CISA Exam Question 451
When conducting a follow-up audit on an organization's firewall configuration, the IS auditor discovered that the firewall had been integrated into a new system that provides both firewall and intrusion detection capabilities. The IS auditor should:
Correct Answer: B
Section: Information System Operations, Maintenance and Support
CISA Exam Question 452
When selecting audit procedures, an IS auditor should use professional judgment to ensure that:
Correct Answer: A
Procedures are processes an IS auditor may follow in an audit engagement. In determining the appropriateness of any specific procedure, an IS auditor should use professional judgment appropriate to the specific circumstances. Professional judgment involves a subjective and often qualitative evaluation of conditions arising in the course of an audit. Judgment addresses a grey area where binary (yes/no) decisions are not appropriate and the auditor's past experience plays a key role in making a judgment. ISACA's guidelines provide information on how to meet the standards when performing IS audit work. Identifying material weaknesses is the result of appropriate competence, experience and thoroughness in planning and executing the audit and not of professional judgment. Professional judgment is not a primary input to the financial aspects of the audit.
CISA Exam Question 453
Which of the following step of PDCA study the actual result and compares it against the expected result?
Correct Answer: C
Section: Governance and Management of IT
Explanation/Reference:
Check - Study the actual results (measured and collected in "DO" above) and compare against the
expected results (targets or goals from the "PLAN") to ascertain any differences. Look for deviation in
implementation from the plan and also look for the appropriateness and completeness of the plan to enable
the execution, i.e., "Do". Charting data can make this much easier to see trends over several PDCA cycles
and in order to convert the collected data into information. Information is what you need for the next step
"ACT".
For your exam you should know the information below:
PDCA (plan-do-check-act or plan-do-check-adjust) is an iterative four-step management method used in
business for the control and continuous improvement of processes and products. It is also known as the
Deming circle/cycle/wheel, Stewart cycle, control circle/cycle, or plan-do-study-act (PDSA). Another
version of this PDCA cycle is OPDCA. The added "O" stands for observation or as some versions say
"Grasp the current condition."
The steps in each successive PDCA cycle are:
PLAN
Establish the objectives and processes necessary to deliver results in accordance with the expected output
(the target or goals). By establishing output expectations, the completeness and accuracy of the spec is
also a part of the targeted improvement. When possible start on a small scale to test possible effects.
DO
Implement the plan, execute the process, make the product. Collect data for charting and analysis in the
following "CHECK" and "ACT" steps.
CHECK
Study the actual results (measured and collected in "DO" above) and compare against the expected results
(targets or goals from the "PLAN") to ascertain any differences. Look for deviation in implementation from
the plan and also look for the appropriateness and completeness of the plan to enable the execution, i.e.,
"Do". Charting data can make this much easier to see trends over several PDCA cycles and in order to
convert the collected data into information. Information is what you need for the next step "ACT".
ACT
Request corrective actions on significant differences between actual and planned results. Analyze the
differences to determine their root causes. Determine where to apply changes that will include
improvement of the process or product. When a pass through these four steps does not result in the need
to improve, the scope to which PDCA is applied may be refined to plan and improve with more detail in the
next iteration of the cycle, or attention needs to be placed in a different stage of the process.
The following answers are incorrect:
PLAN - Establish the objectives and processes necessary to deliver results in accordance with the
expected output (the target or goals).
DO - Implement the plan, execute the process, make the product. Collect data for charting and analysis in
the following "CHECK" and "ACT" steps.
ACT -Request corrective actions on significant differences between actual and planned results. Analyze the
differences to determine their root causes. Determine where to apply changes that will include
improvement of the process or product
The following reference(s) were/was used to create this question:
CISA review manual 2014 page number 107
Explanation/Reference:
Check - Study the actual results (measured and collected in "DO" above) and compare against the
expected results (targets or goals from the "PLAN") to ascertain any differences. Look for deviation in
implementation from the plan and also look for the appropriateness and completeness of the plan to enable
the execution, i.e., "Do". Charting data can make this much easier to see trends over several PDCA cycles
and in order to convert the collected data into information. Information is what you need for the next step
"ACT".
