CISA 2025 EXAM QUESTIONS AND 100%
CORRECT ANSWERS!!
The MAIN reason for requiring that all computer clocks across an organization be
sychronized is to:
Support the incident investigation process
During an investigation of incidents, audit logs used as evidence, and the time stamp information
in them is useful. If the checks are not synchronized investigations will be more difficult because
a time line of event occurring on different systems might not be easily established.
An Is auditor is assessing services provided by an internet service provider (ISP) during an
IS compliance audit of a nationwide corporation that operates a governmental program.
Which of the following is MOST Important?
Review the Service Level Agreement (SLA)
A service level agreement (SLA) provides the basis for adequate assessment of the degree to
which the provider is meeting the level of agreed-on service.
When performing a database review, an Is auditor notices that some tables in the database
are not normalized. The IS auditor should next:
review the justification
If the database is not normalized, the IS auditor should review the justification because, in some
situations, denormalization is recommended for performance reasons.
The objecting of concurrency control in a database system is to:
Prevent integrity problems when two processes attempt to update the same data at the
same time
,Concurrency controls prevent data integrity problems. which can arise when two update
processes access the same data them at the same time
(Concurrency is a property of systems in which several computations are executing
simultaneously, and potentially interacting with each other)
Which of the following BEST limits the impacts of server failures in a distributed
environment?
Clustering
Clustering allows two or more servers to work as a unit so that when one of them fails, the other
takes over.
During an audit of a small enterprise, the IS auditor noted that the IS director has
superuser-privilege access that allows the director to process requests for changes to the
application access roles (access types). Which of the following should the IS auditor
recommend?
Implement a properly documented process for application role change requests
The IS auditor should recommend implementation of processes that could prevent or detect
improper changes from being made to the major application roles. The application role change
request process should start and be approved by the business owner; then, the IS director can
make the changes to the application.
An IS auditor reviewing a cloud computing environment managed by a third party should
be MOST concerned when:
The service level agreement does not address the responsibility of the vendor in the case of
a security breach
Administration of cloud computing occurs over the Internet and involves more than one
participating entity. It is the responsibility of each of the partners in the cloud computing
environment to take care of security issues in their own environments. when there is a security
breach, the party responsible for the breach should be identified and made accountable. this is
,not possible if the SLA does not address the responsibilities of the partners during a security
breach
An IS auditor discovers that some hard drives disposed of by an enterprise were not
sanitized in a manner that would reasonably ensure the data could not be recovered. In
addition, enterprise doesn't have a written policy on data disposal. The IS auditor should
FIRST:
Determine the sensitivity of the information on the hard drives.
Even though a policy is not available, the IS auditor should make a determination as to the nature
of the information on the hard drives to quantify, as much as possible, the risk.
*An IS Auditor should not develop policies
What is the BEST backup strategy for a large database with data supporting online sales
Mirrored Hard disks
Mirrored hard disks will ensure that all data are backed up to more than one disk so that a failure
of one disk will not result in loss of data.
And organization is reviewing its contract with a cloud computing provider. For which of
the following reasons would the organization want to remove a lock-in clause from the
contract?
Portability
When drawing up a contract with a cloud service provider, the ideal practice is to remove the
customer lock-in clause. It may be important for the client to secure portability of their system
assets, i.e., the right to transfer from one vendor to another.
In a small organization, an employee performs computer operations and, when the
situation demands, program modifications. Which of the following should the IS auditor
recommend?
Procedures that verify that only approved program changes are implemented
, An IS auditor must consider recommending a better process. An IS auditor should recommend a
formal change control process that manages and could detect changes to production source and
object code, such as code comparisons, so the changes can be reviewed on a regular basis by a
third party. This would be a compensating control process.
Which of the following backup techniques is the MOST appropriate when an organization
requires extremely granular data restore points, as defined in the recovery point objective
(RPO)?
Continuous data backup
Recovery point objective (RPO) is based on the acceptable data loss in the case of a disruption.
In this scenario the organization needs a short RPO and continuous data backup is the best
option.
An IS auditor find that DBAs have access to the log location on the database server and the
ability to purge logs from the system. What is the BEST audit recommendation to ensure
that DBA activity is effectively monitored?
Forward database logs to a centralized log server
To protect the availability and integrity of the database logs, it is feasible to forward the database
logs to a centralized log server to which the DBAs do not have access.
The purpose of code signing is to provide assurance that:
The software has not been subsequently modified
*Not The private key of the signer has not been compromised
Code signing ensures that the executable code came from a reputable source and has not been
modified after being signed
Doing which of the following during peak production hours could result in unexpected
downtime?
