• Home
  • Articles
  • [Mar-2024 Newly Released] CISA Exam Questions For You To Pass [Q105-Q127]

[Mar-2024 Newly Released] CISA Exam Questions For You To Pass [Q105-Q127]

Share

[Mar-2024 Newly Released] CISA Exam Questions For You To Pass

ISACA CISA Exam: Basic Questions With Answers


The CISA certification is highly valued in the industry, and holders of the certification are in high demand. Certified Information Systems Auditor certification is recognized globally and is often a requirement for employment in the field of information systems auditing, control, and security. The CISA certification is also an excellent way for professionals to demonstrate their commitment to ongoing professional development and their dedication to the highest standards of information systems auditing, control, and security. In addition, the certification provides professionals with access to a global network of peers and resources that can help them stay current with the latest trends and best practices in the field.

 

NEW QUESTION # 105
Which of the following is the MOST effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines?

  • A. Limit creation of virtual machine images and snapshots.
  • B. Monitor access to stored images and snapshots of virtual machines.
  • C. Review logical access controls on virtual machines regularly.
  • D. Restrict access to images and snapshots of virtual machines.

Answer: B

Explanation:
Explanation
The most effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines is to monitor access to stored images and snapshots of virtual machines. Images and snapshots are copies of virtual machines that can be used for backup, restoration, or cloning purposes. If data stored on virtual machines are unencrypted, they may be exposed or compromised if unauthorized or malicious users access or copy the images or snapshots. Therefore, monitoring access to stored images and snapshots can help detect and prevent any unauthorized or suspicious activities, and provide audit trails for accountability and investigation.
Restricting access to images and snapshots of virtual machines, limiting creation of virtual machine images and snapshots, and reviewing logical access controls on virtual machines regularly are not the most effective controls for protecting the confidentiality and integrity of data stored unencrypted on virtual machines. These controls may help reduce the risk or impact of data exposure or compromise, but they do not provide sufficient visibility or assurance of data protection. Restricting access to images and snapshots may not prevent authorized users from abusing their privileges or credentials. Limiting creation of virtual machine images and snapshots may not address the existing copies that may contain sensitive data. Reviewing logical access controls on virtual machines regularly may not reflect the actual access activities on images and snapshots.


NEW QUESTION # 106
An internal audit has revealed a large number of incidents for which root cause analysis has not been performed. Which of the following is MOST important for the IS auditor to verify to determine whether there is an audit issue?

  • A. Severity level of the incidents
  • B. Cost of resolving the incidents
  • C. Frequency of the incidents
  • D. Time required to resolve the incidents

Answer: C

Explanation:
Section: The process of Auditing Information System


NEW QUESTION # 107
Which of the following BEST guards against the risk of attack by hackers?

  • A. Firewalls
  • B. Message validation
  • C. Encryption
  • D. Tunneling

Answer: C


NEW QUESTION # 108
The activation of an enterprise's business continuity plan should be based on predetermined criteria that address the:

  • A. probability of the outage.
  • B. duration of the outage.
  • C. cause of the outage.
  • D. type of outage.

Answer: B

Explanation:
Explanation/Reference:
Explanation:
The initiation of a business continuity plan (action) should primarily be based on the maximum period for which a business function can be disrupted before the disruption threatens the achievement of organizational objectives.


NEW QUESTION # 109
Which of the following would be MOST effective to protect information assets in a data center from theft by a vendor?

  • A. Conceal data devices and information labels
  • B. Restrict use of portable and wireless devices.
  • C. Issues an access card to the vendor.
  • D. Monitor and restrict vendor activities

Answer: D

Explanation:
Explanation
The most effective control to protect information assets in a data center from theft by a vendor is to monitor and restrict vendor activities. A vendor may have legitimate access to the data center for maintenance or support purposes, but they may also have malicious intentions or be compromised by an attacker. By monitoring and restricting vendor activities, the organization can ensure that the vendor only performs authorized tasks and does not access or tamper with sensitive data or equipment. Issuing an access card to the vendor, concealing data devices and information labels, and restricting use of portable and wireless devices are also useful controls, but they are not as effective as monitoring and restricting vendor activities in preventing theft by a vendor. References:
CISA Review Manual, 27th Edition, page 3381
CISA Review Questions, Answers & Explanations Database - 12 Month Subscription


NEW QUESTION # 110
What is wrong with a Black Box type of intrusion detection system?

