Practice Free CISA Exam Online Questions
Question #371
Which of the following is the MOST effective way to detect as many abnormalities as possible during an IS audit?
- A . Conduct a walk-through of the process.
- B . Perform substantive testing on sampled records.
- C . Perform judgmental sampling of key processes.
- D . Use a data analytics tool to identify trends.
Correct Answer: D
D
Explanation:
A data analytics tool is the most effective way to detect as many abnormalities as possible during an IS audit, as it can process large volumes of data, perform complex calculations, and generate visualizations that reveal patterns, outliers, anomalies, or deviations from expected results. A data analytics tool can also help the auditor to test the entire population of data, rather than a sample, and to perform continuous auditing and monitoring.
Reference
ISACA CISA Review Manual, 27th Edition, page 256
What is Problem Solving? Steps, Process & Techniques | ASQ
Data Analytics for Auditors – IIA
D
Explanation:
A data analytics tool is the most effective way to detect as many abnormalities as possible during an IS audit, as it can process large volumes of data, perform complex calculations, and generate visualizations that reveal patterns, outliers, anomalies, or deviations from expected results. A data analytics tool can also help the auditor to test the entire population of data, rather than a sample, and to perform continuous auditing and monitoring.
Reference
ISACA CISA Review Manual, 27th Edition, page 256
What is Problem Solving? Steps, Process & Techniques | ASQ
Data Analytics for Auditors – IIA
Question #372
Which of the following is the PRIMARY objective of data loss prevention (DLP) mechanisms?
- A . Enhancing system performance while safeguarding against data loss
- B . Automating data loss recovery procedures to minimize downtime in case of incidents
- C . Protecting against unauthorized transmissions or disclosure of sensitive data
- D . Ensuring compliance with regulatory requirements for data protection
Correct Answer: C
C
Explanation:
The central goal of DLP is to prevent sensitive data―such as PII, PHI, or intellectual property―from leaving the organization through unauthorized channels. DLP solutions monitor, detect, and block potential data exfiltration via email, endpoints, cloud applications, or removable media. While compliance (D) is often a driver, it is a secondary outcome of implementing DLP. Enhancing performance (A) and recovery automation (B) are not objectives of DLP. ISACA positions DLP as a critical control for confidentiality under DSS05 (Managed Security Services).
Reference (ISACA): COBIT® 2019, DSS05 Managed Security Services.
C
Explanation:
The central goal of DLP is to prevent sensitive data―such as PII, PHI, or intellectual property―from leaving the organization through unauthorized channels. DLP solutions monitor, detect, and block potential data exfiltration via email, endpoints, cloud applications, or removable media. While compliance (D) is often a driver, it is a secondary outcome of implementing DLP. Enhancing performance (A) and recovery automation (B) are not objectives of DLP. ISACA positions DLP as a critical control for confidentiality under DSS05 (Managed Security Services).
Reference (ISACA): COBIT® 2019, DSS05 Managed Security Services.
Question #373
Which of the following should be of GREATEST concern to an IS auditor when using data analytics?
- A . The data source lacks integrity.
- B . The data analytics software is open source.
- C . The data set contains irrelevant fields.
- D . The data was not extracted by the auditor.
Correct Answer: A
Question #374
What is MOST important to verify during an external assessment of network vulnerability?
- A . Update of security information event management (SIEM) rules
- B . Regular review of the network security policy
- C . Completeness of network asset inventory
- D . Location of intrusion detection systems (IDS)
Correct Answer: C
C
Explanation:
An external assessment of network vulnerability is a process of identifying and evaluating the weaknesses and risks that affect the security and availability of a network froman outsider’s perspective. The most important factor to verify during this process is the completeness of network asset inventory, which is a list of all the devices, systems, and software that are connected to or part of the network. A complete and accurate network asset inventory can help identify the scope and boundaries of the network, the potential attack vectors and entry points, the critical assets and dependencies, and the existing security controls and gaps. Without a complete network asset inventory, an external assessment of network vulnerability may miss some important assets or vulnerabilities, leading to inaccurate or incomplete results and recommendations.
