Practice Free CISA Exam Online Questions
Question #171
Which of the following is the BEST control to help ensure the completeness of outbound transactions?
- A . Perform edit checks to identify erroneous, unusual, or invalid transactions.
- B . Verify transactions are sequentially numbered in the header record.
- C . Ensure the validity of the recipient ID and use auto-numbered reports.
- D . Maintain a log of the number of messages sent and validate periodically.
Correct Answer: D
D
Explanation:
Comprehensive and Detailed Step-by-Step
To ensurecompleteness of outbound transactions, alog with periodic validationis thebest control.
Option A (Incorrect): Edit checkshelp withdata accuracy, not completeness.
Option B (Incorrect): Sequential numberingdetects missing transactions but does not verifyactual transmission.
Option C (Incorrect): Recipient ID validationis important foraccuracy, not for ensuring all transactions are sent.
Option D (Correct): Maintaining and validating transaction logsensures thatall outbound transactions are properly accounted for, making it the best completeness control.
Reference: ISACA CISA Review Manual CDomain 3: Information Systems Acquisition, Development, and ImplementationC Coversdata integrity, completeness controls, and transaction logging.
D
Explanation:
Comprehensive and Detailed Step-by-Step
To ensurecompleteness of outbound transactions, alog with periodic validationis thebest control.
Option A (Incorrect): Edit checkshelp withdata accuracy, not completeness.
Option B (Incorrect): Sequential numberingdetects missing transactions but does not verifyactual transmission.
Option C (Incorrect): Recipient ID validationis important foraccuracy, not for ensuring all transactions are sent.
Option D (Correct): Maintaining and validating transaction logsensures thatall outbound transactions are properly accounted for, making it the best completeness control.
Reference: ISACA CISA Review Manual CDomain 3: Information Systems Acquisition, Development, and ImplementationC Coversdata integrity, completeness controls, and transaction logging.
Question #172
Which of the following should be the IS auditor’s PRIMARY focus when evaluating an organizations offsite storage facility?
- A . Adequacy of physical and environmental controls
- B . Results of business continuity plan (BCP) tests
- C . Shared facilities
- D . Retention policy and period
Correct Answer: A
Question #173
An organization’s security team created a simulated production environment with multiple vulnerable applications.
What would be the PRIMARY purpose of creating such an environment?
- A . To collect digital evidence of cyberattacks
- B . To attract attackers in order to study their behavior
- C . To provide training to security managers
- D . To test the intrusion detection system (IDS)
Correct Answer: B
B
Explanation:
The primary purpose of creating a simulated production environment with multiple vulnerable applications is to attract attackers in order to study their behavior. This is a technique known as honey potting, which is a form of deception security that lures attackers into a fake system or network that mimics the real one, but is isolated and monitored1. Honey potting can help security teams to learn about the attackers’ methods, tools, motives, and targets, and to collect valuable intelligence that can be used to improve the security posture of the organization1. Honey potting can also help to divert the attackers’ attention from the real assets and to waste their time and resources2.
The other options are not the primary purpose of creating a simulated production environment with multiple vulnerable applications. To collect digital evidence of cyberattacks, security teams would need to use forensic tools and techniques that can preserve and analyze the data from the compromised systems or networks3. To provide training to security managers, security teams would need to use simulation tools and scenarios that can test and enhance their skills and knowledge in responding to cyber incidents4. To test the intrusion detection system (IDS), security teams would need to use penetration testing tools and methods that can evaluate the effectiveness and performance of the IDS in detecting and preventing malicious activities5.
Reference: What is a Honeypot? | Imperva
Honeypots: A sweet solution for identifying intruders | CSO Online
Digital Forensics – an overview | ScienceDirect Topics
Cybersecurity Training & Exercises – Homeland Security
What is Penetration Testing? | Types & Stages | Imperva
B
Explanation:
The primary purpose of creating a simulated production environment with multiple vulnerable applications is to attract attackers in order to study their behavior. This is a technique known as honey potting, which is a form of deception security that lures attackers into a fake system or network that mimics the real one, but is isolated and monitored1. Honey potting can help security teams to learn about the attackers’ methods, tools, motives, and targets, and to collect valuable intelligence that can be used to improve the security posture of the organization1. Honey potting can also help to divert the attackers’ attention from the real assets and to waste their time and resources2.
