Certified Information Systems Auditor (CISA) Cert Guide

Question 1

All the following are required activities during the project management process in the design and development phase EXCEPT for which one?

a. Studying system flowcharts
b. Examining proposed test plans
c. Evaluating output controls
d. Examining proposed audit trails

Answer 1

B. Examining proposed test plans

Question 2

As an auditor, how often would you say that a business continuity plan should be updated?

a. Every five years
b. Every year or as required
c. Every six months
d. Upon any change or modification

Answer 2

d. Upon any change or modification

Question 3

As an auditor, how would you describe a penetration test in which the structure of the network is unknown and the test team has no prior knowledge of the infrastructure?

a. Double-blind
b. Blind
c. Zero proof
d. Unknown

Answer 3

a. Double-blind

Question 4

As an IS auditor, at which step of the SDLC would you want to verify that final user acceptance is performed?

a. Design
b. Development
c. Implementation
d. Requirements

Answer 4

c. Implementation

Question 5

As an IS auditor, which changeover process would you recommend if the requirements were that all users get up to speed in advance so that a defined changeover can be set to a fixed date?

a. Pilot changeover
b. Direct changeover
c. Phased changeover
d. Parallel changeover

Answer 5

b. Direct changeover

Question 6

As an IS auditor, which of the following reports would you review to verify that an outsourcing or business partner has had its control objectives and activities examined by an independent accounting and auditing firm?

a. Privacy Shield
b. COBIT
c. ITIL
d. SAS 70

Answer 6

d. SAS 70

Question 7

As the result of a recent audit, you have been asked to serve on a team that will look at recommendations to strengthen authentication. Which of the following would you recommend if single sign-on were a requirement?

a. Kerberos
b. Diameter
c. RADIUS
d. TACACS

Answer 7

a. Kerberos

Question 8

An auditor has been asked to attend an application acquisition meeting for commercial off-the-shelf (COTS) software. Which of the following would be the BEST recommendation for testing and evaluating a compiled existing application?

a. Fuzzing
b. Code review
c. Reverse engineering
d. Decompiling

Answer 8

a. Fuzzing

Question 9

An auditor has been asked to perform a network audit. Which of the following is the BEST place for the auditor to start?

a. Review help-desk report
b. Review database architecture
c. Interview users
d. Review network diagrams

Answer 9

d. Review network diagrams

Question 10

A business-to-consumer e-commerce website is worried about security and has had talks about encryption. Specifically, the company would like to set up a system that can monitor, detect, and alert on hacking activity. Which of the following would BEST meet the required needs?

a. Packet filtering
b. Intrusion detection
c. Stateful inspection
d. Asymmetric cryptography

Answer 10

b. Intrusion detection

Question 11

A decision support system should be used appropriately. A DSS is designed to do which of the following?

a. Use structured models to solve complex problems
b. Support nontraditional support activities
c. Answer rigidly structured problems
d. Answer less structured problems

Answer 11

d. Answer less structured problems

Question 12

Dropbox can best be described as which of the following types of cloud services?

a. Public
b. Private
c. Community
d. Hybrid

Answer 12

a. Public

Question 13

During an audit, you have been asked to review the disaster recovery and backup processes. When maintaining data backups at offsite locations, which of the following is the BEST way to control concern?

a. The storage site should be as secure as the primary site.
b. A suitable tape-rotation plan should be in use.
c. That backup media should be tested regularly.
d. That copies of current critical information should be kept offsite.

Answer 13

d. That copies of current critical information should be kept offsite.

