Practice Free CISA Exam Online Questions
Question #241
Which of the following is the MOST important consideration to facilitate prosecution of a perpetrator after a cybercrime?
- A . An active intrusion detection system (IDS)
- B . Professional collection of unaltered evidence
- C . Reporting to the internal legal department
- D . Immediate law enforcement involvement
Correct Answer: B
B
Explanation:
Comprehensive and Detailed Step-by-Step
Forensic evidence must be legally admissible, unaltered, and properly collected to support prosecution.
Option A (Incorrect): While an IDS helps detect cybercrime, it does not ensure evidence collection or legal admissibility.
Option B (Correct): The professional collection of unaltered evidence follows forensic standards, including chain of custody, ensuring that the evidence is admissible in court. This is the most critical factor in prosecuting cybercriminals.
Option C (Incorrect): Internal legal reporting is necessary but does not directly impact evidence preservation, which is key for legal action.
Option D (Incorrect): Law enforcement involvement is important, but without properly collected evidence, prosecution is unlikely to succeed.
Reference: ISACA CISA Review Manual C Domain 5: Protection of Information Assets C Covers forensic investigation, evidence collection, and chain of custody principles.
B
Explanation:
Comprehensive and Detailed Step-by-Step
Forensic evidence must be legally admissible, unaltered, and properly collected to support prosecution.
Option A (Incorrect): While an IDS helps detect cybercrime, it does not ensure evidence collection or legal admissibility.
Option B (Correct): The professional collection of unaltered evidence follows forensic standards, including chain of custody, ensuring that the evidence is admissible in court. This is the most critical factor in prosecuting cybercriminals.
Option C (Incorrect): Internal legal reporting is necessary but does not directly impact evidence preservation, which is key for legal action.
Option D (Incorrect): Law enforcement involvement is important, but without properly collected evidence, prosecution is unlikely to succeed.
Reference: ISACA CISA Review Manual C Domain 5: Protection of Information Assets C Covers forensic investigation, evidence collection, and chain of custody principles.
Question #242
Which of the following is the MOST significant risk when an application uses individual end-user accounts to access the underlying database?
- A . Multiple connects to the database are used and slow the process_
- B . User accounts may remain active after a termination.
- C . Users may be able to circumvent application controls.
- D . Application may not capture a complete audit trail.
Correct Answer: C
C
Explanation:
The most significant risk when an application uses individual end-user accounts to access the underlying database is that users may be able to circumvent application controls. Application controls are the policies, procedures, and mechanisms that ensure the accuracy, completeness, validity, and authorization of transactions and data within an application. Application controls can include input validation, output verification, processing logic, reconciliation, exception handling, and audit trails. Application controls can help prevent or detect errors, fraud, or unauthorized access or modification of data.
However, if an application uses individual end-user accounts to access the underlying database, it means that the users have direct access to the database without going through the application layer.
This can expose the database to potential risks such as:
Users may be able to bypass the application controls and manipulate the data in the database directly using SQL commands or other tools. For example, users may be able to change their own or others’ salaries, grades, or balances without proper authorization or validation.
Users may be able to access or disclose sensitive or confidential data that they are not supposed to see or share. For example, users may be able to view other users’ personal information, passwords, or credit card numbers.
Users may be able to introduce errors or inconsistencies in the data by entering invalid or incorrect data or by deleting or modifying existing data. For example, users may be able to create duplicate records, break referential integrity, or cause data loss or corruption.
Users may be able to compromise the security and performance of the database by creating unauthorized objects, granting excessive privileges, executing malicious code, or consuming excessive resources. For example, users may be able to create backdoors, viruses, or denial-of-service attacks.
Therefore, using individual end-user accounts to access the underlying database can pose a serious threat to the integrity, confidentiality, availability, and reliability of the data and the application.
