Welcome to TestSimulate

Pass Your Next Certification Exam Fast!

Everything you need to prepare, learn & pass your certification exam easily.

365 days free updates. First attempt guaranteed success.

  • Home
  • Blogs
  • Get Latest Jan-2022 Conduct effective penetration tests using TestSimulate CISA [Q150-Q175]

Get Latest Jan-2022 Conduct effective penetration tests using TestSimulate CISA [Q150-Q175]

Share

Get Latest [Jan-2022] Conduct effective penetration tests using  TestSimulate CISA

Penetration testers simulate CISA exam PDF


Information Systems Operations & Business Resilience: This domain is designed to evaluate the individuals’ skills in IT controls as well as their knowledge of how IT relates to an enterprise. It requires that you have competence in the following areas:

  • Business resilience is the second phase, which covers skills in system resilience, business impact analysis, business continuity plan, data backup, storage & restoration, as well as disaster recovery plans.
  • Information systems operations, which cover basic technology components, IT asset management, system interfaces, data governance, end-user computing, problem & incident management, systems performance management, database management, and IT service level management, among others;

 

NEW QUESTION 150
Which of the following is the MOST important requirement for an IS auditor to evaluate when reviewing a transmission of personally identifiable information (PII) between two organizations?

  • A. Necessity
  • B. Timeliness
  • C. Accuracy
  • D. Completeness

Answer: A

Explanation:
Section: The process of Auditing Information System

 

NEW QUESTION 151
The PRIMARY purpose of audit trails is to:

  • A. improve the operational efficiency of the system.
  • B. establish accountability and responsibility for processed transactions.
  • C. improve response time for users.
  • D. provide useful information to auditors who may wish to track transactions

Answer: B

Explanation:
Explanation/Reference:
Explanation:
Enabling audit trails helps in establishing the accountability and responsibility of processed transactions by tracing transactions through the system. The objective of enabling software to provide audit trails is not to improve system efficiency, since it often involves additional processing which may in fact reduce response time for users. Enabling audit trails involves storage and thus occupies disk space. Choice D is also a valid reason; however, it is not the primary reason.

 

NEW QUESTION 152
Which testing approach is MOST appropriate to ensure that internal application interface errors are
identified as soon as possible?

  • A. System test
  • B. Bottom up
  • C. Top-down
  • D. Sociability testing

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
The top-down approach to testing ensures that interface errors are detected early and that testing of major
functions is conducted early. A bottom-up approach to testing begins with atomic units, such as programs
and modules, and works upward until a complete system test has taken place. Sociability testing and
system tests take place at a later stage in the development process.

 

NEW QUESTION 153
When evaluating information security governance within an organization which of the following findings should be of MOST concern to an IS auditor?

  • A. The information security department has difficulty filling vacancies
  • B. Information security policies are updated annually
  • C. The data center manager has final sign-off on security projects.
  • D. An information security governance audit was not conducted within the past year

Answer: C

 

NEW QUESTION 154
An organization is disposing of a number of laptop computers. Which of the following data destruction methods would be the MOST effective?

  • A. Physical destruction of the hard drive
  • B. Format all hard drives
  • C. Erase all data file directories
  • D. Run a low-level data wipe utility on all hard drives

Answer: A

Explanation:
Explanation/Reference:
Explanation:
The most effective method is physical destruction. Running a low-level data wipe utility may leave some residual data that could be recovered; erasing data directories and formatting hard drives are easily reversed, exposing all data on the drive to unauthorized individuals.

 

NEW QUESTION 155
What is the BEST way for an IS auditor to address the risk associated with over-retention of personal data after identifying a large number of customer records retained beyond the retention period defined by law?

  • A. Escalate the over-retention issue to the data privacy officer for follow-up.
  • B. Report the retention period noncompliance to the regulatory authority.
  • C. Recommend automating deletion of records beyond the retention period.
  • D. Schedule regular internal audits to identify records for deletion.

Answer: C

Explanation:
Section: Governance and Management of IT

 

NEW QUESTION 156
How is risk affected if users have direct access to a database at the system level?

  • A. Risk of unauthorized access decreases, but risk of untraceable changes to the database increases.
  • B. Risk of unauthorized and untraceable changes to the database decreases.
  • C. Risk of unauthorized access increases, but risk of untraceable changes to the database decreases.
  • D. Risk of unauthorized and untraceable changes to the database increases.

