Super Sites Links.

http://adfoc.us/111771
http://adfoc.us/111771528559
http://adfoc.us/111772626881

CISA DATABASE QUESTIONS FOR 2011.

1.                   Which of the following would BEST maintain the integrity of a firewall log?

A.     Granting access to log information only to administrators

B.      Capturing log events in the operating system layer

C.     Writing dual logs onto separate storage media

D.      Sending log information to a dedicated third-party log server

D Establishing a dedicated third-party log server and logging events in it is the best procedure for maintaining the integrity of a firewall log. When access control to the log server is adequately maintained, the risk of unauthorized log modification will be mitigated, therefore improving the integrity of log information. To enforce segregation of duties, administrators should not have access to log files. This primarily contributes to the assurance of confidentiality rather than integrity. There are many ways to capture log information: through the application layer, network layer, operating systems layer, etc.; however, there is no log integrity advantage in capturing events in the operating systems layer. If it is a highly mission-critical information system, it may he nice to run the system with a dual log mode. I laying logs in two different storage devices will primarily contribute to the assurance of the availability of log information, rather than to maintaining its integrity.

2.                   The PRIMARY benefit of implementing a security program as part of a security governance framework is the:

A.     alignment of the IT activities with IS audit recommendations.

B.      enforcement of the management of security risks.

C.     implementation of the chief information security officer’s (CISO) recommendations.

D.     reduction of the cost for IT security.

B The major benefit of implementing a security program is management’s assessment of risk and its mitigation to an appropriate level of risk, and the monitoring of the remaining residual risks. Recommendations, visions and objectives of the auditor and the chief information security officer (CISO) are usually included within a security program, but they would not be the major benefit. The cost of IT security may or may not be reduced.

3.                   When performing an audit of a client relationship management (CRM) system migration project, which of the following should he of GREATEST concern to an IS auditor?

A.     The technical migration is planned for a Friday preceding a long weekend, and the time window is too short for completing all tasks.

B.      Employees pilot-testing the system are concerned that the data representation in the new system is completely different from the old system.

C.     A single implementation is planned, immediately decommissioning the legacy system.

D.     Five weeks prior to the target date, there are still numerous defects in the printing functionality of the new system’s software.

C Major system migrations should include a phase of parallel operation or a phased cut-over to reduce implementation risks. Decommissioning or disposing of the old hardware would complicate any fallback strategy, should the new system not operate correctly. A weekend can be used as a time buffer so that the new system will have a better chance of being up and running after the weekend. A different data representation does not mean different data presentation at the front end. Even when this is the case, this issue can be solved by adequate training and user support. The printing functionality is commonly one of the last functions to be tested in a new system because it is usually the last step performed in any business event. Thus, meaningful testing and the respective error fixing are only possible after all other parts of the software have been successfully tested.

4.                   Which of tile following would effectively verify the originator of a transaction?

A.     Using a secret password between the originator and the receiver

B.      Encrypting tile transaction with the receiver’s public key

C.     Using a portable document format (PDF) to encapsulate transaction content

D.      Digitally Signing tile transaction with the source’s private key

D A digital signature is an electronic identification of a person, created by using a public key algorithm, to verify to a recipient the identity of the source of a transaction and tile integrity of its content. Since they are a ’shared secret’ between the user and tile system itself, passwords are considered a weaker means of authentication. Encrypting the transaction with the recipient’s public key will provide confidentiality for tile information, while using a portable document format (PDF) will probe the integrity of tile content but not necessarily authorship.

5.                   During a disaster recovery test, an IS auditor observes that the performance of the disaster recovery site’s server is slow. To find the root cause of this, the IS auditor should FIRST review the:

A.     event error log generated at the disaster recovery site.

B.      disaster recovery test plan.

C.     disaster recovery plan (DRP).

D.      configurations and alignment of the primary and disaster recovery sites.

D Since the configuration of the system is the most probable cause, the IS auditor should review that first. If the issue cannot be clarified, the IS auditor should then review the event error log. The disaster recovery test plan and the disaster recovery plan (DRP) would not contain information about the system configuration.