Practice Free CISA Exam Online Questions
Question #431
An IS auditor has discovered that a software system still in regular use is years out of date and no longer supported the auditee has stated that it will take six months until the software is running on the current version.
Which of the following is the BEST way to reduce the immediate risk associated with using an unsupported version of the software?
- A . Verify all patches have been applied to the software system’s outdated version
- B . Close all unused ports on the outdated software system.
- C . Segregate the outdated software system from the main network.
- D . Monitor network traffic attempting to reach the outdated software system.
Correct Answer: C
C
Explanation:
The best way to reduce the immediate risk associated with using an unsupported version of the software is to segregate the outdated software system from the main network. An unsupported software system may have unpatched vulnerabilities that could be exploited by attackers to compromise the system or access sensitive data. By isolating the system from the rest of the network, the organization can limit the exposure and impact of a potential breach. Verifying all patches have been applied to the outdated software system, closing all unused ports on the outdated software system and monitoring network traffic attempting to reach the outdated software system are also good practices, but they do not address the root cause of the risk, which is the lack of vendor support and updates.
Reference: CISA Review Manual, 27th Edition, page 2951
CISA Review Questions, Answers & Explanations Database – 12 Month Subscription
C
Explanation:
The best way to reduce the immediate risk associated with using an unsupported version of the software is to segregate the outdated software system from the main network. An unsupported software system may have unpatched vulnerabilities that could be exploited by attackers to compromise the system or access sensitive data. By isolating the system from the rest of the network, the organization can limit the exposure and impact of a potential breach. Verifying all patches have been applied to the outdated software system, closing all unused ports on the outdated software system and monitoring network traffic attempting to reach the outdated software system are also good practices, but they do not address the root cause of the risk, which is the lack of vendor support and updates.
Reference: CISA Review Manual, 27th Edition, page 2951
CISA Review Questions, Answers & Explanations Database – 12 Month Subscription
Question #432
When verifying the accuracy and completeness of migrated data for a new application system replacing a legacy system.
It is MOST effective for an IS auditor to review;
- A . data analytics findings.
- B . audit trails
- C . acceptance lasting results
- D . rollback plans
Correct Answer: A
A
Explanation:
When verifying the accuracy and completeness of migrated data for a new application system replacing a legacy system, it is most effective for an IS auditor to review data analytics findings. Data analytics is a technique that uses software tools and statistical methods to analyze large volumes of data and identify patterns, anomalies, errors or inconsistencies. Data analytics can help to compare the source and target data sets, validate the data quality and integrity, and detect any data loss or corruption during the migration process. The other options are not as effective, because audit trails only record the actions performed on the data, acceptance testingresults only verify the functionality of the new system, and rollback plans only provide contingency measures in case of migration failure.
Reference: CISA Review Manual (Digital Version)1, Chapter 5, Section 5.2.6
A
Explanation:
When verifying the accuracy and completeness of migrated data for a new application system replacing a legacy system, it is most effective for an IS auditor to review data analytics findings. Data analytics is a technique that uses software tools and statistical methods to analyze large volumes of data and identify patterns, anomalies, errors or inconsistencies. Data analytics can help to compare the source and target data sets, validate the data quality and integrity, and detect any data loss or corruption during the migration process. The other options are not as effective, because audit trails only record the actions performed on the data, acceptance testingresults only verify the functionality of the new system, and rollback plans only provide contingency measures in case of migration failure.
Reference: CISA Review Manual (Digital Version)1, Chapter 5, Section 5.2.6
Question #433
Which of the following is the BEST indicator for measuring performance of IT help desk function?
- A . Percentage of problems raised from incidents
- B . Mean time to categorize tickets
- C . Number 0t incidents reported
- D . Number of reopened tickets
Correct Answer: D
D
Explanation:
The answer D is correct because the number of reopened tickets is the best indicator for measuring the performance of IT help desk function. Reopened tickets are tickets that have been marked as resolved by the help desk agents, but the customers are not satisfied with the resolution and reopen them for further assistance. Reopened tickets reflect the quality and effectiveness of the help desk service, as well as the customer satisfaction level. A high number of reopened tickets indicates that the help desk agents are not resolving the issues properly, or that they are not communicating well with the customers. This can lead to customer frustration, dissatisfaction, and churn. Therefore, minimizing the number of reopened tickets is a key goal for any help desk function.
