Practice Free CISA Exam Online Questions
Question #261
A core system fails a week after a scheduled update, causing an outage that impacts service.
Which of the following is MOST important for incident management to focus on when addressing the issue?
- A . Analyzing the root cause of the outage to ensure the incident will not reoccur
- B . Restoring the system to operational state as quickly as possible
- C . Ensuring all resolution steps are fully documented prior to returning thesystem to service
- D . Rolling back the unsuccessful change to the previous state
Correct Answer: B
B
Explanation:
The most important thing for incident management to focus on when addressing an issue that causes an outage is restoring the system to operational state as quickly as possible. Incident management is the process of detecting, investigating, and resolving incidents that disrupt or degrade a service or system. An incident is an unplanned event that affects the normal functioning or quality of a service or system. An outage is a type of incident that causes a complete loss of service or system availability. The main goal of incident management is to restore the service or system to its operational state as quickly as possible, minimizing the impact on users and business operations.
*The other options are not as important as option B. Analyzing the root cause of the outage to ensure the incident will not re-occur is a valuable activity, but not the most important thing for incident management to focus on when addressing an issue that causes an outage. Root cause analysis is a process of identifying and eliminating the underlying factors that caused an incident or problem. Root cause analysis can help to prevent or reduce the likelihood of similar incidents or problems in the future. However, root cause analysis is usually performed after the incident has been resolved and the service or system has been restored. Ensuring all resolution steps are fully documented prior to returning the system to service is a good practice, but not the most important thing for incident management to focus on when addressing an issue that causes an outage. Documentation is a process of recording and maintaining information about an incident and its resolution steps. Documentation can help to improve communication, accountability, learning, and improvement within incident management. However, documentation should not delay or interfere with the restoration of the service or system. Rolling back the unsuccessful change to the previous state is a possible solution, but not the most important thing for incident management to focus on when addressing an issue that causes an outage. Rolling back is a process of reverting a change that has been applied to a service or system that caused an incident or problem. Rolling back can help to restore the service or system to its previous state before the change was made.
B
Explanation:
The most important thing for incident management to focus on when addressing an issue that causes an outage is restoring the system to operational state as quickly as possible. Incident management is the process of detecting, investigating, and resolving incidents that disrupt or degrade a service or system. An incident is an unplanned event that affects the normal functioning or quality of a service or system. An outage is a type of incident that causes a complete loss of service or system availability. The main goal of incident management is to restore the service or system to its operational state as quickly as possible, minimizing the impact on users and business operations.
*The other options are not as important as option B. Analyzing the root cause of the outage to ensure the incident will not re-occur is a valuable activity, but not the most important thing for incident management to focus on when addressing an issue that causes an outage. Root cause analysis is a process of identifying and eliminating the underlying factors that caused an incident or problem. Root cause analysis can help to prevent or reduce the likelihood of similar incidents or problems in the future. However, root cause analysis is usually performed after the incident has been resolved and the service or system has been restored. Ensuring all resolution steps are fully documented prior to returning the system to service is a good practice, but not the most important thing for incident management to focus on when addressing an issue that causes an outage. Documentation is a process of recording and maintaining information about an incident and its resolution steps. Documentation can help to improve communication, accountability, learning, and improvement within incident management. However, documentation should not delay or interfere with the restoration of the service or system. Rolling back the unsuccessful change to the previous state is a possible solution, but not the most important thing for incident management to focus on when addressing an issue that causes an outage. Rolling back is a process of reverting a change that has been applied to a service or system that caused an incident or problem. Rolling back can help to restore the service or system to its previous state before the change was made.
Question #262
Which of the following is the MOST effective way to evaluate the physical security of a data center?
- A . Review data center access logs.
- B . Interview data center stakeholders.
- C . Review camera footage from the data center.
- D . Perform a data center tour.
Correct Answer: D
Question #263
Which of the following is MOST helpful for understanding an organization’s key driver to modernize application platforms?
- A . Vendor software inventories
- B . Network architecture diagrams
- C . System-wide incident reports
- D . Inventory of end-of-life software
Correct Answer: D
Question #264
Which of the following should be of MOST concern to an IS auditor reviewing an organization’s operational log management?
- A . Log file size has grown year over year.
- B . Critical events are being logged to immutable log files.
- C . Applications are logging events into multiple log files.
- D . Data formats have not been standardized across all logs.
Correct Answer: D
Question #265
An IS auditor finds that irregularities have occurred and that auditee management has chosen to ignore them.
If reporting to external authorities is required which of the following is the BEST action for the IS auditor to take?
- A . Submit the report to appropriate regulators immediately.
- B . Obtain approval from audit management to submit the report.
- C . Obtain approval from auditee management to release the report.
- D . Obtain approval from both audit and auditee management to release the report.
Correct Answer: B
Question #266
Which of the following provides the GREATEST assurance that an organization has effective controls preventing connection of unauthorized Internet of Things (IoT) devices to the corporate network?
- A . Reviewing authenticated network vulnerability scan results
- B . Assessing as-implemented IoT device configurations
- C . Assessing network access control (NAC) configurations
- D . Reviewing IT policies covering IoT authorizations
Correct Answer: C
C
Explanation:
Comprehensive and Detailed
The most effective way to prevent unauthorized IoT devices from connecting is through network access control (NAC), which enforces authentication and authorization before allowing a device onto the network.
Vulnerability scans (A): Identify weaknesses but do not actively prevent device connections.
