CISA : Certified Information Systems Auditor : Part 74
-
Which of the following provides the BEST assurance that security policies are applied across business operations?
- Organizational standards are required to be formally accepted.
- Organizational standards are enforced by technical controls.
- Organizational standards are included in awareness training.
- Organizational standards are documented in operational procedures.
-
What should be a security manager’s PRIMARY objective in the event of a security incident?
- Identify the source of the breach and how it was perpetrated.
- Contain the threat and restore operations in a timely manner.
- Ensure that normal operations are not disrupted.
- Identify lapses in operational control effectiveness.
-
Which of the following is the BEST indication that an information security program is effective?
- The number of reported and confirmed security incidents has increased after awareness training.
- The security awareness program was developed following industry best practices.
- The security team has performed a risk assessment to understand the organization’s risk appetite.
- The security team is knowledgeable and uses the best available tools.
-
Which of the following would be of GREATEST concern to an IS auditor reviewing an organization’s security incident handling procedures?
- Annual tabletop exercises are performed instead of functional incident response exercises.
- Roles for computer emergency response team (CERT) members have not been formally documented.
- Guidelines for prioritizing incidents have not been identified.
- Workstation antivirus software alerts are not regularly reviewed.
-
An organization has suffered a number of incidents in which USB flash drives with sensitive data have been lost. Which of the following would be MOST effective in preventing loss of sensitive data?
- Modifying the disciplinary policy to be more stringent
- Implementing a check-in/check-out process for USB flash drives
- Issuing encrypted USB flash drives to staff
- Increasing the frequency of security awareness training
-
Which of the following backup schemes is the BEST option when storage media is limited?
- Virtual backup
- Real-time backup
- Differential backup
- Full backup
-
Management has decided to include a compliance manager in the approval process for a new business that may require changes to the IT infrastructure. Which of the following is the GREATEST benefit of this approach?
- Security breach incidents can be identified in early stages.
- Regulatory risk exposures can be identified before they materialize.
- Fewer reviews are needed when updating the IT compliance process.
- Process accountabilities to external stakeholders are improved.
-
The prioritization of incident response actions should be PRIMARILY based on which of the following?
- Scope of disaster
- Business impact
- Availability of personnel
- Escalation process
-
In the review of a feasibility study for an IS acquisition, the MOST important step is to:
- determine whether the cost-benefits are achievable.
- ensure that a contingency plan is in place should the project fail.
- ensure that the right to audit the vendor has been considered.
- determine whether security and control requirements have been specified.
-
Which of the following is a passive attack on a network?
- Message service interruption
- Message modification
- Traffic analysis
- Sequence analysis
-
Which of the following is the MAIN purpose of an information security management system?
- To enhance the impact of reports used to monitor information security incidents
- To reduce the frequency and impact of information security incidents
- To identify and eliminate the root causes of information security incidents
- To keep information security policies and procedures up-to-date
-
Which of the following would be an INAPPROPRIATE activity for a network administrator?
- Analyzing network security incidents
- Prioritizing traffic between subnets
- Modifying a router configuration
- Modifying router log files
-
There is a concern that a salesperson may download an organization’s full customer list from the Software as a Service (SaaS) when leaving to work for a competitor. Which of the following would BEST help to identify this type of incident?
- Monitor applications logs
- Disable remote access to the application
- Implement a web application firewall
- Implement an intrusion detection system (IDS)
-
Which of the following is the MOST important incident management consideration for an organization subscribing to a cloud service?
- Decision on the classification of cloud-hosted data
- Expertise of personnel providing incident response
- Implementation of a SIEM in the organization
- An agreement on the definition of a security incident
-
Which of the following would be MOST useful to an information security manager when conducting a post-incident review of an attack?
- Details from intrusion detection system logs
- Method of operation used by the attacker
- Cost of the attack to the organization
- Location of the attacker
-
An information security manager is preparing an incident response plan. Which of the following is the MOST important consideration when responding to an incident involving sensitive customer data?
- The assignment of a forensics teams
- The ability to recover from the incident in a timely manner
- Following defined post-incident review procedures
- The ability to obtain incident information in a timely manner
-
An organization that has outsourced its incident management capabilities just discovered a significant privacy breach by an unknown attacker. Which of the following is the MOST important action of the security manager?
- Follow the outsourcer’s response plan
- Refer to the organization’s response plan
- Notify the outsourcer of the privacy breach
- Alert the appropriate law enforcement authorities
-
The effectiveness of an incident response team will be GREATEST when:
- the incident response process is updated based on lessons learned
- incidents are identified using a security information and event monitoring (SIEM) system
- the incident response team members are trained security personnel
- the incident response team meets on a regular basis to review log files
-
An external penetration test identified a serious security vulnerability in a critical business application. Before reporting the vulnerability to senior management, the information security manager’s BEST course of action should be to:
- determine the potential impact with the business owner
- initiate the incident response process
- block access to the vulnerable business application
- report the vulnerability to IT for remediation
-
When conducting a post-incident review, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:
- reduce the costs of future preventive controls
- provide metrics for reporting to senior management
- verify compliance with the service level agreement (SLA)
- learn of potential areas of improvement
Subscribe
0 Comments
Newest