The other options are not as good as option D. Percentage of problems raised from incidents (option
A) is a metric that shows how many incidents are escalated to problems, which are more complex and require root cause analysis and long-term solutions. This metric reflects the complexity and severity of the issues faced by the customers, but it does not directly measure the performance of the help desk function. Mean time to categorize tickets (option B) is a metric that shows how long it takes for the help desk agents to assign a category to each ticket, such as technical, billing, or feedback. This metric reflects the efficiency and accuracy of the help desk agents, but it does not measure the quality or effectiveness of the resolution. Number of incidents reported (option C) is a metric that shows how many issues are reported by the customers to the help desk function. This metric reflects the demand and workload of the help desk function, but it does not measure how well the issues are resolved or how satisfied the customers are.
Reference: Key Metrics to Measure Help Desk Performance
8 service desk KPIs and performance metrics for IT support
13 Most Important Help Desk KPIs to Track and Measure Help Desk Performance
D
Explanation:
The answer D is correct because the number of reopened tickets is the best indicator for measuring the performance of IT help desk function. Reopened tickets are tickets that have been marked as resolved by the help desk agents, but the customers are not satisfied with the resolution and reopen them for further assistance. Reopened tickets reflect the quality and effectiveness of the help desk service, as well as the customer satisfaction level. A high number of reopened tickets indicates that the help desk agents are not resolving the issues properly, or that they are not communicating well with the customers. This can lead to customer frustration, dissatisfaction, and churn. Therefore, minimizing the number of reopened tickets is a key goal for any help desk function.
The other options are not as good as option D. Percentage of problems raised from incidents (option
A) is a metric that shows how many incidents are escalated to problems, which are more complex and require root cause analysis and long-term solutions. This metric reflects the complexity and severity of the issues faced by the customers, but it does not directly measure the performance of the help desk function. Mean time to categorize tickets (option B) is a metric that shows how long it takes for the help desk agents to assign a category to each ticket, such as technical, billing, or feedback. This metric reflects the efficiency and accuracy of the help desk agents, but it does not measure the quality or effectiveness of the resolution. Number of incidents reported (option C) is a metric that shows how many issues are reported by the customers to the help desk function. This metric reflects the demand and workload of the help desk function, but it does not measure how well the issues are resolved or how satisfied the customers are.
Reference: Key Metrics to Measure Help Desk Performance
8 service desk KPIs and performance metrics for IT support
13 Most Important Help Desk KPIs to Track and Measure Help Desk Performance
Question #434
Which of the following is a PRIMARY responsibility of an IT steering committee?
- A . Prioritizing IT projects in accordance with business requirements
- B . Reviewing periodic IT risk assessments
- C . Validating and monitoring the skill sets of IT department staff
- D . Establishing IT budgets for the business
Correct Answer: A
A
Explanation:
A primary responsibility of an IT steering committee is prioritizing IT projects in accordance with business requirements, as this ensures that IT resources are allocated to support the strategic objectives and needs of the organization. Reviewing periodic IT risk assessments, validating and monitoring the skill sets of IT department staff, and establishing IT budgets for the business are important activities, but they are not the primary responsibility of an IT steering committee. They may be delegated to other IT governance bodies or functions within the organization.
Reference: CISA Review Manual (Digital Version), Chapter 1: Information Systems
Auditing Process, Section 1.2: IT Governance
A
Explanation:
A primary responsibility of an IT steering committee is prioritizing IT projects in accordance with business requirements, as this ensures that IT resources are allocated to support the strategic objectives and needs of the organization. Reviewing periodic IT risk assessments, validating and monitoring the skill sets of IT department staff, and establishing IT budgets for the business are important activities, but they are not the primary responsibility of an IT steering committee. They may be delegated to other IT governance bodies or functions within the organization.
Reference: CISA Review Manual (Digital Version), Chapter 1: Information Systems
Auditing Process, Section 1.2: IT Governance
Question #435
Which of the following would BEST detect that a distributed denial of service (DDoS) attack is occurring?
- A . Customer service complaints
- B . Automated monitoring of logs
- C . Server crashes
- D . Penetration testing
Correct Answer: B
B
Explanation:
The best way to detect that a distributed denial of service (DDoS) attack is occurring is to use automated monitoring of logs. A DDoS attack disrupts the operations of a server, service, or network byflooding it with unwanted Internet traffic2. Automated monitoring of logs can help pinpoint potentialDDoS attacks by analyzing network traffic patterns, monitoring traffic spikes or other unusual activity, and alertingadministrators or security teams of any anomalies or malicious requests, protocols, or IP blocks3. Automated monitoring of logs can also help identify the source, type, and impact of the DDoS attack, and provide evidence for further investigation or mitigation.
