CISA Exam Dumps - Certified Information Systems Auditor

The design phase of the system development life cycle (SDLC) is where an IS auditor would expect to find that controlshave been incorporated into system specifications, because this is where the system requirements are translated intodetailed design specifications that include the technical, functional, and security aspects of the system34. The implementation phase iswhere the system is deployed and tested, the development phase is where the system is codedand unit tested, and thefeasibility phase is where the system objectives and scope are defined. References: 3: CISA Review Manual (Digital Version), Chapter 4, Section 4.2.2 4: CISA Online Review Course, Module 4, Lesson 2

 The best way to detect that a distributed denial of service (DDoS) attack is occurring is to use automated monitoring of logs. A DDoS attack disrupts the operations of a server, service, or network byflooding it with unwanted Internet traffic2. Automated monitoring of logs can help pinpoint potentialDDoS attacks by analyzing network traffic patterns, monitoring traffic spikes or other unusual activity, and alertingadministrators or security teams of any anomalies or malicious requests, protocols, or IP blocks3. Automated monitoring of logs can also help identify the source, type, and impact of the DDoS attack, and provide evidence for further investigation or mitigation.

The other options are not as effective as automated monitoring of logs for detecting DDoS attacks. Customer service complaints are an indirect and delayed indicator of a DDoS attack, as they rely onusers reporting problems with accessing a website or service. Customer service complaints may also be caused by other factors unrelated to DDoS attacks, such as server errors or network issues. Server crashes are an extreme and undesirable indicator of a DDoS attack, as they indicate that the server has already been overwhelmed by the attack and has stopped functioning. Server crashes may also result in data loss or corruption, service disruption, or reputational damage. Penetration testing is a proactive and preventive measure for assessing the security posture of a system or network, but it does not detect ongoing DDoS attacks. Penetration testing may involve simulating DDoS attacks to test the resilience or vulnerability of a system or network, but it does not monitor real-time traffic or identify actual attackers.

Comprehensive and Detailed Explanation:

When an auditor finds that the process owner is accepting residual risk beyond the organization’s defined risk appetite, it is not appropriate to accept the action plan or wait until the next committee report.

Escalating to audit management (D) is the correct step. Audit management can then determine whether to escalate further to executive management or the audit committee.

Including in the next report (A) delays timely risk response.

Informing executive management directly (B) by passes the audit reporting hierarchy.

Accepting the plan (C) would be inappropriate as it ignores risk governance.

📖 ISACA Reference: CISA Review Manual 27th Edition, Domain 1 (Governance and Risk Management), section on Risk appetite, residual risk, and auditor’s role in escalation.

 The greatest concern with this situation is that a business-critical application does not currently have any level of fault tolerance and thus has a single point of failure. A single point of failure is a component or element of a system that, if it fails, will cause the entire system to stop functioning. Fault tolerance is the ability of a system to continue operating without interruption or degradation in the event of a failure of one or more of its components or elements. Fault tolerance can be achieved by using techniques such as redundancy, replication, backup, or failover. A business-critical application should have a high level of fault tolerance to ensure its availability, reliability, and continuity. References:

CISA Review Manual (Digital Version), Chapter 5, Section 5.51

CISA Online Review Course,Domain 3, Module 3, Lesson 22

Minimizing business downtime is critical when implementing a new system that supports an essential process like month-end closing.

Option A (Incorrect):Thebig bang approachinvolves replacing the old system with the new system all at once. This method carries ahigh riskbecause if issues arise, they may causesignificant downtimeand disruption.

Option B (Correct):Aphased approachgradually implements the system in stages, allowing users toadaptand minimizing the risk of complete failure. This strategy is ideal for critical systems that cannot afford extended downtime.

Option C (Incorrect):Thecutover approachis a variation of big bang, where the old system is shut down, and the new system is activated. This method isriskyfor month-end processes because errors can causebusiness delays.

Option D (Incorrect):Theparallel approachruns both old and new systems simultaneously to verify accuracy, but it isresource-intensiveand may not be practical for a high-volume month-end process.

The success of a DLP implementation relies heavily on accurately defining and configuring the policies and rule sets. These configurations ensure that the DLP tool effectively monitors and controls the movement of sensitive data within the organization, thereby preventing data loss.

References

ISACA CISA Review Manual 27th Edition, Page 301-302 (Data Loss Prevention)