• Home
  • Blogs
  • CISA Dumps PDF 2024 Strategy Your Preparation Efficiently [Q562-Q578]

CISA Dumps PDF 2024 Strategy Your Preparation Efficiently [Q562-Q578]

Share

CISA Dumps PDF 2024 Strategy Your Preparation Efficiently

Latest Verified & Correct ISACA CISA Questions

NEW QUESTION # 562
A large organization is considering a policy that would allow employees to bring their own smartphones into the organizational environment. The MOST important concern to the information security manager should be the:

  • A. decrease in end user productivity.
  • B. lack of a device management solution.
  • C. impact on network capacity.
  • D. higher costs in supporting end users.

Answer: B

Explanation:
Section: Governance and Management of IT


NEW QUESTION # 563
An organization's sensitive data is stored in a cloud computing environment and is encrypted. Which of the following findings should be of GREATEST concern to an IS auditor?

  • A. Symmetric keys are used for encryption.
  • B. Data encryption keys are accessible lo the service provider.
  • C. Encryption keys are not rotated on a regular basis.
  • D. Test data encryption keys are being used in production

Answer: D


NEW QUESTION # 564
Which of the following is a management technique that enables organizations to develop strategically important systems faster, while reducing development costs and maintaining quality?

  • A. Rapid application development
  • B. Program evaluation review technique
  • C. Function point analysis
  • D. Critical path methodology

Answer: A

Explanation:
Rapid application development is a management technique that enables organizations to develop strategically important systems faster, while reducing development costs and maintaining quality. The program evaluation review technique (PERT) and critical path methodology (CPM) are both planning and control techniques, while function point analysis is used for estimating the complexity of developing business applications.


NEW QUESTION # 565
A small financial institution is preparing to implement a check image processing system to support planned mobile banking product offerings Which of the following is MOST critical to the successful implementation of the system?

  • A. Integration testing
  • B. End user training
  • C. Feasibility studies
  • D. Control design

Answer: A


NEW QUESTION # 566
In a typical SDLC, which group is PRIMARILY responsible for confirming compliance with requirements?

  • A. Quality assurance
  • B. Risk management
  • C. Steering committee
  • D. Internal audit

Answer: A

Explanation:
Section: Information System Acquisition, Development and Implementation


NEW QUESTION # 567
Identify the network topology from below diagram presented below:

Network Topology

  • A. Mesh
  • B. Ring
  • C. Star
  • D. Bus

Answer: C

Explanation:
Section: Information System Operations, Maintenance and Support
Explanation/Reference:
For your exam you should know the information below related to LAN topologies:
LAN Topologies
Network topology is the physical arrangement of the various elements (links, nodes, etc.) of a computer
network.
Essentially, it is the topological structure of a network, and may be depicted physically or logically. Physical
topology refers to the placement of the network's various components, including device location and cable
installation, while logical topology shows how data flows within a network, regardless of its physical design.
Distances between nodes, physical interconnections, transmission rates, and/or signal types may differ
between two networks, yet their topologies may be identical.
Bus
In local area networks where bus topology is used, each node is connected to a single cable. Each
computer or server is connected to the single bus cable. A signal from the source travels in both directions
to all machines connected on the bus cable until it finds the intended recipient. If the machine address does
not match the intended address for the data, the machine ignores the data. Alternatively, if the data
matches the machine address, the data is accepted. Since the bus topology consists of only one wire, it is
rather inexpensive to implement when compared to other topologies. However, the low cost of
implementing the technology is offset by the high cost of managing the network. Additionally, since only one
cable is utilized, it can be the single point of failure. If the network cable is terminated on both ends and
when without termination data transfer stop and when cable breaks, the entire network will be down.
Bus topology
Graphic from:

Linear bus
The type of network topology in which all of the nodes of the network are connected to a common
transmission medium which has exactly two endpoints (this is the 'bus', which is also commonly referred to
as the backbone, or trunk) - all data that is transmitted between nodes in the network is transmitted over
this common transmission medium and is able to be received by all nodes in the network simultaneously.
Distributed bus
The type of network topology in which all of the nodes of the network are connected to a common
transmission medium which has more than two endpoints that are created by adding branches to the main
section of the transmission medium - the physical distributed bus topology functions in exactly the same
fashion as the physical linear bus topology (i.e., all nodes share a common transmission medium).
Star
In local area networks with a star topology, each network host is connected to a central point with a point-
to-point connection. In Star topology every node (computer workstation or any other peripheral) is
connected to central node called hub or switch.
The switch is the server and the peripherals are the clients. The network does not necessarily have to
resemble a star to be classified as a star network, but all of the nodes on the network must be connected to
one central device.
All traffic that traverses the network passes through the central point. The central point acts as a signal
repeater.
The star topology is considered the easiest topology to design and implement. An advantage of the star
topology is the simplicity of adding additional nodes. The primary disadvantage of the star topology is that
the central point represents a single point of failure.
Star Topology

