Isaca CISA Free Practice Questions

NEW QUESTION 1

Which of the following types of testing would determine whether a new or modified system can operate in its target environment without adversely impacting other existing systems?

• A. Parallel testing
• B. Pilot testing
• C. Interface/integration testing
• D. Sociability testing

Answer: D

Explanation:

The purpose of sociability testing is to confirm that a new or modified system can operate in its target environment without adversely impacting existing systems. This should cover the platform that will perform primary application processing and interfaces with other systems, as well as changes to the desktop in a client-server or web development. Parallel testing is the process of feeding data into two systems-the modified system and an alternate system-and comparing the results. In this approach, the old and new systems operate concurrently for a period of time and perform the same processing functions. Pilot testing takes place first at one location and is then extended to other locations. The purpose is to see if the new system operates satisfactorily in one place before implementing it at other locations. Interface/integration testing is a hardware or software test that evaluates the connection of two or more components that pass information from one area to another.The objective is to take unit-tested modules and build an integrated structure.

NEW QUESTION 2

Which of the following should an IS auditor recommend to BEST enforce alignment of an IT project portfolio with strategic organizational priorities?

• A. Define a balanced scorecard (BSC) for measuring performance
• B. Consider user satisfaction in the key performance indicators (KPIs)
• C. Select projects according to business benefits and risks
• D. Modify the yearly process of defining the project portfolio

Answer: C

Explanation:

Prioritization of projects on the basis of their expected benefit(s) to business, and the related risks, is the best measure for achieving alignment of the project portfolio to an organization's strategic priorities. Modifying the yearly process of the projects portfolio definition might improve the situation, but only if the portfolio definition process is currently not tied to the definition of corporate strategies; however, this is unlikely since the difficulties are in maintaining the alignment, and not in setting it up initially. Measures such as balanced scorecard (BSC) and key performance indicators (KPIs) are helpful, but they do not guarantee that the projects are aligned with business strategy.

NEW QUESTION 3

An organization has implemented a disaster recovery plan. Which of the following steps should be carried out next?

• A. Obtain senior management sponsorshi
• B. Identify business need
• C. Conduct a paper tes
• D. Perform a system restore tes

Answer: C

Explanation:

A best practice would be to conduct a paper test. Senior management sponsorship and business needs identification should have been obtained prior to implementing the plan. A paper test should be conducted first, followed by system or full testing.

NEW QUESTION 4

Which of the following provide(s) near-immediate recoverability for time-sensitive systems and transaction processing?

• A. Automated electronic journaling and parallel processing
• B. Data mirroring and parallel processing
• C. Data mirroring
• D. Parallel processing

Answer: B

Explanation:
Data mirroring and parallel processing are both used to provide near-immediate recoverability for time-sensitive systems and transaction processing.

NEW QUESTION 5

A check digit is an effective edit check to:

• A. Detect data-transcription errors
• B. Detect data-transposition and transcription errors
• C. Detect data-transposition, transcription, and substitution errors
• D. Detect data-transposition errors

Answer: B

Explanation:
A check digit is an effective edit check to detect data-transposition and transcription errors.

NEW QUESTION 6

In a security server audit, focus should be placed on (choose all that apply):

• A. proper segregation of duties
• B. adequate user training
• C. continuous and accurate audit trail
• D. proper application licensing
• E. system stability
• F. performance and controls of the system
• G. None of the choice

Answer: AC

Explanation:

Security server audit always takes high priority because the security administrators who manage this not only have elevated privilege, but also model and create the user
passwords. Are proper segregation of duties implemented and enforced and is technology and procedures in place to make sure there is a continuous and accurate audit trail?

NEW QUESTION 7

Which of the following would an IS auditor consider a weakness when performing an audit of an organization that uses a public key infrastructure with digital certificates for its business-to-consumer transactions via the internet?

• A. Customers are widely dispersed geographically, but the certificate authorities are no
• B. Customers can make their transactions from any computer or mobile devic
• C. The certificate authority has several data processing subcenters to administer certificate
• D. The organization is the owner of the certificate authorit

Answer: D

Explanation:

If the certificate authority belongs to the same organization, this would generate a conflict of interest. That is, if a customer wanted to repudiate a transaction, they could allege that because of the shared interests, an unlawful agreement exists between the parties generating the certificates, if a customer wanted to repudiate a transaction, they could argue that there exists a bribery between the parties to generate the certificates, as shared interests exist. The other options are not weaknesses.

