Download New Updated (July) Isaca CISA Actual Test 561-570

Ensurepass

 

QUESTION 561

Which of the following BEST ensures the integrity of a server’s operating system?

 

A.

Protecting the server in a secure location

B.

Setting a boot password

C.

Hardening the server configuration

D.

Implementing activity logging

 

Correct Answer: C

Explanation:

Hardening a system means to configure it in the most secure manner (install latest security patches, properly define the access authorization for users and administrators, disable insecure options and uninstall unused services) to prevent nonprivileged users from gaining the right to execute privileged instructions and thus take control of the entire machine, jeopardizing the OS’s integr
ity. Protecting the server in a secure location and setting a boot password are good practices, but do not ensure that a user will not try to exploit logical vulnerabilities and compromise the OS. Activity logging has two weaknesses in this scenario-it is a detective control (not a preventive one), and the attacker who already gained privileged accesscan modify logs or disable them.

 

 

QUESTION 562

An IS auditor observes a weakness in the tape management system at a data center in that some parameters are set to bypass or ignore tape header records. Which of the following is the MOST effective compensating control for this weakness?

 

A.

Staging and job set up

B.

Supervisory review of logs

C.

Regular back-up of tapes

D.

Offsite storage of tapes

 

Correct Answer: A

Explanation:

If the IS auditor finds that there are effective staging and job set up processes, this can be accepted as a compensating control. Choice B is a detective control while choices C and D are corrective controls, none of which would serve as good compensating controls.

 

 

 

 

 

QUESTION 563

Receiving an EDI transaction and passing it through the communication’s interface stage usually requires:

 

A.

translating and unbundling transactions.

B.

routing verification procedures.

C.

passing data to the appropriate application system.

D.

creating a point of receipt audit log.

 

Correct Answer: B

Explanation:

The communication’s interface stage requires routing verification procedures. EDI or ANSI X12 is a standard that must be interpreted by an application for transactions to be processed and then to be invoiced, paid and sent, whether they are for merchandise or services. There is no point in sending and receiving EDI transactions if they cannot be processed by an internal system. Unpacking transactions and recording audit logs are important elements that help follow business rules and establish controls, but are not part of the communication’s interface stage.

 

 

QUESTION 564

An organization has outsourced its help desk. Which of the following indicators would be the best to include in the SLA?

 

A.

Overall number of users supported

B.

Percentage of incidents solved in the first call

C.

Number of incidents reported to the help desk

D.

Number of agents answering the phones

 

Correct Answer: B

Explanation:

Since it is about service level (performance) indicators, the percentage of incidents solved on the first call is the only option that is relevant. Choices A, C and D are not quality measures of the help desk service.

 

 

QUESTION 565

To determine if unauthorized changes have been made to production code the BEST audit procedure is to:

 

A.

examine the change control system records and trace them forward to object code files.

B.

review access control permissions operating within the production program libraries.

C.

examine object code to find instances of changes and trace them back to change control records.

D.

review change approved designations established within the change control system.

 

Correct Answer: C

Explanation:

The procedure of examining object code files to establish instances of code changes and tracing these back to change control system records is a substantive test that directly addresses the risk of unauthorized code changes. The other choices are valid procedures to apply in a change control audit but they do not directly address the risk of unauthorized code changes.

 

 

 

 

QUESTION 566

An IS auditor finds that, at certain times of the day, the data warehouse query performance decreases significantly. Which of the following controls would it be relevant for the IS auditor to review?

 

A.

Permanent table-space allocation

B.

Commitment and rollback controls

C.

User spool and database limit controls

D.

Read/write access log controls

 

Correct Answer: C

Explanation:

User spool limits restrict the space available for running user queries. This prevents poorly formed queries from consuming excessive system resources and impacting general query performance. Limiting the space available to users in their own databases prevents them from building excessively large tables. This helps to control space utilization which itself acts to help performance by maintaining a buffer between the actual data volume stored and the physical device capacity. Additionally, it prevents users from consuming excessive resources in ad hoc table builds (as opposed to scheduled production loads that often can run overnight and are optimized for performance purposes), in a data warehouse, since you are not running online transactions, commitment and rollback does not have an impact on performance. The other choices are not as likely to be the root cause of this performance issue.

 

 

QUESTION 567

An IS auditor evaluating the resilience of a high-availability network should be MOST concerned if:

 

A.

the setup is geographically dispersed.

B.

the network servers are clustered in a site.

C.

a hot site is ready for activation.

D.

diverse routing is implemented for the network.

 

Correct Answer: B

Explanation:

A clustered setup in one location makes the entire network vulnerable to natural disasters or other disruptive events. Dispersed geographical locations and diverse routing provide backup if a site has been destroyed. A hot site would also be a good alternative for a single point-of-failure site.

 

 

QUESTION 568

IT operations for a large organization have been outsourced. An IS auditor reviewing the outsourced operation should be MOST concerned about which of the following findings?

 

A.

The outsourcing contract does not cover disaster recovery for the outsourced IT operations.

B.

The service provider does not have incident handling procedures.

C.

Recently a corrupted database could not be recovered because of library management problems.

D.

incident logs are not being reviewed.

 

Correct Answer: A

Explanation:

The lack of a disaster recovery provision presents a major business risk. Incorporating such a provision into the contract will provide the outsourcing organization leverage over the service provider. Choices B, C and D are problems that should be addressed by the service provider, but are not as important as contract requirements for disaster recovery.

 

 

QUESTION 569

When reviewing the implementation of a LAN, an IS auditor should FIRST review the:

 

A.

node list.

B.

acceptance test report.

C.

network diagram.

D.

user’s list.

 

Correct Answer: C

Explanation:

To properly review a LAN implementation, an IS auditor should first verify the network diagram and confirm the approval. Verification of nodes from the node list and the network diagram would be next, followed by a review of the acceptance test report and then the user’s list.

 

 

QUESTION 570

The computer security incident response team (CSIRT) of an organization disseminates detailed descriptions of recent threats. An IS auditor’s GREATEST concern should be that the users might:

 

A.

use this information to launch attacks.

B.

forward the security alert.

C.

implement individual solutions.

D.

fail to understand the threat.

 

Correct Answer: A

Explanation:

An organization’s computer security incident response team (CSIRT) should disseminate recent threats, security guidelines and security updates to the users to assist them in understanding the security risk of errors and omissions. However, this introduces the risk that the users may use this information to launch attacks, directly or indirectly. An IS auditor should ensure that the CSIRT is actively involved with users to assist them in mitigation of risks arising from security failures and to prevent additional security incidents resulting from the same threat. Forwarding the security alert is not harmful to the organization, implementing individual solutions is unlikely and users failing to understand the threat would not be a serious concern.

 

Free VCE & PDF File for Isaca CISA Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CISA Real Tests (July) and tagged , , , , , , . Bookmark the permalink.