• Home
  • Articles
  • [Dec 29, 2023] CISA Practice Exam Dumps - 99% Marks In ISACA Exam [Q378-Q397]

[Dec 29, 2023] CISA Practice Exam Dumps - 99% Marks In ISACA Exam [Q378-Q397]

Share

[Dec 29, 2023] CISA Practice Exam Dumps - 99% Marks In ISACA Exam

Updated Verified CISA Q&As - Pass Guarantee or Full Refund


To be eligible for the CISA certification, a candidate must have a minimum of five years of professional experience in the field of information systems auditing, control, or security. The candidate can substitute up to three years of experience with certain educational or other professional qualifications. The candidate must also adhere to the ISACA Code of Professional Ethics and agree to comply with the CISA Continuing Professional Education (CPE) policy.


The Certified Information Systems Auditor (CISA) certification is a globally recognized credential that validates an individual's expertise in information systems auditing, control, and security. Certified Information Systems Auditor certification is offered by the Information Systems Audit and Control Association (ISACA), a professional association that provides knowledge, standards, and certifications for information systems professionals. The CISA certification is designed for professionals who work in the field of information systems auditing, control, and security and is considered a benchmark for evaluating an individual's knowledge and skills in this field.

 

NEW QUESTION # 378
Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following is the IS auditor's BEST recommendation?

  • A. Ensure programmers cannot access code after the completion of program edits.
  • B. Ensure corrected program code is compiled in a dedicated server.
  • C. Ensure change management reports are independently reviewed.
  • D. Ensure the business signs off on end-to-end user acceptance test (UAT) results.

Answer: A

Explanation:
Explanation
The IS auditor's best recommendation is to ensure that programmers cannot access code after the completion of program edits. This is because programmers who have access to code after editing may introduce unauthorized or malicious changes that could compromise the security, functionality, or performance of the application. By restricting access to code after editing, the organization can ensure that only authorized and tested code is released into production, and prevent any tampering or reoccurrence of the same issue.
References:
1 discusses the importance of controlling access to code after editing and testing, and provides some best practices for doing so.
2 explains how programmers can introduce malicious code into applications, and how to prevent and detect such attacks.
3 describes the role of IS auditors in reviewing and assessing the security and quality of application code.


NEW QUESTION # 379
A live test of a mutual agreement for IT system recovery has been carried out, including a four- hour test of
intensive usage by the business units. The test has been successful, but gives only partial assurance that
the:

  • A. connectivity to the applications at the remote site meets response time requirements.
  • B. system and the IT operations team can sustain operations in the emergency environment.
  • C. workflow of actual business operations can use the emergency system in case of a disaster.
  • D. resources and the environment could sustain the transaction load.

Answer: B

Explanation:
Section: Protection of Information Assets
Explanation:
The applications have been intensively operated, therefore choices B, C and D have been actually tested,
but the capability of the system and the IT operations team to sustain and support this environment
(ancillary operations, batch closing, error corrections, output distribution, etc.) is only partially tested.


NEW QUESTION # 380
A sales representative is reviewing the organization's feedback blog and gets redirected to a site that sells illegal prescription drugs. The blog site is MOST likely susceptible to which of the following types of attacks?

  • A. Cross-site scripting
  • B. Phishing attack
  • C. SQL injection
  • D. Directory harvesting

Answer: A


NEW QUESTION # 381
The technique used to ensure security in virtual private networks (VPNs) is:

  • A. encryption.
  • B. transform.
  • C. encapsulation.
  • D. wrapping.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Encapsulation, or tunneling, is a technique used to carry the traffic of one protocol over a network that does not support that protocol directly. The original packet is wrapped in another packet. The other choices are not security techniques specific to VPNs.


NEW QUESTION # 382
Which of the following is the BEST way to mitigate the risk associated with a document storage application that has a syncing feature that could allow malware to spread to other machines in the network?

