CISA Exam 2024 Real Questions and Answers 100%Verified.

CISA Exam 2024 Real Questions and Answers 100%Verified. Gap Analysis - Gap Analysis would be the best method to identify issues that need to be addressed in the reengineering process. Gap analysis indicates which parts of current processes conform to best practices (desired state) and which do not. Application Gateway - An application gateway firewall is effective in preventing applications such as File Transfer Protocols (FTPs) from entering the organization's network. Inform appropriate personnel immediately - The first thing an IS auditor should do after detecting the virus is to alert the organization to its presence, then wait for their response. The MAIN reason for requiring that all computer clocks across an organization be sychronized is to: Support the incident investigation process - During an investigation of incidents, audit logs used as evidence, and the time stamp information in them is useful. If the checks are not synchronized investigations will be more difficult because a time line of event occurring on different systems might not be easily established. An Is auditor is assessing services provided by an internet service provider (ISP) during an IS compliance audit of a nationwide corporation that operates a governmental program. Which of the following is MOST Important? Review the Service Level Agreement (SLA) - A service level agreement (SLA) provides the basis for adequate assessment of the degree to which the provider is meeting the level of agreed-on service. When performing a database review, an Is auditor notices that some tables in the database are not normalized. The IS auditor should next: review the justification - If the database is not normalized, the IS auditor should review the justification because, in some situations, denormalization is recommended for performance reasons. The objecting of concurrency control in a database system is to: Prevent integrity problems when two processes attempt to update the same data at the same time - Concurrency controls prevent data integrity problems. which can arise when two update processes access the same data them at the same time CISA Exam2024 Real Questions and Answers100%Verified. (Concurrency is a property of systems in which several computations are executing simultaneously, and potentially interacting with each other) Which of the following BEST limits the impacts of server failures in a distributed environment? Clustering - Clustering allows two or more servers to work as a unit so that when one of them fails, the other takes over. During an audit of a small enterprise, the IS auditor noted that the IS director has superuser-privilege access that allows the director to process requests for changes to the application access roles (access types). Which of the following should the IS auditor recommend? Implement a properly documented process for application role change requests - The IS auditor should recommend implementation of processes that could prevent or detect improper changes from being made to the major application roles. The application role change request process should start and be approved by the business owner; then, the IS director can make the changes to the application. An IS auditor reviewing a cloud computing environment managed by a third party should be MOST concerned when: The service level agreement does not address the responsibility of the vendor in the case of a security breach - Administration of cloud computing occurs over the Internet and involves more than one participating entity. It is the responsibility of each of the partners in the cloud computing environment to take care of security issues in their own environments. when there is a security breach, the party responsible for the breach should be identified and made accountable. this is not possible if the SLA does not address the responsibilities of the partners during a security breach An IS auditor discovers that some hard drives disposed of by an enterprise were not sanitized in a manner that would reasonably ensure the data could not be recovered. In addition, enterprise doesn't have a written policy on data disposal. The IS auditor should FIRST: Determine the sensitivity of the information on the hard drives. - Even though a policy is not available, the IS auditor should make a determination as to the nature of the information on the hard drives to quantify, as much as possible, the risk. *An IS Auditor should not develop policies What is the BEST backup strategy for a large database with data supporting online sales Mirrored Hard disks - Mirrored hard disks will ensure that all data are backed up to more than one disk so that a failure of one disk will not result in loss of data. And organization is reviewing its contract with a cloud computing provider. For which of the following reasons would the organization want to remove a lock-in clause from the contract? Portability - When drawing up a contract with a cloud service provider, the ideal practice is to remove the customer lock-in clause. It may be important for the client to secure portability of their system assets, i.e., the right to transfer from one vendor to another. In a small organization, an employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend? Procedures that verify that only approved program changes are implemented - An IS auditor must consider recommending a better process. An IS auditor should recommend a formal change control process that manages and could detect changes to production source and object code, such as code comparisons, so the changes can be reviewed on a regular basis by a third party. This would be a compensating control process. Which of the following backup techniques is the MOST appropriate when an organization requires extremely granular data restore points, as defined in the recovery point objective (RPO)? Continuous data backup - Recovery point objective (RPO) is based on the acceptable data loss in the case of a disruption. In this scenario the organization needs a short RPO and continuous data backup is the best option. An IS auditor find that DBAs have access to the log location on the database server and the ability to purge logs from the system. What is the BEST audit recommendation to ensure that DBA activity is effectively monitored? Forward database logs to a centralized log server - To protect the availability and integrity of the database logs, it is feasible to forward the database logs to a centralized log server to which the DBAs do not have access. The purpose of code signing is to provide assurance that: The software has not been subsequently modified *Not The private key of the signer has not been compromised - Code signing ensures that the executable code came from a reputable source and has not been modified after being signed.