isaca cisa practice test

Certified Information Systems Auditor

Last exam update: Feb 21 ,2024
Page 1 out of 235. Viewing questions 1-15 out of 3521

Question 1 Topic 5

Topic 5
Which of the following is the PRIMARY reason that asset classification is vital to an information security program?

  • A. To ensure risk mitigation efforts are adequate
  • B. To ensure sufficient resources are allocated for information security
  • C. To ensure the appropriate level of protection to assets
  • D. To ensure asset protection efforts are in line with industry standards
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2 Topic 5

Topic 5
Which of the following approaches would BEST ensure that data protection controls are embedded into software being
developed?

  • A. Utilizing a data protection template for user acceptance testing (UAT)
  • B. Deriving data protection requirements from key stakeholders
  • C. Implementing a quality assurance (QA) process during the development phase
  • D. Tracking data protection requirements throughout the SDLC
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3 Topic 5

Topic 5
An organization has adopted a backup and recovery strategy that involves copying on-premise virtual machine (VM) images
to a cloud service provider. Which of the following provides the BEST assurance that VMs can be recovered in the event of a
disaster?

  • A. Existence of a disaster recovery plan (DRP) with specified roles for emergencies
  • B. Periodic on-site restoration of VM images obtained from the cloud provider
  • C. Procurement of adequate storage for the VM images form the cloud service provider
  • D. Inclusion of the right to audit in the cloud service provider contract
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4 Topic 5

Topic 5
Which of the following BEST facilitates detection of zero-day exploits?

  • A. Anti-malware software
  • B. User behavior analytics
  • C. Intrusion detection systems (IDS)
  • D. Intrusion prevention systems (IPS)
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5 Topic 5

Topic 5
What is the BEST method for securing credit card numbers stored temporarily on a file server prior to transmission to the
downstream system for payment processing?

  • A. One-way hash with strong cryptography
  • B. Masking the full credit card number
  • C. Encryption with strong cryptography
  • D. Truncating the credit card number
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6 Topic 5

Topic 5
Which of the following is a characteristic of a single mirrored data center used for disaster recovery?

  • A. Data replication to the mirrored site should continue after failover.
  • B. The mirrored site may create brief interruptions noticeable to users.
  • C. Real-time data replication occurs from the production site.
  • D. The mirrored data center does not require staffing.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7 Topic 5

Topic 5
What is the BEST control to address SQL injection vulnerabilities?

  • A. Digital signatures
  • B. Input validation
  • C. Unicode translation
  • D. Secure Sockets Layer (SSL) encryption
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8 Topic 5

Topic 5
IT disaster recovery time objectives (RTOs) should be based on the:

  • A. maximum tolerable downtime (MTD).
  • B. business-defined criticality of the systems.
  • C. nature of the outage.
  • D. maximum tolerable loss of data.
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9 Topic 5

Topic 5
Which of the following security assessment techniques attempts to exploit a systems open ports?

  • A. Vulnerability scanning
  • B. Password cracking
  • C. Penetration testing
  • D. Network scanning
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10 Topic 5

Topic 5
A characteristic of a digital signature is that it:

  • A. is under control of the receiver.
  • B. is unique to the message.
  • C. has a reproducible hashing algorithm.
  • D. is validated when data are changed.
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11 Topic 5

Topic 5
Which of the following ensures the availability of transactions in the event of a disaster?

  • A. Send tapes hourly containing transactions offsite,
  • B. Send tapes daily containing transactions offsite.
  • C. Capture transactions to multiple storage devices.
  • D. Transmit transactions offsite in real time.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
The only way to ensure availability of all transactions is to perform a real-time transmission to an offsite facility. Choices A
and B are not in real time and, therefore, would not include all the transactions. Choice C does not ensure availability at an
offsite location.

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12 Topic 5

Topic 5
To provide protection for media backup stored at an offsite location, the storage site should be:

  • A. located on a different floor of the building.
  • B. easily accessible by everyone.
  • C. clearly labeled for emergency access.
  • D. protected from unauthorized access.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
The offsite storage site should always be protected against unauthorized access and have at least the same security
requirements as the primary site. Choice A is incorrect because, if the backup is in the same building, it may suffer the same
event and may be inaccessible. Choices B and C represent access risks.

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13 Topic 5

Topic 5
Online banking transactions are being posted to the database when processing suddenly comes to a halt. The integrity of
the transaction processing is BEST ensured by:

  • A. database integrity checks.
  • B. validation checks.
  • C. input controls.
  • D. database commits and rollbacks.
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Database commits ensure the data are saved to disk, while the transaction processing is underway or complete. Rollback
ensures that the already completed processing is reversed back, and the data already processed are not saved to the disk in
the event of the failure of the completion of the transaction processing. All other options do not ensure integrity while
processing is underway.

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14 Topic 5

Topic 5
Which of the following findings should an IS auditor be MOST concerned about when performing an audit of backup and
recovery and the offsite storage vault?

  • A. There are three individuals with a key to enter the area.
  • B. Paper documents are also stored in the offsite vault.
  • C. Data files that are stored in the vault are synchronized.
  • D. The offsite vault is located in a separate facility.
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Choice A is incorrect because more than one person would typically need to have a key to the vault to ensure that
individuals responsible for the offsite vault can take vacations and rotate duties. Choice B is not correct because an IS
auditor would not be concerned with whether paper documents are stored in the offsite vault. In fact, paper documents, such
as procedural documents and a copy of the contingency plan, would most likely be stored in the offsite vault, and the location
of the vault is important, but not as important as the files being synchronized.

Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15 Topic 5

Topic 5
Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist?

  • A. Reviewing program code
  • B. Reviewing operations documentation
  • C. Turning off the UPS, then the power
  • D. Reviewing program documentation
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%

Explanation:
Operations documentation should contain recovery/restart procedures, so operations can return to normal processing in a
timely manner. Turning off the uninterruptible power supply (UPS) and then turning off the power might create a situation for
recovery and restart, but the negative effect on operations would prove this method to be undesirable. The review of
program code and documentation generally does not provide evidence regarding recovery/restart procedures.

Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2