2024 Updated ISACA CISA Dumps PDF - Want To Pass CISA Fast [Q156-Q180] : Free valid test braindumps : http://free.validbraindumps.com

This page was exported from Free valid test braindumps [ http://free.validbraindumps.com ]
Export date: Sat Apr 5 13:02:01 2025 / +0000 GMT

2024 Updated ISACA CISA Dumps PDF - Want To Pass CISA Fast [Q156-Q180]

2024 Updated ISACA CISA Dumps PDF - Want To Pass CISA Fast

CISA Practice Exam Dumps - 99% Marks In ISACA Exam

ISACA CISA certification is beneficial for individuals who want to work in the field of IT audit, risk management, and compliance. Certified Information Systems Auditor certification is also valuable for professionals who want to enhance their knowledge and skills in information security and control. The CISA certification is recognized by many organizations worldwide and can help professionals advance their careers and increase their earning potential.

NEW QUESTION 156
During a security audit, which of the following is MOST important to review to ensure data confidentiality is managed?

Access log monitoring

Network configuration

Access controls

Data flows

NEW QUESTION 157
Which of the following will prevent dangling tuples in a database?

Cyclic integrity

Domain integrity

Relational integrity

Referential integrity

NEW QUESTION 158
An IS auditor finds that conference rooms have active network ports. Which of the
following is MOST important to ensure?

The corporate network is using an intrusion prevention system (IPS)

This part of the network is isolated from the corporate network

A single sign-on has been implemented in the corporate network

Antivirus software is in place to protect the corporate network

NEW QUESTION 159
Which of the following provides the MOST protection against emerging threats?

Demilitarized zone (DMZ)

Heuristic intrusion detection system (IDS)

Real-time updating of antivirus software

Signature-based intrusion detection system (IDS)

NEW QUESTION 160
Sending a message and a message hash encrypted by the sender’s private key will ensure:

authenticity and integrity.

authenticity and privacy.

integrity and privacy.

privacy and nonrepudiation.

NEW QUESTION 161
What is a risk associated with attempting to control physical access to sensitive areas such as computer rooms using card keys or locks?

Unauthorized individuals wait for controlled doors to open and walk in behind those authorized.

The contingency plan for the organization cannot effectively test controlled access practices.

Access cards, keys and pads can be easily duplicated allowing easy compromise of the control.

Removing access for those who are no longer authorized is complex.

NEW QUESTION 162
Which of the following are BEST suited for continuous auditing?

Manual transactions

Irregular transactions

Low-value transactions

Real-time transactions

NEW QUESTION 163
Which of the following is the dominating objective of BCP and DRP?

To protect human life

To mitigate the risk and impact of a business interruption

To eliminate the risk and impact of a business interruption

To transfer the risk and impact of a business interruption

NEW QUESTION 164
Which of the following would BEST manage the risk of changes in requirements after the analysis phase of a business application development project?

Expected deliverables meeting project deadlines

Sign-off from the IT team

Ongoing participation by relevant stakeholders

Quality assurance (OA) review

NEW QUESTION 165
An organization recently implemented a cloud document storage solution and removed the ability for end users to save data to their local workstation hard drives. Which of the following findings should be the IS auditor’s GREATEST concern?

Users are not required to sign updated acceptable use agreements.

Users have not been trained on the new system.

The business continuity plan (BCP) was not updated.

Mobile devices are not encrypted.

Explanation
This should be the IS auditor’s greatest concern, because it means that the organization has not considered the potential impact of the cloud document storage solution on its ability to continue its operations in the event of a disruption or disaster. A BCP is a document that outlines the procedures and actions to be taken in order to maintain or resume critical business functions during and after a crisis. A BCP should be updated whenever there is a significant change in the organization’s IT infrastructure, systems, processes, or dependencies, such as implementing a cloud document storage solution. The IS auditor should verify that the BCP reflects the current state of the organization’s IT environment, and that it addresses the risks, challenges, and opportunities associated with the cloud document storage solution.
The other options are not as concerning as the BCP not being updated:
Users are not required to sign updated acceptable use agreements. This is a minor concern, but it does not pose a major threat to the organization’s business continuity. Acceptable use agreements are documents that define the rules and guidelines for using IT resources, such as the cloud document storage solution. Users should sign updated acceptable use agreements to acknowledge their responsibilities and obligations, and to comply with the organization’s policies and standards. However, this does not affect the organization’s ability to continue its operations in a crisis.
Users have not been trained on the new system. This is a moderate concern, but it does not jeopardize the organization’s business continuity. Training users on the new system is important to ensure that they can use it effectively and efficiently, and to avoid errors or misuse that could compromise the security or performance of the system. However, this does not prevent the organization from accessing or restoring its data in a crisis.
Mobile devices are not encrypted. This is a serious concern, but it does not directly impact the organization’s business continuity. Encrypting mobile devices is a security measure that protects the data stored on them from unauthorized access or disclosure in case of loss or theft. However, this does not affect the availability or integrity of the data stored in the cloud document storage solution, which should have its own encryption mechanisms.

NEW QUESTION 166
An IS auditor performing an independent classification of systems should consider a situation where functions could be performed manually at a tolerable cost for an extended period of time as:

critical.

vital.

sensitive.

noncritical.