Question 14

During a recent physical security audit, you found several major problems. One was that the data center had one uncontrolled single-door entrance with weak access control. What double-door system would be a good recommendation in this case?

a. Honeypot
b. Mantrap
c. Turnstile
d. DMZ

Answer 14

b. Mantrap

Question 15

During the implementation review of SDLC, which of the following BEST describes activities that should be performed?

a. Perform an ROI
b. Design the audit trail
c. Complete an entity relationship diagram
d. Perform acceptance testing

Answer 15

a. Perform an ROI

Question 16

Entity relationship diagrams are built using two essential components. What are they?

a. Processes and attributes
b. Processes and decision blocks
c. Entities and relationships
d. Nouns and adverbs

Answer 16

c. Entities and relationships

Question 17

From an audit perspective, which of the following would be the BEST technique to use to scan for deviations from normal activity?

a. Bypass label processing
b. Use attack detection tools
c. Use trend variance detection tools
d. Use audit reduction tools

Answer 17

c. Use trend variance detection tools

Question 18

If an auditor cannot obtain the material needed to complete an audit, what type of opinion should the auditor issue?

a. Unqualified opinion
b. Qualified opinion
c. Adverse opinion
d. Disclaimer

Answer 18

d. Disclaimer

Question 19

Look at the following common policy characteristics. The attribute MOST closely associated with a bottom-up policy development is that it __________.

a. aligns policy with strategy
b. is a very slow process
c. does not address concerns of employees
d. involves risk assessment

Answer 19

d. involves risk assessment

Question 20

A new website is being designed to host free application downloads. One requirement is that there must be a method to verify the integrity of these files and that they have not been tampered with. Which of the following would you recommend?

a. DES
b. AES
c. MD5
d. RSA

Answer 20

c. MD5

Question 21

Of the following options, which process is NOT an application system testing methodology?

a. Snapshots
b. Entity integrity
c. Mapping
d. Base case system evaluation

Answer 21

b. Entity integrity

Question 22

Programming languages that most closely map to database management are found at what generational level?

a. 2GL
b. 3GL
c. 4GL
d. 5GL

Answer 22

c. 4GL

Question 23

Separation of duties is one way to limit fraud and misuse. Consider the following explanation: “This control allows employees access to cash or valuables.” Of the four separation of duties controls, which one most closely matches this?

a. Authorization
b. Custody
c. Record keeping
d. Reconciliation

Answer 23

b. Custody

Question 24

Several coworkers are using public key encryption and have asked about the advantage of asymmetric encryption. Which of the following is correct?

a. It is very efficient.
b. It can be used as part of hashing algorithms.
c. It can be used for bulk data.
d. It enables easy key exchange.

Answer 24

d. It enables easy key exchange.

Question 25

To aid in the successful completion of the company’s first penetration test, an auditor should recommend which of the following?

a. SOX
b. NIST 800-42
c. PCI-DSS
d. SSAE-16

Answer 25

b. NIST 800-42

Question 26

VirtualBox is an example of which of the following?

a. Type 1 hypervisor
b. Type 2 hypervisor
c. Type 3 hypervisor
d. Type 4 hypervisor

Answer 26

b. Type 2 hypervisor

Question 27

What control is specifically used after data has been entered into a system but before it has been processed?

a. Editing
b. Sequence check
c. Balancing
d. Input authorization

Answer 27

b. Sequence check

Question 28

What is the best way to describe the difference between a data warehouse and a data lake?

a. Data warehouses always contain customer information
b. Data warehouses always contain raw data, while data lakes always contain structure and highly processed data.
c. Data lakes always contain raw data, while data warehouses always contain structure and highly processed data.
d. There is no difference between a data warehouse and a data lake.

Answer 28

c. Data lakes always contain raw data, while data warehouses always contain structure and highly processed data.

Question 29

What type of programming language are decision support systems most commonly developed with?

a. 2GL
b. 3GL
c. 4GL
d. 5GL

Answer 29

c. 4GL

Question 30

When classifying critical systems, which category matches the following description: “These functions are important and can be performed by a backup manual process but not for a long period of time?”

a. Vital
b. Sensitive
c. Critical
d. Demand driven

Answer 30

a. Vital

Question 31

When examining change management, an auditor should not be concerned with which of the following?

a. Restricted access controls.
b. Separation of duties.
c. Controls in the development environment.
d. Access to source code by developers.

Answer 31

d. Access to source code by developers.

