Isaca CISA Quiz 4 Topic 4 Questions 16-20

Question: 1

When an IS audit reveals that a firewall was unable to recognize a number of attack attempts the auditor's BEST recommendation Is to place an Intrusion detection system ID between the firewall and:

Athe Internet.

Bthe organization's network

Cthe organization's web server.

Dthe demilitarized zone( DMZ).

Show Answer

Question: 2

For an organization that has plans to implement web-based trading, it would be MOST important for an IS auditor to verity the organizations information security plan Include:

Aattributes for system passwords

Bsecurity training prior to implementation.

Csecurity requirements for the new application.

Dthe firewall configuration for the web server.

Show Answer

Question: 3

Following a security breach m which a hacker exploited a well-known vulnerability in the domain controller, an IS auditor has been asked to conduct a control assessment. The auditor's BEST course of action would be to determine if:

Athe network traffic was being monitored.

Bthe patches were updated.

Cthe domain controller was classified for high availability.

Dthe logs were monitored.

Show Answer

Question: 4

In an environment where development and IT operations teams are integrated (DevOps). which of the following approaches provides the BEST assurance for the automatic deployment of code into production?

AIntroducing a security testing checkpoint for developed code prior to deployment

BManually inspecting code and obtaining approval poor to deployment into production

CTraining production service engineers to inspect code poor to deployment into production

DApplying version control to authorized code and logging updates to production code

Show Answer

Question: 5

During an audit of a multinational bank's disposal process, an IS auditor notes several findings Which of the following should be the auditor's GREATEST concern?

ABackup media are not reviewed before disposal

BBackup media are disposed before the end of the retention period.

CHardware is not destroyed by a certified vendor

DDegaussing is used instead of physical shredding.

Show Answer

Isaca CISA Quiz:4 Topic:4 Questions:16-20