The other options are not as significant as option
C. Multiple connects to the database are used and slow the process is a performance issue that can affect the efficiency and responsiveness of the application and the database, but it does not necessarily compromise the data quality or security. User accounts may remain active after a termination is a security issue that can increase the risk of unauthorized access or misuse of data by former employees or others who have access to their credentials, but it can be mitigated by implementing proper account management and monitoring processes. Application may not capture a complete audit trail is a compliance issue that can affect the accountability and traceability of transactions and data within the application and the database, but it does not directly affect the data accuracy or protection.
References:
Should application users be database users? – Stack Overflow1
An Approach Toward Sarbanes-Oxley ITGC Risk Assessment – ISACA2
ISACA CISA Certified Information Systems Auditor Exam … – PUPUWEB3
Why inactive accounts are a security risk | Stratosphere4
C
Explanation:
The most significant risk when an application uses individual end-user accounts to access the underlying database is that users may be able to circumvent application controls. Application controls are the policies, procedures, and mechanisms that ensure the accuracy, completeness, validity, and authorization of transactions and data within an application. Application controls can include input validation, output verification, processing logic, reconciliation, exception handling, and audit trails. Application controls can help prevent or detect errors, fraud, or unauthorized access or modification of data.
However, if an application uses individual end-user accounts to access the underlying database, it means that the users have direct access to the database without going through the application layer.
This can expose the database to potential risks such as:
Users may be able to bypass the application controls and manipulate the data in the database directly using SQL commands or other tools. For example, users may be able to change their own or others’ salaries, grades, or balances without proper authorization or validation.
Users may be able to access or disclose sensitive or confidential data that they are not supposed to see or share. For example, users may be able to view other users’ personal information, passwords, or credit card numbers.
Users may be able to introduce errors or inconsistencies in the data by entering invalid or incorrect data or by deleting or modifying existing data. For example, users may be able to create duplicate records, break referential integrity, or cause data loss or corruption.
Users may be able to compromise the security and performance of the database by creating unauthorized objects, granting excessive privileges, executing malicious code, or consuming excessive resources. For example, users may be able to create backdoors, viruses, or denial-of-service attacks.
Therefore, using individual end-user accounts to access the underlying database can pose a serious threat to the integrity, confidentiality, availability, and reliability of the data and the application.
The other options are not as significant as option
C. Multiple connects to the database are used and slow the process is a performance issue that can affect the efficiency and responsiveness of the application and the database, but it does not necessarily compromise the data quality or security. User accounts may remain active after a termination is a security issue that can increase the risk of unauthorized access or misuse of data by former employees or others who have access to their credentials, but it can be mitigated by implementing proper account management and monitoring processes. Application may not capture a complete audit trail is a compliance issue that can affect the accountability and traceability of transactions and data within the application and the database, but it does not directly affect the data accuracy or protection.
References:
Should application users be database users? – Stack Overflow1
An Approach Toward Sarbanes-Oxley ITGC Risk Assessment – ISACA2
ISACA CISA Certified Information Systems Auditor Exam … – PUPUWEB3
Why inactive accounts are a security risk | Stratosphere4
Question #243
An IS auditor notes that the previous year’s disaster recovery test was not completed within the scheduled time frame due to insufficient hardware allocated by a third-party vendor.
Which of the following provides the BEST evidence that adequate resources are now allocated to successfully recover the systems?
- A . Service level agreement (SLA)
- B . Hardware change management policy
- C . Vendor memo indicating problem correction
- D . An up-to-date RACI chart
Correct Answer: A
A
Explanation:
The best evidence that adequate resources are now allocated to successfully recover the systems is a service level agreement (SLA). An SLA is a contract between a service provider and a customer that defines the scope, quality, and terms of the service delivery. An SLA should include measurable and verifiable indicators of the service performance, such as availability, reliability, capacity, security, and recovery. An SLA should also specify the roles, responsibilities, and expectations of both parties, as well as the remedies and penalties for non-compliance. An SLA can help to ensure that the third-party vendor has allocated sufficient hardware and other resources to meet the recovery objectives and requirements of the organization.
