[2024年更新]CISA試験問題集でテストエンジン練習テスト問題
合格できるCISA試験[2024年11月05日]最新1151問題
質問 # 123
Which of the following is the FIRST step in initiating a data classification program?
- A. Risk appetite assessment
- B. Inventory of data assets
- C. Assignment of sensitivity levels
- D. Assignment of data ownership
正解:D
解説:
Section: Protection of Information Assets
Explanation:
The data classification process starts with the process of establishing ownership of data. This process also
helps to prepare data dictionary
質問 # 124
Which of the following would BEST demonstrate that an effective disaster recovery plan (DRP) is in place?
- A. Periodic risk assessment
- B. Annual walk-through testing
- C. Full operational test
- D. Frequent testing of backups
正解:C
解説:
Explanation
A disaster recovery plan (DRP) is a set of procedures and resources that enable an organization to restore its critical operations, data, and applications in the event of a disaster1. A DRP should be aligned with the organization's business continuity plan (BCP), which defines the strategies and objectives for maintaining business functions during and after a disaster1.
To ensure that a DRP is effective, it should be tested regularly and thoroughly to identify and resolve any issues or gaps that might hinder its execution2345. Testing a DRP can help evaluate its feasibility, validity, reliability, and compatibility with the organization's environment and needs4. Testing can also help prepare the staff, stakeholders, and vendors involved in the DRP for their roles and responsibilities during a disaster3.
There are different methods and levels of testing a DRP, depending on the scope, complexity, and objectives of the test4. Some of the common testing methods are:
Walkthrough testing: This is a step-by-step review of the DRP by the disaster recovery team and relevant stakeholders. It aims to verify the completeness and accuracy of the plan, as well as to clarify any doubts or questions among the participants45.
Simulation testing: This is a mock exercise of the DRP in a simulated disaster scenario. It aims to assess the readiness and effectiveness of the plan, as well as to identify any challenges or weaknesses that might arise during a real disaster45.
Checklist testing: This is a verification of the availability and functionality of the resources and equipment required for the DRP. It aims to ensure that the backup systems, data, and documentation are accessible and up-to-date45.
Full interruption testing: This is the most realistic and rigorous method of testing a DRP. It involves shutting down the primary site and activating the backup site for a certain period of time. It aims to measure the actual impact and performance of the DRP under real conditions45.
Parallel testing: This is a less disruptive method of testing a DRP. It involves running the backup site in parallel with the primary site without affecting the normal operations. It aims to compare and validate the results and outputs of both sites45.
Among these methods, full interruption testing would best demonstrate that an effective DRP is in place, as it provides the most accurate and comprehensive evaluation of the plan's capabilities and limitations4. Full interruption testing can reveal any hidden or unforeseen issues or risks that might affect the recovery process, such as data loss, system failure, compatibility problems, or human errors4. Full interruption testing can also verify that the backup site can support the critical operations and services of the organization without compromising its quality or security4.
However, full interruption testing also has some drawbacks, such as being costly, time-consuming, risky, and disruptive to the normal operations4. Therefore, it should be planned carefully and conducted periodically with proper coordination and communication among all parties involved4.
The other options are not as effective as full interruption testing in demonstrating that an effective DRP is in place. Frequent testing of backups is only one aspect of checklist testing, which does not cover other components or scenarios of the DRP4. Annual walk-through testing is only a theoretical review of the DRP, which does not test its practical implementation or outcomes4. Periodic risk assessment is only a preparatory step for developing or updating the DRP, which does not test its functionality or performance4.
References: 2: Best Practices For Disaster Recovery Testing | Snyk 3: Disaster Recovery Plan (DR) Testing - Methods and Must-haves - US Signal 4: Disaster Recovery Testing: What You Need to Know - Enterprise Storage Forum 5: Disaster Recovery Testing Best Practices - MSP360 1: How to Test a Disaster Recovery Plan - Abacus
質問 # 125
During audit follow-up, an IS auditor finds that a control has been implemented differently than
recommended. The auditor should:
- A. verify whether the control objectives are adequately addressed.
- B. report as a repeat finding.
- C. compare the control to the action plan.
- D. inform management about incorrect implementation.
正解:C
解説:
Section: Protection of Information Assets
質問 # 126
An IS auditor is reviewing database fields updated in real-time and displayed through other applications in multiple organizational functions. When validating business approval for these various use cases, which of the following sources of information would be the BEST starting point?
