Isaca CISA Certified Information Systems Auditor Exam Practice Test

Answer : C

Comprehensive and Detailed Step-by-Step Explanation:

DLP (Data Loss Prevention) tools are designed to prevent unauthorized access, transfer, or leakage of sensitive data, especially by insider threats or unauthorized downloads.

Preventing Unauthorized Downloads (Correct Answer -- C)

DLP solutions block or log attempts to transfer sensitive files.

Example: A DLP tool detects and blocks an employee from copying confidential data to a USB drive.

Preventing Malware Installation (Incorrect -- A, B)

Antivirus and endpoint protection tools, not DLP, handle malware threats.

Preventing Corrupt Data Transmission (Incorrect -- D)

DLP focuses on data protection, not detecting corrupt files.

References:

ISACA CISA Review Manual

NIST 800-53 (Data Protection Controls)

CIS (Center for Internet Security) DLP Best Practices

Answer : B

Comprehensive and Detailed Step-by-Step Explanation:

The biggest concern when implementing a global data privacy policy is that local regulations may contradict the global policy, leading to legal and compliance risks.

Local Regulations May Contradict the Policy (Correct Answer -- B)

Different countries have varying data privacy laws (e.g., GDPR in Europe, CCPA in California, PDPA in Singapore).

A global policy may conflict with stricter local laws, making compliance challenging.

Example: GDPR requires explicit consent for data processing, but other jurisdictions may allow implied consent.

Requirements May Become Unreasonable (Incorrect -- A)

Not a primary risk; compliance is more critical.

Conflicts with Application Requirements (Incorrect -- C)

Applications should adapt to regulations, not the other way around.

Local Management Resistance (Incorrect -- D)

Management acceptance is important but can be addressed through training.

References:

ISACA CISA Review Manual

GDPR (General Data Protection Regulation)

ISO 27701 (Privacy Information Management System)

Answer : A

Comprehensive and Detailed Step-by-Step Explanation:

The internal audit team's role in Control Self-Assessment (CSA) is to independently validate management's assessment to ensure accuracy and effectiveness.

Perform Testing to Validate Management's Assessment (Correct Answer -- A)

Ensures that self-assessments are reliable and comply with policies.

Example: Internal audit conducts sample tests to verify self-reported compliance.

Advising Management (Incorrect -- B)

The audit team reviews rather than advises management.

Designing Testing Procedures (Incorrect -- C)

Management should design CSA procedures, not auditors.

De-Scoping Business Processes (Incorrect -- D)

Internal audit should not reduce audit scope due to CSAs.

References:

ISACA CISA Review Manual

COBIT 2019: Control Self-Assessment

Answer : C

Comprehensive and Detailed Step-by-Step Explanation:

A lack of Mobile Device Management (MDM) enrollment is the biggest concern, as unmanaged devices pose a serious security risk.

Not All Devices Enrolled in MDM (Correct Answer -- C)

Unenrolled devices can bypass security policies.

Example: A stolen, unenrolled device may lack encryption, exposing corporate data.

Biometric Authentication Required (Incorrect -- A)

Biometrics are an enhanced security measure, not a concern.

VPN Not Required for Internal Network (Incorrect -- B)

VPNs are typically used for external access, not always needed internally.

Remote Wipe Requires Internet (Incorrect -- D)

A limitation but still less risky than allowing unsecured devices.

References:

ISACA CISA Review Manual

NIST 800-124 (Mobile Device Security)

Answer : A

Comprehensive and Detailed Step-by-Step Explanation:

Failure to revoke access upon termination poses the greatest security risk, as ex-employees could still access sensitive data or systems.

No Policy to Revoke Access (Correct Answer -- A)

A terminated employee retaining access can lead to data breaches or insider threats.

Example: A former employee misuses active credentials to access financial systems.

Lack of Security Awareness Training (Incorrect -- B)

Important but does not pose an immediate security risk like an active ex-employee account.

No NDAs (Incorrect -- C)

Protects intellectual property but is not as critical as system access.

No Access Revocation for Role Changes (Incorrect -- D)

Still a concern, but ex-employees with active access are a higher risk.

References:

ISACA CISA Review Manual

NIST 800-53 (Access Control)

Answer : B

Comprehensive and Detailed Step-by-Step Explanation:

Exploitation is the phase where testers leverage identified vulnerabilities to gain unauthorized access to systems.

Exploitation (Correct Answer -- B)

Attackers use techniques such as SQL injection, buffer overflow, or privilege escalation.

Example: A tester exploits a weak password to gain admin access.

Exfiltration (Incorrect -- A)

The process of stealing data after gaining access.

Reconnaissance (Incorrect -- C)

The initial stage where attackers gather information about the target.

Scanning (Incorrect -- D)

Involves identifying open ports and services but does not involve actual attacks.

References:

ISACA CISA Review Manual

NIST 800-115 (Technical Guide to Security Testing)

Answer : C

Comprehensive and Detailed Step-by-Step Explanation:

SFTP (Secure File Transfer Protocol) is the most secure option for transferring data over the internet, as it encrypts both commands and data, ensuring confidentiality and integrity.

SFTP (Correct Answer -- C)

Uses SSH (Secure Shell) for encryption.

Provides authentication and encryption for secure data transfers.

Example: A company uses SFTP to securely transmit payroll files to a third-party processor.

UDP (Incorrect -- A)

Faster but lacks encryption and data integrity checks.

HTTP (Incorrect -- B)

Transfers data in plaintext and is vulnerable to interception.

RDP (Incorrect -- D)

Used for remote desktop access, not secure file transfers.

References:

ISACA CISA Review Manual

NIST 800-52 (Guidelines for Transport Layer Security)