NEW QUESTION 167
Digital signatures are an effective control method for information exchange over an insecure network because they:

enable nonrepudiation.

are under the sole custody of the receiver.

are constant over time.

authenticate the user biometrically.

NEW QUESTION 168
An IS auditor is reviewing a bank’s service level agreement (SLA) with a third-party provider that hosts the bank’s secondary data center, which of the following findings should be of GREATEST concern to the auditor?

The recovery time objective (RTO) has a longer duration than documented in the disaster recovery plan (ORP).

The SLA has not been reviewed in more than a year.

Backup data is hosted online only.

The recovery point objective (RPO) has a shorter duration than documented in the disaster recovery plan (DRP).

Explanation
The recovery time objective (RTO) has a longer duration than documented in the disaster recovery plan (DRP) should be of greatest concern to the auditor when reviewing a bank’s SLA with a third-party provider that hosts the bank’s secondary data center. This is because the RTO is the maximum acceptable time for restoring a system or an application after a disaster or a disruption. A longer RTO than the DRP means that the bank may not be able to resume its critical business operations within the expected time frame, which may result in significant financial losses, reputational damage, customer dissatisfaction, or regulatory non-compliance12.
The SLA has not been reviewed in more than a year is not the greatest concern, although it is a good practice to review and update the SLA periodically to ensure that it reflects the current business needs and expectations, as well as any changes in the service provider’s capabilities or performance. However, a lack of review does not necessarily imply a lack of compliance or quality of service, as long as the SLA is still valid and enforceable34.
Backup data is hosted online only is not the greatest concern, although it may pose some security risks if the backup data is not encrypted or protected by adequate access controls. Online backup data means that the backup data is stored on a remote server that can be accessed via the Internet, which may offer some advantages such as faster recovery, lower cost, and higher availability than offline backup data that is stored on physical media such as tapes or disks. However, online backup data also requires reliable network connectivity and bandwidth, as well as proper security measures to prevent unauthorized access or tampering56.
The recovery point objective (RPO) has a shorter duration than documented in the DRP is not the greatest concern, although it may indicate some inconsistency or misalignment between the SLA and the DRP. The RPO is the maximum acceptable amount of data loss measured in time from a disaster or a disruption. A shorter RPO than the DRP means that the bank may lose less data than expected, which may be beneficial for its business continuity and recovery. However, a shorter RPO may also imply more frequent backups, which may increase the cost and complexity of the backup process

NEW QUESTION 169
Which of the following reports should an IS auditor use to check compliance with a service level agreement’s (SLA) requirement for uptime?

Utilization reports

Hardware error reports

System logs

Availability reports

NEW QUESTION 170
What is an effective countermeasure for the vulnerability of data entry operators potentially leaving their computers without logging off? Choose the BEST answer.

Employee security awareness training

Administrator alerts

Screensaver passwords

Close supervision

NEW QUESTION 171
An IS auditor finds that periodic reviews of read-only users for a reporting system are not being performed.
Which of the following should be the IS auditor’s NEXT course of action?

Review the list of end users and evaluate for authorization.

Report this control process weakness to senior management.

Verify managements approval for this exemption

Obtain a verbal confirmation from IT for this exemption.

NEW QUESTION 172
During an audit of a reciprocal disaster recovery agreement between two companies, the IS auditor would be MOST concerned with the:

differences in IS policies and procedures

maintenance of hardware and software compatibility

frequency of system testing

allocation of resources during an emergency

NEW QUESTION 173
Which of following is MOST important to determine when conducting a post-implementation review?

Whether the solution architecture compiles with IT standards

Whether success criteria have been achieved

Whether the project has been delivered within the approved budget

Whether lessons teamed have been documented

NEW QUESTION 174
Which of the following activities should an IS auditor perform FIRST during an external network security assessment?

Enumeration

Reconnaissance

Exploitation

Vulnerability scanning

NEW QUESTION 175
Which of the following controls should be implemented to BEST minimize system downtime for maintenance?

Nightly full backups

Virtualization

Warm site

Clustering

NEW QUESTION 176
Which of the following is the PRIMARY advantage of using virtualization technology for corporate applications?

Increased application performance

Improved disaster recovery

Stronger data security

Better utilization of resources

NEW QUESTION 177
Which of the following refers to an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer?

buffer overflow

format string vulnerabilities

integer misappropriation

code injection

None of the choices.

NEW QUESTION 178
Following a security breach m which a hacker exploited a well-known vulnerability in the domain controller, an IS auditor has been asked to conduct a control assessment. The auditor’s BEST course of action would be to determine if:

the network traffic was being monitored.

the patches were updated.

the domain controller was classified for high availability.

the logs were monitored.

NEW QUESTION 179
.What is the primary security concern for EDI environments? Choose the BEST answer.

Transaction authentication

Transaction completeness

Transaction accuracy

Transaction authorization

NEW QUESTION 180
A retirement system verifies that the field for employee status has either a value of A (for active) or R (for retired). This is an example of which type of check?

Validity

Existence

Limit

Completeness

Updated Verified CISA Q&As - Pass Guarantee: https://www.validbraindumps.com/CISA-exam-prep.html

Post date: 2024-08-02 15:07:34
Post date GMT: 2024-08-02 15:07:34
Post modified date: 2024-08-02 15:07:34
Post modified date GMT: 2024-08-02 15:07:34