Download CISA Exam 85 Questions with Verified Answers,100% CORRECT and more Exams Information and Communications Technology (ICT) in PDF only on Docsity! CISA Exam 85 Questions with Verified Answers Gap Analysis - CORRECT ANSWER Gap Analysis would be the best method to identify issues that need to be addressed in the reengineering process. Gap analysis indicates which parts of current processes conform to best practices (desired state) and which do not. Application Gateway - CORRECT ANSWER An application gateway firewall is effective in preventing applications such as File Transfer Protocols (FTPs) from entering the organization's network. Inform appropriate personnel immediately - CORRECT ANSWER The first thing an IS auditor should do after detecting the virus is to alert the organization to its presence, then wait for their response. The MAIN reason for requiring that all computer clocks across an organization be sychronized is to: Support the incident investigation process - CORRECT ANSWER During an investigation of incidents, audit logs used as evidence, and the time stamp information in them is useful. If the checks are not synchronized investigations will be more difficult because a time line of event occurring on different systems might not be easily established. An Is auditor is assessing services provided by an internet service provider (ISP) during an IS compliance audit of a nationwide corporation that operates a governmental program. Which of the following is MOST Important? Review the Service Level Agreement (SLA) - CORRECT ANSWER A service level agreement (SLA) provides the basis for adequate assessment of the degree to which the provider is meeting the level of agreed-on service. When performing a database review, an Is auditor notices that some tables in the database are not normalized. The IS auditor should next: review the justification - CORRECT ANSWER If the database is not normalized, the IS auditor should review the justification because, in some situations, denormalization is recommended for performance reasons. The objecting of concurrency control in a database system is to: Prevent integrity problems when two processes attempt to update the same data at the same time - CORRECT ANSWER Concurrency controls prevent data integrity problems. which can arise when two update processes access the same data them at the same time (Concurrency is a property of systems in which several computations are executing simultaneously, and potentially interacting with each other) Which of the following BEST limits the impacts of server failures in a distributed environment? Clustering - CORRECT ANSWER Clustering allows two or more servers to work as a unit so that when one of them fails, the other takes over. During an audit of a small enterprise, the IS auditor noted that the IS director has superuser-privilege access that allows the director to process requests for changes to the application access roles (access types). Which of the following should the IS auditor recommend? Implement a properly documented process for application role change requests - CORRECT ANSWER The IS auditor should recommend implementation of processes that could prevent or detect improper changes from being made to the major application roles. The application role change request process should start and be approved by the business owner; then, the IS director can make the changes to the application. An IS auditor reviewing a cloud computing environment managed by a third party should be MOST concerned when: The service level agreement does not address the responsibility of the vendor in the case of a security breach - CORRECT ANSWER Administration of cloud computing occurs over the Internet and involves more than one participating peak times of the day, and preferably during a maintenance window time period. A mishap or incident caused by a maintenance worker could result in unplanned downtime. Which of the following controls will MOST effectively detect the presence of bursts of errors in network transmissions? Cyclic Redundancy Check (CRC) - CORRECT ANSWER The cyclic reduncancy check (CRC) can check for a block of transmitted data. The workstations generate the CRC and transmit it with the data. The receiving workstation computes a CRC and compares it to the transmitted CRC. If both of them are equal, then the block is assumed error free. In this case (such as in parity error echo check), multiple errors can be detected. In general, CRC can detect all single-bit and double-bit errors Parity check - CORRECT ANSWER Parity check (known as vertical redundancy check) alsi involves a bit (known as the parity bit to each character during transmission. In this case, where there is a presence of bursts of errors (i.e., Impulsing noise during high transmission rates), it has reliability of appproximately 50 percent. In higher transmission rates, this limitation is significant. Echo check - CORRECT ANSWER Echo checks detect line errors by retransmitting data to the sending device for comparison with the orginal tranmission Block sum check - CORRECT ANSWER A block sum check is a form of parity checking and has a low level of reliability The PRIMARY benefit of an IT manager monitoring technical capacity is to: ensure that the service level agreement (SLA) requirements are met. - CORRECT ANSWER Capacity monitoring has multiple objectives; however, the primary objective is to ensure compliance with the internal service level agreement (SLA) between the business and IT. Which of the following should be the MOST important criterion in evaluating a backup solution for sensitive data that must be retained for a long period of time due to regulatory