Question 32

When performing an audit, which of the following is the best reason to use a hot site?

a. It can be used for long- term processing.
b. It is not a subscription service.
c. There is no additional cost for using it or periodic testing. d. It is ready for service.

Answer 32

d. It is ready for service

Question 33

When planning to add time constraints to a project, which of the following should be examined most closely?

a. Budget
b. Critical path
c. Skills of the project team
d. Tasks that require the most time

Answer 33

b. Critical path

Question 34

When referring to electronic data interchange (EDI), which of the following statements would be most accurate?

a. EDI has no impact on internal or external controls.
b. EDI reduces internal controls.
c. EDI increases internal controls.
d. EDI has no impact on internal controls

Answer 34

b. EDI reduces internal controls.

Question 35

When responding to a potential computer crime, what should an auditor do first?

a. Seek to identify the attacker
b. Remove the device from the network
c. Ensure that the evidence remains unchanged
d. Contact the police

Answer 35

c. Ensure that the evidence remains unchanged

Question 36

Which of the following about PKI and the registration authority (RA) is correct?

a. The RA cannot reduce the load on the CA.
b. The RA cannot accept requests.
c. The RA cannot generate a certificate.
d. The RA cannot verify an owner’s identity.

Answer 36

c. The RA cannot generate a certificate

Question 37

Which of the following activities would an auditor most like to see carried out on a weekly basis?

a. Penetration testing
b. Change management
c. Vulnerability assessment
d. Rotation of duties

Answer 37

c. Vulnerability assessment

Question 38

Which of the following best describes a balanced scorecard?

a. Used for benchmarking a preferred level of service
b. Used to measure the effectiveness of IT services by customers and clients
c. Used to verify that the organization’s strategy and IT services match
d. Used to measure the evaluation of help desk employees

Answer 38

c. Used to verify that the organization’s strategy and IT services match

Question 39

Which of the following best describes a baseline document?

a. A PCI industry standard requiring a 15-minute session timeout
b. Installation step recommendations from the vendor for an Active Directory server
c. A network topography diagram of the Active Directory forest
d. Security configuration settings for an Active Directory server

Answer 39

d. Security configuration settings for an Active Directory server

Question 40

Which of the following best describes integrated auditing?

a. Integrated auditing places internal control in the hands of management and reduces the time between the audit and the time of reporting.
b. Integrated auditing combines the operational audit function, the financial audit function, and the IS audit function.
c. Integrated auditing combines the operational audit function and the IS audit function.
d. Integrated auditing combines the financial audit function and the IS audit function

Answer 40

b. Integrated auditing combines the operational audit function, the financial audit function, and the IS audit function.

Question 41

Which of the following best describes risk that can be caused by the failure of internal controls and can result in a material error?

a. Residual risk
b. Inherent risk
c. Detection risk
d. Control risk

Answer 41

d. Control risk

Question 42

Which of the following best describes types of questions that might be on the CISA exam related to how to implement specific risk types discussed in this chapter?

a. Task statements
b. Operational audits
c. Knowledge statements
d. Integrated audits

Answer 42

a. Task statements

Question 43

Which of the following best matches the description of a packet-switching technology with a committed information rate?

a. T1
b. ATM
c. X.25
d. Frame Relay

Answer 43

d. Frame Relay

Question 44

Which of the following combinations of two job roles can be combined to create
the least amount of risk or opportunity for malicious acts?

a. Systems analyst and quality assurance
b. Computer operator and systems programmer
c. Security administrator and application programmer
d. Database administrator and systems analyst

Answer 44

d. Database administrator and systems analyst

Question 45

Which of the following could be considered an issue with SNMP?

a. Hard to configure
b. Cleartext transfer
c. Considered outdated
d. Only useful with printers

Answer 45

b. Cleartext transfer

Question 46

Which of the following
data classification standards is the lowest level of the military classification?

a. Public
b. Unclassified
c. Sensitive
d. Available

Answer 46

b. Unclassified

Question 47

Which of the following
describes a significant level of risk that the organization is unwilling to accept?

