MY CISA Flashcards

Question 1

Q

Accountability for the maintenance of appropriate security measures over information assets resides with the:

Answer

A

Management should ensure that all information assets (data and systems) have an appointed owner who makes decisions about classification and access rights. System owners typically delegate day-to-day custodianship to the systems delivery/operations group and security responsibilities to a security administrator. Owners, however, remain accountable for the maintenance of appropriate security measures.

Question 2

Q

An ADVANTAGE of the use of hot sites as a backup alternative is that:

Answer

A

Hot sites can be made ready for operation normally within hours. However, the use of hot sites is expensive, should not be considered as a long-term solution, and requires that equipment and systems software be compatible with the primary installation being backed up.

Question 3

Q

An advantage of using unshielded twisted-pair (UTP) cable for data communication over other copper- based cables is that UTP cable:

Answer

A

The use of UTP in copper will reduce the likelihood of crosstalk. While the twisted nature of the media will reduce sensitivity to electromagnetic disturbances, an unshielded copper wire does not provide adequate protection against wiretapping. Attenuation sets in if copper twisted-pair cable is used for longer than 100 meters, necessitating the use of a repeater. The tools and techniques to install UTP are not simpler or easier than other copper-based cables.

Question 4

Q

After a disaster declaration, the media CREATION date at a warm recovery site is based on the:

Answer

A

RPO

RPO is determined based on the acceptable data loss in case of a disruption of operations. It indicates the earliest point in time that is acceptable to recover the data. The RPO effectively quantifies the permissible amount of data loss in case of interruption. The media creation date will reflect the point to which data are to be restored or the RPO.

Question 5

Q

After a full operational contingency test, an IS auditor performs a review of the recovery steps. The IS auditor concludes that the time it took for the technological environment and systems to return to full-functioning exceeded the required critical recovery time. Which of the following should the IS auditor recommend?

Answer

A

(1) Performing an exhaustive review of the recovery tasks would be appropriate to identify the way these tasks were performed
(2) identify the time allocated to each of the steps required to accomplish recovery
(3) AND determine where adjustments can be made.

Question 6

Q

Analysis and resolution ARE PERFORMED AFTER

Answer

A

logging and triage have been performed.

Question 7

Q

Atomicity GUARANTEES

Answer

A

that either the ENTIRE transaction is processed or NONE of it is

Question 8

Q

Authorization tables ARE USED TO VERIFY

Answer

A

implementation of logical access controls

Question 9

Q

Availability reports INACTIVITY, such as DOWNTIME, and provides

Answer

A

the time periods during which the computer was available for utilization by users or other processes

Question 10

Q

A benefit of Quality of Service (QoS) is that the PARTICIPATING APPLICATIONS

Answer

A

will have bandwidth guaranteed.

Question 11

Q

The BEST audit procedure to determine if unauthorized changes have been made to production code is to:

Answer

A

EXAMINE CHANGE CONTROL RECORDS AND COMPARE TO OBJECT CODE

The procedure of examining object code files to establish instances of code changes and tracing these back to change control system records is a substantive test that directly addresses the risk of unauthorized code changes.

Question 12

Q

The BEST audit procedure to determine if unauthorized changes have been made to production code is to:

Answer

A

examine object code to find instances of changes and trace them back to change control records.

Question 13

Q

Check digits DETECT

Answer

A

transposition and transcription errors.

Question 14

Q

Commitment and rollback controls ARE DIRECTLY RELEVANT TO

Answer

A

integrity.

These controls ensure that database operations that form a logical transaction unit will complete in its entirety or not at all.. Rollback ensures that the already completed processing is reversed back, and the data already processed are not saved to the disk in the event of the failure of the completion of the transaction processing.

Question 15

Q

CONCURRENCY control is a database management systems (DBMS) concept that is used to address CONFLICTS

Answer

A

with the simultaneous accessing or altering of data that can occur with a multi-user system.

Question 16

Q

Configuration management is widely accepted as on of the KEY COMPONENTS of

Answer

A

any network, since it establishes how the network will function internally and externally. It also deals with the management of configuration and monitoring performance.