CORRECT ANSWERS!!
The MAIN reason for requiring that all computer clocks across an organization be
sychronized is to:
Support the incident investigation process
During an investigation of incidents, audit logs used as evidence, and the time stamp information
in them is useful. If the checks are not synchronized investigations will be more difficult because
a time line of event occurring on different systems might not be easily established.
An Is auditor is assessing services provided by an internet service provider (ISP) during an
IS compliance audit of a nationwide corporation that operates a governmental program.
Which of the following is MOST Important?
Review the Service Level Agreement (SLA)
A service level agreement (SLA) provides the basis for adequate assessment of the degree to
which the provider is meeting the level of agreed-on service.
When performing a database review, an Is auditor notices that some tables in the database
are not normalized. The IS auditor should next:
review the justification
If the database is not normalized, the IS auditor should review the justification because, in some
situations, denormalization is recommended for performance reasons.
The objecting of concurrency control in a database system is to:
Prevent integrity problems when two processes attempt to update the same data at the
same time
,Concurrency controls prevent data integrity problems. which can arise when two update
processes access the same data them at the same time
(Concurrency is a property of systems in which several computations are executing
simultaneously, and potentially interacting with each other)
Which of the following BEST limits the impacts of server failures in a distributed
environment?
Clustering
Clustering allows two or more servers to work as a unit so that when one of them fails, the other
takes over.
During an audit of a small enterprise, the IS auditor noted that the IS director has
superuser-privilege access that allows the director to process requests for changes to the
application access roles (access types). Which of the following should the IS auditor
recommend?
Implement a properly documented process for application role change requests
The IS auditor should recommend implementation of processes that could prevent or detect
improper changes from being made to the major application roles. The application role change
request process should start and be approved by the business owner; then, the IS director can
make the changes to the application.
An IS auditor reviewing a cloud computing environment managed by a third party should
be MOST concerned when:
The service level agreement does not address the responsibility of the vendor in the case of
a security breach
Administration of cloud computing occurs over the Internet and involves more than one
participating entity. It is the responsibility of each of the partners in the cloud computing
environment to take care of security issues in their own environments. when there is a security
breach, the party responsible for the breach should be identified and made accountable. this is
,not possible if the SLA does not address the responsibilities of the partners during a security
breach
An IS auditor discovers that some hard drives disposed of by an enterprise were not
sanitized in a manner that would reasonably ensure the data could not be recovered. In
addition, enterprise doesn't have a written policy on data disposal. The IS auditor should
FIRST:
Determine the sensitivity of the information on the hard drives.
Even though a policy is not available, the IS auditor should make a determination as to the nature
of the information on the hard drives to quantify, as much as possible, the risk.
*An IS Auditor should not develop policies
What is the BEST backup strategy for a large database with data supporting online sales
Mirrored Hard disks
Mirrored hard disks will ensure that all data are backed up to more than one disk so that a failure
of one disk will not result in loss of data.
And organization is reviewing its contract with a cloud computing provider. For which of
the following reasons would the organization want to remove a lock-in clause from the
contract?
Portability
When drawing up a contract with a cloud service provider, the ideal practice is to remove the
customer lock-in clause. It may be important for the client to secure portability of their system
assets, i.e., the right to transfer from one vendor to another.
In a small organization, an employee performs computer operations and, when the
situation demands, program modifications. Which of the following should the IS auditor
recommend?
Procedures that verify that only approved program changes are implemented
, An IS auditor must consider recommending a better process. An IS auditor should recommend a
formal change control process that manages and could detect changes to production source and
object code, such as code comparisons, so the changes can be reviewed on a regular basis by a
third party. This would be a compensating control process.
Which of the following backup techniques is the MOST appropriate when an organization
requires extremely granular data restore points, as defined in the recovery point objective
(RPO)?
Continuous data backup
Recovery point objective (RPO) is based on the acceptable data loss in the case of a disruption.
In this scenario the organization needs a short RPO and continuous data backup is the best
option.
An IS auditor find that DBAs have access to the log location on the database server and the
ability to purge logs from the system. What is the BEST audit recommendation to ensure
that DBA activity is effectively monitored?
Forward database logs to a centralized log server
To protect the availability and integrity of the database logs, it is feasible to forward the database
logs to a centralized log server to which the DBAs do not have access.
The purpose of code signing is to provide assurance that:
The software has not been subsequently modified
*Not The private key of the signer has not been compromised
Code signing ensures that the executable code came from a reputable source and has not been
modified after being signed
Doing which of the following during peak production hours could result in unexpected
downtime?
