ISACA CISA Certified Information Systems Auditor Online Training

Question #51

During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST

A . perform a business impact analysis (BIA).
B . issue an intermediate report to management.
C . evaluate the impact on current disaster recovery capability.
D . conduct additional compliance testing.

Reveal Solution Hide Solution

Question #52

Which of the following is the MOST effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines?

A . Monitor access to stored images and snapshots of virtual machines.
B . Restrict access to images and snapshots of virtual machines.
C . Limit creation of virtual machine images and snapshots.
D . Review logical access controls on virtual machines regularly.

Reveal Solution Hide Solution

Question #53

An IS auditor is examining a front-end subledger and a main ledger.

Which of the following would be the GREATEST concern if there are flaws in the mapping of accounts between the two systems?

A . Double-posting of a single journal entry
B . Inability to support new business transactions
C . Unauthorized alteration of account attributes
D . Inaccuracy of financial reporting

Reveal Solution Hide Solution

Question #54

What is MOST important to verify during an external assessment of network vulnerability?

A . Update of security information event management (SIEM) rules
B . Regular review of the network security policy
C . Completeness of network asset inventory
D . Location of intrusion detection systems (IDS)

Reveal Solution Hide Solution

Question #55

A data breach has occurred due lo malware.

Which of the following should be the FIRST course of action?

A . Notify the cyber insurance company.
B . Shut down the affected systems.
C . Quarantine the impacted systems.
D . Notify customers of the breach.

Reveal Solution Hide Solution

Question #56

Which of the following should an IS auditor be MOST concerned with during a post-implementation review?

A . The system does not have a maintenance plan.
B . The system contains several minor defects.
C . The system deployment was delayed by three weeks.
D . The system was over budget by 15%.

Reveal Solution Hide Solution

Question #57

Which of the following would BEST demonstrate that an effective disaster recovery plan (DRP) is in place?

A . Frequent testing of backups
B . Annual walk-through testing
C . Periodic risk assessment
D . Full operational test

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

A disaster recovery plan (DRP) is a set of procedures and resources that enable an organization to restore its critical operations, data, and applications in the event of a disaster1. A DRP should be aligned with the organization’s business continuity plan (BCP), which defines the strategies and objectives for maintaining business functions during and after a disaster1.

To ensure that a DRP is effective, it should be tested regularly and thoroughly to identify and resolve

any issues or gaps that might hinder its execution2345. Testing a DRP can help evaluate its feasibility, validity, reliability, and compatibility with the organization’s environment and needs4. Testing can also help prepare the staff, stakeholders, and vendors involved in the DRP for their roles and responsibilities during a disaster3.

There are different methods and levels of testing a DRP, depending on the scope, complexity, and objectives of the test4.

Some of the common testing methods are:

Walkthrough testing: This is a step-by-step review of the DRP by the disaster recovery team and relevant stakeholders. It aims to verify the completeness and accuracy of the plan, as well as to clarify any doubts or questions among the participants45.

Simulation testing: This is a mock exercise of the DRP in a simulated disaster scenario. It aims to assess the readiness and effectiveness of the plan, as well as to identify any challenges or weaknesses that might arise during a real disaster45.

Checklist testing: This is a verification of the availability and functionality of the resources and equipment required for the DRP. It aims to ensure that the backup systems, data, and documentation are accessible and up-to-date45.

Full interruption testing: This is the most realistic and rigorous method of testing a DRP. It involves shutting down the primary site and activating the backup site for a certain period of time. It aims to measure the actual impact and performance of the DRP under real conditions45.

Parallel testing: This is a less disruptive method of testing a DRP. It involves running the backup site in parallel with the primary site without affecting the normal operations. It aims to compare and validate the results and outputs of both sites45.

Among these methods, full interruption testing would best demonstrate that an effective DRP is in place, as it provides the most accurate and comprehensive evaluation of the plan’s capabilities and limitations4. Full interruption testing can reveal any hidden or unforeseen issues or risks that might affect the recovery process, such as data loss, system failure, compatibility problems, or human errors4. Full interruption testing can also verify that the backup site can support the critical operations and services of the organization without compromising its quality or security4. However, full interruption testing also has some drawbacks, such as being costly, time-consuming, risky, and disruptive to the normal operations4. Therefore, it should be planned carefully and conducted periodically with proper coordination and communication among all parties involved4. The other options are not as effective as full interruption testing in demonstrating that an effective DRP is in place. Frequent testing of backups is only one aspect of checklist testing, which does not cover other components or scenarios of the DRP4. Annual walk-through testing is only a theoretical review of the DRP, which does not test its practical implementation or outcomes4. Periodic risk assessment is only a preparatory step for developing or updating the DRP, which does not test its functionality or performance4.

References: 2: Best Practices For Disaster Recovery Testing | Snyk 3: Disaster Recovery Plan (DR)

Testing ― Methods and Must-haves – US Signal 4: Disaster Recovery Testing: What You Need to Know

– Enterprise Storage Forum 5: Disaster Recovery Testing Best Practices – MSP360 1: How to Test a Disaster Recovery Plan – Abacus

Question #58

Which of the following is the BEST way to mitigate the impact of ransomware attacks?

A . Invoking the disaster recovery plan (DRP)
B . Backing up data frequently
C . Paying the ransom
D . Requiring password changes for administrative accounts

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Ransomware is a type of malicious software that encrypts the victim’s data and demands a ransom for its decryption1. Ransomware attacks can cause significant damage to an organization’s operations, reputation, and finances1. Therefore, it is important to mitigate the impact of ransomware attacks by implementing effective prevention and recovery strategies.

One of the best ways to mitigate the impact of ransomware attacks is to back up data frequently12345. Data backups are copies of the organization’s data that are stored in a separate location or medium, such as an external hard drive, cloud storage, or tape2. Data backups can help the organization restore its data in case of a ransomware attack, without paying the ransom or losing valuable information2. Data backups should be performed regularly, preferably daily or weekly, depending on the criticality and volume of the data2. Data backups should also be tested periodically to ensure their integrity and usability2.

The other options are not as effective as backing up data frequently in mitigating the impact of ransomware attacks. Invoking the disaster recovery plan (DRP) is a reactive measure that can help the organization resume its operations after a ransomware attack, but it does not prevent or reduce the damage caused by the attack3. Paying the ransom is not a recommended option, as it does not guarantee the decryption of the data or the deletion of the stolen data by the attackers. Paying the ransom also encourages further attacks and funds criminal activities14. Requiring password changes for administrative accounts is a good security practice, but it is not sufficient to prevent or recover from ransomware attacks. Ransomware attacks can exploit other vulnerabilities, such as phishing emails, outdated software, or weak network security15.

References: 1: How to Mitigate the Risk of Ransomware Attacks: The Definitive Guide 2: Mitigating

malware and ransomware attacks – The National Cyber Security Centre 3: 3 steps to prevent and

recover from ransomware 4: Ransomware Epidemic: Use these 8 Strategies to Mitigate Risk 5:

Practical Steps to Mitigate Ransomware Attacks – ITSecurityWire

Question #59

Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported.

Which of the following is the IS auditor’s BEST recommendation?

A . Ensure corrected program code is compiled in a dedicated server.
B . Ensure change management reports are independently reviewed.
C . Ensure programmers cannot access code after the completion of program edits.
D . Ensure the business signs off on end-to-end user acceptance test (UAT) results.

Reveal Solution Hide Solution

Question #60

Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:

A . business impact analysis (BIA).
B . threat and risk assessment.
C . business continuity plan (BCP).
D . disaster recovery plan (DRP).

Reveal Solution Hide Solution