concurrency control in a database system is to:
Prevent integrity problems when two processes attempt to update the same data at the
same time - Answer Concurrency controls prevent data integrity problems. which can
arise when two update processes access the same data them at the same time
(Concurrency is a property of systems in which several computations are executing
simultaneously, and potentially interacting with each other)
,Which of the following BEST limits the impacts of server failures in a distributed
environment?
Clustering - Answer Clustering allows two or more servers to work as a unit so that
when one of them fails, the other takes over.
During an audit of a small enterprise, the IS auditor noted that the IS director has
superuser-privilege access that allows the director to process requests for changes to
the application access roles (access types). Which of the following should the IS auditor
recommend?
Implement a properly documented process for application role change requests -
Answer The IS auditor should recommend implementation of processes that could
prevent or detect improper changes from being made to the major application roles. The
application role change request process should start and be approved by the business
owner; then, the IS director can make the changes to the application.
An IS auditor reviewing a cloud computing environment managed by a third party
should be MOST concerned when:
The service level agreement does not address the responsibility of the vendor in the
case of a security breach - Answer Administration of cloud computing occurs over the
Internet and involves more than one participating entity. It is the responsibility of each of
the partners in the cloud computing environment to take care of security issues in their
own environments. when there is a security breach, the party responsible for the breach
should be identified and made accountable. this is not possible if the SLA does not
address the responsibilities of the partners during a security breach
An IS auditor discovers that some hard drives disposed of by an enterprise were not
sanitized in a manner that would reasonably ensure the data could not be recovered. In
addition, enterprise doesn't have a written policy on data disposal. The IS auditor should
FIRST:
Determine the sensitivity of the information on the hard drives. - Answer Even though a
policy is not available, the IS auditor should make a determination as to the nature of
the information on the hard drives to quantify, as much as possible, the risk.
*An IS Auditor should not develop policies
What is the BEST backup strategy for a large database with data supporting online
sales
Mirrored Hard disks - Answer Mirrored hard disks will ensure that all data are backed up
to more than one disk so that a failure of one disk will not result in loss of data.
And organization is reviewing its contract with a cloud computing provider. For which of
the following reasons would the organization want to remove a lock-in clause from the
contract?
,Portability - Answer When drawing up a contract with a cloud service provider, the ideal
practice is to remove the customer lock-in clause. It may be important for the client to
secure portability of their system assets, i.e., the right to transfer from one vendor to
another.
In a small organization, an employee performs computer operations and, when the
situation demands, program modifications. Which of the following should the IS auditor
recommend?
Procedures that verify that only approved program changes are implemented - Answer
An IS auditor must consider recommending a better process. An IS auditor should
recommend a formal change control process that manages and could detect changes to
production source and object code, such as code comparisons, so the changes can be
reviewed on a regular basis by a third party. This would be a compensating control
process.
Which of the following backup techniques is the MOST appropriate when an
organization requires extremely granular data restore points, as defined in the recovery
point objective (RPO)?
Continuous data backup - Answer Recovery point objective (RPO) is based on the
acceptable data loss in the case of a disruption. In this scenario the organization needs
a short RPO and continuous data backup is the best option.
An IS auditor find that DBAs have access to the log location on the database server and
the ability to purge logs from the system. What is the BEST audit recommendation to
ensure that DBA activity is effectively monitored?
Forward database logs to a centralized log server - Answer To protect the availability
and integrity of the database logs, it is feasible to forward the database logs to a
centralized log server to which the DBAs do not have access.
The purpose of code signing is to provide assurance that:
The software has not been subsequently modified
*Not The private key of the signer has not been compromised - Answer Code signing
ensures that the executable code came from a reputable source and has not been
modified after being signed
Doing which of the following during peak production hours could result in unexpected
downtime?
Promoting applications from development to the staging environment
, *Not Promoting applications from development to the staging environment. - Answer
Preventive maintenance activities should be scheduled for non peak times of the day,
and preferably during a maintenance window time period. A mishap or incident caused
by a maintenance worker could result in unplanned downtime.
Which of the following controls will MOST effectively detect the presence of bursts of
errors in network transmissions?
Cyclic Redundancy Check (CRC) - Answer The cyclic reduncancy check (CRC) can
check for a block of transmitted data. The workstations generate the CRC and transmit
it with the data. The receiving workstation computes a CRC and compares it to the
transmitted CRC. If both of them are equal, then the block is assumed error free. In this
case (such as in parity error echo check), multiple errors can be detected. In general,
CRC can detect all single-bit and double-bit errors
Parity check - Answer Parity check (known as vertical redundancy check) alsi involves a
bit (known as the parity bit to each character during transmission. In this case, where
there is a presence of bursts of errors (i.e., Impulsing noise during high transmission
rates), it has reliability of appproximately 50 percent. In higher transmission rates, this
limitation is significant.
Echo check - Answer Echo checks detect line errors by retransmitting data to the
sending device for comparison with the orginal tranmission
Block sum check - Answer A block sum check is a form of parity checking and has a low
level of reliability
The PRIMARY benefit of an IT manager monitoring technical capacity is to:
ensure that the service level agreement (SLA) requirements are met. - Answer Capacity
monitoring has multiple objectives; however, the primary objective is to ensure
compliance with the internal service level agreement (SLA) between the business and
IT.
Which of the following should be the MOST important criterion in evaluating a backup
solution for sensitive data that must be retained for a long period of time due to
regulatory requirements
Media reliability
*Not Full backup window
*Not Media costs
*Not Restore window - Answer To comply with regulatory requirements, the media
should be reliable enough to ensure an organization's ability to recover the data should
they be required for any reason.