For your exam you should know the information below:
PDCA (plan-do-check-act or plan-do-check-adjust) is an iterative four-step management method used in
business for the control and continuous improvement of processes and products. It is also known as the
Deming circle/cycle/wheel, Stewart cycle, control circle/cycle, or plan-do-study-act (PDSA). Another
version of this PDCA cycle is OPDCA. The added "O" stands for observation or as some versions say
"Grasp the current condition."
The steps in each successive PDCA cycle are:
PLAN
Establish the objectives and processes necessary to deliver results in accordance with the expected output
(the target or goals). By establishing output expectations, the completeness and accuracy of the spec is
also a part of the targeted improvement. When possible start on a small scale to test possible effects.
DO
Implement the plan, execute the process, make the product. Collect data for charting and analysis in the
following "CHECK" and "ACT" steps.
CHECK
Study the actual results (measured and collected in "DO" above) and compare against the expected results
(targets or goals from the "PLAN") to ascertain any differences. Look for deviation in implementation from
the plan and also look for the appropriateness and completeness of the plan to enable the execution, i.e.,
"Do". Charting data can make this much easier to see trends over several PDCA cycles and in order to
convert the collected data into information. Information is what you need for the next step "ACT".
ACT
Request corrective actions on significant differences between actual and planned results. Analyze the
differences to determine their root causes. Determine where to apply changes that will include
improvement of the process or product. When a pass through these four steps does not result in the need
to improve, the scope to which PDCA is applied may be refined to plan and improve with more detail in the
next iteration of the cycle, or attention needs to be placed in a different stage of the process.
The following answers are incorrect:
PLAN - Establish the objectives and processes necessary to deliver results in accordance with the
expected output (the target or goals).
DO - Implement the plan, execute the process, make the product. Collect data for charting and analysis in
the following "CHECK" and "ACT" steps.
ACT -Request corrective actions on significant differences between actual and planned results. Analyze the
differences to determine their root causes. Determine where to apply changes that will include
improvement of the process or product
The following reference(s) were/was used to create this question:
CISA review manual 2014 page number 107
CISA Exam Question 454
During a review of a customer master file, an IS auditor discovered numerous customer name duplications
arising from variations in customer first names. To determine the extent of the duplication, the IS auditor
would use:
arising from variations in customer first names. To determine the extent of the duplication, the IS auditor
would use:
Correct Answer: C
Section: Protection of Information Assets
Explanation:
Since the name is not the same {due to name variations), one method to detect duplications would be to
compare other common fields, such as addresses. A subsequent review to determine common customer
names at these addresses could then be conducted. Searching for duplicate account numbers would not
likely find duplications, since customers would most likely have different account numbers for each
variation. Test data would not be useful to detect the extent of any data characteristic, but simply to
determine how the data were processed.
Explanation:
Since the name is not the same {due to name variations), one method to detect duplications would be to
compare other common fields, such as addresses. A subsequent review to determine common customer
names at these addresses could then be conducted. Searching for duplicate account numbers would not
likely find duplications, since customers would most likely have different account numbers for each
variation. Test data would not be useful to detect the extent of any data characteristic, but simply to
determine how the data were processed.
CISA Exam Question 455
Which of the following malware technical fool's malware by appending section of themselves to files - somewhat in the same way that file malware append themselves?
Correct Answer: C
Explanation/Reference:
Immunizers defend against malware by appending sections of themselves to files - sometime in the same way Malware append themselves. Immunizers continuously check a file for changes and report changes as possible malware behavior. Other type of Immunizers are focused to a specific malware and work by giving the malware the impression that the malware has already infected to the computer. This method is not always practical since it is not possible to immunize file against all known malware.
