Certified Information Systems Auditor-CISA Quiz Questions and Answers

Answer :
  • Regular backups

Explanation :

Regular backups are the only method of ensuring recovery of data after a successful ransomware attack. Even if the ransom is paid, it is possible that the data may not be recoverable and the possibility of data contamination with other malware exists. How a backup is stored and maintained can influence the effectiveness as a means for recovering from ransomware. Backups that are easily accessible may be compromised before they can be put to use. Designing a proper backup methodology with ransomware in mind is important
Answer :
  • Patches are not automatically installed

Explanation :

Corporate desktop personal computers should be configured to automatically install critical patches to the device-based patch management policy. Furthermore, personal computers should be configured to enable system administrators to schedule updates for a time to minimize the impact on services offered, which may include delaying installation by a brief period. It is common in corporate environments for patch management to be brokered by an internal repository rather than downloaded from the vendor
Answer :
  • Fallback

Explanation :

A fallback (or rollback) is a plan of action to be performed of a system implementation, upgrade or modification/change does not work as intended. Fallback restores the system to the state prior to the change. This is the most common and effective method of mitigating the risk of downtime for mission critical systems. All changes should have a fallback plan that includes instructions on restoring the system to the prior state
Answer :
  • The Local Area Network (LAN) switches are not connected to uninterruptible power supply units

Explanation :

Voice-over Internet Protocol (VoIP) telephone systems use standard network cabling and typically each telephone gets power over the network cable (power over Ethernet) from the wiring closet where the network switch is installed. If the local area network switches do not have backup power, the phones will lose power if there is a utility interruption and potentially not be able to make emergency calls.
Answer :
  • Fast-tracking of releases into production

Explanation :

High number of emergency changes might indicate an attempt to bypass standard change management process controls, such as approval of changes by business, proper testing, and validation of installation into production environment. Bypassing of those controls might result in increased number of production incidents, security deficiencies and improper changes installed into production environment
Answer :
  • User accounts are created with expiration dates and are based on services provided

Explanation :

The most effective control is to ensure that the granting of temporary access is based on services to be provided and that there is an expiration date (automated is best) associated with each unique ID. The use of an identity management system enforces temporary and permanent access for users, at the same time ensuring proper accounting of their activities
Answer :
  • Confirmation of the ability to exploit vulnerabilities

Explanation :

Penetration testing is usually executed by qualified experts with an objective to obtain a privilege access to IT systems using vulnerabilities. Vulnerability assessment alone does not provide an accurate picture on level of organization’s protection from cybersecurity attacks as the existence of a vulnerability alone does not mean it can be exploited
Answer :
  • Sociability testing

Explanation :

The purpose of sociability testing is to ensure that a new or modified system can operate in its target environment without adversely impacting existing systems. This should cover the platform that will perform primary application processing and interface with other systems, as well as changes to the desktop in a client-server or web development
Answer :
  • knowledge by the management staff of the client organization

Explanation :

Black box penetration testing assumes no prior knowledge of the infrastructure to be tested. Testers simulate an attack from someone who is unfamiliar with the system. It is important to have management knowledge of the proceedings so that if the test is identified by the monitoring systems, the legality of the actions can be determined quickly.
Answer :
  • Stratified random sampling

Explanation :

Stratification is the process of dividing a population into sub-populations with similar characteristics explicitly defined, so that each sampling unit can belong to only one stratum. This method of sampling ensures that all sampling units in each subgroup have a known, non-zero chance of selection. It would be most appropriate in this case