Isaca CISA Certified Information Systems Auditor Exam Practice Test

Projected impact of current business on future business

Cost-benefit analysis of running the current business

Cost of regulatory compliance

Expected costs for recovering the business

Block all compromised network nodes.

Contact law enforcement.

Notify senior management.

Identity nodes that have been compromised.

Requiring policy acknowledgment and nondisclosure agreements (NDAs) signed by employees

Establishing strong access controls on confidential data

Providing education and guidelines to employees on use of social networking sites

Monitoring employees' social networking usage

More frequent data backups

Periodic table link checks

Concurrent access controls

Performance monitoring tools

Balanced scorecard

Enterprise dashboard

Enterprise architecture (EA)

Key performance indicators (KPIs)

Lack of appropriate labelling

Lack of recent awareness training.

Lack of password protection

Lack of appropriate data classification

Report the mitigating controls.

Report the security posture of the organization.

Determine the value of the firewall.

Determine the risk of not replacing the firewall.

Revise the assessment based on senior management's objections.

Escalate the issue to audit management.

Finalize the draft audit report without changes.

Gather evidence to analyze senior management's objections

authorize secured emergency access

approve the organization's security policy

ensure access rules agree with policies

create role-based rules for each business process

The number of users deleting the email without reporting because it is a phishing email

The number of users clicking on the link to learn more about the sender of the email

The number of users forwarding the email to their business unit managers

The number of users reporting receipt of the email to the information security team

Review system and error logs to verify transaction accuracy.

Review input and output control reports to verify the accuracy of the system decisions.

Review signed approvals to ensure responsibilities for decisions of the system are well defined.

Review system documentation to ensure completeness.

Implement a new system that can be patched.

Implement additional firewalls to protect the system.

Decommission the server.

Evaluate the associated risk.

Rotate job duties periodically.

Perform an independent audit.

Hire temporary staff.

Implement compensating controls.

Compliance with action plans resulting from recent audits

Compliance with local laws and regulations

Compliance with industry standards and best practice

Compliance with the organization's policies and procedures

Phishing

Using a dictionary attack of encrypted passwords

Intercepting packets and viewing passwords

Flooding the site with an excessive number of packets

the Internet.

the demilitarized zone (DMZ).

the organization's web server.

the organization's network.

communicate via Transport Layer Security (TLS),

block authorized users from unauthorized activities.

channel access only through the public-facing firewall.

channel access through authentication.

The protect requirements are wall understood.

The project is subject to time pressures.

The project intends to apply an object-oriented design approach.

The project will involve the use of new technology.

The default configurations have been changed.

All tables in the database are normalized.

The service port used by the database server has been changed.

The default administration account is used after changing the account password.

Modify applications to no longer require direct access to the database.

Introduce database access monitoring into the environment

Modify the access management policy to make allowances for application accounts.

Schedule downtime to implement password changes.

Incident monitoring togs

The ISP service level agreement

Reports of network traffic analysis

Network topology diagrams

Developing an inventory of all business entities that exchange personal data with the affected jurisdiction

Identifying data security threats in the affected jurisdiction

Reviewing data classification procedures associated with the affected jurisdiction

Identifying business processes associated with personal data exchange with the affected jurisdiction

risk management review

control self-assessment (CSA).

service level agreement (SLA).

balanced scorecard.

Align service level agreements (SLAs) with current needs.

Monitor customer satisfaction with the change.

Minimize costs related to the third-party agreement.

Ensure right to audit is included within the contract.

Terminated staff

Unauthorized access

Deleted log data

Hacktivists

Portfolio management

Business plans

Business processes

IT strategic plans

Annual sign-off of acceptable use policy

Regular monitoring of user access logs

Security awareness training

Formalized disciplinary action

Data conversion was performed using manual processes.

Backups of the old system and data are not available online.

Unauthorized data modifications occurred during conversion.

The change management process was not formally documented

Write access to production program libraries

Write access to development data libraries

Execute access to production program libraries

Execute access to development program libraries

File level encryption

File Transfer Protocol (FTP)

Instant messaging policy

Application level firewalls

Discovery sampling

Judgmental sampling

Variable sampling

Stratified sampling

Contingency planning

Configuration management

Help desk management

Impact assessment

Assessment of the personnel training processes of the provider

Adequacy of the service provider's insurance

Review of performance against service level agreements (SLAs)

Periodic audits of controls by an independent auditor

Staging

Testing

Integration

Development