For you exam you should know below mentioned different kinds of malware Controls
A. Scanners- Look for sequences of bit called signature that are typical malware programs.
The two primary types of scanner are
1. Malware mask or Signatures - Anti-malware scanners check files, sectors and system memory for known and new (unknown to scanner) malware, on the basis of malware masks or signatures. Malware masks or signature are specific code strings that are recognized as belonging to malware. For polymorphic malware, the scanner sometimes has algorithms that check for all possible combinations of a signature that could exist in an infected file.
2. Heuristic Scanner - Analyzes the instructions in the code being scanned and decide on the basis of statistical probabilities whether it could contain malicious code. Heuristic scanning result could indicate that malware may be present, that is possibly infected. Heuristic scanner tend to generate a high level false positive errors (they indicate that malware may be present when, in fact, no malware is present) Scanner examines memory disk- boot sector, executables, data files, and command files for bit pattern that match a known malware. Scanners, therefore, need to be updated periodically to remain effective.
B. Immunizers - Defend against malware by appending sections of themselves to files - sometime in the same way Malware append themselves. Immunizers continuously check a file for changes and report changes as possible malware behavior. Other type of Immunizers are focused to a specific malware and work by giving the malware the impression that the malware has already infected to the computer. This method is not always practical since it is not possible to immunize file against all known malware.
C. Behavior Blocker- Focus on detecting potential abnormal behavior such as writing to the boot sector or the master boot record, or making changes to executable files. Blockers can potentially detect malware at an early stage. Most hardware based anti-malware mechanism are based on this concept.
D. Integrity CRC checker- Compute a binary number on a known malware free program that is then stored in a database file. The number is called Cyclic Redundancy Check (CRC). On subsequent scans, when that program is called to execute, it checks for changes to the file as compare to the database and report possible infection if changes have occurred. A match means no infection; a mismatch means change in the program has occurred. A change in the program could mean malware within it. These scanners are effective in detecting infection; however, they can do so only after infection has occurred. Also, a CRC checker can only detect subsequent changes to files, because they assume files are malware free in the first place. Therefore, they are ineffective against new files that are malware infected and that are not recorded in the database. Integrity checker take advantage of the fact that executable programs and boot sectors do not change often, if at all.
E. Active Monitors - Active monitors interpret DOS and read-only memory (ROM) BIOS calls, looking for malware like actions. Active monitors can be problematic because they can not distinguish between a user request and a program or a malware request. As a result, users are asked to confirm actions, including formatting a disk or deleting a file or set of files.
The following were incorrect answers:
Scanners -Look for sequences of bit called signature that are typical malware programs.
Active Monitors - Active monitors interpret DOS and read-only memory (ROM) BIOS calls, looking for malware like actions. Active monitors can be problematic because they can not distinguish between a user request and a program or a malware request. As a result, users are asked to confirm actions, including formatting a disk or deleting a file or set of files.
Behavior Blocker- Focus on detecting potential abnormal behavior such as writing to the boot sector or the master boot record, or making changes to executable files. Blockers can potentially detect malware at an early stage. Most hardware based anti-malware mechanism are based on this concept.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 354 and 355
Immunizers defend against malware by appending sections of themselves to files - sometime in the same way Malware append themselves. Immunizers continuously check a file for changes and report changes as possible malware behavior. Other type of Immunizers are focused to a specific malware and work by giving the malware the impression that the malware has already infected to the computer. This method is not always practical since it is not possible to immunize file against all known malware.
For you exam you should know below mentioned different kinds of malware Controls
A. Scanners- Look for sequences of bit called signature that are typical malware programs.
The two primary types of scanner are
1. Malware mask or Signatures - Anti-malware scanners check files, sectors and system memory for known and new (unknown to scanner) malware, on the basis of malware masks or signatures. Malware masks or signature are specific code strings that are recognized as belonging to malware. For polymorphic malware, the scanner sometimes has algorithms that check for all possible combinations of a signature that could exist in an infected file.