Reference: 1 explains what is an external vulnerability scan and why it is important to have a complete network asset inventory.
2 provides a guide on how to conduct a full network vulnerability assessment and emphasizes the importance of knowing the network assets.
3 compares internal and external vulnerability scanning and highlights the need for a comprehensive network asset inventory for both types.
C
Explanation:
An external assessment of network vulnerability is a process of identifying and evaluating the weaknesses and risks that affect the security and availability of a network froman outsider’s perspective. The most important factor to verify during this process is the completeness of network asset inventory, which is a list of all the devices, systems, and software that are connected to or part of the network. A complete and accurate network asset inventory can help identify the scope and boundaries of the network, the potential attack vectors and entry points, the critical assets and dependencies, and the existing security controls and gaps. Without a complete network asset inventory, an external assessment of network vulnerability may miss some important assets or vulnerabilities, leading to inaccurate or incomplete results and recommendations.
Reference: 1 explains what is an external vulnerability scan and why it is important to have a complete network asset inventory.
2 provides a guide on how to conduct a full network vulnerability assessment and emphasizes the importance of knowing the network assets.
3 compares internal and external vulnerability scanning and highlights the need for a comprehensive network asset inventory for both types.
Question #375
Which of the following is MOST important for an IS auditor to assess during a post-implementation review of a newly modified IT application developed in-house?
- A . Sufficiency of implemented controls
- B . Resource management plan
- C . Updates required for end-user manuals
- D . Rollback plans for changes
Correct Answer: A
A
Explanation:
A post-implementation review (PIR) of a newly modified IT application focuses on ensuring that the system meets business and security requirements effectively. The sufficiency of implemented controls (A) is the most critical aspect because it ensures that security, operational, and compliance controls are functioning correctly. These controls include access controls, data integrity checks, and audit logs to prevent unauthorized access, data corruption, or security breaches.
Other options:
Resource management plan (B) is important for project management but is not the primary concern for an IS auditor in a post-implementation review.
Updates required for end-user manuals (C) are necessary for usability but do not impact the security or operational integrity of the system.
Rollback plans for changes (D) are important for change management but are typically assessed before deployment, not in a PIR.
Reference: ISACA CISA Review Manual, IT Governance and Management of IT
A
Explanation:
A post-implementation review (PIR) of a newly modified IT application focuses on ensuring that the system meets business and security requirements effectively. The sufficiency of implemented controls (A) is the most critical aspect because it ensures that security, operational, and compliance controls are functioning correctly. These controls include access controls, data integrity checks, and audit logs to prevent unauthorized access, data corruption, or security breaches.
Other options:
Resource management plan (B) is important for project management but is not the primary concern for an IS auditor in a post-implementation review.
Updates required for end-user manuals (C) are necessary for usability but do not impact the security or operational integrity of the system.
Rollback plans for changes (D) are important for change management but are typically assessed before deployment, not in a PIR.
Reference: ISACA CISA Review Manual, IT Governance and Management of IT
Question #376
During an audit, the IS auditor finds that in many cases excessive rights were not removed from a system.
Which of the following is the auditor’s BEST recommendation?
- A . System administrators should ensure consistency of assigned rights.
- B . IT security should regularly revoke excessive system rights.
- C . Human resources (HR) should delete access rights of terminated employees.
- D . Line management should regularly review and request modification of access rights
Correct Answer: D
D
Explanation:
The best recommendation for the auditor to make is D. Line management should regularly review and request modification of access rights. Access rights are the permissions and privileges granted to users to access, view, modify, or delete data or resources on a system or network1. Excessive rights are access rights that are not necessary or appropriate for a user’s role or function, and may pose a risk of unauthorized or inappropriate use of data or resources2. Therefore, it is important to ensure that access rights are aligned with the principle of least privilege, which means that users should only have the minimum level of access required to perform their duties2.
Line management is responsible for overseeing and supervising the activities and performance of their staff, and ensuring that they comply with the organization’s policies and standards3. Therefore, line management should regularly review and request modification of access rights for their staff, as they are in the best position to:
Understand the roles and functions of their staff, and determine the appropriate level of access rights needed for them to perform their duties effectively and efficiently.