requirements Media reliability *Not Full backup window *Not Media costs *Not Restore window - CORRECT ANSWER To comply with regulatory requirements, the media should be reliable enough to ensure an organization's ability to recover the data should they be required for any reason. When reviewing the configuration of network devices, an IS auditor should FIRST identify: The importance of the network devices in the topology *Not- the best practices for the type of network devices deployed *Not- whether components of the network are missing *whether sub-components of the network are being used appropriately - CORRECT ANSWER The first step is to understand the importance and role of the network device within the organization's network topology In a disaster recovery situation, which of the following is the MOST important metric to ensure that data are synchronized between critical systems? A-Recovery point objective B-Recovery Time objective C- Recovery service resilience D- Recovery service scalability - CORRECT ANSWER A-Recovery Point Objective (RPO) Establishing a common recovery point objective (RPO) is most critical for ensuring that interdependencies between systems are properly synchronized. It ensures that systems do not contain data from different points in time that may result in accounting transactions that cannot be reconciled and a loss of referential intergrity Which of the following is a network diagnostic tool that monitors and reocrds network information? A- Online monitor B- Downtime report C- Help desk report D- Protocol analyzer - CORRECT ANSWER D- Protocol Analyzer Protocol analyzers are network diagnostic tools that monitor and reocrd network information from packets traveling in the link to which the analyzer is attached Which of the following is widely accepted as one of the critical components in networking management? A- Configuration management B- Topological Mappings C- Application of monitoring tools D- Proxy server troubleshooting - CORRECT ANSWER A- Configuration Management Config. Mgmt. is widely accepted as one of the key components of any network because it establishes how the network will function internally and externally. It also deals with the management of configuration and monitoring performance. COnfiguration management ensures that the setup and management of the network is done properly, including managing changes to the configuration, removal of default passwords and possibly hardening the network by disabling unneeded services. During the audit of a database server, which of the following would be considered the GREATEST exposure? A- The password on the administrator account does not expire B- Default global security settings for the database remain unchanged. C- Old data have not been purged D- Database activity is not fully logged - CORRECT ANSWER B- Default global security settings for the database remain unchanged. B. Vendor's reliability figures are not an effective measure of a preventive maintenance program. C. Reviewing the log is a good detective control to ensure that maintenance is being done; however, only the system downtime will indicate whether the preventive maintenance is actually working well. D. A schedule is a good control to ensure that maintenance is scheduled and that no items are missed in the maintenance schedule; however, it is not a guarantee that the work is actually being done. Which of the following is the MOST likely reason an organization implements an emergency change to an application using the emergency change control process? A. The application owner requested new functionality. B. Changes are developed using an agile methodology. C. There is a high probability of a significant impact on operations. D. The operating system (OS) vendor has released a security patch. - CORRECT ANSWER You answered D. The correct answer is C. A. Requests for new functionality by the application owner generally follow normal change control procedures, unless they have an impact on the business function. B. The agile system development methodology breaks down projects into short time-boxed iterations. Each iteration focuses on developing end-to-end functionality from user interface to data storage for the intended architecture. However, the release does not need to follow emergency release procedures unless there is a significant impact on operations. C. Emergency releases to an application are fixes that require implementation as quickly as possible to prevent significant user downtime. Emergency release procedures are followed in such situations. D. Operating system (OS) security patches are applied after testing, and therefore there is no need for an emergency release. Which of the following is the MOST efficient strategy for the backup of large quantities of mission-critical data when the systems need to be online to take sales orders 24 hours a day? A. Implementing a fault-tolerant disk-to-disk backup solution B. Making a full backup to tape weekly and an incremental backup nightly C. Creating a duplicate storage area network (SAN) and replicating the data to a second SAN D. Creating identical server and storage infrastructure at a hot site - CORRECT ANSWER You answered D. The correct answer is A. A. Disk-to-disk backup, also called disk-to-disk-to-tape backup or tape cache, is when the primary backup is written to disk instead of tape. That backup can then be copied, cloned or migrated to tape at a later time (hence the term "disk-to- disk-to-tape"). This technology allows the backup of data to be performed without impacting system performance and allows a large quantity of data to be backed up in a very short backup window. In case of a failure, the fault-tolerant