  • A. you cannot tune it
  • B. you cannot patch it
  • C. None of the choices.
  • D. you cannot examine its internal workings from outside.
  • E. you cannot test it

Answer: D

Explanation:
"An intrusion detection system should to able to run continually without human supervision. The
system must be reliable enough to allow it to run in the background of the system being observed.
However, it should not be a ""black
box"", coz you want to ensure its internal workings are examinable from outside."


NEW QUESTION # 111
A team conducting a risk analysis is having difficulty projecting the financial losses that could result from a risk. To evaluate the potential losses, the team should:

  • A. spend the time needed to define exactly the loss amount.
  • B. calculate a return on investment (ROI).
  • C. compute the amortization of the related assets.
  • D. apply a qualitative approach.

Answer: D

Explanation:
The common practice, when it is difficult to calculate the financial losses, is to take a qualitative approach, in which the manager affected by the risk defines the financial loss in terms of a weighted factor {e.g., one is a very low impact to thebusiness and five is a very high impact). An ROI is computed when there is predictable savings or revenues that can be compared to the investment needed to realize the revenues. Amortization is used in a profit and loss statement, not in computing potential losses. Spending the time needed to define exactly the total amount is normally a wrong approach. If it has been difficult to estimate potential losses (e.g., losses derived from erosion of public image due to a hack attack), that situation is not likely to change, and at the end of the day, the result will be a not well-supported evaluation.


NEW QUESTION # 112
Which of the following findings should an IS auditor be MOST concerned about when performing an audit
of backup and recovery and the offsite storage vault?

  • A. Data files that are stored in the vault are synchronized.
  • B. The offsite vault is located in a separate facility.
  • C. Paper documents are also stored in the offsite vault.
  • D. There are three individuals with a key to enter the area.

Answer: A

Explanation:
Section: Protection of Information Assets
Explanation:
Choice A is incorrect because more than one person would typically need to have a key to the vault to
ensure that individuals responsible for the offsite vault can take vacations and rotate duties. Choice B is not
correct because an IS auditor would not be concerned with whether paper documents are stored in the
offsite vault. In fact, paper documents, such as procedural documents and a copy of the contingency plan,
would most likely be stored in the offsite vault, and the location of the vault is important, but not as
important as the files being synchronized.


NEW QUESTION # 113
The MOST significant security concern when using flash memory (e.g., USB removable disk) is that the:

  • A. data cannot be backed up.
  • B. device may not be compatible with other peripherals.
  • C. contents are highly volatile.
  • D. data can be copied.

Answer: D

Explanation:
Unless properly controlled, flash memory provides an avenue for anyone to copy any content with ease. The contents stored in flash memory are not volatile. Backing up flash memory data is not a control concern, as the data are sometimes stored as a backup. Flash memory will be accessed through a PC rather than any other peripheral; therefore, compatibility is not an issue.


NEW QUESTION # 114
Which of the following statement INCORRECTLY describes the Control self-assessment (CSA) approach?

  • A. CSA Empowered/accountable employees
  • B. CSA focuses on continuous improvement/learning curve
  • C. CSA is policy or rule driven
  • D. In CSA, Staffs at all level, in all functions, are the primary control analyst.

