isaca cisa practice test

Certified Information Systems AuditorIsaca CISA


Question 1 Topic 5

Topic 5
Which of the following is the PRIMARY reason that asset classification is vital to an information security program?

  • A. To ensure risk mitigation efforts are adequate
  • B. To ensure sufficient resources are allocated for information security
  • C. To ensure the appropriate level of protection to assets
  • D. To ensure asset protection efforts are in line with industry standards
Answer:

C

Discussions

Question 2 Topic 5

Topic 5
Which of the following approaches would BEST ensure that data protection controls are embedded into software being
developed?

  • A. Utilizing a data protection template for user acceptance testing (UAT)
  • B. Deriving data protection requirements from key stakeholders
  • C. Implementing a quality assurance (QA) process during the development phase
  • D. Tracking data protection requirements throughout the SDLC
Answer:

C

Discussions

Question 3 Topic 5

Topic 5
An organization has adopted a backup and recovery strategy that involves copying on-premise virtual machine (VM) images
to a cloud service provider. Which of the following provides the BEST assurance that VMs can be recovered in the event of a
disaster?

  • A. Existence of a disaster recovery plan (DRP) with specified roles for emergencies
  • B. Periodic on-site restoration of VM images obtained from the cloud provider
  • C. Procurement of adequate storage for the VM images form the cloud service provider
  • D. Inclusion of the right to audit in the cloud service provider contract
Answer:

B

Discussions

Question 4 Topic 5

Topic 5
Which of the following BEST facilitates detection of zero-day exploits?

  • A. Anti-malware software
  • B. User behavior analytics
  • C. Intrusion detection systems (IDS)
  • D. Intrusion prevention systems (IPS)
Answer:

B

Discussions

Question 5 Topic 5

Topic 5
What is the BEST method for securing credit card numbers stored temporarily on a file server prior to transmission to the
downstream system for payment processing?

  • A. One-way hash with strong cryptography
  • B. Masking the full credit card number
  • C. Encryption with strong cryptography
  • D. Truncating the credit card number
Answer:

C

Discussions

Question 6 Topic 5

Topic 5
Which of the following is a characteristic of a single mirrored data center used for disaster recovery?

  • A. Data replication to the mirrored site should continue after failover.
  • B. The mirrored site may create brief interruptions noticeable to users.
  • C. Real-time data replication occurs from the production site.
  • D. The mirrored data center does not require staffing.
Answer:

B

Discussions

Question 7 Topic 5

Topic 5
What is the BEST control to address SQL injection vulnerabilities?

  • A. Digital signatures
  • B. Input validation
  • C. Unicode translation
  • D. Secure Sockets Layer (SSL) encryption
Answer:

B

Discussions

Question 8 Topic 5

Topic 5
IT disaster recovery time objectives (RTOs) should be based on the:

  • A. maximum tolerable downtime (MTD).
  • B. business-defined criticality of the systems.
  • C. nature of the outage.
  • D. maximum tolerable loss of data.
Answer:

A

Discussions

Question 9 Topic 5

Topic 5
Which of the following security assessment techniques attempts to exploit a systems open ports?

  • A. Vulnerability scanning
  • B. Password cracking
  • C. Penetration testing
  • D. Network scanning
Answer:

C

Discussions

Question 10 Topic 5

Topic 5
A characteristic of a digital signature is that it:

  • A. is under control of the receiver.
  • B. is unique to the message.
  • C. has a reproducible hashing algorithm.
  • D. is validated when data are changed.
Answer:

B

Discussions
To page 2