system can transfer immediately to the other disk set. B. While a backup strategy involving tape drives is valid, because many computer systems must be taken offline so that backups can be performed, there is the need to create a backup window, typically during each night. For a system that must remain online at all times, the only feasible way to back up the data is to either duplicate the data to a server that gets backed up to tape, or deploy a disk- to-disk solution, which is effectively the same thing. C. While creating a duplicate storage area network (SAN) and replicating the data to a second SAN provides some redundancy and data protection, this is not really a backup solution. If the two systems are at the same site, there is a risk that an incident such as a fire or flood in the data center could lead to data loss. D. While creating an identical server and storage infrastructure at a hot site provides a great deal of redundancy, there is still the need to create a backup of the data, and typically there is the need to archive certain data for long-term storage. A cutover to a hot site cannot usually be performed in a short enough time for a continuous availability system. Therefore, this is not the best strategy. A large chain of shops with electronic funds transfer (EFT) at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? A. Offsite storage of daily backups B. Alternative standby processor onsite C. Installation of duplex communication links D. Alternative standby processor at another network node - CORRECT ANSWER You are correct, the answer is D. A. Offsite storage of backups would not help, because electronic funds transfer (EFT) tends to be an online process and offsite storage will not replace the dysfunctional processor. B. The provision of an alternate processor onsite would be fine if it were an equipment problem, but would not help in the case of a power outage and may require technical expertise to cutover to the alternate equipment. C. Installation of duplex communication links would be most appropriate if it were only the communication link that failed. A. Network monitoring tools can be used to detect errors that are propagating through a network, but their primary focus is on network reliability so that the network is available when required. B. Network monitoring tools allow observation of network performance and problems. This allows the administrator to take corrective action when network problems are observed. Therefore, the characteristic that benefits the most from network monitoring is availability. C. Network monitoring tools will not measure completeness of the communication. This is measured by the end points in the communication. D. A network monitoring tool can violate confidentiality by allowing a network administrator to observe non-encrypted traffic. This requires careful protection and policies regarding the use of network monitoring tools, but this is not the primary benefit of such tools. An IS auditor finds out-of-range data in some tables of a database. Which of the following controls should the IS auditor recommend to avoid this situation? A. Log all table update transactions. B. Implement before-and-after image reporting. C. Use tracing and tagging. D. Implement integrity constraints in the database. - CORRECT ANSWER You are correct, the answer is D. A. Logging all table update transactions is a detective control that would not help avoid invalid data entry. B. Implementing before-and-after image reporting is a detective control that would not help avoid the situation. C. Tracing and tagging are used to test application systems and controls, and could not prevent out-of-range data. D. Implementing integrity constraints in the database is a preventive control because data are checked against predefined tables or rules, preventing any undefined data from being entered. Due to resource constraints, a developer requires full access to production data to support certain problems reported by production users. Which of the following choices would be a good compensating control for controlling unauthorized changes in production? A. Provide and monitor separate login IDs that the developer will use for programming and for production support. B. Capture activities of the developer in the production environment by enabling audit trails. C. Back up all affected records before allowing the developer to make production changes. D. Ensure that all changes are approved by the change manager. - CORRECT ANSWER You answered D. The correct answer is A. A. Providing separate login IDs that would only allow a developer privileged access when required is a good compensating control, but it must also be backed up with monitoring and supervision of the activity of the developer. B. While capturing activities of the developer via audit trails or logs would be a good practice, the control would not be effective unless these audit trails are reviewed on a periodic basis. C. Creating a backup of affected records before making the change would allow for rollback in case of an error, but would not prevent or detect unauthorized changes. D. Even though changes are approved by the change manager, a developer with full access can easily circumvent this control. During the review of an enterprise's preventive maintenance process for systems at a data center, the IS auditor has determined that adequate maintenance is being performed on all critical computing, power and cooling systems. Additionally, it is MOST important for the IS auditor to ensure that the organization: A. has performed background checks on all service personnel. B. escorts service personnel at all times when performing their work. C. performs