- A. Network map from the network administrator
- B. Business process flow from management
- C. Historical database change log records
- D. List of integrations from the database administrator (DBA)
正解:B
解説:
Understanding the business process flow is crucial as it provides insights into how different applications and organizational functions use and update the database fields in real-time. This perspective helps the auditor validate that appropriate business approvals are in place for these use cases.
References
* ISACA CISA Review Manual 27th Edition, Page 128-129 (Business Process Flow)
質問 # 127
An organization has established hiring policies and procedures designed specifically to ensure network administrators are well qualified. Which type of control is in place?
- A. Detective
- B. Directive
- C. Corrective
- D. Preventive
正解:A
質問 # 128
Which of the following threats is MOST effectively controlled by a firewall?
- A. Denial of service (DoS) attack
- B. Network congestion
- C. Network sniffing
- D. Password cracking
正解:A
質問 # 129
Which of the following tools are MOST helpful for benchmarking an existing IT capability?
- A. Prior IS audit reports
- B. IT balanced scorecards
- C. Risk assessments
- D. IT matunty models
正解:D
質問 # 130
An IS auditor reviewing the use of encryption finds that the symmetric key is sent by an email message between the parties. Which of the following audit responses is correct in this situation?
- A. An audit finding is recorded as the key should be distributed in a secure manner.
- B. No audit finding is recorded, as the key can only be used once.
- C. An audit finding is recorded, as the key should be asymmetric and therefore changed.
- D. No audit finding is recorded, as it is normal to distribute a key of this nature in this manner.
正解:A
解説:
Section: The process of Auditing Information System
質問 # 131
What is often the most difficult part of initial efforts in application development?
- A. Planning security
- B. Configuring software
- C. Configuring hardware
- D. Determining time and resource requirements
正解:D
解説:
Section: Protection of Information Assets
Explanation:
Determining time and resource requirements for an application-development project is often the most difficult part of initial efforts in application development.
質問 # 132
An IS auditor is conducting a post-implementation review of an enterprise resource planning (ERP) system.
End users indicated concerns with the accuracy of critical automatic calculations made by the system. The auditor's FIRST course of action should be to:
- A. verify results to determine validity of user concerns.
- B. review initial business requirements.
- C. verify completeness of user acceptance testing (UAT).
- D. review recent changes to the system.
正解:A
解説:
The IS auditor's first course of action should be to verify the results of the critical automatic calculations made by the system to determine the validity of user concerns. This is because the IS auditor needs to obtain sufficient and appropriate audit evidence to support the audit findings and conclusions. By verifying the results, the IS auditor can assess whether there are any errors or discrepancies in the system's calculations that could affect the accuracy and reliability of the financial data. The IS auditor can use various techniques to verify the results, such as re-performing the calculations, comparing them with expected values, or tracing them to source documents.
質問 # 133
What type(s) of firewalls provide(s) the greatest degree of protection and control because both firewall technologies inspect all seven OSI layers of network traffic?
- A. A first-generation packet-filtering firewall
- B. A circuit-level gateway
- C. An application-layer gateway, or proxy firewall, and stateful-inspection firewalls
- D. An application-layer gateway, or proxy firewall, but not stateful-inspection firewalls
正解:C
解説:
Explanation/Reference:
Explanation:
An application-layer gateway, or proxy firewall, and stateful-inspection firewalls provide the greatest degree of protection and control because both firewall technologies inspect all seven OSI layers of network traffic.
質問 # 134
Which of the following validation techniques would BEST prevent duplicate electronic vouchers?
- A. Sequence check
- B. Reasonless check
- C. Cyclic redundancy check
- D. Edit check
正解:A
質問 # 135
An IS auditor is evaluating management's risk assessment of information systems. The IS auditor should
FIRST review:
- A. the effectiveness of the controls in place.
- B. the controls already in place.
- C. the threats/vulnerabilities affecting the assets.
- D. the mechanism for monitoring the risks related to the assets.
正解:C
解説:
Section: Protection of Information Assets
Explanation:
One of the key factors to be considered while assessing the risks related to the use of various information
systems is the threats and vulnerabilities affecting the assets. The risks related to the use of information
assets should be evaluated in isolation from the installed controls. Similarly, the effectiveness of the
controls should be considered during the risk mitigation stage and not during the risk assessment phase A
mechanism to continuously monitor the risks related to assets should be put in place during the risk
monitoring function that follows the risk assessment phase.
質問 # 136
A data Dreach has occurred due to malware. Which of the following should be the FIRST course of action?
- A. Notify the cyber insurance company.
- B. Quarantine the impacted systems.
- C. Notify customers of the breach.
- D. Shut down the affected systems.