Answer: D

Explanation:
Section: Protection of Information Assets
Explanation:
If users have direct access to a database at the system level, risk of unauthorized and untraceable
changes to the database increases.

 

NEW QUESTION 157
Which of the following procedures would BEST determine whether adequate recovery/restart procedures exist?

  • A. Reviewing operations documentation
  • B. Turning off the UPS, then the power
  • C. Reviewing program documentation
  • D. Reviewing program code

Answer: A

Explanation:
Section: Protection of Information Assets
Explanation:
Operations documentation should contain recovery/restart procedures, so operations can return to normal processing in a timely manner. Turning off the uninterruptible power supply (UPS) and then turning off the power might create a situation for recovery and restart, but the negative effect on operations would prove this method to be undesirable. The review of program code and documentation generally does not provide evidence regarding recovery/restart procedures.

 

NEW QUESTION 158
During an audit of an enterprise that is dedicated to e-commerce, the IS manager states that digital signatures are used when receiving communications from customers. To substantiate this, an IS auditor must prove that which of the following is used?

  • A. A biometric, digitalized and encrypted parameter with the customer's public key
  • B. The customer's scanned signature encrypted with the customer's public key
  • C. A hash of the data that is transmitted and encrypted with the customer's private key
  • D. A hash of the data that is transmitted and encrypted with the customer's public key

Answer: C

Explanation:
Explanation/Reference:
Explanation:
The calculation of a hash, or digest, of the data that are transmitted and its encryption require the public key of the client (receiver) and is called a signature of the message, or digital signature.
The receiver performs the same process and then compares the received hash, once it has been decrypted with their private key, to the hash that is calculated with the received data. If they are the same, the conclusion would be that there is integrity in the data that have arrived and the origin is authenticated.
The concept of encrypting the hash with the private key of the originator provides non repudiation, as it can only be decrypted with their public key and, as the CD suggests, the private key would not be known to the recipient. Simply put, in a key-pair situation, anything that can be decrypted by a sender's public key must have been encrypted with their private key, so they must have been the sender, i.e., non-repudiation.
Choice C is incorrect because, if this were the case, the hash could not be decrypted by the recipient, so the benefit of non-repudiation would be lost and there could be no verification that the message had not been intercepted and amended. A digital signature is created by encrypting with a private key. A person creating the signature uses their own private key, otherwise everyone would be able to create a signature with any public key. Therefore, the signature of the client is created with the client's private key, and this can be verified-by the enterprise-using the client's public key. Choice B is the correct answer because, in this case, the customer uses their private key to sign the hash data.

 

NEW QUESTION 159
The MOST effective biometric control system is the one:

  • A. for which the false-rejection rate (FRR) is equal to the false-acceptance rate (FAR).
  • B. which has the highest equal-error rate (EER).
  • C. which has the lowest EER.
  • D. for which the FRR is equal to the failure-to-enroll rate (FER).

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
The equal-error rate (EER) of a biometric system denotes the percent at which the false- acceptance rate
(FAR) is equal to the false-rejection rate (FRR). The biometric that has the lowest EER is the most
effective. The biometric that has the highest EER is the most ineffective. For any biometric, there will be a
measure at which the FRR will be equal to the FAR. This is the EER. FER is an aggregate measure of
FRR.

 

NEW QUESTION 160
Which of the following should be an information security manager's PRIMARY role when an organization
initiates a data classification process?

  • A. Define the classification structure to be implemented.
  • B. Assign the asset classification level.
  • C. Apply security in accordance with specific classification.
  • D. Verify that assets have been appropriately classified.

Answer: A

Explanation:
Section: Protection of Information Assets
Explanation/Reference:

 

NEW QUESTION 161
Which of the following term in business continuity determines the maximum tolerable amount of time needed to bring all critical systems back online after disaster occurs?

  • A. MTD
  • B. RTO
  • C. RPO
  • D. WRT

Answer: B

Explanation:
Explanation/Reference:
The recovery time objective (RTO) is the duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity.
It can include the time for trying to fix the problem without a recovery, the recovery itself, testing, and the communication to the users. Decision time for users representative is not included.
The business continuity timeline usually runs parallel with an incident management timeline and may start at the same, or different, points.
In accepted business continuity planning methodology, the RTO is established during the Business Impact Analysis (BIA) by the owner of a process (usually in conjunction with the business continuity planner). The RTOs are then presented to senior management for acceptance.
The RTO attaches to the business process and not the resources required to support the process.
The RTO and the results of the BIA in its entirety provide the basis for identifying and analyzing viable strategies for inclusion in the business continuity plan. Viable strategy options would include any which would enable resumption of a business process in a time frame at or near the RTO. This would include alternate or manual workaround procedures and would not necessarily require computer systems to meet the RTOs.
For your exam you should know below information about RPO, RTO, WRT and MTD :
Stage 1: Business as usual
Business as usual