Ring
A network topology that is set up in a circular fashion in which data travels around the ring in one direction
and each device on the ring acts as a repeater to keep the signal strong as it travels. Each device
incorporates a receiver for the incoming signal and a transmitter to send the data on to the next device in
the ring.
The network is dependent on the ability of the signal to travel around the ring. When a device sends data, it
must travel through each device on the ring until it reaches its destination. Every node is a critical link. If
one node goes down the whole link would be affected.
Ring Topology

Mesh
The value of a fully meshed networks is proportional to the exponent of the number of subscribers,
assuming that communicating groups of any two endpoints, up to and including all the endpoints, is
approximated by Reed's Law.
A mesh network provides for high availability and redundancy. However, the cost of such network could be
very expensive if dozens of devices are in the mesh.
Mesh Topology

Fully connected mesh topology
A fully connected network is a communication network in which each of the nodes is connected to each
other. In graph theory it known as a complete graph. A fully connected network doesn't need to use
switching nor broadcasting. However, its major disadvantage is that the number of connections grows
quadratic ally with the number of nodes, so it is extremely impractical for large networks. A two-node
network is technically a fully connected network.
Partially connected mesh topology
The type of network topology in which some of the nodes of the network are connected to more than one
other node in the network with a point-to-point link - this makes it possible to take advantage of some of
the redundancy that is provided by a physical fully connected mesh topology without the expense and
complexity required for a connection between every node in the network.
The following answers are incorrect:
The other options presented are not valid.
The following reference(s) were/was used to create this question:
CISA review manual 2014, Page number 262


NEW QUESTION # 568
An IS audit reveals that an organization is not proactively addressing known vulnerabilities. Which of the following should the IS auditor recommend the organization do FIRST?

  • A. Ensure the intrusion prevention system (IPS) is effective.
  • B. Confirm the incident response team understands the issue.
  • C. Assess the security risks to the business.
  • D. Verify the disaster recovery plan (DRP) has been tested.

Answer: C

Explanation:
Assessing the security risks to the business is the crucial first step because it helps identify and prioritize vulnerabilities based on their potential impact and likelihood of exploitation.


NEW QUESTION # 569
Which of the following should be an IS auditor's PRIMARY focus when developing a risk-based IS audit program?

  • A. IT strategic plans
  • B. Portfolio management
  • C. Business processes
  • D. Business plans

Answer: C

Explanation:
Explanation
Business processes should be the primary focus of an IS auditor when developing a risk-based IS audit program, because they represent the core activities and functions of the organization that support its objectives and goals. Business processes also involve the use of IT resources and systems that may pose risks to the organization's performance and compliance. A risk-based IS audit program should identify and assess the risks associated with the business processes and determine the appropriate audit scope and procedures to provide assurance on their effectiveness and efficiency. Portfolio management, business plans, and IT strategic plans are also relevant factors for developing a risk-based IS audit program, but they are not as important as business processes. References: CISA Review Manual (Digital Version), Chapter 2, Section 2.2.1


NEW QUESTION # 570
Which of the following is the MOST significant obstacle to establishing a new privacy program?

  • A. A complex legal and regulatory landscape
  • B. Unresolved overlap of security and privacy roles and responsibilities
  • C. An insufficient privacy awareness training program
  • D. Failure to perform a business impact analysis (BIA)

Answer: A


NEW QUESTION # 571
Which of the following is the MOST effective control for a utility program?

  • A. Storing the program in a production library
  • B. Installing the program on a separate server
  • C. Allowing only authorized personnel to use the program
  • D. Renaming the versions in the programmers libraries

Answer: C


NEW QUESTION # 572
A bank is selecting a server for its retail accounts application. To ensure that the server can handle a high volume of transactions with the required response times, which test should the IS auditor recommend?

  • A. Integration
  • B. Benchmark
  • C. Regression
  • D. Acceptance

Answer: B


NEW QUESTION # 573
How does the digital envelop work? What are the correct steps to follow?

  • A. You encrypt the data using the session key and then you encrypt the session key using the receiver's private key
  • B. You encrypt the data using the session key and then you encrypt the session key using sender's public key
  • C. You encrypt the data using a session key and then encrypt session key using private key of a sender
  • D. You encrypt the data using the session key and then you encrypt the session key using the receiver's public key