正解:B
質問 # 137
An organization offers an online information security awareness program to employees on an annual basis. Which of the following findings from an audit of the program should be the IS auditor's GREATEST concern?
- A. The post-training test content is two years old.
- B. Employees have complained about the length of the program
- C. New employees are given three months to complete the training.
- D. Training completion is not mandatory for staff
正解:D
質問 # 138
Within a virus, which component is responsible for what the virus does to the victim file?
- A. the payload
- B. the trigger
- C. the signature
- D. the premium
- E. None of the choices.
正解:A
解説:
Explanation/Reference:
Explanation:
A virus typically consist of three parts, which are a mechanism that allows them to infect other files and reproduce a trigger that activates delivery of a ""payload"" and the payload from which the virus often gets its name. The payload is what the virus does to the victim file.
質問 # 139
The GREATEST benefit of using a prototyping approach in software development is that it helps to:
- A. minimize scope changes to the system
- B. improve efficiency of quality assurance (QA) testing
- C. conceptualize and clarify requirements
- D. decrease the time allocated for user testing and review
正解:C
解説:
Section: Information System Acquisition, Development and Implementation
Explanation/Reference:
質問 # 140
An IS auditor has found that a vendor has gone out of business and the escrow has an older version of the source code. What is the auditor's BEST recommendation for the organization?
- A. Perform an analysis to determine the business risk
- B. Develop a maintenance plan to support the application using the existing code
- C. Bring the escrow version up to date.
- D. Analyze a new application that moots the current re
正解:C
質問 # 141
Which of the following term in business continuity determines the maximum tolerable amount of time that is needed to verify the system and/or data integrity?
- A. RPO
- B. WRT
- C. MTD
- D. RTO
正解:B
解説:
Explanation/Reference:
The Work Recovery Time (WRT) determines the maximum tolerable amount of time that is needed to verify the system and/or data integrity. This could be, for example, checking the databases and logs, making sure the applications or services are running and are available. In most cases those tasks are performed by application administrator, database administrator etc. When all systems affected by the disaster are verified and/or recovered, the environment is ready to resume the production again.
For your exam you should know below information about RPO, RTO, WRT and MTD:
Stage 1: Business as usual
Business as usual
Image Reference - http://defaultreasoning.files.wordpress.com/2013/12/bcdr-01.png At this stage all systems are running production and working correctly.
Stage 2: Disaster occurs
Disaster Occurs
Image Reference - http://defaultreasoning.files.wordpress.com/2013/12/bcdr-02.png On a given point in time, disaster occurs and systems needs to be recovered. At this point the Recovery Point Objective (RPO) determines the maximum acceptable amount of data loss measured in time. For example, the maximum tolerable data loss is 15 minutes.
Stage 3: Recovery
Recovery
Image Reference - http://defaultreasoning.files.wordpress.com/2013/12/bcdr-03.png At this stage the system are recovered and back online but not ready for production yet. The Recovery Time Objective (RTO) determines the maximum tolerable amount of time needed to bring all critical systems back online. This covers, for example, restore data from back-up or fix of a failure. In most cases this part is carried out by system administrator, network administrator, storage administrator etc.
Stage 4: Resume Production
Resume Production
Image Reference - http://defaultreasoning.files.wordpress.com/2013/12/bcdr-04.png At this stage all systems are recovered, integrity of the system or data is verified and all critical systems can resume normal operations. The Work Recovery Time (WRT) determines the maximum tolerable amount of time that is needed to verify the system and/or data integrity. This could be, for example, checking the databases and logs, making sure the applications or services are running and are available.
In most cases those tasks are performed by application administrator, database administrator etc. When all systems affected by the disaster are verified and/or recovered, the environment is ready to resume the production again.
MTD
Image Reference - http://defaultreasoning.files.wordpress.com/2013/12/bcdr-05.png The sum of RTO and WRT is defined as the Maximum Tolerable Downtime (MTD) which defines the total amount of time that a business process can be disrupted without causing any unacceptable consequences. This value should be defined by the business management team or someone like CTO, CIO or IT manager.
The following answers are incorrect:
RPO - Recovery Point Objective (RPO) determines the maximum acceptable amount of data loss measured in time. For example, the maximum tolerable data loss is 15 minutes.
RTO - The Recovery Time Objective (RTO) determines the maximum tolerable amount of time needed to bring all critical systems back online. This covers, for example, restore data from back-up or fix of a failure.
In most cases this part is carried out by system administrator, network administrator, storage administrator etc.