maintenance during noncritical processing times. D. independently verifies that maintenance is being performed. - CORRECT ANSWER You are correct, the answer is C. A. While the trustworthiness of the service personnel is important, it is normal practice for these individuals to be escorted and supervised by the data center personnel. It is also expected that the service provider would perform this background check, not the customer. B. Escorting service personnel is common and a best practice, but the greater risk in this case would be if work were performed during critical processing times. C. The biggest risk to normal operations in a data center would be if an incident or mishap were to happen during critical peak processing times; therefore, it would be prudent to ensure that no type of system maintenance be performed at these critical times. D. It is possible that the service provider is performing inadequate maintenance; therefore, this issue may need to be investigated; however, the bigger risk is maintenance being performed at critical processing times. Recovery procedures for an information processing facility are BEST based on: A. recovery time objective (RTO). B. recovery point objective (RPO). B. Deadlocks are a result of locking of records. This is not related to normalization. C. Access to data is controlled by defining user rights to information and is not affected by denormalization. D. Normalization is the removal of redundant data elements from the database structure. Disabling normalization in relational databases will create redundancy and a risk of not maintaining consistency of data, with the consequent loss of data integrity. A company with a limited budget has a recovery time objective (RTO) of 72 hours and a recovery point objective (RPO) of 24 hours. Which of the following would BEST meet the requirements of the business? A. A hot site B. A cold site C. A mirrored site D. A warm site - CORRECT ANSWER You answered B. The correct answer is D. A. Although a hot site enables the business to meets its recovery point objective (RPO) and recovery time objective (RTO), the cost to maintain a hot site is more than the cost to maintain a warm site, which could also meet the objectives. B. A cold site, although providing basic infrastructure, lacks the required hardware to meet the business objectives. C. A mirrored site provides fully redundant facilities with real-time data replication. It can meet the business objectives, but it is not as cost-effective a solution as a warm site. D. A warm site is the most appropriate solution because it provides basic infrastructure and most of the required IT equipment to affordably meet the business requirements. The remainder of the equipment needed can be provided through vendor agreements within a few days. The RTO is the amount of time allowed for the recovery of a business function or resource after a disaster occurs. The RPO is determined based on the acceptable data loss in case of a disruption of operations. The RPO indicates the earliest point in time that is acceptable to recover the data, and it effectively quantifies the permissible amount of data loss in case of interruption. While performing a review of a critical third-party application, an IS auditor would be MOST concerned with discovering: A. inadequate procedures for ensuring adequate system portability. B. inadequate operational documentation for the system. C. an inadequate alternate service provider listing. D. an inadequate software escrow agreement. - CORRECT ANSWER You are correct, the answer is D. A. Procedures to ensure that systems are developed so that they can be ported to other system platforms will help ensure that the system can still continue functioning without affecting the business process if changes to the infrastructure occur. This is less important than availability of the software. B. Inadequate operational documentation is a risk, but would be less significant than the risk of unavailability of the software. C. While alternate service providers could be used if a vendor goes out of business, having access to the source code via a software escrow agreement is more important. D. The inclusion of a clause in the agreement that requires software code to be placed in escrow helps to ensure that the customer can continue to use the software and/or obtain technical support if a vendor were to go out of business. An IS auditor examining the security configuration of an operating system should review the: A. transaction logs. B. authorization tables. C. parameter settings. D. routing tables. - CORRECT ANSWER You are correct, the answer is C. A. Transaction logs are used to track and analyze transactions related to an application or system interface, but that is not the primary source of audit evidence in an OS audit. B. Authorization tables are used to verify implementation of logical access controls and will not be of much help when reviewing control features of an operating system. C. Configuration parameters allow a standard piece of software to be customized for diverse environments and are important in determining how a system runs. The parameter settings should be appropriate to an organization's workload and control environment. Improper implementation and/or monitoring of operating systems can result in undetected errors and corruption of the data being processed, as well as lead to unauthorized access and inaccurate logging of system usage. D. Routing tables do not contain information about the operating system and, therefore, provide no information to aid in the evaluation of controls. An IS auditor evaluating the resilience of a high-availability network should be