Monitor and evaluate the usage and behavior of their staff, and identify any changes or anomalies that may indicate excessive or inappropriate access rights.
Communicate and collaborate with IT security or system administrators, who are responsible for granting, revoking, or modifying access rights, and request any necessary adjustments or corrections.
D
Explanation:
The best recommendation for the auditor to make is D. Line management should regularly review and request modification of access rights. Access rights are the permissions and privileges granted to users to access, view, modify, or delete data or resources on a system or network1. Excessive rights are access rights that are not necessary or appropriate for a user’s role or function, and may pose a risk of unauthorized or inappropriate use of data or resources2. Therefore, it is important to ensure that access rights are aligned with the principle of least privilege, which means that users should only have the minimum level of access required to perform their duties2.
Line management is responsible for overseeing and supervising the activities and performance of their staff, and ensuring that they comply with the organization’s policies and standards3. Therefore, line management should regularly review and request modification of access rights for their staff, as they are in the best position to:
Understand the roles and functions of their staff, and determine the appropriate level of access rights needed for them to perform their duties effectively and efficiently.
Monitor and evaluate the usage and behavior of their staff, and identify any changes or anomalies that may indicate excessive or inappropriate access rights.
Communicate and collaborate with IT security or system administrators, who are responsible for granting, revoking, or modifying access rights, and request any necessary adjustments or corrections.
Question #377
A white box testing method is applicable with which of the following testing processes?
- A . Integration testing
- B . Parallel testing
- C . Sociability testing
- D . User acceptance testing (UAT)
Correct Answer: A
Question #378
Which of the following is the MOST effective way to evaluate the physical security of a data center?
- A . Review data center access logs.
- B . Interview data center stakeholders.
- C . Review camera footage from the data center.
- D . Perform a data center tour.
Correct Answer: D
Question #379
The PRIMARY reason to assign data ownership for protection of data is to establish:
- A . reliability.
- B . traceability.
- C . authority.
- D . accountability.
Correct Answer: D
Question #380
When processing speed is the highest priority, which cryptographic algorithm should be used to verify the integrity of a bit-for-bit copy from digital evidence?
- A . MD5
- B . SHA-1
- C . AES
- D . SHA-2
Correct Answer: A
A
Explanation:
Comprehensive and Detailed
When verifying the integrity of a bit-for-bit copy of digital evidence, hashing algorithms are used.
The primary factors in selecting a hashing algorithm are speed and collision resistance.
MD5 (Message Digest 5): While not cryptographically secure for all modern applications due to collision vulnerabilities, it is very fast and still acceptable in forensic integrity verification where speed is critical and the probability of collision is negligible for one-time checks.
SHA-1 / SHA-2: Provide stronger cryptographic assurance but are slower than MD5. They are preferred for long-term integrity assurance but not when processing speed is the top priority.
AES (Advanced Encryption Standard): AES is an encryption algorithm, not a hashing algorithm, and therefore is not appropriate for integrity verification.
ISACA
Reference: CISA Review Manual 27th Edition, Domain 5 (Protection of Information Assets), section on cryptographic controls for evidence integrity.
A
Explanation:
Comprehensive and Detailed
When verifying the integrity of a bit-for-bit copy of digital evidence, hashing algorithms are used.
The primary factors in selecting a hashing algorithm are speed and collision resistance.
MD5 (Message Digest 5): While not cryptographically secure for all modern applications due to collision vulnerabilities, it is very fast and still acceptable in forensic integrity verification where speed is critical and the probability of collision is negligible for one-time checks.
SHA-1 / SHA-2: Provide stronger cryptographic assurance but are slower than MD5. They are preferred for long-term integrity assurance but not when processing speed is the top priority.
AES (Advanced Encryption Standard): AES is an encryption algorithm, not a hashing algorithm, and therefore is not appropriate for integrity verification.
ISACA
Reference: CISA Review Manual 27th Edition, Domain 5 (Protection of Information Assets), section on cryptographic controls for evidence integrity.