The other options are not the primary purpose of creating a simulated production environment with multiple vulnerable applications. To collect digital evidence of cyberattacks, security teams would need to use forensic tools and techniques that can preserve and analyze the data from the compromised systems or networks3. To provide training to security managers, security teams would need to use simulation tools and scenarios that can test and enhance their skills and knowledge in responding to cyber incidents4. To test the intrusion detection system (IDS), security teams would need to use penetration testing tools and methods that can evaluate the effectiveness and performance of the IDS in detecting and preventing malicious activities5.
Reference: What is a Honeypot? | Imperva
Honeypots: A sweet solution for identifying intruders | CSO Online
Digital Forensics – an overview | ScienceDirect Topics
Cybersecurity Training & Exercises – Homeland Security
What is Penetration Testing? | Types & Stages | Imperva
Question #174
An IS auditor is reviewing a network diagram.
Which of the following would be the BEST location for placement of a firewall?
- A . Between each host and the local network switch/hub
- B . Between virtual local area networks (VLANs)
- C . Inside the demilitarized zone (DMZ)
- D . At borders of network segments with different security levels
Correct Answer: D
Question #175
Which of the following is the GREATEST risk associated with hypervisors in virtual environments?
- A . Availability issues
- B . Virtual sprawl
- C . Single point of failure
- D . Lack of patches
Correct Answer: C
C
Explanation:
A single point of failure is a component or system that, if it fails, will cause the entire system to stop functioning. In virtual environments, the hypervisor is the software layer that enables multiple virtual machines to run on a single physical host. If the hypervisor is compromised, corrupted, or unavailable, all the virtual machines running on that host will be affected. This can result in data loss, downtime, or security breaches.
Reference
ISACA CISA Review Manual, 27th Edition, page 254
Virtualization: What are the security risks?
What Is a Hypervisor? (Definition, Types, Risks)
C
Explanation:
A single point of failure is a component or system that, if it fails, will cause the entire system to stop functioning. In virtual environments, the hypervisor is the software layer that enables multiple virtual machines to run on a single physical host. If the hypervisor is compromised, corrupted, or unavailable, all the virtual machines running on that host will be affected. This can result in data loss, downtime, or security breaches.
Reference
ISACA CISA Review Manual, 27th Edition, page 254
Virtualization: What are the security risks?
What Is a Hypervisor? (Definition, Types, Risks)
Question #176
An IS auditor noted a recent production incident in which a teller transaction system incorrectly charged fees to customers due to a defect from a recent release.
Which of the following should be the auditor’s NEXT step?
- A . Evaluate developer training.
- B . Evaluate the incident management process.
- C . Evaluate the change management process.
- D . Evaluate secure code practices.
Correct Answer: C
C
Explanation:
The change management process is the set of procedures and activities that ensure that changes to the information system are authorized, tested, documented, and implemented in a controlled manner12. A defect in a recent release indicates that there may be issues with the quality assurance, testing, or approval of the changes, which could affect the reliability, security, and performance of the system3. Therefore, the auditor’s next step should be to evaluate the change management process and identify the root cause of the defect, as well as the impact and remediation of the incident.
Reference
1: Change Management – CISA
2: What is Change Management? – Definition from Techopedia
3: How to Audit Change Management – ISACA Journal
The Business Case for Security | CISA
C
Explanation:
The change management process is the set of procedures and activities that ensure that changes to the information system are authorized, tested, documented, and implemented in a controlled manner12. A defect in a recent release indicates that there may be issues with the quality assurance, testing, or approval of the changes, which could affect the reliability, security, and performance of the system3. Therefore, the auditor’s next step should be to evaluate the change management process and identify the root cause of the defect, as well as the impact and remediation of the incident.
Reference
1: Change Management – CISA
2: What is Change Management? – Definition from Techopedia
3: How to Audit Change Management – ISACA Journal
The Business Case for Security | CISA
Question #177
Which of the following should be of GREATEST concern to an IS auditor who is assessing an organization’s configuration and release management process?