Answer: C

Explanation:
Section: The process of Auditing Information System
Explanation:
The word INCORRECTLY is the keyword used in the question. You need to find out an option which incorrectly describes Control Self-assessment.
For your exam you should know the information below about control self-assessment:
Control self-assessment is an assessment of controls made by the staff and management of the unit or units involved. It is a management technique that assures stakeholders, customers and other parties that the internal controls of the organization are reliable.
Benefits of CSA
Early detection of risk
More efficient and improved internal controls
Creation of cohesive teams through employee involvement
Developing a sense of ownership of the controls in the employees and process owners, and reducing their resistance to control improvement initiatives Increased employee awareness of organizational objectives, and knowledge of risk and internal controls Highly motivated employees Improved audit training process Reduction in control cost Assurance provided to stakeholders and customers Traditional and CSA attributes Traditional Historical CSA Assign duties/supervises staff Empowered/accountable employees Policy/rule driven Continuous improvement/learning curve Limited employee participation Extensive employee participation and training Narrow stakeholders focus Broad stakeholders focus Auditors and other specialist Staff at all level, in all functions, are the primary control analysts The following answers are incorrect:
The other options specified are correctly describes about CSA.
Reference:
CISA review manual 2014 page number 61, 62 and 63


NEW QUESTION # 115
Which of the following attack techniques will succeed because of an inherent security weakness in an Internet firewall?

  • A. Phishing
  • B. Flooding the site with an excessive number of packets
  • C. Intercepting packets and viewing passwords
  • D. Using a dictionary attack of encrypted passwords

Answer: B


NEW QUESTION # 116
Which of the following audit techniques would BEST aid an auditor in determining whether there have been
unauthorized program changes since the last authorized program update?

  • A. Test data run
  • B. Code review
  • C. Automated code comparison
  • D. Review of code migration procedures

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
An automated code comparison is the process of comparing two versions of the same program to
determine whether the two correspond. It is an efficient technique because it is an automated procedure.
Test data runs permit the auditor to verify the processing of preselected transactions, but provide no
evidence about unexercised portions of a program. Code review is the process of reading program source
code listings to determine whether the code contains potential errors or inefficient statements. A code
review can be used as a means of code comparison but it is inefficient. The review of code migration
procedures would not detect program changes.


NEW QUESTION # 117
Which of the following would MOST effectively control the usage of universal storage bus (USB) storage
devices?

  • A. Searching personnel for USB storage devices at the facility's entrance
  • B. Software for tracking and managing USB storage devices
  • C. Administratively disabling the USB port
  • D. Policies that require instant dismissal if such devices are found

Answer: B

Explanation:
Section: Protection of Information Assets
Explanation:
Software for centralized tracking and monitoring would allow a USB usage policy to be applied to each user
based on changing business requirements, and would provide for monitoring and reporting exceptions to
management. A policy requiring dismissal may result in increased employee attrition and business
requirements would not be properly addressed. Disabling ports would be complex to manage and might not
allow for new business needs. Searching of personnel for USB storage devices at the entrance to a facility
is not a practical solution since these devices are small and could be easily hidden.


NEW QUESTION # 118
An IS auditor is reviewing an end-user computing program. Which of the following is the BEST way to maintain the accuracy of calculations embedded in the tool?

  • A. Review calculations periodically
  • B. Use standardized tool calculations.
  • C. Maintain version control
  • D. Assign an owner and developer for each tool

Answer: B


NEW QUESTION # 119
An IS auditor has performed an agreed-upon procedures engagement for the organization's IT steering committee. Which of the following would be the MOST important element to include in the report?

  • A. An opinion on the effectiveness of controls
  • B. Complementary user entity controls
  • C. Statement that the engagement followed standards
  • D. Managements representation on the effectiveness of controls

Answer: A


NEW QUESTION # 120
An IT governance framework provides an organization with:

  • A. a basis for directing and controlling IT.
  • B. assurance that there arc surplus IT investments
  • C. assurance that there will be IT cost reductions
  • D. organizational structures to enlarge the market share through IT

Answer: A


NEW QUESTION # 121
Talking about application system audit, focus should always be placed on:

  • A. the ability to limit unauthorized access and manipulation
  • B. performance and controls of the system
  • C. None of the choices.
  • D. output of data are processed correctly
  • E. input of data are processed correctly
  • F. changes to the system are properly authorized

Answer: A,B,D,E,F

Explanation:
Explanation/Reference:
Explanation:
Talking about application system audit, focus should be placed on the performance and controls of the system, its ability to limit unauthorized access and manipulation, that input and output of data are processed correctly on the system, that any changes to the system are authorized, and that users have access to the system.