MOST concerned if: A. the setup is geographically dispersed. B. the network servers are clustered in one site. C. a hot site is ready for activation. D. diverse routing is implemented for the network. - CORRECT ANSWER You are correct, the answer is B. C. Establish controls to handle concurrent access problems. D. Proceed with restore procedures. - CORRECT ANSWER You answered A. The correct answer is D. A. Establishing standards is a preventive control, and monitoring for compliance is a detective control. B. Ensuring that only authorized personnel can update the database is a preventive control. C. Establishing controls to handle concurrent access problems is a preventive control. D. Proceeding with restore procedures is a corrective control. Restore procedures can be used to recover databases to their last-known archived version. During a human resources (HR) audit, an IS auditor is informed that there is a verbal agreement between the IT and HR departments as to the level of IT services expected. In this situation, what should the IS auditor do FIRST? A. Postpone the audit until the agreement is documented. B. Report the existence of the undocumented agreement to senior management. z C. Confirm the content of the agreement with both departments. D. Draft a service level agreement (SLA) for the two departments. - CORRECT ANSWER You are correct, the answer is C. A. There is no reason to postpone an audit because a service agreement is not documented, unless that is all that is being audited. The agreement can be documented after it has been established that there is an agreement in place. B. Reporting to senior management is not necessary at this stage of the audit because this is not a serious immediate vulnerability. C. An IS auditor should first confirm and understand the current practice before making any recommendations. Part of this will be to ensure that both parties are in agreement with the terms of the agreement. D. Drafting a service level agreement (SLA) is not the IS auditor's responsibility. An IS auditor is reviewing the network infrastructure of a call center and determines that the internal telephone system is based on Voice-over Internet Protocol (VoIP) technology. Which of the following is the GREATEST concern? A. Voice communication uses the same equipment that is used for data communication. B. Ethernet switches are not protected by uninterrupted power supply (UPS) units. C. Voice communication is not encrypted on the local network. D. The team that supports the data network also is responsible for the telephone system. - CORRECT ANSWER You answered C. The correct answer is B. A. Voice-over Internet Protocol (VoIP) telephone systems use the local area network (LAN) infrastructure of a company for communication, which can save on wiring cost and simplify both the installation and support of the telephone system. This use of shared infrastructure is a benefit of VoIP and therefore is not a concern. B. VoIP telephone systems use the LAN infrastructure of a company for communication, typically using Ethernet connectivity to connect individual phones to the system. Most companies have a backup power supply for the main servers and systems, but typically do not have uninterrupted power supply (UPS) units for the LAN switches. In the case of even a brief power outage, not having backup power on all network devices makes it impossible to send or receive phone calls, which is a concern, particularly in a call center. C. VoIP devices do not normally encrypt the voice traffic on the local network, so this is not a concern. Typically, a VoIP phone system connects to a telephone company voice circuit, which would not normally be encrypted. If the system uses the Internet for connectivity, then encryption is required. D. VoIP telephone systems use the LAN infrastructure of a company for communication, so the personnel who support and maintain that infrastructure are now responsible for both the data and voice network by default. Therefore, this would not be a concern. Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network? A. The use of diskless workstations B. Periodic checking of hard drives C. The use of current antivirus software D. Policies that result in instant dismissal if violated - CORRECT ANSWER You answered C. The correct answer is B. A. Diskless workstations act as a preventive control and are not totally effective in preventing users from accessing illegal software over the network. B. The periodic checking of hard drives would be the most effective method of identifying illegal software packages loaded onto the network. C. Antivirus software will not necessarily identify illegal software, unless the software contains a virus. D. Policies are a preventive control to lay out the rules about loading the software, but will not detect the actual occurrence. B. While the amount of data to be stored is critical in terms of planning for adequate capacity, the speed of recovery required by the business is the more important factor. C. While a solid understanding of the capabilities of all types of advanced data backup technologies is necessary, without the knowledge of the RPO one cannot design a backup strategy using these technologies. D. The recovery time objective (RTO) is the amount of time allowed for the recovery of a business function or resource after a disaster occurs. This will help in designing disaster site options, but not the data backup strategy in the case of impacting disasters. An IS auditor is to assess the suitability of a service level agreement (SLA) between the organization and the supplier of outsourced services. To which of the following observations should the IS auditor pay