Image Reference - http://defaultreasoning.files.wordpress.com/2013/12/bcdr-01.png At this stage all systems are running production and working correctly.
Stage 2: Disaster occurs
Disaster Occurs

Image Reference - http://defaultreasoning.files.wordpress.com/2013/12/bcdr-02.png On a given point in time, disaster occurs and systems needs to be recovered. At this point the Recovery Point Objective (RPO) determines the maximum acceptable amount of data loss measured in time. For example, the maximum tolerable data loss is 15 minutes.
Stage 3: Recovery
Recovery

Image Reference - http://defaultreasoning.files.wordpress.com/2013/12/bcdr-03.png At this stage the system are recovered and back online but not ready for production yet. The Recovery Time Objective (RTO) determines the maximum tolerable amount of time needed to bring all critical systems back online. This covers, for example, restore data from back-up or fix of a failure. In most cases this part is carried out by system administrator, network administrator, storage administrator etc.
Stage 4: Resume Production
Resume Production

Image Reference - http://defaultreasoning.files.wordpress.com/2013/12/bcdr-04.png At this stage all systems are recovered, integrity of the system or data is verified and all critical systems can resume normal operations. The Work Recovery Time (WRT) determines the maximum tolerable amount of time that is needed to verify the system and/or data integrity. This could be, for example, checking the databases and logs, making sure the applications or services are running and are available.
In most cases those tasks are performed by application administrator, database administrator etc. When all systems affected by the disaster are verified and/or recovered, the environment is ready to resume the production again.
MTD

Image Reference - http://defaultreasoning.files.wordpress.com/2013/12/bcdr-05.png The sum of RTO and WRT is defined as the Maximum Tolerable Downtime (MTD) which defines the total amount of time that a business process can be disrupted without causing any unacceptable consequences. This value should be defined by the business management team or someone like CTO, CIO or IT manager.
The following answers are incorrect:
RPO - Recovery Point Objective (RPO) determines the maximum acceptable amount of data loss measured in time. For example, the maximum tolerable data loss is 15 minutes.
WRT - The Work Recovery Time (WRT) determines the maximum tolerable amount of time that is needed to verify the system and/or data integrity. This could be, for example, checking the databases and logs, making sure the applications or services are running and are available. In most cases those tasks are performed by application administrator, database administrator etc. When all systems affected by the disaster are verified and/or recovered, the environment is ready to resume the production again.
MTD - The sum of RTO and WRT is defined as the Maximum Tolerable Downtime (MTD) which defines the total amount of time that a business process can be disrupted without causing any unacceptable consequences. This value should be defined by the business management team or someone like CTO, CIO or IT manager.
The following reference(s) were/was used to create this question:
CISA review manual 2014 page number 284
http://en.wikipedia.org/wiki/Recovery_time_objective
http://defaultreasoning.com/2013/12/10/rpo-rto-wrt-mtdwth/

 

NEW QUESTION 162
Invoking a business continuity plan (BCP) is demonstrating which type of control?

  • A. Preventive
  • B. Corrective
  • C. Directive
  • D. Detective

Answer: C

 

NEW QUESTION 163
What is an IS auditor's BEST recommendation for management if a network vulnerability assessment confirms that critical patches have not been applied since the last assessment?

  • A. Apply available patches and continue periodic monitoring
  • B. Configure servers to automatically apply available patches
  • C. Implement a process to test and apply appropriate patches
  • D. Remove unpatched devices from the network

Answer: C

 

NEW QUESTION 164
An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a:

  • A. cold site.
  • B. dial-up site.
  • C. warm site.
  • D. duplicate processing facility.

Answer: A

Explanation:
Explanation/Reference:
Explanation:
A cold site is ready to receive equipment but does not offer any components at the site in advance of the need.

 

NEW QUESTION 165
In a botnet, malbot logs into a particular type of system for making coordinated attack attempts. What type of system is this?

  • A. Log system
  • B. Chat system
  • C. SMS system
  • D. Email system
  • E. Kernel system
  • F. None of the choices.