Answer: D

Explanation:
Explanation/Reference:
The process of encrypting bulk data using symmetric key cryptography and then encrypting the session key using public key algorithm is referred as a digital envelope.
A Digital Envelope is used to send encrypted information using symmetric crypto cipher and then key session along with it. It is secure method to send electronic document without compromising the data integrity, authentication and non-repudiation, which were obtained with the use of symmetric keys.
A Digital envelope mechanism works as follows:
The symmetric key used to encrypt the message can be referred to as session key. The bulk of the message would take advantage of the high speed provided by Symmetric Cipher.
The session key must then be communicated to the receiver in a secure way to allow the receiver to decrypt the message.
If the session key is sent to receiver in the plain text, it could be captured in clear text over the network and anyone could access the session key which would lead to confidentiality being compromised.
Therefore it is critical to encrypt the session key with the receiver public key before sending it to the receiver. The receiver's will use their matching private key to decrypt the session key which then allow them to decrypt the message using the session key.
The encrypted message and the encrypted session key are sent to the receiver who, in turn decrypts the session key with the receiver's private key. The session key is then applied to the message cipher text to get the plain text.
The following were incorrect answers:
You encrypt the data using a session key and then encrypt session key using private key of a sender - If the session key is encrypted using sender's private key, it can be decrypted only using sender's public key.
The sender's public key is know to everyone so anyone can decrypt session key and message.
You encrypt the data using the session key and then you encrypt the session key using sender's public key - If the session key is encrypted by using sender's public key then only sender can decrypt the session key using his/her own private key and receiver will not be able to decrypt the same.
You encrypt the data using the session key and then you encrypt the session key using the receiver's private key - Sender should not have access to receiver's private key. This is not a valid option.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 350 and 351


NEW QUESTION # 574
Off-site data storage should be kept synchronized when preparing for recovery of time- sensitive data such
as that resulting from which of the following?

  • A. Inventory reporting
  • B. Financial reporting
  • C. Transaction processing
  • D. Sales reporting

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
Off-site data storage should be kept synchronized when preparing for the recovery of timesensitive data
such as that resulting from transaction processing.


NEW QUESTION # 575
An IS auditor finds that periodic reviews of read-only users for a reporting system are not being performed.
Which of the following should be the IS auditor's NEXT course of action?

  • A. Report this control process weakness to senior management.
  • B. Verify managements approval for this exemption
  • C. Obtain a verbal confirmation from IT for this exemption.
  • D. Review the list of end users and evaluate for authorization.

Answer: A

Explanation:
Explanation
The IS auditor's next course of action should be to report this control process weakness to senior management, as it may indicate a lack of oversight and accountability for the reporting system. Read-only users may have access to sensitive or confidential information that should be restricted or monitored. Periodic reviews of read-only users are a good practice to ensure that the access rights are still valid and appropriate for the users' roles and responsibilities. Reporting this weakness to senior management will also allow them to take corrective actions or implement compensating controls if needed.
Option A is incorrect because reviewing the list of end users and evaluating for authorization is not the IS auditor's responsibility, but rather the system owner's or administrator's. The IS auditor should only verify that such reviews are performed and documented by the responsible parties.
Option C is incorrect because verifying management's approval for this exemption is not sufficient to address the control process weakness. Even if there is a valid reason for not performing periodic reviews of read-only users, the IS auditor should still report this as a potential risk and recommend mitigating controls.
Option D is incorrect because obtaining a verbal confirmation from IT for this exemption is not adequate evidence or documentation. The IS auditor should obtain written approval from management and verify that it is aligned with the organization's policies and standards.
References:
CISA Review Manual (Digital Version)1, Chapter 1: The Process of Auditing Information Systems, Section 1.4: Audit Evidence, p. 31-32.
CISA Review Manual (Print Version), Chapter 1: The Process of Auditing Information Systems, Section
1.4: Audit Evidence, p. 31-32.
CISA Online Review Course2, Module 1: The Process of Auditing Information Systems, Lesson 4:
Audit Evidence, slide 9-10.
CISA Questions, Answers & Explanations Database3, Question ID: QAE_CISA_710.


NEW QUESTION # 576
Which of the following would be of MOST concern when determining if information assets are adequately safeguarded during transport and disposal?

  • A. Lack of recent awareness training
  • B. Lack of appropriate data classification
  • C. Lack of appropriate testing
  • D. Lack of password protection

Answer: B


NEW QUESTION # 577
What is used to develop strategically important systems faster, reduce development costs, and still
maintain high quality?

  • A. Decision trees
  • B. PERT
  • C. Rapid application development (RAD)
  • D. GANTT

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation: Rapid application development (RAD) is used to develop strategically important systems
faster, reduce development costs, and still maintain high quality.


NEW QUESTION # 578
......

CISA PDF Dumps Are Helpful To produce Your Dreams Correct QA's: https://www.exam4labs.com/CISA-practice-torrent.html

100% Pass Guaranteed Download Certified Information Systems Auditor Exam PDF Q&A: https://drive.google.com/open?id=1iRE8raGvIL0paApDzHWLBWci50uSN81o

Related Blogs

more
ISACA CISA Certification Practice Exam

Copyright © 2026 EXAM4LABS.COM. All rights reserved. All trademarks are the property of their respective owners and we don't provide actual questions from any vendor.