a. Detection risk
b. Material risk
c. Business risk
d. Irregularities

Answer 47

b. Material risk

Question 48

Which of the following
development methods is known to not work well for large projects?

a. Spiral model
b. Rapid application development
c. Scrum
d. Extreme programming

Answer 48

d. Extreme programming

Question 49

Which of the following
development techniques uses short cycles, referred to as sprints, and is focused on object-oriented technology?

a. Spiral model
b. Rapid application development
c. Scrum
d. Extreme programming

Answer 49

c. Scrum

Question 50

Which of the following devices would best be suited for reducing the number of collisions on a LAN?

a. Switch
b. Hub
c. Bridge
d. Router

Answer 50

a. Switch

Question 51

Which of the following does the PERT weighted average consider?

a. High cost, low cost, and best cost
b. Average cost plus 5%
c. Best time, worst time, and average time
d. Average time plus 5%

Answer 51

c. Best time, worst time, and average time

Question 52

Which of the following is a continuous auditing technique that detects items that meet specific criteria?

a. Audit hooks
b. Snapshots
c. Integrated test facilities
d. Continuous and intermittent simulation

Answer 52

a. Audit hooks

Question 53

Which of the following is a control document that describes a software improvement process characterized by five levels, where each level describes a higher level of maturity?

a. ISO 17799
b. CMM
c. COSO
d. COBIT

Answer 53

b. CMM

Question 54

Which of the following is a fiber- optic cable standard?

a. 1000BASE-TX
b. 1000BASE-LX
c. 10BASE-T
d. 100BASE-TX

Answer 54

b. 1000BASE-LX

Question 55

Which of the following is a growing alternative to encryption and can help ensure compliance with regulatory requirements in a cloud environment?

a. Random numbers
b. Tokenization
c. Cookies
d. User ID

Answer 55

b. Tokenization

Question 56

Which of the following is an example of data transmission to a group of devices on a LAN?

a. Unicast
b. Multicast
c. Anycast
d. Broadcast

Answer 56

b. Multicast

Question 57

Which of the following is not a benefit of CSA?

a. Provides early detection of risks
b. Reduces potential audit costs
c. Increases employee awareness of internal controls
d. Can be used to avoid a regulator audit

Answer 57

d. Can be used to avoid a regulator audit

Question 58

Which of the following is not an advantage of control self-assessment (CSA)?

a. CSA helps provide early detection of risks.
b. CSA is an audit function replacement.
c. CSA reduces control costs.
d. CSA provides increased levels of assurance.

Answer 58

b. CSA is an audit function replacement.

Question 59

Which of the following is not a valid BCP test type?

a. Paper test
b. Structured walk- through
c. Full operation test
d. Preparedness test

Answer 59

b. Structured walk- through

Question 60

Which of the following is not one of the best techniques for gathering evidence during an audit?

a. Attend board meetings
b. Examine and review actual procedures and processes
c. Verify employee security awareness training and knowledge
d. Examine reporting relationships to verify segregation of duties

Answer 60

a. Attend board meetings

Question 61

Which of the following is the best example of a method to measure latency?

a. SNMP management tool
b. ping command
c. traceroute
d. RMON

Answer 61

b. ping command

Question 62

Which of the following is the best example of general control procedures?

a. Internal accounting controls used to safeguard financial records
b. Business continuity and disaster-recovery procedures that provide reasonable assurance that the organization is secure against disasters
c. Procedures that provide reasonable assurance for the control of access to data and programs
d. Procedures that provide reasonable assurance and have been developed to control and manage data-processing operations

Answer 62

a. Internal accounting controls used to safeguard financial records

Question 63

Which of the following is the best explanation of ARP?

a. ARP resolves known domain names to unknown IP addresses.
b. ARP resolves known IP addresses to unknown MAC addresses.
c. ARP resolves known IP addresses to unknown domain names.
d. ARP resolves known MAC addresses to unknown IP addresses.