  • A. User behavior modeling and analysis should be performed to discover anomalies in user behavior.
  • B. Content inspection technologies should be used to scan files for sensitive data.
  • C. All files should be scanned when they are uploaded to and downloaded from the application.
  • D. An audit should be conducted to detect shadow data and shadow IT in the network.

Answer: C


NEW QUESTION # 383
Which of the following is the PRIMARY concern if a business continuity plan (BCP) is not based on a business impact analysis (BIA)?

  • A. The strategy of the BCP does not reflect estimated potential losses.
  • B. The knowledge of key people within the organization was not considered in the BCP.
  • C. Management was not involved in the early stages of the BCP.
  • D. The critical systems were not identified, but all systems are covered in the BCP.

Answer: C

Explanation:
Section: Protection of Information Assets


NEW QUESTION # 384
A credit card company has decided to outsource the printing of customer statements It Is MOST important for the company to verify whether:

  • A. the provider has alternate service locations.
  • B. the contract includes compensation for deficient service levels.
  • C. the provider adheres to the company's data retention policies.
  • D. the provider's information security controls are aligned with the company's.

Answer: D

Explanation:
Explanation
The most important thing for the company to verify when outsourcing the printing of customer statements is whether the provider's information security controls are aligned with the company's. This is because customer statements contain sensitive personal and financial information that need to be protected from unauthorized access, disclosure, modification or destruction. The provider's information security controls should be consistent with the company's policies, standards and regulations, and should be audited periodically to ensure compliance. The other options are also relevant, but not as critical as information security. References: CISA Review Manual (Digital Version)1, Chapter 3, Section 3.2.2


NEW QUESTION # 385
In order to properly protect against unauthorized disclosure of sensitive data, how should hard disks be sanitized?

  • A. The data should be demagnetized.
  • B. The data should be deleted and overwritten with binary 0s.
  • C. The data should be low-level formatted.
  • D. The data should be deleted.

Answer: A

Explanation:
Explanation/Reference:
Explanation:
To properly protect against unauthorized disclosure of sensitive data, hard disks should be demagnetized before disposal or release.


NEW QUESTION # 386
A hard disk containing confidential data was damaged beyond repair. What should be done to the hard disk to prevent access to the data residing on it?

  • A. Demagnetize the hard disk.
  • B. Low-level format the hard disk.
  • C. Physically destroy the hard disk.
  • D. Rewrite the hard disk with random Os and Is.

Answer: C

Explanation:
Explanation/Reference:
Explanation:
Physically destroying the hard disk is the most economical and practical way to ensure that the data cannot be recovered. Rewriting data and low-level formatting are impractical, because the hard disk is damaged. Demagnetizing is an inefficient procedure, because it requires specialized and expensive equipment to be fully effective.


NEW QUESTION # 387
Above almost all other concerns, what often results in the greatest negative impact on the implementation of new application software?

  • A. Failing to perform user acceptance testing
  • B. Lack of user training for the new system
  • C. Lack of software documentation and run manuals
  • D. Insufficient unit, module, and systems testing

Answer: A

Explanation:
Above almost all other concerns, failing to perform user acceptance testing often results in the greatest negative impact on the implementation of new application software.


NEW QUESTION # 388
The ultimate purpose of IT governance is to:

  • A. encourage optimal use of IT.
  • B. reduce IT costs.
  • C. decentralize IT resources across the organization.
  • D. centralize control of IT.

Answer: A

Explanation:
Explanation/Reference:
Explanation:
IT governance is intended to specify the combination of decision rights and accountability that is best for the enterprise. It is different for every enterprise. Reducing IT costs may not be the best IT governance outcome for an enterprise. Decentralizing IT resources across the organization is not always desired, although it may be desired in a decentralized environment. Centralizing control of IT is not always desired.
An example of where it might be desired is an enterprise desiring a single point of customer contact.