The other options are not as effective as automated monitoring of logs for detecting DDoS attacks. Customer service complaints are an indirect and delayed indicator of a DDoS attack, as they rely onusers reporting problems with accessing a website or service. Customer service complaints may also be caused by other factors unrelated to DDoS attacks, such as server errors or network issues. Server crashes are an extreme and undesirable indicator of a DDoS attack, as they indicate that the server has already been overwhelmed by the attack and has stopped functioning. Server crashes may also result in data loss or corruption, service disruption, or reputational damage. Penetration testing is a proactive and preventive measure for assessing the security posture of a system or network, but it does not detect ongoing DDoS attacks. Penetration testing may involve simulating DDoS attacks to test the resilience or vulnerability of a system or network, but it does not monitor real-time traffic or identify actual attackers.
Reference: ISACA CISA Review Manual 27th Edition (2019), page 254
How to prevent DDoS attacks | Methods and tools | Cloudflare2
Understanding Denial-of-Service Attacks | CISA3
B
Explanation:
The best way to detect that a distributed denial of service (DDoS) attack is occurring is to use automated monitoring of logs. A DDoS attack disrupts the operations of a server, service, or network byflooding it with unwanted Internet traffic2. Automated monitoring of logs can help pinpoint potentialDDoS attacks by analyzing network traffic patterns, monitoring traffic spikes or other unusual activity, and alertingadministrators or security teams of any anomalies or malicious requests, protocols, or IP blocks3. Automated monitoring of logs can also help identify the source, type, and impact of the DDoS attack, and provide evidence for further investigation or mitigation.
The other options are not as effective as automated monitoring of logs for detecting DDoS attacks. Customer service complaints are an indirect and delayed indicator of a DDoS attack, as they rely onusers reporting problems with accessing a website or service. Customer service complaints may also be caused by other factors unrelated to DDoS attacks, such as server errors or network issues. Server crashes are an extreme and undesirable indicator of a DDoS attack, as they indicate that the server has already been overwhelmed by the attack and has stopped functioning. Server crashes may also result in data loss or corruption, service disruption, or reputational damage. Penetration testing is a proactive and preventive measure for assessing the security posture of a system or network, but it does not detect ongoing DDoS attacks. Penetration testing may involve simulating DDoS attacks to test the resilience or vulnerability of a system or network, but it does not monitor real-time traffic or identify actual attackers.
Reference: ISACA CISA Review Manual 27th Edition (2019), page 254
How to prevent DDoS attacks | Methods and tools | Cloudflare2
Understanding Denial-of-Service Attacks | CISA3
Question #436
Which of the following should be of MOST concern to an IS auditor reviewing an organization’s operational log management?
- A . Log file size has grown year over year.
- B . Critical events are being logged to immutable log files.
- C . Applications are logging events into multiple log files.
- D . Data formats have not been standardized across all logs.
Correct Answer: D
Question #437
Which of the following security measures will reduce the risk of propagation when a cyberattack occurs?
- A . Perimeter firewall
- B . Data loss prevention (DLP) system
- C . Network segmentation
- D . Web application firewall (WAF)
Correct Answer: C
Question #438
An IS auditor is reviewing an organization’s business continuity plan (BCP) following a change in organizational structure with significant impact to business processes.
Which of the following findings should be the auditor’s GREATEST concern?
- A . Key business process end users did not participate in the business impact " analysis (BIA)
- B . Copies of the BCP have not been distributed to new business unit end users sjnce the reorganization
- C . A test plan for the BCP has not been completed during the last two years
Correct Answer: C
C
Explanation:
A test plan for the BCP is essential to ensure that the plan is effective, updated and aligned with the current business needs and objectives. A change in organizational structure with significant impact to business processes may require a revision of the BCP and a new test plan to validate its adequacy. The lack of a test plan for the BCP for two years indicates a high risk of failure in the event of a disaster or disruption. Therefore, this should be the auditor’s greatest concern among the given options.
Reference: ISACA, IT Control Objectives for Sarbanes-Oxley, 4th Edition, section 5.3.21 ISACA, CISA Review Manual, 27th Edition, chapter 5, section 5.42
C
Explanation:
A test plan for the BCP is essential to ensure that the plan is effective, updated and aligned with the current business needs and objectives. A change in organizational structure with significant impact to business processes may require a revision of the BCP and a new test plan to validate its adequacy. The lack of a test plan for the BCP for two years indicates a high risk of failure in the event of a disaster or disruption. Therefore, this should be the auditor’s greatest concern among the given options.
Reference: ISACA, IT Control Objectives for Sarbanes-Oxley, 4th Edition, section 5.3.21 ISACA, CISA Review Manual, 27th Edition, chapter 5, section 5.42