Question 17

Q

Consistency ENSURES that the database is

Answer

A

in a legal state when the transaction begins and ends.

Question 18

Q

A contingency plan deals with ways to RECOVER from an unexpected failure, but it DOES NOT

Answer

A

address the identification or prevention of cyberattacks.

Question 19

Q

A continuity of operations plan (COOP)

Answer

A

addresses the subset of an organization’s missions that are deemed most critical and contains procedures to sustain these functions at an alternate site for a short time period.

Question 20

Q

Cross-site scripting (CSS) involves the COMPROMISE of the web page to

Answer

A

redirect users to content on the attacker web site.

Question 21

Q

A Cyclic Redundancy Check (CRC) is commonly used to determine the:

Answer

A

accuracy of blocks of data transfers, such as data transfer from hard disks, is validated by a CRC

Question 22

Q

Determining the Service Delivery Objective (SDO) should be based PRIMARILY on:

Answer

A

BUSINESS NEED.

The SDO is the level of service to be reached during the alternate process mode until the normal situation is restored. This is directly related to the business needs.

Question 23

Q

A disaster recovery plan for an organization’s financial system specifies that the Recovery Point Objective (RPO) is zero and the Recovery Time Objective (RTO) is 72 hours. Which of the following is the MOST cost-effective solution?

Answer

A

The synchronous copy of the storage achieves the RPO, and a warm site operational in 48 hours meets the required RTO.

Asynchronous updates of the database in distributed locations do not meet the RPO.

Synchronous updates of the data and standby active systems in a hot site meet the RPO and RTO requirements but are more costly than a warm site solution.

Question 24

Q

A DISASTER RECOVERY PLAN (DRP) test should test

Answer

A

(1) the plan,
(2) processes
(3) people
(4) and IT systems.

Question 25

Q

Durability GUARANTEES

Answer

A

that a successful transaction will persist, and cannot be undone.

Question 26

Q

During a disaster recovery test, an IS auditor observes that the performance of the disaster recovery site’s server is slow. To find the ROOT cause of this, the IS auditor should FIRST review the:

Answer

A

(1) configurations and alignment of the primary and disaster recovery sites.

Question 27

Q

During a disaster recovery test, an IS auditor observes that the performance of the disaster recovery site’s server is slow. To find the root cause of this, the IS auditor should FIRST review the:

Answer

A

Since the configuration of the system is the most probable cause, the IS auditor should review that first. If the issue cannot be clarified, the IS auditor should then review the event error log. The disaster recovery test plan and the DRP would not contain information about the system configuration.

Question 28

Q

During a fieldwork observation of system administrative functions, an IS auditor discovered that changes made to the database after normal working hours required only an abbreviated number of steps compared to those made during normal working hours. Which of the following would be considered an adequate set of COMPENSATING controls?

Answer

A

The use of a DBA user account is normally set up to log all changes made and is most appropriate for changes made outside of normal working hours. The use of a log allows changes to be reviewed.

Question 29

Q

During an application audit, the IS auditor finds several problems related to corrupted data in the database. Which of the following is a CORRECTIVE control that the IS auditor should recommend?

Answer

A

Proceeding with Restore Procedures is a corrective control.

Question 30

Q

During an application audit, the IS auditor finds several problems related to corrupted data in the database. Which of the following is a corrective control that the IS auditor should recommend?

Answer

A

Proceed with restore procedures.

Question 31

Q

During fieldwork, an IS auditor experienced a system crash caused by a security patch installation. To provide reasonable assurance that this event will not recur, the IS auditor should ensure that:

Answer

A

The change management process, which would include procedures regarding implementing changes during production hours, helps to ensure that this type of event does not recur.

An IS auditor should review the change management process, including patch management procedures, to verify that the process has adequate controls and to make suggestions accordingly.

While system administrators would normally install patches and patches would normally undergo testing, it is more important that changes be made during non-production times;

Furthermore, parallel testing is not appropriate for security patches because some servers would still be vulnerable.

An approval process could not directly prevent this type of incident from happening.