Answer: B

Explanation:
Explanation/Reference:
Explanation:
In order to coordinate the activity of many infected computers, attackers have used coordinating systems known as botnets. In a botnet, the malware or malbot logs in to an Internet Relay Chat channel or other chat system. The attacker can then give instructions to all the infected systems simultaneously.

 

NEW QUESTION 166
The CIO of an organization is concerned that the information security policies may not be comprehensive.
Which of the following should an IS auditor recommend be performed FIRST?

  • A. Determine if there is j process to handle exceptions to the policies
  • B. Obtain a copy of their competitor's policies
  • C. Establish a governance board to track compliance with the policies
  • D. Compare the policies against an industry framework.

Answer: C

 

NEW QUESTION 167
After discovering a security vulnerability in a third-party application that interfaces with several external systems, a patch is applied to a significant number of modules. Which of the following tests should an IS auditor recommend?

  • A. Interface
  • B. System
  • C. Stress
  • D. Black box

Answer: B

Explanation:
Given the extensiveness of the patch and its interfaces to external systems, system testing is most appropriate. Interface testing is not enough, and stress or black box testing are inadequate in these circumstances.

 

NEW QUESTION 168
As compared to understanding an organization's IT process from evidence directly collected, how valuable are prior audit reports as evidence?

  • A. Prior audit reports are not relevant.
  • B. Lesser value.
  • C. Greater value.
  • D. The same value.

Answer: B

Explanation:
Explanation/Reference:
Explanation:
Prior audit reports are considered of lesser value to an IS auditor attempting to gain an understanding of an organization's IT process than evidence directly collected.

 

NEW QUESTION 169
.What are intrusion-detection systems (IDS) primarily used for?

  • A. To identify AND prevent intrusion attempts to a network
  • B. Forensic incident response
  • C. To identify intrusion attempts to a network
  • D. To prevent intrusion attempts to a network

Answer: C

Explanation:
Intrusion-detection systems (IDS) are used to identify intrusion attempts on a network.

 

NEW QUESTION 170
Ensuring that security and control policies support business and IT objectives is a primary objective of:

  • A. A vulnerability assessment
  • B. A processing audit
  • C. A software audit
  • D. An IT security policies audit

Answer: D

Explanation:
Explanation/Reference:
Ensuring that security and control policies support business and IT objectives is a primary objective of an IT security policies audit.

 

NEW QUESTION 171
Which of the following would an IS auditor consider to be the MOST helpful when evaluating the effectiveness and adequacy of a computer preventive maintenance program?

  • A. Vendors' reliability figures
  • B. A system downtime log
  • C. A written preventive maintenance schedule
  • D. Regularly scheduled maintenance log

Answer: B

Explanation:
Explanation/Reference:
Explanation:
A system downtime log provides information regarding the effectiveness and adequacy of computer preventive maintenance programs.

 

NEW QUESTION 172
Which of the following provides nonrepudiation in an electronic communication session without confidentiality?

  • A. Certification authority
  • B. Log-on ID and password
  • C. Digital signature
  • D. Message encryption

Answer: C

Explanation:
Section: Information System Operations, Maintenance and Support

 

NEW QUESTION 173
In a relational database with referential integrity, the use of which of the following keys would prevent deletion of a row from a customer table as long as the customer number of that row is stored with live orders on the orders table?

  • A. Public key
  • B. Secondary key
  • C. Foreign key
  • D. Primary key

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
In a relational database with referential integrity, the use of foreign keys would prevent events such as primary key changes and record deletions, resulting in orphaned relations within the database. It should not be possible to delete a row from a customer table when the customer number (primary key) of that row is stored with live orders on the orders table (the foreign key to the customer table). A primary key works in one table, so it is not able to provide/ensure referential integrity by itself. Secondary keys that are not foreign keys are not subject to referential integrity checks. Public key is related to encryption and not linked in any way to referential integrity.

 

NEW QUESTION 174
What privilege on a server containing data with different security classifications?

  • A. Obtaining formal agreement by users to comply with the data classification policy
  • B. Using scripted access control lists to prevent unauthorized access to the server
  • C. Applying access controls determined by the data owner
  • D. Limiting access to the data files based on frequency of use

Answer: C

 

NEW QUESTION 175
......

Tested Material Used To CISA Test Engine: https://www.testsimulate.com/CISA-study-materials.html

 

Related Blogs

more
Go To CISA Questions

Copyright © 2026 TESTSIMULATE.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.