the MOST attention? The SLA does not contain a: A. transition clause from the old supplier to a new supplier in the case of expiration or termination. B. late payment clause between the customer and the supplier. C. contractual commitment for service improvement. D. dispute resolution procedure between the contracting parties. - CORRECT ANSWER You answered C. The correct answer is A. A. The delivery of IT services for a specific customer always implies a close linkage between the client and the supplier of the service. If there are no contract terms to specify how the transition to a new supplier may be performed, there is the risk that the old supplier may simply "pull the plug" if the contract expires or is terminated, or may not make data available to the outsourcing organization or new supplier. This would be the greatest risk to the organization. B. Contractual issues regarding payment, service improvement and dispute resolution are important, but not as critical as ensuring that service disruption, data loss, data retention, or other significant events occur in the event that the organization switches to a new firm providing outsourced services. C. The service level agreement (SLA) should address performance requirements and metrics to report on the status of services provided, but it does not necessarily address commitment for performance improvement. D. The SLA should address a dispute resolution procedure and specify the jurisdiction in case of a legal dispute, but this is not the most critical part of an SLA. Which of the following is the MOST critical element of an effective disaster recovery plan (DRP)? A. Offsite storage of backup data B. Up-to-date list of key disaster recovery contacts C. Availability of a replacement data center D. Clearly defined recovery time objective (RTO) - CORRECT ANSWER You answered D. The correct answer is A. A. Remote storage of backups is the most critical disaster recovery plan (DRP) element of the items listed because access to backup data is required to restore systems. B. Having a list of key contacts is important, but not as important as having adequate data backup. C. A DRP may use a replacement data center or some other solution such as a mobile site, reciprocal agreement or outsourcing agreement. D. Having a clearly defined recovery time objective (RTO) is especially important for business continuity planning (BCP), but the core element of disaster recovery (the recovery of IT infrastructure and capability) is data backup. Business units are concerned about the performance of a newly implemented system. Which of the following should an IS auditor recommend? A. Develop a baseline and monitor system usage. B. Define alternate processing procedures. C. Prepare the maintenance manual. D. Implement the changes users have suggested. - CORRECT ANSWER You are correct, the answer is A. A. An IS auditor should recommend the development of a performance baseline and monitor the system's performance against the baseline to develop empirical data upon which decisions for modifying the system can be made. B. Alternate processing procedures will not alter a system's performance, and no changes should be made until the reported issue has been examined more thoroughly. C. A maintenance manual will not alter a system's performance or address the user concerns. D. Implementing changes without knowledge of the cause(s) for the perceived poor performance may not result in a more efficient system. Which of the following is the BEST method to ensure that critical IT system failures do not recur? A. Invest in redundant systems. B. Conduct a follow-up audit. C. Monitor system performance. D. Perform root cause analysis. - CORRECT ANSWER You answered C. The correct answer is D. A. Redesign the controls related to data authorization. B. Implement additional segregation of duties controls. C. Review policy to see if a formal exception process is required. D. Implement additional logging controls. - CORRECT ANSWER You answered A. The correct answer is C. A. Data authorization controls should be driven by the policy. While there may be some technical controls that could be adjusted, if the data changes happen infrequently, then an exception process would be the better choice. B. While adequate segregation of duties is important, it is simpler to fix the policy versus adding additional controls to enforce segregation of duties. C. If the users are granted access to change data in support of the business requirements, but the policy forbids this, then perhaps the policy needs some adjustment to allow for policy exceptions to occur. D. Audit trails are needed, but this is not the best long-term solution to address this issue. Additional resources would be required to review logs. An enterprise uses privileged accounts to process configuration changes for mission-critical applications. Which of the following would be the BEST and appropriate control to limit the risk in such a situation? A. Ensure that audit trails are accurate and specific. B. Ensure that personnel have adequate training. C. Ensure that personnel background checks are performed for critical personnel. D. Ensure that supervisory approval and review are performed for critical changes. - CORRECT ANSWER You answered B. The correct answer is D. A. Audit trails are a detective control and, in many cases, can be altered by those with privileged access. B. Staff proficiency is important and good training may be somewhat of a deterrent, but supervisory approval and review is the best choice. C. Performing background checks is a very basic control and will not effectively prevent or detect errors or malfeasance. D. Supervisory approval and review