CISA Practice Questions

A.  

Service level agreement (SLA)

B.  

Hardware change management policy

C.  

Vendor memo indicating problem correction

D.  

An up-to-date RACI chart

A.  

Inability to utilize the site when required

B.  

Inability to test the recovery plans onsite

C.  

Equipment compatibility issues at the site

D.  

Mismatched organizational security policies

A.  

Require the auditee to address the recommendations in full.

B.  

Adjust the annual risk assessment accordingly.

C.  

Evaluate senior management's acceptance of the risk.

D.  

Update the audit program based on management's acceptance of risk.

A.  

use a proxy server to filter out Internet sites that should not be accessed.

B.  

keep a manual log of Internet access.

C.  

monitor remote access activities.

D.  

include a statement in its security policy about Internet use.

A.  

The use of the cloud negatively impacting IT availably

B.  

Increased need for user awareness training

C.  

Increased vulnerability due to anytime, anywhere accessibility

D.  

Lack of governance and oversight for IT infrastructure and applications

A.  

Apply single sign-on for access control

B.  

Implement segregation of duties.

C.  

Enforce an internal data access policy.

D.  

Enforce the use of digital signatures.

A.  

Perimeter firewall

B.  

Data loss prevention (DLP) system

C.  

Web application firewall

D.  

Network segmentation

A.  

data analytics findings.

B.  

audit trails

C.  

acceptance lasting results

D.  

rollback plans

A.  

Installing security software on the devices

B.  

Partitioning the work environment from personal space on devices

C.  

Preventing users from adding applications

D.  

Restricting the use of devices for personal purposes during working hours

A.  

Decreased time for incident resolution

B.  

Increased number of incidents reviewed by IT management

C.  

Decreased number of calls lo the help desk

D.  

Increased number of reported critical incidents

A.  

architecture and cloud environment of the system.

B.  

business process supported by the system.

C.  

policies and procedures of the business area being audited.

D.  

availability reports associated with the cloud-based system.

A.  

Obtain error codes indicating failed data feeds.

B.  

Purchase data cleansing tools from a reputable vendor.

C.  

Appoint data quality champions across the organization.

D.  

Implement business rules to reject invalid data.

A.  

Evaluate the appropriateness of the remedial action taken.

B.  

Conduct a risk analysis incorporating the change.

C.  

Report results of the follow-up to the audit committee.

D.  

Inform senior management of the change in approach.

A.  

End-user authorization to use the system in production

B.  

External audit sign-off on financial controls

C.  

Testing of the system within the production environment

D.  

An evaluation of the configuration management practices

A.  

An increase in the number of identified false positives

B.  

An increase in the number of detected Incidents not previously identified

C.  

An increase in the number of unfamiliar sources of intruders

D.  

An increase in the number of internally reported critical incidents

A.  

minimize scope changes to the system.

B.  

decrease the time allocated for user testing and review.

C.  

conceptualize and clarify requirements.

D.  

Improve efficiency of quality assurance (QA) testing

A.  

Attack vectors are evolving for industrial control systems.

B.  

There is a greater risk of system exploitation.

C.  

Disaster recovery plans (DRPs) are not in place.

D.  

Technical specifications are not documented.

A.  

Business impact analysis (BIA)

B.  

Fieldwork

C.  

Risk assessment

D.  

Risk control matrix

A.  

System/process flowchart

B.  

File layouts

C.  

Data architecture

D.  

Source code documentation

A.  

Staff were not involved in the procurement process, creating user resistance to the new system.

B.  

Data is not converted correctly, resulting in inaccurate patient records.

C.  

The deployment project experienced significant overruns, exceeding budget projections.

D.  

The new system has capacity issues, leading to slow response times for users.

A.  

To identify and eliminate the root causes of information security incidents

B.  

To enhance the impact of reports used to monitor information security incidents

C.  

To keep information security policies and procedures up-to-date

D.  

To reduce the frequency and impact of information security incidents

A.  

Findings from prior audits

B.  

Results of a risk assessment

C.  

An inventory of personal devices to be connected to the corporate network

D.  

Policies including BYOD acceptable user statements

A.  

well understood by all employees.

B.  

based on industry standards.

C.  

developed by process owners.

D.  

updated frequently.

A.  

Determine where delays have occurred

B.  

Assign additional resources to supplement the audit

C.  

Escalate to the audit committee

D.  

Extend the audit deadline

A.  

Requirements may become unreasonable.

B.  

The policy may conflict with existing application requirements.