References:
CISA Review Manual (Digital Version)
CISA Questions, Answers & Explanations Database
A
Explanation:
The best evidence that adequate resources are now allocated to successfully recover the systems is a service level agreement (SLA). An SLA is a contract between a service provider and a customer that defines the scope, quality, and terms of the service delivery. An SLA should include measurable and verifiable indicators of the service performance, such as availability, reliability, capacity, security, and recovery. An SLA should also specify the roles, responsibilities, and expectations of both parties, as well as the remedies and penalties for non-compliance. An SLA can help to ensure that the third-party vendor has allocated sufficient hardware and other resources to meet the recovery objectives and requirements of the organization.
References:
CISA Review Manual (Digital Version)
CISA Questions, Answers & Explanations Database
Question #244
Which of the following BEST demonstrates to senior management and the board that an audit function is compliant with standards and the code of ethics?
- A . Audit staff interviews
- B . Quality control reviews
- C . Control self-assessments (CSAs)
- D . Corrective action plans
Correct Answer: B
B
Explanation:
Quality control reviews are the best way to demonstrate to senior management and the board that an audit function is compliant with standards and the code of ethics. These reviews assess the efficiency and effectiveness of the audit function, ensure compliance with audit standards and ethics, and identify areas for improvement12. While audit staff interviews, control self-assessments (CSAs), and corrective action plans can provide valuable insights, they do not offer the same level of assurance as a comprehensive quality control review12.
References: The Institute of Internal Auditors1, AuditBoard2
B
Explanation:
Quality control reviews are the best way to demonstrate to senior management and the board that an audit function is compliant with standards and the code of ethics. These reviews assess the efficiency and effectiveness of the audit function, ensure compliance with audit standards and ethics, and identify areas for improvement12. While audit staff interviews, control self-assessments (CSAs), and corrective action plans can provide valuable insights, they do not offer the same level of assurance as a comprehensive quality control review12.
References: The Institute of Internal Auditors1, AuditBoard2
Question #245
Which of the following security measures will reduce the risk of propagation when a cyberattack occurs?
- A . Perimeter firewall
- B . Data loss prevention (DLP) system
- C . Web application firewall
- D . Network segmentation
Correct Answer: D
D
Explanation:
Network segmentation is the best security measure to reduce the risk of propagation when a cyberattack occurs, because it divides the network into smaller subnetworks that are isolated from each other and have different access controls and security policies. This limits the spread of malicious traffic and prevents attackers from accessing sensitive data or systems in other segments. A perimeter firewall, a data loss prevention (DLP) system, and a web application firewall are also useful security measures, but they do not prevent propagation within the network as effectively as network segmentation does.
References: CISA Review Manual (Digital Version)1, Chapter 5, Section 5.2.3
D
Explanation:
Network segmentation is the best security measure to reduce the risk of propagation when a cyberattack occurs, because it divides the network into smaller subnetworks that are isolated from each other and have different access controls and security policies. This limits the spread of malicious traffic and prevents attackers from accessing sensitive data or systems in other segments. A perimeter firewall, a data loss prevention (DLP) system, and a web application firewall are also useful security measures, but they do not prevent propagation within the network as effectively as network segmentation does.
References: CISA Review Manual (Digital Version)1, Chapter 5, Section 5.2.3
Question #246
Which of the following is the BEST way to foster continuous improvement of IS audit processes and practices?
- A . Invite external auditors and regulators to perform regular assessments of the IS audit function.
- B . Implement rigorous managerial review and sign-off of IS audit deliverables.
- C . Frequently review IS audit policies, procedures, and instruction manuals.
- D . Establish and embed quality assurance (QA) within the IS audit function.
Correct Answer: D
D
Explanation:
The best way to foster continuous improvement of IS audit processes and practices is to establish and embed quality assurance (QA) within the IS audit function, as this will ensure that the IS audit activities are aligned with the standards, expectations, and objectives of the organization and the stakeholders12. QA involves periodic internal and external assessments, benchmarking, feedback, and root cause analysis to identify and address gaps, issues, and opportunities for improvement34.