- A . The organization does not use an industry-recognized methodology
- B . Changes and change approvals are not documented
- C . All changes require middle and senior management approval
- D . There is no centralized configuration management database (CMDB)
Correct Answer: B
B
Explanation:
The greatest concern to an IS auditor who is assessing an organization’s configuration and release management process is that changes and change approvals are not documented. This is because documentation is essential for ensuring the traceability, accountability, and quality of the changes made to the configuration items (CIs) and the releases deployed to the production environment.
Without documentation, it would be difficult to verify the authenticity, validity, and authorization of the changes, as well as to identify and resolve any issues or incidents that may arise from the changes. Documentation also helps to maintain compliance with internal and external standards and regulations, as well as to facilitate audits and reviews.
The other options are not as concerning as option B, although they may also indicate some weaknesses in the configuration and release management process. The organization does not use an industry-recognized methodology, but this does not necessarily mean that their process is ineffective or inefficient. The organization may have developed their own methodology that suits their specific needs and context. However, using an industry-recognized methodology could help them adopt best practices and improve their process maturity. All changes require middle and senior management approval, but this may not be a problem if the organization has a clear and streamlined approval process that does not cause delays or bottlenecks in the change implementation. However, requiring too many approvals could also introduce unnecessary complexity and bureaucracy in the process. There is no centralized configuration management database (CMDB), but this does not mean that the organization does not have a way of managing their CIs and their relationships. The organization may use other tools or methods to store and access their configuration data, such as spreadsheets, documents, or repositories. However, having a centralized CMDB could help them improve their visibility, accuracy, and consistency of their configuration data.
Reference: 1: The Essential Guide to Release Management | Smartsheet
2: 5 steps to a successful release management process – Lucidchart
3: Configuration Management process overview – Micro Focus
4: Release and Deployment Management process overview – Micro Focus
B
Explanation:
The greatest concern to an IS auditor who is assessing an organization’s configuration and release management process is that changes and change approvals are not documented. This is because documentation is essential for ensuring the traceability, accountability, and quality of the changes made to the configuration items (CIs) and the releases deployed to the production environment.
Without documentation, it would be difficult to verify the authenticity, validity, and authorization of the changes, as well as to identify and resolve any issues or incidents that may arise from the changes. Documentation also helps to maintain compliance with internal and external standards and regulations, as well as to facilitate audits and reviews.
The other options are not as concerning as option B, although they may also indicate some weaknesses in the configuration and release management process. The organization does not use an industry-recognized methodology, but this does not necessarily mean that their process is ineffective or inefficient. The organization may have developed their own methodology that suits their specific needs and context. However, using an industry-recognized methodology could help them adopt best practices and improve their process maturity. All changes require middle and senior management approval, but this may not be a problem if the organization has a clear and streamlined approval process that does not cause delays or bottlenecks in the change implementation. However, requiring too many approvals could also introduce unnecessary complexity and bureaucracy in the process. There is no centralized configuration management database (CMDB), but this does not mean that the organization does not have a way of managing their CIs and their relationships. The organization may use other tools or methods to store and access their configuration data, such as spreadsheets, documents, or repositories. However, having a centralized CMDB could help them improve their visibility, accuracy, and consistency of their configuration data.
Reference: 1: The Essential Guide to Release Management | Smartsheet
2: 5 steps to a successful release management process – Lucidchart
3: Configuration Management process overview – Micro Focus
4: Release and Deployment Management process overview – Micro Focus
Question #178
Recovery facilities providing a redundant combination of Internet connections to the local communications loop is an example of which type of telecommunications continuity?
- A . Voice recovery
- B . Alternative routing
- C . Long-haul network diversity
- D . Last-mile circuit protection
Correct Answer: D
D
Explanation:
Recovery facilities providing a redundant combination of Internet connections to the local communications loop is an example of last-mile circuit protection. Last-mile circuit protection is a type of telecommunications continuity that ensures the availability and redundancy of the final segment of the network that connects the end-user to the service provider. The local communications loop, also known as the local loop or subscriber line, is the physical link between the customer premises and the nearest central office or point of presence of the service provider. By having multiple Internet connections from different providers or technologies, such as cable, DSL, fiber, wireless, or satellite, the recovery facilities can avoid losing connectivity in case one of the connections fails or is disrupted by a disaster5.