Question 32

Q

An Echo Check is

Answer

A

a quality check and error-control technique for data transferred over a computer network or other communications link, in which the data received is stored and also transmitted back to its point of origin, where it is compared with the original data.

Question 33

Q

An e-commerce organization with a complex technological environment has numerous concurrent projects. This often results in production system changes. What is the MOST suitable approach to managing system changes so that system outages are minimized?

Answer

A

COORDINATED RELEASE management across projects and systems.

Coordinated release management across projects and systems is a suitable strategy to employ in a complicated, dynamic system environment. Under this option, changes are packaged into releases that are implemented according to a predetermined schedule. Determining what changes are included in a release can be done in accordance with business and technical priorities. With release management, the emphasis is on coordinating changes stemming from multiple sources that impact multiple interconnected systems. This approach should lower technical risk and reduce the potential for system outage.

Question 34

Q

ETL

Answer

A

part of a business intelligence system, dedicated to extracting operational or production data, transforming that data and loading them to a central repository (data warehouse or data mart);

ETL does not correlate data or produce reports, and normally it does not have extractors to read log file formats.

Question 35

Q

Filters

Answer

A

allow for some basic isolation of network traffic based on the destination addresses

Question 36

Q

Firewalls

Answer

A

are a collection of computer and network equipment used to allow communications to flow out of the organization and restrict communications flowing into the organization.

Question 37

Q

The FIRST step in the execution of a problem management mechanism should be:

Answer

A

EXCEPTION reporting.

Question 38

Q

For a mission-critical application with a low recovery time objective (RTO), the IS auditor would recommend the use of which of the following recovery strategies?

Answer

A

Redundant site.

Question 39

Q

The frequent updating of which of the following is key to the continued effectiveness of a disaster recovery plan (DRP)?

Answer

A

PERSONNEL LIST

In the event of a disaster, it is important to have a current updated list of personnel who are key to the operation of the plan

Question 40

Q

The frequent updating of which of the following is key to the continued effectiveness of a disaster recovery plan (DRP)?

Answer

A

In the event of a disaster, it is important to have a current updated list of personnel who are key to the operation of the plan.

Question 41

Q

Hardware error reports

Answer

A

provide information to aid in detecting hardware failures and initiating corrective action

Question 42

Q

A hot site should be implemented as a recovery strategy when the:

Answer

A

provide information to aid in detecting hardware failures and initiating corrective action disaster tolerance is low.

Question 43

Q

Ensuring that only authorized personnel can update the database is a

Answer

A

preventive control.

Question 44

Q

In a client-server architecture, a domain name service (DNS) is MOST important because it provides the:

Answer

A

DNS is utilized primarily on the Internet for resolution of the name/address of the web site. It is an Internet service that translates domain names into IP addresses. As names are alphabetic, they are easier to remember. However, the Internet is based on IP addresses. Every time a domain name is used, a DNS service must translate the name into the corresponding IP address. The DNS system has its own network. If one DNS server does not know how to translate a particular domain name, it asks another one, and so on, until the correct IP address is returned.

Question 45

Q

In a disaster recovery situation, which of the following is the MOST important metric to ensure that data are synchronized between critical systems?

Answer

A

Establishing a common RPO is most critical for ensuring that interdependencies between systems are properly synchronized. It ensures that systems do not contain data from different points in time that may result in both accounting transactions that cannot be reconciled and a loss of referential integrity.

Question 46

Q

An incident response plan (IRP)

Answer

A

The IRP determines the information security responses to incidents such as cyberattacks on systems and/or networks. This plan establishes procedures to enable security personnel to identify, mitigate and recover from malicious computer incidents such as unauthorized access to a system or data, denial of service (DoS) or unauthorized changes to system hardware or software.

Question 47

Q

incremental backup

Answer

A

a security copy which contains only those files which have been altered since the last full backup.

Question 48

Q

In the event of a data center disaster, which of the following would be the MOST appropriate strategy to enable a complete recovery of a critical database?