Answer 63

b. ARP resolves known IP addresses to unknown MAC addresses.

Question 64

Which of the following is the greatest advantage of JBOD?

a. In case of drive failure, only the data on the affected drive is lost.
b. It is superior to disk mirroring.
c. It offers greater performance gains than RAID.
d. It offers greater fault tolerance than RAID.

Answer 64

a. In case of drive failure, only the data on the affected drive is lost.

Question 65

Which of the following is the highest priority for an Auditor?

a. Designing and implementing security controls
b. Reviewing new policies and procedures
c. Controlling and monitoring data security and policies
d. Controlling and monitoring IDS and firewall activity

Answer 65

c. Controlling and monitoring data security and policies

Question 66

Which of the following is the most accurate description of a substantive test in which the data represents fake entities such as products, items, or departments?

a. Parallel tests
b. Integrated test facility
c. Embedded audit module
d. Test data

Answer 66

b. Integrated test facility

Question 67

Which of the following is the most common implementation of n-tier?

a. Workstation and server
b. LAMP stack
c. Workstation and cloud
d. Workstation, server, and database

Answer 67

d. Workstation, server, and database

Question 68

Which of the following is the most important purpose of BIA?

a. Identifying countermeasures
b. Prioritizing critical systems
c. Developing recovery strategies
d. Determining potential test strategies

Answer 68

b. Prioritizing critical systems

Question 69

Which of the following is the practice of routing traffic through different cable facilities?

a. Alternate routing
b. Long-haul diversity
c. Diverse routing
d. Last-mile protection

Answer 69

c. Diverse routing

Question 70

Which of the following is the proper order for the OSI model layers, from the bottom up?

a. Data link, media access, network, transport, session, presentation, application
b. Physical, data link, network, transport, session, presentation, application
c. Physical, data link, network, transport, presentation, session, application
d. Data link, physical link, network, transport, presentation, session, application

Answer 70

b. Physical, data link, network, transport, session, presentation, application

Question 71

Which of the following must be performed on a device running Wireshark for it to see all traffic at the network interface?

a. The switch port must be mirrored.
b. The device must be placed in promiscuous mode.
c. The NIC must be modified.
d. All traffic is accessible by default

Answer 71

b. The device must be placed in promiscuous mode.

Question 72

Which of the following must be performed on the switch for a device running Wireshark for it to see all network traffic?

a. The switch port must be mirrored.
b. The switch must be placed in promiscuous mode.
c. The NIC must be modified.
d. All traffic is accessible by default.

Answer 72

a. The switch port must be mirrored.

Question 73

Which of the following network designs offers the highest level of redundancy?

a. Bus
b. Star
c. Ring
d. Mesh

Answer 73

d. Mesh

Question 74

Which of the following processes is most critical in terms of revenue generation?

a. Discretionary
b. Supporting
c. Core
d. Critical

Answer 74

c. Core

Question 75

Which of the following roles is a role whose duties should not be fulfilled by a network administrator?

a. Quality assurance
b. Systems administrator
c. Application programmer
d. Systems analyst

Answer 75

c. Application programmer

Question 76

Which of the following should be the primary objective when using tape backup as a recovery strategy?

a. That the RPO is high
b. That the RPO is low
c. That the RTO is low
d. That fault tolerance is low

Answer 76

b. That the RPO is low

Question 77

Which of the following should have priority on the planning and scoping of an IS audit?

a. Company standards
b. Organization’s master plan
c. Regulatory requirements
d. Industry best practices

Answer 77

c. Regulatory requirements

Question 78

Which of the following statements best describes packet switching?

a. Packet switching allows the customer to determine the best path.
b. Packet switching takes a dedicated path established by the vendor.
c. Packet switching allows the vendor to determine the best path.
d. Packet switching takes a dedicated path established by the client.

Answer 78

c. Packet switching allows the vendor to determine the best path.