Reviewing IoT configurations (B): Focuses on existing devices, not unauthorized ones.
Policies (D): Provide guidance but do not enforce technical prevention.
ISACA
Reference: CISA Review Manual 27th Edition, Domain 5, section on network security and endpoint access control.
C
Explanation:
Comprehensive and Detailed
The most effective way to prevent unauthorized IoT devices from connecting is through network access control (NAC), which enforces authentication and authorization before allowing a device onto the network.
Vulnerability scans (A): Identify weaknesses but do not actively prevent device connections.
Reviewing IoT configurations (B): Focuses on existing devices, not unauthorized ones.
Policies (D): Provide guidance but do not enforce technical prevention.
ISACA
Reference: CISA Review Manual 27th Edition, Domain 5, section on network security and endpoint access control.
Question #267
Which of the following is the BEST way to ensure an organization’s data classification policies are preserved during the process of data transformation?
- A . Map data classification controls to data sets.
- B . Control access to extract, transform, and load (ETL) tools.
- C . Conduct a data discovery exercise across all business applications.
- D . Implement classification labels in metadata during data creation.
Correct Answer: D
D
Explanation:
Data classification is the process of tagging data according to its type, sensitivity, and value to the organization. Data transformation is the process of changing the structure and format of data to make it usable for analysis and visualization. Both processes are important for data security and compliance, but they also pose some challenges.
One of the challenges is to ensure that the organization’s data classification policies are preserved during the process of data transformation. This means that the data should retain its original classification level and labels after it is transformed, and that the appropriate controls and protections are applied to the transformed data.
The best way to ensure this is to implement classification labels in metadata during data creation (D). Metadata is data that describes other data, such as its source, format, content, and context. By adding classification labels to metadata, the data can be easily identified and tracked throughout its lifecycle, including during data transformation. The labels can also help enforce the proper access rights and encryption standards for the data, regardless of its state or location.
D
Explanation:
Data classification is the process of tagging data according to its type, sensitivity, and value to the organization. Data transformation is the process of changing the structure and format of data to make it usable for analysis and visualization. Both processes are important for data security and compliance, but they also pose some challenges.
One of the challenges is to ensure that the organization’s data classification policies are preserved during the process of data transformation. This means that the data should retain its original classification level and labels after it is transformed, and that the appropriate controls and protections are applied to the transformed data.
The best way to ensure this is to implement classification labels in metadata during data creation (D). Metadata is data that describes other data, such as its source, format, content, and context. By adding classification labels to metadata, the data can be easily identified and tracked throughout its lifecycle, including during data transformation. The labels can also help enforce the proper access rights and encryption standards for the data, regardless of its state or location.
Question #268
Which of the following should an IS auditor be MOST concerned with when a system uses RFID?
- A . Scalability
- B . Maintainability
- C . Nonrepudiation
- D . Privacy
Correct Answer: D
Question #269
Which of the following are examples of corrective controls?
- A . Implementing separation of duties and hash totals
- B . Performing internal audit reviews and remediation activities
- C . Applying rollback scripts and backup procedures
- D . Enforcing disciplinary action and termination procedures
Correct Answer: C
C
Explanation:
Comprehensive and Detailed
Corrective controls are measures taken to restore systems or processes after an incident or error has occurred.
Option C: Rollback scripts and backup procedures restore systems, making them corrective controls.
Option A: Separation of duties and hash totals are preventive controls.
Option B: Audit reviews are detective, while remediation may include corrective, but audits themselves aren’t corrective.
Option D: Disciplinary actions are deterrent controls.
ISACA
Reference: CISA Review Manual 27th Edition, Domain 4, section on types of IT controls (preventive, detective, corrective, deterrent).
C
Explanation:
Comprehensive and Detailed
Corrective controls are measures taken to restore systems or processes after an incident or error has occurred.
Option C: Rollback scripts and backup procedures restore systems, making them corrective controls.
Option A: Separation of duties and hash totals are preventive controls.
Option B: Audit reviews are detective, while remediation may include corrective, but audits themselves aren’t corrective.
Option D: Disciplinary actions are deterrent controls.
ISACA
Reference: CISA Review Manual 27th Edition, Domain 4, section on types of IT controls (preventive, detective, corrective, deterrent).
Question #270
Which of the following BEST facilitates the legal process in the event of an incident?
- A . Right to perform e-discovery
- B . Advice from legal counsel
- C . Preserving the chain of custody
- D . Results of a root cause analysis
Correct Answer: C
C
Explanation:
The best way to facilitate the legal process in the event of an incident is to preserve the chain of custody of the evidence. The chain of custody is a record of who handled, accessed, or modified the evidence, when, where, how, and why. The chain of custody helps to ensure the integrity, authenticity, and admissibility of the evidence in a court of law. The chain of custody also helps to prevent tampering, alteration, or loss of evidence that could compromise the investigation or the prosecution.
Reference: CISAReview Manual (Digital Version)
CISA Questions, Answers & Explanations Database
C
Explanation:
The best way to facilitate the legal process in the event of an incident is to preserve the chain of custody of the evidence. The chain of custody is a record of who handled, accessed, or modified the evidence, when, where, how, and why. The chain of custody helps to ensure the integrity, authenticity, and admissibility of the evidence in a court of law. The chain of custody also helps to prevent tampering, alteration, or loss of evidence that could compromise the investigation or the prosecution.
Reference: CISAReview Manual (Digital Version)
CISA Questions, Answers & Explanations Database