Answer

A

With real-time replication to a remote site, data are updated simultaneously in two separate locations; therefore, a disaster in one site would not damage the information located in the remote site. This assumes that both sites were not affected by the disaster. Daily tape backup recovery could lose up to a day’s work of data. .

Question 49

Q

In which of the following situations is it MOST appropriate to implement data mirroring as the recovery strategy?

Answer

A

RPO indicates the latest point in time at which it is acceptable to recover the data. If the RPO is low, data mirroring should be implemented as the data recovery strategy. The RTO is an indicator of the disaster tolerance. The lower the RTO, the lower the disaster tolerance.

Question 50

Q

An IS audit group has been involved in the integration of an automated audit tool kit with an existing enterprise resource planning (ERP) system. Due to performance issues, the audit tool kit is not permitted to go live. What should the IS auditor’s BEST recommendation be?

Answer

A

The appropriate recommendation is to review the results of stress tests during UAT.

Reviewing the implementation of selected integrated controls validates the technical design and the control objective, but integrated controls over transactional tables consume large resources. They should be reviewed carefully to determine whether they are mandatory or can be implemented and integrated for only specific transactions over the ERP application.

Reviewing the selected integrated controls and their implementation may necessitate additional resources.

Requesting vendor technical support to resolve performance issues is a good option, but not the best recommendation.

Question 51

Q

An IS auditor discovers that developers have operator access to the command line of a production environment operating system. Which of the following controls would BEST mitigate the risk of undetected and unauthorized program changes to the production environment?

Answer

A

Hash keys: are calculated periodically for programs and matched against hash keys calculated for the most recent authorized versions of the programs.

Question 52

Q

An IS auditor is reviewing the change management process for an enterprise resource planning (ERP) application. Which of the following is the BEST method for testing program changes?

Answer

A

Tracing a sample of modified programs to supporting change tickets is the best way to test change management controls. This method is most likely to identify instances in which a change was made without supporting documentation.

Question 53

Q

An IS auditor needs to review the procedures used to restore a software application to its state prior to an upgrade. Therefore, the auditor needs to assess:

Answer

A

The FALLBACK procedures.

Fallback procedures are used to restore a system to a previous state and are an important element of the change control process. The other choices are not related to the change control process—a process which specifies what procedures should be followed when software is being upgraded.

Question 54

Q

An IS auditor notes during an audit that an organization’s business continuity plan (BCP) does not adequately address information confidentiality during the recovery process. The IS auditor should recommend that the plan be modified to include:

Answer

A

Business should consider whether information security levels required during recovery should be the same, lower or higher than when business is operating normally. In particular, any special rules for access to confidential data during a crisis need to be identified

Question 55

Q

An IS auditor performing an application maintenance audit would review the log of program changes for the:

Answer

A

authorization of program changes

Question 56

Q

An IS auditor performing an independent classification of systems should consider a situation where functions could be performed manually at a tolerable cost for an extended period of time as:

Answer

A

Sensitive functions are best described as those that can be performed manually at a tolerable cost for an extended period of time.

Question 57

Q

An IS auditor performing an independent classification of systems should consider a situation where functions could be performed manually at a tolerable cost for an extended period of time as:

Answer

A

SENSITIVE: Sensitive functions are best described as those that can be performed manually at a tolerable cost for an extended period of time. Critical functions are those that cannot be performed unless they are replaced by identical capabilities and cannot be replaced by manual methods. Vital functions refer to those that can be performed manually but only for a brief period of time;

Question 58

Q

Isolation

Answer

A

means that, while in an intermediate state, the transaction data are invisible to external operations

Question 59

Q

It is MOST appropriate to implement an incremental backup scheme when:

Answer

A

In an incremental backup, after the full backup, only the files that have changed are backed up, thus minimizing media storage.

Question 60

Q

It is MOST appropriate to implement an incremental backup scheme when:

Answer

A

there is limited media capacity.

Question 61

Q

IT management has decided to install a level 1 Redundant Array of Inexpensive Disks (RAID) system in all servers to compensate for the elimination of offsite backups. The IS auditor should recommend:

Answer

A

reinstating the offsite backups. A RAID system, at any level, will not protect against a natural disaster. The problem will not be alleviated without offsite backups, more frequent onsite backups or even setting up a cold site.