of critical changes by the accountable managers in the enterprise are required to avoid and detect any unauthorized change. In addition to authorization, supervision enforces a separation of duties and prevents an unauthorized attempt by any single employee. A financial institution has decided to outsource its customer service division to an offshore vendor. The MOST important consideration would be to ensure that the contract contains: A. a limited liability clause. B. a right-to-audit clause. C. a data ownership clause. D. an early termination clause. - CORRECT ANSWER You answered B. The correct answer is C. A. Limited liability means that a company's financial liability is limited to a fixed sum and, in the event of a lawsuit, the fines or debts are not transferred to owners or investors. While this is an important clause for a contract, a data ownership clause is more important. B. A right-to-audit clause is a useful clause to safeguard the outsourcing company's interests and to ensure that the vendor is delivering services as required. However, even without this clause, it is still possible to obtain independent audit reports (SOC1 or SOC2) to determine whether the third party operates in a safe and sound manner. Therefore, this is not as important as a data ownership clause. C. Data ownership is the most important aspect of outsourced operations. An ownership clause establishes that the outsourcing company maintains complete ownership of the information provided to the vendor and the vendor must maintain confidentiality over the information with which it comes into contact. The ownership clause also prohibits the vendor from using any of the customer data for its internal purposes. D. An early termination clause would allow either of the parties to terminate services before the contract duration is over. This is usually established as a mutually acceptable way out in case the vendor-outsourcer relationship does not work as expected, or there is a change in business priorities for the outsourcer. This is not as important as a data ownership clause. A financial institution that processes millions of transactions each day has a central communications processor (switch) for connecting to automated teller machines (ATMs). Which of the following would be the BEST contingency plan for the communications processor? A. Reciprocal agreement with another organization B. Alternate processor in the same location C. Alternate processor at another network node D. Installation of duplex communication links - CORRECT ANSWER You are correct, the answer is C. A. Reciprocal agreements make an organization dependent on the other organization and raise privacy, competition and regulatory issues. B. Having an alternate processor in the same location resolves the equipment problem, but would not be effective if the failure was caused by environmental conditions (i.e., power disruption). D. Number of agents answering the phones - CORRECT ANSWER You answered D. The correct answer is B. A. The contract price will usually be based on the number of users supported, but the performance metrics should be based on the ability to provide effective support and address user problems rapidly. B. Because it is about service level (performance) indicators, the percentage of incidents solved on the first call is a good way to measure the effectiveness of the supporting organization. C. The number of reported incidents cannot be controlled by the outsource supplier; therefore, that cannot be an effective measure. D. The efficiency and effectiveness of the people answering the calls and being able to address problems rapidly are more important than the number of people answering the calls. Which of the following will prevent dangling tuples in a database? A. Cyclic integrity B. Domain integrity C. Relational integrity D. Referential integrity - CORRECT ANSWER You answered B. The correct answer is D. A. Cyclical checking is the control technique for the regular checking of accumulated data on a file against authorized source documentation. There is no cyclical integrity testing. B. Domain integrity testing ensures that a data item has a legitimate value in the correct range or set. C. Relational integrity is performed at the record level and is ensured by calculating and verifying specific fields. D. Referential integrity ensures that a foreign key in one table will equal null or the value of a primary in the other table. For every tuple in a table having a referenced/foreign key, there should be a corresponding tuple in another table, i.e., for existence of all foreign keys in the original tables. If this condition is not satisfied, then it results in a dangling tuple. Which of the following choices would MOST likely ensure that a disaster recovery (DR) effort is successful? A. The tabletop test was performed. B. Data restoration was completed. C. Recovery procedures are approved. D. Appropriate staff resources are committed. - CORRECT ANSWER You are correct, the answer is B. A. Performing a tabletop test is extremely helpful, but does not ensure that the recovery process is working properly. B. The most reliable method to determine whether a backup is valid would be to restore it to a system. A data restore test should be performed at least annually to verify that the process is working properly. C. Approved recovery procedures will not ensure that data can be successfully restored. D. While having appropriate staff resources is appropriate, without data the recovery would not be successful. The PRIMARY objective of performing a postincident review is that it presents an opportunity to: A. improve internal control procedures. B. harden the network