NEW QUESTION 8

Relatively speaking, firewalls operated at the physical level of the seven-layer OSI model are:

• A. almost always less efficien
• B. almost always less effectiv
• C. almost always less secur
• D. almost always less costly to setu
• E. None of the choice

Answer: E

Explanation:

Early attempts at producing firewalls operated at the application level of the seven-layer OSI model but this required too much CPU processing power.
Packet filters operate at the network layer and function more efficiently because they only look at the header part of a packet. NO FIREWALL operates at the physical level.

NEW QUESTION 9

Which of the following cryptography options would increase overhead/cost?

• A. The encryption is symmetric rather than asymmetri
• B. A long asymmetric encryption key is use
• C. The hash is encrypted rather than the messag
• D. A secret key is use

Answer: B

Explanation:

Computer processing time is increased for longer asymmetric encryption keys, and the increase may be disproportionate. For example, one benchmark showed that doubling the length of an RSA key from 512 bits to 1,024 bits caused the decrypt time to increase nearly six-fold. An asymmetric algorithm requires more processing time than symmetric algorithms. A hash is shorter than the original message; therefore, a smaller overhead is required if the hash is encrypted rather than the message. Use of asecret key, as a symmetric encryption key, is generally small and used for the purpose of encrypting user data.

NEW QUESTION 10

When reviewing an intrusion detection system (IDS), an IS auditor should be MOST concerned about which of the following?

• A. Number of nonthreatening events identified as threatening
• B. Attacks not being identified by the system
• C. Reports/logs being produced by an automated tool
• D. Legitimate traffic being blocked by the system

Answer: B

Explanation:

Attacks not being identified by the system present a higher risk, because they are unknown and no action will be taken to address the attack. Although the number of false-positives is a serious issue, the problem will be known and can be corrected. Often, IDS reports are first analyzed by an automated tool to eliminate known false-positives, which generally are not a problem. An IDS does not block any traffic.

NEW QUESTION 11

Which of the following types of attack makes use of common consumer devices that can be used to transfer data surreptitiously?

• A. Direct access attacks
• B. Indirect access attacks
• C. Port attack
• D. Window attack
• E. Social attack
• F. None of the choice

Answer: A

Explanation:

Direct access attacks make use of common consumer devices that can be used to transfer data surreptitiously. Someone gaining physical access to a computer can install all manner of devices to compromise security, including operating system modifications, software worms, keyboard loggers, and covert listening devices. The attacker can also easily download large quantities of data onto backup media or portable devices.

NEW QUESTION 12

Which of the following issues should be the GREATEST concern to the IS auditor when
reviewing an IT disaster recovery test?

• A. Due to the limited test time window, only the most essential systems were teste
• B. The other systems were tested separately during the rest of the yea
• C. During the test it was noticed that some of the backup systems were defective or not working, causing the test of these systems to fai
• D. The procedures to shut down and secure the original production site before starting the backup site required far more time than planne
• E. Every year, the same employees perform the tes
• F. The recovery plan documents are not used since every step is well known by all participant

Answer: D

Explanation:

A disaster recovery test should test the plan, processes, people and IT systems. Therefore, if the plan is not used, its accuracy and adequacy cannot be verified. Disaster recovery should not rely on key staff since a disaster can occur when they arenot available. It is common that not all systems can be tested in a limited test time frame. It is important, however, that those systems which are essential to the business are tested, and that the other systems are eventually tested throughout theyear. One aim of the test is to identify and replace defective devices so that all systems can be replaced in the case of a disaster. Choice B would only be a concern if the number of discovered problems is systematically very high, in a real disaster, there is no need for a clean shutdown of the original production environment since the first priority is to bring the backup site up.

NEW QUESTION 13

A disaster recovery plan for an organization's financial system specifies that the recovery point objective (RPO) is no data loss and the recovery time objective (RTO) is 72 hours. Which of the following is the MOST cost-effective solution?