Question 62

Q

IT management has decided to install a level 1 Redundant Array of Inexpensive Disks (RAID) system in all servers to compensate for the elimination of offsite backups. The IS auditor should recommend:

Answer

A

A RAID system, at any level, will not protect against a natural disaster. The problem will not be alleviated without offsite backups, more frequent onsite backups or even setting up a cold site

Question 63

Q

A large chain of shops with electronic funds transfer (EFT) at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor?

Answer

A

Having an alternative standby processor at another network node would be the best solution. The unavailability of the central communications processor would disrupt all access to the banking network, resulting in the disruption of operations for all of the shops. This could be caused by failure of equipment, power or communications. Offsite storage of backups would not help, since EFT tends to be an online process and offsite storage will not replace the dysfunctional processor. The provision of an alternate processor onsite would be fine if it were an equipment problem, but would not help in the case of a power outage. Installation of duplex communication links would be most appropriate if it were only the communication link that failed.

Question 64

Q

last-mile circuit protection

Answer

A

The method of providing telecommunication continuity through the use of many recovery facilities, providing redundant combinations of local carrier T-1s, microwave and/or coaxial cable to access the local communication loop in the event of a disaster

Answer 65

A

system and the IT operations team can sustain operations in the emergency environment.

Answer 66

A

is a product designed to aggregate events from many log files (with distinct formats and from different sources), store them and typically correlate them offline to produce many reports (e.g., exception reports showing different statistics including anomalies and suspicious activities) and to answer time-based queries (e.g., how many users have entered the system between 2 a.m. and 4 a.m. over the past three weeks).

Answer 67

A

higher cost.

Answer 68

A

is the amount of time allowed for the recovery of a business function or resource after a disaster occurs; it does not have a direct influence on data recovery.

Answer 69

A

a network attached storage (NAS) appliance is required.

Answer 70

A

a network attached storage (NAS) appliance is required.

Answer 71

A

a network attached storage (NAS) appliance is required.
NDMP defines three kind of services:
1. A data service that interfaces with the primary storage to be backed up or restored
2. A tape service that interfaces with the secondary storage (primarily a tape device)
3. A translator service performing translations including multiplexing multiple data streams into one data stream and vice versa
NDMP services interact with each other. The result of this interaction is the establishment of an NDMP control session if the session is being used to achieve control for the backup or restore operation. It would result in an NDMP data session if the session is being used to transfer actual file system or volume data (including metadata).

Control sessions are always TCP/IP-based, but data streams can be TCP/IP-based or storage area network (SAN)- based. NDMP is more or less network attached storage-centric (NAS-centric) and defines a way to back up and restore data from a device, such as a NAS appliance, on which it is difficult to install a backup software agent. In the absence of NDMP, these data must be backed up as a shared drive on the local area network (LAN), which is accessed via network file protocols such as Common Internet File System (CIFS) or Network File System (NFS), degrading backup performance. NDMP works on a block level for transferring payload data (file content) but metadata and traditional file system information needs to be handled by legacy backup systems that initiate NDMP data movement. NDMP does not know about nor take care of consistency issues regarding related volumes (e.g., a volume to store database files, a volume to store application server data and a volume to store web server data). NDMP can be used to do backups in such an environment (e.g., SAP), but the logic required must be either put into a dedicated piece of software or must be scripted into the legacy backup software.

Answer 72

A

can be used to attack problems that require consideration of numerous input variables. They are capable of capturing relationships and patterns often missed by other statistical methods, but they will not discover new trends.

Answer 73

A

Attenuation is the weakening of signals during transmission. When the signal becomes weak, it begins to read a 1 for a 0, and the user may experience communication problems. UTP faces attenuation around 100 meters

Answer 74

A

a data loss of up to one minute, but the processing must be continuous.

Answer 75

A

A best practice would be to conduct a paper test. Senior management sponsorship and business needs identification should have been obtained prior to implementing the plan. A paper test should be conducted first, followed by system or full testing.