to industry best practices. C. highlight the importance of incident response management to management. D. improve employee awareness of the incident response process. - CORRECT ANSWER You are correct, the answer is A. A. A postincident review examines both the cause and response to an incident. The lessons learned from the review can be used to improve internal controls. Understanding the purpose and structure of postincident reviews and follow-up procedures enables the information security manager to continuously improve the security program. Improving the incident response plan based on the incident review is an internal (corrective) control. B. A postincident review may result in improvements to controls, but its primary purpose is not to harden a network. C. The purpose of postincident review is to ensure that the opportunity is presented to learn lessons from the incident. It is not intended as a forum to educate management. D. An incident may be used to emphasize the importance of incident response, but that is not the intention of the postincident review. Segmenting a highly sensitive database results in: A. reduced exposure. B. reduced threat. C. less criticality. D. less sensitivity. - CORRECT ANSWER You answered C. The correct answer is A. D. Servers at the hot site do not have the same specifications as at the main site. - CORRECT ANSWER You answered A. The correct answer is B. A. While it is not a best practice for security administrators to share accounts that do not expire, the greater risk in this scenario would be running out of disk space. B. Not knowing how much disk space is in use and, therefore, how much is needed at the disaster recovery site could create major issues in the case of a disaster. C. Physical security controls are important and this would be a concern, but the more important concern would be running out of disk space. The particular physical characteristic of the disaster recovery site may call for different controls that may appear to be less robust than the main site; however, such a risk could be addressed through policy and procedures or by adding additional personnel if needed. D. As long as the servers at the hot site are capable of running the programs that are required in a disaster recovery situation, the precise capabilities of the servers at the hot site is not a major risk. It is necessary to ensure that software configuration and settings match the servers at the main site, but it is not unusual for newer and more powerful servers to exist at the main site for everyday production use while the standby servers are less powerful. Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures? A. Review software migration records and verify approvals. B. Identify changes that have occurred and verify approvals. C. Review change control documentation and verify approvals. D. Ensure that only appropriate staff can migrate changes into production. - CORRECT ANSWER You answered C. The correct answer is B. A. Software migration records may not have all changes listed—changes could have been made that were not included in the migration records. B. The most effective method is to determine what changes have been made (check logs and modified dates) and then verify that they have been approved. C. Change control records may not have all changes listed. D. Ensuring that only appropriate staff can migrate changes into production is a key control process but, in itself, does not verify compliance. To verify that the correct version of a data file was used for a production run, an IS auditor should review: A. operator problem reports. B. operator work schedules. C. system logs. D. output distribution reports. - CORRECT ANSWER You are correct, the answer is C. A. Operator problem reports are used by operators to log computer operation problems. B. Operator work schedules are maintained to assist in human resource planning. C. System logs are automated reports which identify most of the activities performed on the computer. Programs that analyze the system log have been developed to report on specifically defined items. The IS auditor can then carry out tests to ensure that the correct file version was used for a production run. D. Output distribution reports identify all application reports generated and their distribution. Which of the following issues should be a MAJOR concern to an IS auditor who is reviewing a service level agreement (SLA)? A. A service adjustment resulting from an exception report took a day to implement. B. The complexity of application logs used for service monitoring made the review difficult. C. Performance measures were not included in the SLA. D. The document is updated on an annual basis. - CORRECT ANSWER You are correct, the answer is C. A. Resolving issues related to exception reports is an operational issue that should be addressed in the service level agreement (SLA); however, a response time of one day may be acceptable depending on the terms of the SLA. B. The complexity of application logs is an operational issue, which is not related to the SLA. C. Lack of performance measures will make it difficult to gauge the efficiency and effectiveness of the IT services being provided. D. While it is important that the document be current, depending on the term of the agreement, it may not be necessary to change the document more frequently than annually. An IS auditor is reviewing the backup strategy and the backup technology in use by an organization. The IS auditor would be MOST concerned if: A. data restoration tests are not being regularly performed. B. disk subsystems are being backed up to other disks, and not to tape. C. daily backup logs are purged quarterly.