• A. A hot site that can be operational in eight hours with asynchronous backup of the transaction logs
• B. Distributed database systems in multiple locations updated asynchronously
• C. Synchronous updates of the data and standby active systems in a hot site
• D. Synchronous remote copy of the data in a warm site that can be operational in 48 hours

Answer: D

Explanation:

The synchronous copy of the storage achieves the RPO objective and a warm site operational in 48 hours meets the required RTO. Asynchronous updates of the database in distributed locations do not meet the RPO. Synchronous updates of the data and standby active systems in a hot site meet the RPO and RTO requirements but are more costly than a warm site solution.

NEW QUESTION 14

Which of the following situations would increase the likelihood of fraud?

• A. Application programmers are implementing changes to production program
• B. Application programmers are implementing changes to test program
• C. Operations support staff are implementing changes to batch schedule
• D. Database administrators are implementing changes to data structure

Answer: A

Explanation:

Production programs are used for processing an enterprise's datA. It is imperative that controls on changes to production programs are stringent. Lack of control in this area could result in application programs being modified to manipulate the data.Application programmers are required to implement changes to test programs. These are used only in development and do not directly impact the live processing of datA. The implementation of changes to batch schedules by operations support staff willaffect the scheduling of the batches only; it does not impact the live datA. Database administrators are required to implement changes to data structures. This is required for reorganization of the database to allow for additions, modifications or deletions of fields or tables in the database.

NEW QUESTION 15

Documentation of a business case used in an IT development project should be retained until:

• A. the end of the system's life cycl
• B. the project is approve
• C. user acceptance of the syste
• D. the system is in productio

Answer: A

Explanation:

A business case can and should be used throughout the life cycle of the product. It serves as an anchor for new (management) personnel, helps to maintain focus and provides valuable information on estimates vs. actuals. Questions like, 'why dowe do that,"what was the original intent' and 'how did we perform against the plan' can be answered, and lessons for developing future business cases can be learned. During the development phase of a project one shouldalways validate the business case, as it is a good management instrument. After finishing a project and entering production, the business case and all the completed research are valuable sources of information that should be kept for further reference

NEW QUESTION 16

An IS auditor conducting an access control review in a client-server environment discovers that all printing options are accessible by all users. In this situation, the IS auditor is MOST likely to conclude that:

• A. exposure is greater, since information is available to unauthorized user
• B. operating efficiency is enhanced, since anyone can print any report at any tim
• C. operating procedures are more effective, since information is easily availabl
• D. user friendliness and flexibility is facilitated, since there is a smooth flow of information among user

Answer: A

Explanation:

Information in all its forms needs to be protected from unauthorized access. Unrestricted access to the report option results in an exposure. Efficiency and effectiveness are not relevant factors in this situation. Greater control over reports will not be accomplished since reports need not be in a printed form only. Information could be transmitted outside as electronic files, because print options allow for printing in an electronic form as well.

NEW QUESTION 17

Iptables is based on which of the following frameworks?

• A. Netfilter
• B. NetDoom
• C. NetCheck
• D. NetSecure
• E. None of the choice

Answer: A

Explanation:

ipchains is a free software based firewall running on earlier Linux. It is a rewrite of ipfwadm but is superseded by iptables in Linux 2.4 and above.
Iptables controls the packet filtering and NAT components within the Linux kernel. It is based on Netfilter, a framework which provides a set of hooks within the Linux kernel for intercepting and manipulating network packets.

NEW QUESTION 18

The Trojan.Linux.JBellz Trojan horse runs as a malformed file of what format?

• A. e-mail
• B. MP3.
• C. MS Offic
• D. Word templat
• E. None of the choice

Answer: B

Explanation:

"Most trojan horse programs are spread through e-mails. Some earlier trojan horse programs were bundled in ""Root Kits"". For example, the Linux Root Kit version 3 (lrk3) which was released in December 96 had tcp wrapper trojans included and enhanced in the kit. Portable devices that run Linux can also be affected by trojan horse. The Trojan.Linux.JBellz Trojan horse runs as a malformed .mp3 file."

NEW QUESTION 19
......