Reference: 9: Last Mile Redundancy – How to Ensure Business Continuity – Multapplied Networks
D
Explanation:
Recovery facilities providing a redundant combination of Internet connections to the local communications loop is an example of last-mile circuit protection. Last-mile circuit protection is a type of telecommunications continuity that ensures the availability and redundancy of the final segment of the network that connects the end-user to the service provider. The local communications loop, also known as the local loop or subscriber line, is the physical link between the customer premises and the nearest central office or point of presence of the service provider. By having multiple Internet connections from different providers or technologies, such as cable, DSL, fiber, wireless, or satellite, the recovery facilities can avoid losing connectivity in case one of the connections fails or is disrupted by a disaster5.
Reference: 9: Last Mile Redundancy – How to Ensure Business Continuity – Multapplied Networks
Question #179
Which of the following should an organization do to anticipate the effects of a disaster?
- A . Define recovery point objectives (RPO)
- B . Simulate a disaster recovery
- C . Develop a business impact analysis (BIA)
- D . Analyze capability maturity model gaps
Correct Answer: C
C
Explanation:
A business impact analysis (BIA) is the process of identifying and assessing the potential impacts a disruption or incident could have on an organization. A BIA helps organizations understand and prepare for these potential obstacles, so they can act quickly and face challenges head-on when they arise. A BIA tells the organization what to expect when unforeseen roadblocks occur, so they can make a plan to get their business back on track as quickly as possible. Therefore, a BIA is the best option to anticipate the effects of a disaster.
Reference: 10: Business Impact Analysis (BIA): Prepare for Anything [2023] • Asana
11: Definition of Business Impact Analysis (BIA) – IT Glossary | Gartner Information Technology
12: Business impact analysis (BIA) is a method to predict the consequences of disruptions to a business, its processes and systems by collecting relevant data.
C
Explanation:
A business impact analysis (BIA) is the process of identifying and assessing the potential impacts a disruption or incident could have on an organization. A BIA helps organizations understand and prepare for these potential obstacles, so they can act quickly and face challenges head-on when they arise. A BIA tells the organization what to expect when unforeseen roadblocks occur, so they can make a plan to get their business back on track as quickly as possible. Therefore, a BIA is the best option to anticipate the effects of a disaster.
Reference: 10: Business Impact Analysis (BIA): Prepare for Anything [2023] • Asana
11: Definition of Business Impact Analysis (BIA) – IT Glossary | Gartner Information Technology
12: Business impact analysis (BIA) is a method to predict the consequences of disruptions to a business, its processes and systems by collecting relevant data.
Question #180
If enabled within firewall rules, which of the following services would present the GREATEST risk?
- A . Simple mail transfer protocol (SMTP)
- B . Simple object access protocol (SOAP)
- C . Hypertext transfer protocol (HTTP)
- D . File transfer protocol (FTP)
Correct Answer: D
D
Explanation:
File transfer protocol (FTP) is a service that allows users to transfer files between computers over a network. If enabled within firewall rules, FTP would present the greatest risk, as it can expose sensitive data to unauthorized access, modification, or deletion. FTP does not provide encryption or authentication, which makes it vulnerable to eavesdropping, spoofing, and tampering attacks. Simple mail transfer protocol (SMTP), simple object access protocol (SOAP), and hypertext transfer protocol (HTTP) are also services that can be used to exchange data over a network, but they have more security features than FTP, such as encryption, authentication, or validation.
Reference: CISA Review Manual (Digital Version)
D
Explanation:
File transfer protocol (FTP) is a service that allows users to transfer files between computers over a network. If enabled within firewall rules, FTP would present the greatest risk, as it can expose sensitive data to unauthorized access, modification, or deletion. FTP does not provide encryption or authentication, which makes it vulnerable to eavesdropping, spoofing, and tampering attacks. Simple mail transfer protocol (SMTP), simple object access protocol (SOAP), and hypertext transfer protocol (HTTP) are also services that can be used to exchange data over a network, but they have more security features than FTP, such as encryption, authentication, or validation.
Reference: CISA Review Manual (Digital Version)