Free ISACA CISA Übungsprüfungen - Seite 53 von 55

Question #521

When reviewing a business case for a proposed implementation of a third-party system, which of the following should be an IS auditor’s GREATEST concern?

A . Lack of ongoing maintenance costs
B . Lack of training materials
C . Lack of plan for pilot implementation
D . Lack of detailed work breakdown structure

Lösung einblenden Lösung ausblenden

Question #522

Which of the following is the BEST way to detect unauthorized copies of licensed software on systems?

A . Implement controls to prohibit downloads of unauthorized software.
B . Conduct periodic software scanning.
C . Perform periodic counting of licenses.
D . Require senior management approval when installing licenses.

Lösung einblenden Lösung ausblenden

Richtige Antwort: B
B

Explanation:

The best way to detect unauthorized copies of licensed software on systems is to conduct periodic software scanning. Software scanning is a process of using specialized tools or programs to scan the systems and identify the software installed, the license status, the usage, and the compliance with the software policies and agreements. Software scanning can help to detect any unauthorized, unlicensed, or illegal copies of software on the systems, as well as any discrepancies or violations of the software licenses. Software scanning can also help to optimize the software inventory, reduce the software costs, and improve the security and performance of the systems12.

Some examples of software scanning tools are:

Microsoft Software Inventory Analyzer (MSIA): A free tool that scans Windows-based computers and servers and generates reports on the Microsoft products installed, such as operating systems, applications, and updates3.

Belarc Advisor: A free tool that scans Windows-based computers and generates reports on the hardware and software installed, including license keys, versions, usage, and security status4.

Lansweeper: A paid tool that scans Windows, Linux, Mac, and other network devices and generates reports on the hardware and software inventory, license compliance, configuration, and vulnerabilities5.

To conduct periodic software scanning, you need to:

Choose a suitable software scanning tool that meets your needs and budget.

Define the scope and frequency of the software scanning, such as which systems to scan, how often to scan, and what information to collect.

Configure and run the software scanning tool according to the instructions and settings.

Review and analyze the software scanning reports and identify any unauthorized copies of licensed software on the systems.

Take appropriate actions to remove or regularize the unauthorized copies of licensed software on the systems.

Document and report the results and findings of the software scanning.

Question #523

Which of the following is the BEST way to mitigate the impact of ransomware attacks?

A . Invoking the disaster recovery plan (DRP)
B . Backing up data frequently
C . Paying the ransom
D . Requiring password changes for administrative accounts

Lösung einblenden Lösung ausblenden

Richtige Antwort: B
B

Explanation:

Ransomware is a type of malicious software that encrypts the victim’s data and demands a ransom for its decryption1. Ransomware attacks can cause significant damage to an organization’s operations, reputation, and finances1. Therefore, it is important to mitigate the impact of ransomware attacks by implementing effective prevention and recovery strategies.

One of the best ways to mitigate the impact of ransomware attacks is to back up data frequently12345. Data backups are copies of the organization’s data that are stored in a separate location or medium, such as an external hard drive, cloud storage, or tape2. Data backups can help the organization restore its data in case of a ransomware attack, without paying the ransom or losing valuable information2. Data backups should be performed regularly, preferably daily or weekly, depending on the criticality and volume of the data2. Data backups should also be tested periodically to ensure their integrity and usability2.

The other options are not as effective as backing up data frequently in mitigating the impact of ransomware attacks. Invoking the disaster recovery plan (DRP) is a reactive measure that can help the organization resume its operations after a ransomware attack, but it does not prevent or reduce the damage caused by the attack3. Paying the ransom is not a recommended option, as it does not guarantee the decryption of the data or the deletion of the stolen data by the attackers. Paying the ransom also encourages further attacks and funds criminal activities14. Requiring password changes for administrative accounts is a good security practice, but it is not sufficient to prevent or recover from ransomware attacks. Ransomware attacks can exploit other vulnerabilities, such as phishing emails, outdated software, or weak network security15.

References: 1: How to Mitigate the Risk of Ransomware Attacks: The Definitive Guide 2: Mitigating malware and ransomware attacks – The National Cyber Security Centre 3: 3 steps to prevent and recover from ransomware 4: Ransomware Epidemic: Use these 8 Strategies to Mitigate Risk 5:

Practical Steps to Mitigate Ransomware Attacks – ITSecurityWire

Question #524

Which of the following parameters reflects the risk threshold for an organization experiencing a service disruption?

A . Maximum tolerable outage (MTO)
B . Recovery point objective (RPO)
C . Service delivery objective (SDO)
D . Allowable interruption window (AIW)

Lösung einblenden Lösung ausblenden

Question #525

Which of the following is MOST important for an IS auditor to assess during a post-implementation review of a newly modified IT application developed in-house?

A . Sufficiency of implemented controls
B . Resource management plan
C . Updates required for end-user manuals
D . Rollback plans for changes

Lösung einblenden Lösung ausblenden

Question #526

Which of the following MOST effectively minimizes downtime during system conversions?

A . Phased approach
B . Direct cutover
C . Pilot study
D . Parallel run

Lösung einblenden Lösung ausblenden

Question #527

Which of the following provides the MOST reliable audit evidence on the validity of transactions in a financial application?

A . Walk-through reviews
B . Substantive testing
C . Compliance testing
D . Design documentation reviews

Lösung einblenden Lösung ausblenden

Question #528

Which of the following technologies is BEST suited to fulfill a business requirement for nonrepudiation of business-to-business transactions with external parties without the need for a mutually trusted entity?

A . Public key infrastructure (PKI)
B . Blockchain distributed ledger
C . Artificial intelligence (Al)
D . Centralized ledger technology

Lösung einblenden Lösung ausblenden

Question #529

An organization plans to centrally decommission end-of-life databases and migrate the data to the latest model of hardware.

Which of the following BEST ensures data integrity is preserved during the migration?

A . Reconciling sample data to most recent backups
B . Obfuscating confidential data
C . Encrypting the data
D . Comparing checksums

Lösung einblenden Lösung ausblenden

Question #530

The IS quality assurance (OA) group is responsible for:

A . ensuring that program changes adhere to established standards.
B . designing procedures to protect data against accidental disclosure.
C . ensuring that the output received from system processing is complete.
D . monitoring the execution of computer processing tasks.

Lösung einblenden Lösung ausblenden