MTD - The sum of RTO and WRT is defined as the Maximum Tolerable Downtime (MTD) which defines the total amount of time that a business process can be disrupted without causing any unacceptable consequences. This value should be defined by the business management team or someone like CTO, CIO or IT manager.
The following reference(s) were/was used to create this question:
CISA review manual 2014 page number 284
http://defaultreasoning.com/2013/12/10/rpo-rto-wrt-mtdwth/
質問 # 142
What should an IS auditor do FIRST when management responses to an in-person internal control questionnaire indicate a key internal control is no longer effective?
- A. Verify the impact of the control no longer being effective.
- B. Validate the overall effectiveness of the internal control.
- C. Ascertain the existence of other compensating controls.
- D. Determine the resources required to make the control effective.
正解:A
質問 # 143
Which of the following would MOST effectively and executive management in achieving IT and business alignment?
- A. Performance measurement
- B. Balanced scorecard
- C. Value delivery assessment
- D. Risk assessment
正解:C
質問 # 144
During an audit of a financial application, it was determined that many terminated users' accounts were not disabled. Which of the following should be the IS auditors NEXT step?
- A. Conclude that IT general controls are ineffective.
- B. Perform substantive testing of terminated users' access rights.
- C. Perform a review of terminated users' account activity.
- D. Communicate risks to the application owner.
正解:D
質問 # 145
Which of the following is a continuity plan test that uses actual resources to simulate a system crash to cost-effectively obtain evidence about the plan's effectiveness?
- A. Walk-through
- B. Preparedness test
- C. Post test
- D. Paper test
正解:B
解説:
Section: Protection of Information Assets
Explanation:
A preparedness test is a localized version of a full test, wherein resources are expended in the simulation of a system crash. This test is performed regularly on different aspects of the plan and can be a cost- effective way to gradually obtain evidence about the plan's effectiveness. It also provides a means to improve the plan in increments. A paper test is a walkthrough of the plan, involving major players, who attempt to determine what might happen in a particular type of service disruption in the plan's execution. A paper test usually precedes the preparedness test. A post-test is actually a test phase and is comprised of a group of activities, such as returning all resources to their proper place, disconnecting equipment, returning personnel and deleting all company data from third- party systems. A walkthrough is a test involving a simulated disaster situation that tests the preparedness and understanding of management and staff, rather than the actual resources.
質問 # 146
An IS auditor reviewing a database application discovers that the current configuration does not match the originally designed structure. Which of the following should be the IS auditor's next action?
- A. Recommend restoration to the originally designed structure.
- B. Recommend the implementation of a change control process.
- C. Determine if the modifications were properly approved.
- D. Analyze the need for the structural change.
正解:C
解説:
An IS auditor should first determine if the modifications were properly approved. Choices A, B and C are possible subsequent actions, should the IS auditor find that the structural modification had not been approved.
質問 # 147
Which of the following is the MOST effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines?
- A. Restrict access to images and snapshots of virtual machines.
- B. Monitor access to stored images and snapshots of virtual machines.
- C. Limit creation of virtual machine images and snapshots.
- D. Review logical access controls on virtual machines regularly.
正解:B
解説:
Explanation
The most effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines is to monitor access to stored images and snapshots of virtual machines. Images and snapshots are copies of virtual machines that can be used for backup, restoration, or cloning purposes. If data stored on virtual machines are unencrypted, they may be exposed or compromised if unauthorized or malicious users access or copy the images or snapshots. Therefore, monitoring access to stored images and snapshots can help detect and prevent any unauthorized or suspicious activities, and provide audit trails for accountability and investigation.
Restricting access to images and snapshots of virtual machines, limiting creation of virtual machine images and snapshots, and reviewing logical access controls on virtual machines regularly are not the most effective controls for protecting the confidentiality and integrity of data stored unencrypted on virtual machines. These controls may help reduce the risk or impact of data exposure or compromise, but they do not provide sufficient visibility or assurance of data protection. Restricting access to images and snapshots may not prevent authorized users from abusing their privileges or credentials. Limiting creation of virtual machine images and snapshots may not address the existing copies that may contain sensitive data. Reviewing logical access controls on virtual machines regularly may not reflect the actual access activities on images and snapshots.
質問 # 148
......
ISACA CISAリアルな2024年最新の知能問題集模擬試験問題集:https://jp.fast2test.com/CISA-premium-file.html
ISACA CISAリアルな問題と100%カバーリアルな試験問題:https://drive.google.com/open?id=178uO-c4CX-MOna76WLD_-mdfFIuirHPa