C.  

Local regulations may contradict the policy.

D.  

Local management may not accept the policy.

A.  

Observing the execution of a daily backup run

B.  

Evaluating the backup policies and procedures

C.  

Interviewing key personnel evolved In the backup process

D.  

Reviewing a sample of system-generated backup logs

A.  

Conduct security awareness training.

B.  

Implement an acceptable use policy

C.  

Create inventory records of personal devices

D.  

Configure users on the mobile device management (MDM) solution

A.  

evaluate replacement systems and performance monitoring software.

B.  

restrict functionality of system monitoring software to security-related events.

C.  

re-install the system and performance monitoring software.

D.  

use analytical tools to produce exception reports from the system and performance monitoring software

A.  

provide a report to senior management prior to discussion with the auditee.

B.  

distribute a summary of general findings to the members of the auditing team.

C.  

provide a report to the auditee stating the initial findings.

D.  

review the working papers with the auditee.

A.  

reflect current practices.

B.  

include new systems and corresponding process changes.

C.  

incorporate changes to relevant laws.

D.  

be subject to adequate quality assurance (QA).

A.  

Short key length

B.  

Random key generation

C.  

Use of symmetric encryption

D.  

Use of asymmetric encryption

A.  

Ensure that the facts presented in the report are correct

B.  

Communicate the recommendations lo senior management

C.  

Specify implementation dates for the recommendations.

D.  

Request input in determining corrective action.

A.  

Ensure compliance with the data classification policy.

B.  

Protect the plan from unauthorized alteration.

C.  

Comply with business continuity best practice.

D.  

Reduce the risk of data leakage that could lead to an attack.

A.  

Purchase of information management tools

B.  

Business use cases and scenarios

C.  

Access rights provisioned according to scheme

D.  

Detailed data classification scheme

A.  

Preserving the same data classifications

B.  

Preserving the same data inputs

C.  

Preserving the same data structure

D.  

Preserving the same data interfaces

A.  

Low-value transactions

B.  

Real-lime transactions

C.  

Irregular transactions

D.  

Manual transactions

A.  

document the exception in an audit report.

B.  

review security incident reports.

C.  

identify compensating controls.

D.  

notify the audit committee.

A.  

Root cause

B.  

Responsible party

C.  

impact

D.  

Criteria

A.  

An employee is induced to reveal confidential IP addresses and passwords by answering questions over the phone.

B.  

A hacker walks around an office building using scanning tools to search for a wireless network to gain access.

C.  

An intruder eavesdrops and collects sensitive information flowing through the network and sells it to third parties.

D.  

An unauthorized person attempts to gain access to secure premises by following an authorized person through a secure door.

A.  

Technology risk

B.  

Detection risk

C.  

Control risk

D.  

Inherent risk

A.  

the access control system's log settings.

B.  

how the latest system changes were implemented.

C.  

the access control system's configuration.

D.  

the access rights that have been granted.

A.  

The efforts required for independent verification with new auditors

B.  

The impact if corrective actions are not taken

C.  

The amount of time the auditee has agreed to spend with auditors

D.  

Controls and detection risks related to the observations

A.  

Implementing two-factor authentication

B.  

Restricting access to transactions using network security software

C.  

implementing role-based access at the application level

D.  

Using a single menu tor sensitive application transactions

A.  

randomly selected by a test generator.

B.  

provided by the vendor of the application.

C.  

randomly selected by the user.

D.  

simulated by production entities and customers.

A.  

Contingency planning

B.  

Configuration management

C.  

Help desk management

D.  

Impact assessment

A.  

Require written authorization for all payment transactions

B.  

Restrict payment authorization to senior staff members.

C.  

Reconcile payment transactions with invoices.

D.  

Review payment transaction history

A.  

Historical privacy breaches and related root causes

B.  

Globally accepted privacy best practices

C.  

Local privacy standards and regulations

D.  

Benchmark studies of similar organizations

A.  

Long-term Internal audit resource planning

B.  

Ongoing monitoring of the audit activities

C.  

Analysis of user satisfaction reports from business lines

D.  

Feedback from Internal audit staff

A.  

Programs are not approved before production source libraries are updated.

B.  

Production source and object libraries may not be synchronized.

C.  

Changes are applied to the wrong version of production source libraries.

D.  

Unauthorized changes can be moved into production.

A.  

Verifying that access privileges have been reviewed

B.  

investigating access rights for expiration dates

C.  

Updating the continuity plan for critical resources

D.  

Updating the security policy