NEW QUESTION # 122
Which of the following type of a computer network covers a broad area such as city, region, nation or
international link?

  • A. SAN
  • B. WAN
  • C. PAN
  • D. LAN

Answer: B

Explanation:
Section: Information System Operations, Maintenance and Support
Explanation/Reference:
A wide area network (WAN) is a network that covers a broad area (i.e., any telecommunications network
that links across metropolitan, regional, national or international boundaries) using leased
telecommunication lines.
For your exam you should know below information about computer networks:
Local Area Network (LAN)
A local area network (LAN) is a computer network that interconnects computers within a limited area such
as a home, school, computer laboratory, or office building using network media.
Local Area Network

Wide Area Network
A wide area network (WAN) is a network that covers a broad area (i.e., any telecommunications network
that links across metropolitan, regional, national or international boundaries) using leased
telecommunication lines.
Wide Area Network

Metropolitan Area Network
A metropolitan area network (MAN) is a computer network in which two or more computers or
communicating devices or networks which are geographically separated but in same metropolitan city and
are connected to each other are said to be connected on MAN. Metropolitan limits are determined by local
municipal corporations; the larger the city, the bigger the MAN, the smaller a metro city, smaller the MAN
Metropolitan Area Network

Personal Area Network
A personal area network (PAN) is a computer network used for data transmission among devices such as
computers, telephones and personal digital assistants. PANs can be used for communication among the
personal devices themselves (intrapersonal communication), or for connecting to a higher level network
and the Internet (an uplink).
Personal Area Network

Storage Area Network
A storage area network (SAN) is a dedicated network that provides access to consolidated, block level data
storage. SANs are primarily used to enhance storage devices, such as disk arrays, tape libraries, and
optical jukeboxes, accessible to servers so that the devices appear like locally attached devices to the
operating system. A SAN typically has its own network of storage devices that are generally not accessible
through the local area network (LAN) by other devices.
Storage Area Network

The following were incorrect answers:
PAN - A personal area network (PAN) is a computer network used for data transmission among devices
such as computers, telephones and personal digital assistants. PANs can be used for communication
among the personal devices themselves (intrapersonal communication), or for connecting to a higher level
network and the Internet (an uplink).
LAN - A local area network (LAN) is a computer network that interconnects computers within a limited area
such as a home, school, computer laboratory, or office building using network media.
SAN - A storage area network (SAN) is a dedicated network that provides access to consolidated, block
level data storage. SANs are primarily used to enhance storage devices, such as disk arrays, tape libraries,
and optical jukeboxes, accessible to servers so that the devices appear like locally attached devices to the
operating system. A SAN typically has its own network of storage devices that are generally not accessible
through the local area network (LAN) by other devices.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 258


NEW QUESTION # 123
Which of the following is the GREATEST advantage of application penetration testing over vulnerability
scanning?

  • A. Penetration testing creates relatively smaller risks to application availability and integrity.
  • B. Penetration testing does not require a special skill set to be executed.
  • C. Penetration testing can be conducted in a relatively short time period.
  • D. Penetration testing provides a more accurate picture of gaps in application controls.

Answer: D

Explanation:
Section: Protection of Information Assets


NEW QUESTION # 124
Which of the following audit techniques would BEST aid an auditor in determining whether there have been unauthorized program changes since the last authorized program update?

  • A. Test data run
  • B. Code review
  • C. Automated code comparison
  • D. Review of code migration procedures

Answer: C

Explanation:
Explanation/Reference:
Explanation:
An automated code comparison is the process of comparing two versions of the same program to determine whether the two correspond. It is an efficient technique because it is an automated procedure.
Test data runs permit the auditor to verify the processing of preselected transactions, but provide no evidence about unexercised portions of a program. Code review is the process of reading program source code listings to determine whether the code contains potential errors or inefficient statements.A code review can be used as a means of code comparison but it is inefficient. The review of code migration procedures would not detect program changes.