References
1: The Basics and Principles of Continuous Improvement4 2: ISO 9001 Auditing Practices Group Guidance on5 3: INSIGHTS TO QUALITY3 4: Continuous Auditing: Coordinating Continuous Auditing and Monitoring to Provide Continuous Assurance2
D
Explanation:
The best way to foster continuous improvement of IS audit processes and practices is to establish and embed quality assurance (QA) within the IS audit function, as this will ensure that the IS audit activities are aligned with the standards, expectations, and objectives of the organization and the stakeholders12. QA involves periodic internal and external assessments, benchmarking, feedback, and root cause analysis to identify and address gaps, issues, and opportunities for improvement34.
References
1: The Basics and Principles of Continuous Improvement4 2: ISO 9001 Auditing Practices Group Guidance on5 3: INSIGHTS TO QUALITY3 4: Continuous Auditing: Coordinating Continuous Auditing and Monitoring to Provide Continuous Assurance2
Question #247
Which of the following technologies has the SMALLEST maximum range for data transmission between devices?
- A . Wi-Fi
- B . Bluetooth
- C . Long-term evolution (LTE)
- D . Near-field communication (NFC)
Correct Answer: D
D
Explanation:
The technology that has the smallest maximum range for data transmission between devices is near-field communication (NFC). NFC is a short-range wireless technology that enables two devices to communicate when they are in close proximity, usually within a few centimeters. NFC is commonly used for contactless payments, smart cards, and device pairing. According to the Bluetooth® Technology Website1, the effective range of NFC is less than a meter, while the other technologies have much longer ranges. Wi-Fi can reach up to 100 meters indoors and 300 meters outdoors2. Bluetooth can reach up to 800 feet with Bluetooth 5.0 specification3. Long-term evolution (LTE) can reach up to several kilometers depending on the cell tower and the device4.
References:
5: What is Wi-Fi? – Definition from WhatIs.com
6: Understanding Bluetooth Range | Bluetooth® Technology Website
7: What is Bluetooth Range? What You Need to Know
8: How far can LTE signals travel? – Quora
D
Explanation:
The technology that has the smallest maximum range for data transmission between devices is near-field communication (NFC). NFC is a short-range wireless technology that enables two devices to communicate when they are in close proximity, usually within a few centimeters. NFC is commonly used for contactless payments, smart cards, and device pairing. According to the Bluetooth® Technology Website1, the effective range of NFC is less than a meter, while the other technologies have much longer ranges. Wi-Fi can reach up to 100 meters indoors and 300 meters outdoors2. Bluetooth can reach up to 800 feet with Bluetooth 5.0 specification3. Long-term evolution (LTE) can reach up to several kilometers depending on the cell tower and the device4.
References:
5: What is Wi-Fi? – Definition from WhatIs.com
6: Understanding Bluetooth Range | Bluetooth® Technology Website
7: What is Bluetooth Range? What You Need to Know
8: How far can LTE signals travel? – Quora
Question #248
How would an IS auditor BEST determine the effectiveness of a security awareness program?
- A . Review the results of social engineering tests.
- B . Evaluate management survey results.
- C . Interview employees to assess their security awareness.
- D . Review security awareness training quiz results.
Correct Answer: A
A
Explanation:
Comprehensive and Detailed Step-by-Step
Social engineering tests are the most effective way to assess real-world security awareness by measuring employees’ ability to recognize and resist security threats.
Review the Results of Social Engineering Tests (Correct Answer C A)
Simulated phishing attacks and pretexting exercises measure actual employee behavior.
Provides actionable insights into weaknesses in security awareness.
Example: If employees frequently click on phishing emails, the awareness program is ineffective.
Evaluate Management Survey Results (Incorrect C B)
Management perception is subjective and does not reflect actual employee behavior.
Interview Employees (Incorrect C C)
Employees may provide inaccurate or rehearsed responses.
Review Security Training Quiz Results (Incorrect C D)
Tests knowledge but does not measure practical application.