Question 79

Which of the following types of tests is used to verify that the proposed design will function in its intended environment?

a. Regression testing
b. Function testing
c. Pilot testing
d. Sociability testing

Answer 79

d. Sociability testing

Question 80

Which of the following was the first to add TKIP?

a. RADIUS
b. WEP
c. WPA2
d. WPA

Answer 80

d. WPA

Question 81

Which of the following would an auditor expect to see as the first step in the incident response process?

a. Recovery
b. Mitigation
c. Planning and preparation
d. Identification

Answer 81

c. Planning and preparation

Question 82

Which storage of evidence would best preserve the chain of custody of evidence obtained during an audit?

a. Locked department safe behind card access doors
b. Offsite location, such as home, out of reach by anyone at work
c. Archival at a third-party offsite facility
d. Locked cabinet on the department floor with only one key, in the possession of the auditor

Answer 82

d. Locked cabinet on the department floor with only one key, in the possession of the auditor

Question 83

Which wireless standard operates at speeds of 150/200/600Mbps?

a. 802.11a
b. 802.11ac
c. 802.11i
d. 802.11g

Answer 83

b. 802.11ac

Question 84

While reviewing her email, an auditor notices that one email message contains an obscured link. Which of the following is not the appropriate action?

a. Inform IT
b. Open the link
c. Delete the email
d. Mark the email source as spam

Answer 84

b. Open the link

Question 85

You are auditing a credit card payment system. The best assurance that information is entered correctly is by using which of the following?

a. Audit trails
b. Separation of data entry and computer operator duties
c. Key verification
d. Supervisory review

Answer 85

c. Key verification

Question 86

You are reviewing unfamiliar malware event records. Which of the following would be the best source of information to start your review about the file?

a. Trending charts based on the event records
b. Metadata information
c. Security access information
d. Executive summary on malware event

Answer 86

b. Metadata information

Question 87

You have been asked to join an audit team that will review Internet controls at a local college. Which of the following is required for schools and libraries using an Internet connection?

a. FERPA
b. FISMA
c. PCI-DSS
d. CIPA

Answer 87

d. CIPA

Question 88

You have been asked to perform a new audit assignment. Your first task is to review the organization’s strategic plan. What is the first item that should be reviewed in the plan?

a. Documentation that details the existing infrastructure
b. Previous and planned budgets
c. Organizational charts
d. The business plan

Answer 88

d. The business plan

Question 89

You have been asked to recommend a continuous audit technique. Which of the following techniques is considered the least complex?

a. Audit hooks
b. Systems control audit review file and embedded audit modules
c. Snapshots
d. Continuous and intermittent simulation

Answer 89

a. Audit hooks

Question 90

You have been asked to recommend a control that can detect exceptions to the following: “An order is normally for no more than 20 items, yet this order is for 2,000.” Which control works best to detect this type of exception?

a. Validity check
b. Range check
c. Reasonableness check
d. Limit check

Answer 90

c. Reasonableness check

Question 91

You have been asked to write a report detailing a new software-management system that uses AES. Which term best describes the advantage of a symmetric algorithm such as AES?

a. It enables key exchange.
b. It enables key management. c. It provides integrity.
d. It is fast.

Answer 91

d. It is fast.

Question 92

You have been invited to a postmortem review of a recent malware attack. The attacker was able to exploit the fact that the victim was connected to a legitimate site and a malicious site at the time the attack was carried out. Which of the following best describes this situation?

a. XSS
b. XSRF
c. Buffer overflow
d. TOCTOU

Answer 92

b. XSRF

Question 93

You need to review an organization’s balance sheet for material transactions. Which of the following would be the best sampling technique?

a. Attribute sampling
b. Frequency estimating sampling
c. Stop-and-go sampling
d. Variable sampling

Answer 93

d. Variable sampling

Question 94

Your organization is considering using a new ISP for time-sensitive transactions. From an audit perspective, what would be the most important item to review?

a. The service level agreement
b. The physical security of the ISP site
c. References from other clients of the ISP
d. Background checks of the ISP’s employees

Answer 94

a. The service level agreement