NEW QUESTION # 389
Once an organization has finished the business process reengineering (BPR) of all its critical operations, an IS auditor would MOST likely focus on a review of:

  • A. post-BPR process flowcharts.
  • B. pre-BPR process flowcharts.
  • C. BPR project plans.
  • D. continuous improvement and monitoring plans.

Answer: A

Explanation:
Section: Protection of Information Assets
Explanation:
An IS auditor's task is to identify and ensure that key controls have been incorporated into the reengineered process. Choice A is incorrect because an IS auditor must review the process as it is today, not as it was in the past. Choices C and D are incorrect because they are steps within a BPR project.


NEW QUESTION # 390
Which of the following findings should be of MOST concern to an IS auditor reviewing an organization's business continuity plan (BCP)?

  • A. A business impact analysis (NA) was not performed.
  • B. A resource optimization plan is not included.
  • C. An application inventory is not included.
  • D. A business feasibility study was not performed.

Answer: A

Explanation:
Section: The process of Auditing Information System


NEW QUESTION # 391
Which of the following is the BEST source of information for assessing the effectiveness of IT process monitoring?

  • A. Quality assurance (QA) reviews
  • B. Performance data
  • C. Participative management techniques
  • D. Real-time audit software

Answer: D

Explanation:
Section: Protection of Information Assets


NEW QUESTION # 392
In a relational database with referential integrity, the use of which of the following keys would prevent deletion of a row from a customer table as long as the customer number of that row is stored with live orders on the orders table?

  • A. Public key
  • B. Foreign key
  • C. Secondary key
  • D. Primary key

Answer: B

Explanation:
In a relational database with referential integrity, the use of foreign keys would prevent events such as primary key changes and record deletions, resulting in orphaned relations within the database. It should not be possible to delete a row from acustomer table when the customer number (primary key) of that row is stored with live orders on the orders table (the foreign key to the customer table). A primary key works in one table, so it is not able to provide/ensure referential integrity by itself. Secondary keys that are not foreign keys are not subject to referential integrity checks. Public key is related to encryption and not linked in any way to referential integrity.


NEW QUESTION # 393
Which of the following is the BEST methodology to use for estimating the complexity of developing a large business application?

  • A. Function point analysis
  • B. Work breakdown structure
  • C. Critical path analysis
  • D. Software cost estimation

Answer: A


NEW QUESTION # 394
Receiving an EDI transaction and passing it through the communication's interface stage usually requires:

  • A. passing data to the appropriate application system.
  • B. translating and unbundling transactions.
  • C. creating a point of receipt audit log.
  • D. routing verification procedures.

Answer: D

Explanation:
Explanation/Reference:
Explanation:
The communication's interface stage requires routing verification procedures. EDI or ANSI X12 is a standard that must be interpreted by an application for transactions to be processed and then to be invoiced, paid and sent, whether they are for merchandise or services. There is no point in sending and receiving EDI transactions if they cannot be processed by an internal system. Unpacking transactions and recording audit logs are important elements that help follow business rules and establish controls, but are not part of the communication's interface stage.


NEW QUESTION # 395
Which of the following would BEST detect that a distributed denial of service (DDoS) attack is occurring?

  • A. Server crashes
  • B. Customer service complaints
  • C. Automated monitoring of logs
  • D. Penetration testing

Answer: B


NEW QUESTION # 396
Which of the following is the PRIMARY benefit of conducting control self-assessments (CSAs)

  • A. Reduction in external audit fees
  • B. Reduction in audit risk
  • C. Early detection of residual risk
  • D. Management of control costs

Answer: B


NEW QUESTION # 397
......

CISA Real Valid Brain Dumps With 886 Questions: https://www.passleadervce.com/Certified-Information-Systems-Auditor/reliable-CISA-exam-learning-guide.html

CISA Certification with Actual Questions: https://drive.google.com/open?id=1-VnyxPc8zSXmZdl461JSRmiSgj-tJvHe

Related Articles

more
ISACA CISA Certification Practice Exam