Answer 76

A

examines the header of every packet or data traveling between the Internet and the corporate network.

Answer 77

A

a method for detecting errors in data communications or within a computer system by counting the number of ones or zeros per byte or per word, including a special check bit (parity bit) to see if the value is even or odd.

Answer 78

A

is a hardware control that detects data errors when data are read from one computer to another, from memory or during transmission

Answer 79

A

Parsing is the process of splitting up a continuous stream of characters for analytical purposes, and is widely applied in the design of programming languages or in data entry editing.

Answer 80

A

works in one table, so it is not able to provide/ensure referential integrity by itself.

Answer 81

A

define, agree on, record and manage the required levels of service.

Answer 82

A

define recovery strategies.

Answer 83

A

Reviewing system log files

Answer 84

A

are network diagnostic tools that monitor and record network information from packets traveling in the link to which the analyzer is attached

Answer 85

A

can only ensure that the executable code has not been modified after being signed.

Answer 86

A

detects transmission errors by appending calculated bits onto the end of each segment of data.

Answer 87

A

A reasonableness check compares data to predefined reasonability limits or occurrence rates established for the data.

Answer 88

A

RTO - the amount of time allowed for the recovery of a business function or resource after a disaster occurs; it does not determine acceptable data loss

Answer 89

A

The RTO is the amount of time allowed for the recovery of a business function or resource after a disaster occurs; it does not determine acceptable data loss

Answer 90

A

The IS auditor should be present when disaster recovery plans are tested, to ensure that the test meets the targets for restoration, and the recovery procedures are effective and efficient. As appropriate, the auditor should provide a report of the test results. All other choices are a responsibility of management.

Answer 91

A

coordinating the process of moving from the hot site to a new location or to the restored original location.

Answer 92

A

Radio-Frequency Identification (RFID) is the use of radio waves to read and capture information stored on a tag attached to an object. A tag can be read from up to several feet away and does not need to be within direct line-of-sight of the reader to be tracked.

Answer 93

A

allow packets to be given or denied access based on the addresses of the sender and receiver and the type of packet

Answer 94

A

RTO measures an organization’s tolerance for downtime and RPO measures how much data loss can be accepted

Answer 95

A

has some similar features. It correlates events from log files, but does it online and normally is not oriented to storing many weeks of historical information and producing audit reports. A correlation engine is part of a SIEM product. It is oriented to making an online correlation of events

Answer 96

A

the most common server exploits involve vulnerabilities of the server operating system or web server.

Answer 97

A

Steganography is a technique for concealing the existence of messages or information. An increasingly important steganographical technique is digital watermarking, which hides data within data, e.g., by encoding rights information in a picture or music file without altering the picture or music’s perceivable aesthetic qualities.

Answer 98

A

are at the lowest level of network security and transmit a packet to the device to which it is addressed. This reduces the ability of one device to capture the packets that are meant for another device

Answer 99

A

Details of system cutover will depend on your migration plan. Most commonly, the process of retiring the old system and bringing the new one on line is gradual, with the two systems, or at least their parts, coexisting for a while to enable an orderly and controlled transfer of the user fleets.

Answer 100

A

are a recording of the system’s activities.

Answer 101

A

preventive control.

Answer 102

A

detective control.

Answer 103

A

their last-known archived version.

Answer 104

A

duplicate mirror facilities that are online at all times or computing facilities of a reduced capacity that can process at the acceptable service delivery objective (SDO) requirement. The data are live—there are no delays waiting for files to be restored. This site is in full operation and able to take over processing within seconds or minutes.

Answer 105

A

cannot be performed unless they are replaced by identical capabilities and cannot be replaced by manual methods.

Answer 106

A

manually but only for a brief period of time; this is associated with lower costs of disruption than critical functions.

Answer 107

A

interrupted for an extended period of time at little or no cost to the company, and require little time or cost to restore

Brainscape's Knowledge GenomeTM

MY CISA Flashcards

Brainscape's Knowledge Genome^TM