2. Heuristic Scanner - Analyzes the instructions in the code being scanned and decide on the basis of statistical probabilities whether it could contain malicious code. Heuristic scanning result could indicate that malware may be present, that is possibly infected. Heuristic scanner tend to generate a high level false positive errors (they indicate that malware may be present when, in fact, no malware is present) Scanner examines memory disk- boot sector, executables, data files, and command files for bit pattern that match a known malware. Scanners, therefore, need to be updated periodically to remain effective.
B. Immunizers - Defend against malware by appending sections of themselves to files - sometime in the same way Malware append themselves. Immunizers continuously check a file for changes and report changes as possible malware behavior. Other type of Immunizers are focused to a specific malware and work by giving the malware the impression that the malware has already infected to the computer. This method is not always practical since it is not possible to immunize file against all known malware.
C. Behavior Blocker- Focus on detecting potential abnormal behavior such as writing to the boot sector or the master boot record, or making changes to executable files. Blockers can potentially detect malware at an early stage. Most hardware based anti-malware mechanism are based on this concept.
D. Integrity CRC checker- Compute a binary number on a known malware free program that is then stored in a database file. The number is called Cyclic Redundancy Check (CRC). On subsequent scans, when that program is called to execute, it checks for changes to the file as compare to the database and report possible infection if changes have occurred. A match means no infection; a mismatch means change in the program has occurred. A change in the program could mean malware within it. These scanners are effective in detecting infection; however, they can do so only after infection has occurred. Also, a CRC checker can only detect subsequent changes to files, because they assume files are malware free in the first place. Therefore, they are ineffective against new files that are malware infected and that are not recorded in the database. Integrity checker take advantage of the fact that executable programs and boot sectors do not change often, if at all.
E. Active Monitors - Active monitors interpret DOS and read-only memory (ROM) BIOS calls, looking for malware like actions. Active monitors can be problematic because they can not distinguish between a user request and a program or a malware request. As a result, users are asked to confirm actions, including formatting a disk or deleting a file or set of files.
The following were incorrect answers:
Scanners -Look for sequences of bit called signature that are typical malware programs.
Active Monitors - Active monitors interpret DOS and read-only memory (ROM) BIOS calls, looking for malware like actions. Active monitors can be problematic because they can not distinguish between a user request and a program or a malware request. As a result, users are asked to confirm actions, including formatting a disk or deleting a file or set of files.
Behavior Blocker- Focus on detecting potential abnormal behavior such as writing to the boot sector or the master boot record, or making changes to executable files. Blockers can potentially detect malware at an early stage. Most hardware based anti-malware mechanism are based on this concept.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 354 and 355
- Other Version
- 5799ISACA.CISA.v2025-06-20.q647
- 1805ISACA.CISA.v2025-06-11.q606
- 2254ISACA.CISA.v2023-03-04.q272
- 2353ISACA.CISA.v2022-10-31.q203
- 2452ISACA.CISA.v2022-03-29.q126
- 123ISACA.Examprepaway.CISA.v2022-02-10.by.barret.126q.pdf
- 36ISACA.Actualvce.CISA.v2021-08-31.by.ralap.101q.pdf
- Latest Upload
- 293ISACA.CGEIT.v2025-09-19.q537
- 155Fortinet.FCP_FWF_AD-7.4.v2025-09-18.q62
- 155Scrum.SAFe-Practitioner.v2025-09-18.q63
- 146Workday.Workday-Prism-Analytics.v2025-09-17.q17
- 131Oracle.1Z0-1055-24.v2025-09-17.q28
- 129Oracle.1Z1-182.v2025-09-17.q32
- 245Nutanix.NCP-US-6.5.v2025-09-16.q73
- 266Oracle.1z0-071.v2025-09-16.q232
- 203Oracle.1Z1-922.v2025-09-16.q125
- 326CyberArk.PAM-CDE-RECERT.v2025-09-15.q100
[×]
Download PDF File
Enter your email address to download ISACA.CISA.v2021-11-29.q567 Practice Test