References:
ISACA CISA Review Manual
NIST 800-53 (Security Awareness and Training)
ISO 27001: Security Awareness Control
A
Explanation:
Comprehensive and Detailed Step-by-Step
Social engineering tests are the most effective way to assess real-world security awareness by measuring employees’ ability to recognize and resist security threats.
Review the Results of Social Engineering Tests (Correct Answer C A)
Simulated phishing attacks and pretexting exercises measure actual employee behavior.
Provides actionable insights into weaknesses in security awareness.
Example: If employees frequently click on phishing emails, the awareness program is ineffective.
Evaluate Management Survey Results (Incorrect C B)
Management perception is subjective and does not reflect actual employee behavior.
Interview Employees (Incorrect C C)
Employees may provide inaccurate or rehearsed responses.
Review Security Training Quiz Results (Incorrect C D)
Tests knowledge but does not measure practical application.
References:
ISACA CISA Review Manual
NIST 800-53 (Security Awareness and Training)
ISO 27001: Security Awareness Control
Question #249
Which of the following controls BEST ensures appropriate segregation of dudes within an accounts payable department?
- A . Ensuring that audit trails exist for transactions
- B . Restricting access to update programs to accounts payable staff only
- C . Including the creator’s user ID as a field in every transaction record created
- D . Restricting program functionality according to user security profiles
Correct Answer: D
D
Explanation:
Restricting program functionality according to user security profiles is the best control for ensuring appropriate segregation of duties within an accounts payable department. An IS auditor should verify that the access rights and permissions of the accounts payable staff are based on their roles and responsibilities, and that they are not able to perform incompatible or conflicting functions such as creating, approving, or paying invoices. This will help to prevent fraud, errors, or abuse of authority within the accounts payable process. The other options are less effective controls for ensuring segregation of duties, as they may involve audit trails, access restrictions, or user identification.
References:
CISA Review Manual (Digital Version), Chapter 6, Section 6.31
CISA Review Questions, Answers & Explanations Database, Question ID 223
D
Explanation:
Restricting program functionality according to user security profiles is the best control for ensuring appropriate segregation of duties within an accounts payable department. An IS auditor should verify that the access rights and permissions of the accounts payable staff are based on their roles and responsibilities, and that they are not able to perform incompatible or conflicting functions such as creating, approving, or paying invoices. This will help to prevent fraud, errors, or abuse of authority within the accounts payable process. The other options are less effective controls for ensuring segregation of duties, as they may involve audit trails, access restrictions, or user identification.
References:
CISA Review Manual (Digital Version), Chapter 6, Section 6.31
CISA Review Questions, Answers & Explanations Database, Question ID 223
Question #250
When implementing Internet Protocol security (IPsec) architecture, the servers involved in application delivery:
- A . communicate via Transport Layer Security (TLS),
- B . block authorized users from unauthorized activities.
- C . channel access only through the public-facing firewall.
- D . channel access through authentication.
Correct Answer: A
A
Explanation:
When implementing Internet Protocol security (IPsec) architecture, the servers involved in application delivery communicate via Transport Layer Security (TLS), which is a protocol that provides encryption and authentication for data transmitted over a network. IPsec operates at the network layer and provides security for IP packets, while TLS operates at the transport layer and provides security for TCP connections. Blocking authorized users from unauthorized activities, channeling access only through the public-facing firewall, and channeling access through authentication are not functions of IPsec architecture.
References: CISA Review Manual (Digital Version), Chapter 5, Section 5.4.2
A
Explanation:
When implementing Internet Protocol security (IPsec) architecture, the servers involved in application delivery communicate via Transport Layer Security (TLS), which is a protocol that provides encryption and authentication for data transmitted over a network. IPsec operates at the network layer and provides security for IP packets, while TLS operates at the transport layer and provides security for TCP connections. Blocking authorized users from unauthorized activities, channeling access only through the public-facing firewall, and channeling access through authentication are not functions of IPsec architecture.
References: CISA Review Manual (Digital Version), Chapter 5, Section 5.4.2