The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 391
- Question
- Answer
- Explanation
- CISA Question 392
- Question
- Answer
- Explanation
- CISA Question 393
- Question
- Answer
- Explanation
- CISA Question 394
- Question
- Answer
- Explanation
- CISA Question 395
- Question
- Answer
- Explanation
- CISA Question 396
- Question
- Answer
- Explanation
- CISA Question 397
- Question
- Answer
- Explanation
- CISA Question 398
- Question
- Answer
- Explanation
- CISA Question 399
- Question
- Answer
- Explanation
- CISA Question 400
- Question
- Answer
- Explanation
CISA Question 391
Question
In a small organization, developers may release emergency changes directly to production. Which of the following will BEST control the risk in this situation?
A. Approve and document the change the next business day
B. Limit developer access to production to a specific timeframe
C. Obtain secondary approval before releasing to production
D. Disable the compiler option in the production machine
Answer
A. Approve and document the change the next business day
Explanation
It may be appropriate to allow programmers to make emergency changes as long as they are documented and approved after the fact.
Restricting release time frame may help somewhat; however, it would not apply to emergency changes and cannot prevent unauthorized release of the programs. Choices C and D are not relevant in an emergency situation.
CISA Question 392
Question
An IS auditor notes that patches for the operating system used by an organization are deployed by the IT department as advised by the vendor.
The MOST significant concern an IS auditor should have with this practice is the nonconsideration by lT of:
A. the training needs for users after applying the patch.
B. any beneficial impact of the patch on the operational systems.
C. delaying deployment until testing the impact of the patch.
D. the necessity of advising end users of new patches.
Answer
C. delaying deployment until testing the impact of the patch.
Explanation
Deploying patches without testing exposes an organization to the risk of system disruption or failure. Normally, there is no need for training or advising users when a new operating system patch has been installed. Any beneficial impact is less important than the risk of unavailability that could be avoided with proper testing.
CISA Question 393
Question
Which of the following processes should an IS auditor recommend to assist in the recording of baselines for software releases?
A. Change management
B. Backup and recovery
C. incident management
D. Configuration management
Answer
D. Configuration management
Explanation
The configuration management process may include automated tools that will provide an automated recording of software release baselines.
Should the new release fail, the baseline will provide a point to which to return. The other choices do not provide the processes necessary for establishing software release baselines and are not related to software release baselines.
CISA Question 394
Question
The application systems of an organization using open-source software have no single recognized developer producing patches. Which of the following would be the MOST secure way of updating open-source software?
A. Rewrite the patches and apply them
B. Code review and application of available patches
C. Develop in-house patches
D. identify and test suitable patches before applying them
Answer
D. identify and test suitable patches before applying them
Explanation
Suitable patches from the existing developers should be selected and tested before applying them. Rewriting the patches and applying them is not a correct answer because it would require skilled resources and time to rewrite the patches. Code review could be possible but tests need to be performed before applying the patches. Since the system was developed outside the organization, the IT department may not have the necessary skills and resources to develop patches.
CISA Question 395
Question
To determine if unauthorized changes have been made to production code the BEST audit procedure is to:
A. examine the change control system records and trace them forward to object code files.
B. review access control permissions operating within the production program libraries.
C. examine object code to find instances of changes and trace them back to change control records.
D. review change approved designations established within the change control system.
Answer
C. examine object code to find instances of changes and trace them back to change control records.
Explanation
The procedure of examining object code files to establish instances of code changes and tracing these back to change control system records is a substantive test that directly addresses the risk of unauthorized code changes. The other choices are valid procedures to apply in a change control audit but they do not directly address the risk of unauthorized code changes.
CISA Question 396
Question
When reviewing procedures for emergency changes to programs, the IS auditor should verify that the procedures:
A. allow changes, which will be completed using after-the-fact follow-up.
B. allow undocumented changes directly to the production library.
C. do not allow any emergency changes.
D. allow programmers permanent access to production programs.
Answer
A. allow changes, which will be completed using after-the-fact follow-up.
Explanation
There may be situations where emergency fixes are required to resolve system problems. This involves the use of special logon IDs that grant programmers temporary access to production programs during emergency situations. Emergency changes should be completed using after-thefact follow-up procedures, which ensure that normal procedures are retroactively applied; otherwise, production may be impacted. Changes made in this fashion should be held in an emergency library from where they can be moved to the production library, following the normal change management process. Programmers should not directly alter the production library nor should they be allowed permanent access to production programs.
CISA Question 397
Question
An organization has recently installed a security patch, which crashed the production server. To minimize the probability of this occurring again, an IS auditor should:
A. apply the patch according to the patch’s release notes.
B. ensure that a good change management process is in place.
C. thoroughly test the patch before sending it to production.
D. approve the patch after doing a risk assessment.
Answer
B. ensure that a good change management process is in place.
Explanation
An IS auditor must review the change management process, including patch management procedures, and verify that the process has adequate controls and make suggestions accordingly. The other choices are part of a good change management process but are not an IS auditor’s responsibility.
CISA Question 398
Question
An IS auditor should recommend the use of library control software to provide reasonable assurance that:
A. program changes have been authorized.
B. only thoroughly tested programs are released.
C. modified programs are automatically moved to production.
D. source and executable code integrity is maintained.
Answer
A. program changes have been authorized.
Explanation
Library control software should be used to separate test from production libraries in mainframe and/or client server environments. The main objective of library control software is to provide assurance that program changes have been authorized. Library control software is concerned with authorized program changes and would not automatically move modified programs into production and cannot determine whether programs have been thoroughly tested. Library control software provides reasonable assurance that the source code and executable code are matched at the time a source code is moved to production. However, subsequent events such as a hardware failure can result in a lack of consistency between source and executable code.
CISA Question 399
Question
The purpose of code signing is to provide assurance that:
A. the software has not been subsequently modified.
B. the application can safely interface with another signed application.
C. the signer of the application is trusted.
D. the private key of the signer has not been compromised.
Answer
A. the software has not been subsequently modified.
Explanation
Code signing can only ensure that the executable code has not been modified after being signed. The other choices are incorrect and actually represent potential and exploitable weaknesses of code signing.
CISA Question 400
Question
A programmer maliciously modified a production program to change data and then restored the original code. Which of the following would MOST effectively detect the malicious activity?
A. Comparing source code
B. Reviewing system log files
C. Comparing object code
D. Reviewing executable and source code integrity
Answer
B. Reviewing system log files
Explanation
Reviewing system log files is the only trail that may provide information about the unauthorized activities in the production library. Source and object code comparisons are ineffective, because the original programs were restored and do not exist. Reviewing executable and source code integrity is an ineffective control, because integrity between the executable and source code is automatically maintained.