NEW QUESTION # 125
Which of the following layer of an OSI model responsible for routing and forwarding of a network packets?

  • A. Data Link Layer
  • B. Network Layer
  • C. Physical Layer
  • D. Transport Layer

Answer: B

Explanation:
Explanation/Reference:
The network layer controls the operation of the subnet, deciding which physical path the data should take based on network conditions, priority of service, and other factors.
For CISA exam you should know below information about OSI model:
The Open Systems Interconnection model (OSI) is a conceptual model that characterizes and standardizes the internal functions of a communication system by partitioning it into abstraction layers. The model is a product of the Open Systems Interconnection project at the International Organization for Standardization (ISO), maintained by the identification ISO/IEC 7498-1.
The model groups communication functions into seven logical layers. A layer serves the layer above it and is served by the layer below it. For example, a layer that provides error-free communications across a network provides the path needed by applications above it, while it calls the next lower layer to send and receive packets that make up the contents of that path. Two instances at one layer are connected by a horizontal.OSI Model

Image source: http://www.petri.co.il/images/osi_model.JPG
PHYSICAL LAYER
The physical layer, the lowest layer of the OSI model, is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. It describes the electrical/optical, mechanical, and functional interfaces to the physical medium, and carries the signals for all of the higher layers. It provides:
Data encoding: modifies the simple digital signal pattern (1s and 0s) used by the PC to better accommodate the characteristics of the physical medium, and to aid in bit and frame synchronization. It determines:
What signal state represents a binary 1
How the receiving station knows when a "bit-time" starts
How the receiving station delimits a frame
DATA LINK LAYER
The data link layer provides error-free transfer of data frames from one node to another over the physical layer, allowing layers above it to assume virtually error-free transmission over the link. To do this, the data link layer provides:
Link establishment and termination: establishes and terminates the logical link between two nodes.
Frame traffic control: tells the transmitting node to "back-off" when no frame buffers are available.
Frame sequencing: transmits/receives frames sequentially.
Frame acknowledgment: provides/expects frame acknowledgments. Detects and recovers from errors that occur in the physical layer by retransmitting non-acknowledged frames and handling duplicate frame receipt.
Frame delimiting: creates and recognizes frame boundaries.
Frame error checking: checks received frames for integrity.
Media access management: determines when the node "has the right" to use the physical medium.
NETWORK LAYER
The network layer controls the operation of the subnet, deciding which physical path the data should take based on network conditions, priority of service, and other factors. It provides:
Routing: routes frames among networks.
Subnet traffic control: routers (network layer intermediate systems) can instruct a sending station to
"throttle back" its frame transmission when the router's buffer fills up.
Frame fragmentation: if it determines that a downstream router's maximum transmission unit (MTU) size is less than the frame size, a router can fragment a frame for transmission and re-assembly at the destination station.
Logical-physical address mapping: translates logical addresses, or names, into physical addresses.
Subnet usage accounting: has accounting functions to keep track of frames forwarded by subnet intermediate systems, to produce billing information.
Communications Subnet
The network layer software must build headers so that the network layer software residing in the subnet intermediate systems can recognize them and use them to route data to the destination address.
This layer relieves the upper layers of the need to know anything about the data transmission and intermediate switching technologies used to connect systems. It establishes, maintains and terminates connections across the intervening communications facility (one or several intermediate systems in the communication subnet).
In the network layer and the layers below, peer protocols exist between a node and its immediate neighbor, but the neighbor may be a node through which data is routed, not the destination station. The source and destination stations may be separated by many intermediate systems.
TRANSPORT LAYER
The transport layer ensures that messages are delivered error-free, in sequence, and with no losses or duplications. It relieves the higher layer protocols from any concern with the transfer of data between them and their peers.
The size and complexity of a transport protocol depends on the type of service it can get from the network layer. For a reliable network layer with virtual circuit capability, a minimal transport layer is required. If the network layer is unreliable and/or only supports datagram's, the transport protocol should include extensive error detection and recovery.
The transport layer provides:
Message segmentation: accepts a message from the (session) layer above it, splits the message into smaller units (if not already small enough), and passes the smaller units down to the network layer. The transport layer at the destination station reassembles the message.
Message acknowledgment: provides reliable end-to-end message delivery with acknowledgments.
Message traffic control: tells the transmitting station to "back-off" when no message buffers are available.
Session multiplexing: multiplexes several message streams, or sessions onto one logical link and keeps track of which messages belong to which sessions (see session layer).
Typically, the transport layer can accept relatively large messages, but there are strict message size limits imposed by the network (or lower) layer. Consequently, the transport layer must break up the messages into smaller units, or frames, pretending a header to each frame.
The transport layer header information must then include control information, such as message start and message end flags, to enable the transport layer on the other end to recognize message boundaries. In addition, if the lower layers do not maintain sequence, the transport header must contain sequence information to enable the transport layer on the receiving end to get the pieces back together in the right order before handing the received message up to the layer above.
End-to-end layers
Unlike the lower "subnet" layers whose protocol is between immediately adjacent nodes, the transport layer and the layers above are true "source to destination" or end-to-end layers, and are not concerned with the details of the underlying communications facility. Transport layer software (and software above it) on the source station carries on a conversation with similar software on the destination station by using message headers and control messages.
SESSION LAYER
The session layer allows session establishment between processes running on different stations. It provides:
Session establishment, maintenance and termination: allows two application processes on different machines to establish, use and terminate a connection, called a session.
Session support: performs the functions that allow these processes to communicate over the network, performing security, name recognition, logging, and so on.
PRESENTATION LAYER
The presentation layer formats the data to be presented to the application layer. It can be viewed as the translator for the network. This layer may translate data from a format used by the application layer into a common format at the sending station, then translate the common format to a format known to the application layer at the receiving station.
The presentation layer provides:
Character code translation: for example, ASCII to EBCDIC.
Data conversion: bit order, CR-CR/LF, integer-floating point, and so on.
Data compression: reduces the number of bits that need to be transmitted on the network.
Data encryption: encrypt data for security purposes. For example, password encryption.
APPLICATION LAYER
The application layer serves as the window for users and application processes to access network services. This layer contains a variety of commonly needed functions:
Resource sharing and device redirection
Remote file access
Remote printer access
Inter-process communication
Network management
Directory services
Electronic messaging (such as mail)
Network virtual terminals
The following were incorrect answers:
Transport layer - The transport layer ensures that messages are delivered error-free, in sequence, and with no losses or duplications. It relieves the higher layer protocols from any concern with the transfer of data between them and their peers.
Data link layer - The data link layer provides error-free transfer of data frames from one node to another over the physical layer, allowing layers above it to assume virtually error-free transmission over the link.
Physical Layer - The physical layer, the lowest layer of the OSI model, is concerned with the transmission and reception of the unstructured raw bit stream over a physical medium. It describes the electrical/optical, mechanical, and functional interfaces to the physical medium, and carries the signals for all of the higher layers.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 260


NEW QUESTION # 126
A database administrator has detected a performance problem with some tables which could be solved through denormalization. This situation will increase the risk of:

  • A. deadlocks.
  • B. a loss of data integrity.
  • C. concurrent access.
  • D. unauthorized access to data.

Answer: B

Explanation:
Normalization is the removal of redundant data elements from the database structure. Disabling normalization in relational databases will create redundancy and a risk of not maintaining consistency of data, with the consequent loss of data integrity. Deadlocks are not caused by denormalization . Access to data is controlled by defining user rights to information, and is not affected by denormalization .


NEW QUESTION # 127
......

New 2024 Realistic Free ISACA CISA Exam Dump Questions and Answer: https://www.examslabs.com/ISACA/Certified-Information-Systems-Auditor/best-CISA-exam-dumps.html

CISA Practice Test Engine: Try These 886 Exam Questions: https://drive.google.com/open?id=12WHDsX5NR_XC1jrI7I-UX6cL9hSYJD1n

Related Articles

more
Go To CISA Questions