Free Access to ISACA.CISA.v2022-02-26.q471 with Valid Practice Test (Page 26)

Question 121

.The traditional role of an IS auditor in a control self-assessment (CSA) should be that of a(n):

A.Implementor
B.Facilitator
C.Developer
D.Sponsor

Question 122

An IS auditor conducting a review of disaster recovery planning (DRP) at a financial processing organization has discovered the following:
The existing disaster recovery plan was compiled two years earlier by a systems analyst in the organization's IT department using transaction flow projections from the operations department.
The plan was presented to the deputy CEO for approval and formal issue, but it is still awaiting his/her attention.
The plan has never been updated, tested or circulated to key management and staff, though interviews show that each would know what action to take for its area in the event of a disruptive incident.
The basis of an organization's disaster recovery plan is to reestablish live processing at an alternative site where a similar, but not identical, hardware configuration is already established. An IS auditor should:

A.take no action as the lack of a current plan is the only significant finding.
B.recommend that the hardware configuration at each site is identical.
C.perform a review to verify that the second configuration can support live processing.
D.report that the financial expenditure on the alternative site is wasted without an effective plan.

Question 123

Which of the following PBX feature allows a PBX to be configured so that incoming calls are distributed to
the next available agent or placed on-hold until one become available?

A.Automatic Call distribution
B.Call forwarding
C.Tenanting
D.Voice mail

Correct Answer: A

Section: Protection of Information Assets
Explanation/Reference:
Automatic Call distribution allows a PBX to be configured so that incoming calls are distributed to the next
available agent or placed on-hold until one become available
For your exam you should know below mentioned PBX features and Risks:
System Features
Description
Risk
Automatic Call distribution
Allows a PBX to be configured so that incoming calls are distributed to the next available agent or placed
on-hold until one become available
Tapping and control of traffic
Call forwarding
Allow specifying an alternate number to which calls will be forwarded based on certain condition
User tracking
Account codes
Used to:
Track calls made by certain people or for certain projects for appropriate billing
Dial-In system access (user dials from outside and gain access to normal feature of the PBX)
Changing the user class of service so a user can access a different set of features (i.e. the override
feature)
Fraud, user tracking, non authorized features
Access Codes
Key for access to specific feature from the part of users with simple instruments, i.e. traditional analog
phones.
Non-authorized features
Silent Monitoring
Silently monitors other calls
Eavesdropping
Conferencing
Allows for conversation among several users
Eavesdropping, by adding unwanted/unknown parties to a conference
override(intrude)
Provides for the possibility to break into a busy line to inform another user an important message
Eavesdropping
Auto-answer
Allows an instrument to automatically go when called usually gives an auditor or visible warning which can
easily turned off
Gaining information not normally available, for various purpose
Tenanting
Limits system user access to only those users who belong to the same tenant group - useful when one
company leases out part of its building to other companies and tenants share an attendant, trunk lines,etc
Illegal usage, fraud, eavesdropping
Voice mail
Stores messages centrally and - by using a password - allows for retrieval from inside or outside lines.
Disclosure or destruction of all messages of a user when that user's password in known or discovered by
an intruder, disabling of the voice mail system and even the entire switch by lengthy messages or
embedded codes, illegal access to external lines.
Privacy release
Supports shared extensions among several devices, ensuring that only one device at a time can use an
extension. Privacy release disables the security by allowing devices to connect to an extension already in
use.
Eavesdropping
No busy extension
Allows calls to an in-use extension to be added to a conference when that extension is on conference and
already off-hook
Eavesdropping a conference in progress
Diagnostics
Allows for bypassing normal call restriction procedures. This kind of diagnostic is sometimes available from
any connected device. It is a separate feature, in addition to the normal maintenance terminal or attendant
diagnostics
Fraud and illegal usage
Camp-on or call waiting
When activated, sends a visual audible warning to an off-hook instrument that is receiving another call.
Another option of this feature is to conference with the camped-on or call waiting
Making the called individual a party to a conference without knowing it.
Dedicated connections
Connections made through the PBX without using the normal dialing sequences. It can be used to create
hot-lines between devices i.e. one rings when the other goes off-hook. It is also used for data connections
between devices and the central processing facility
Eavesdropping on a line
The following were incorrect answers:
Call forwarding - Allow specifying an alternate number to which calls will be forwarded based on certain
condition
Tenanting - Limits system user access to only those users who belong to the same tenant group useful
when one company leases out part of its building to other companies and tenants share an attendant, trunk
lines,etc
Voice Mail - Stores messages centrally and - by using a password - allows for retrieval from inside or
outside lines.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 358

Question 124

Which of the following is the MOST important audit activity following a database migration?

A.Analyze logs to identify potential migration errors that may have occurred
B.Review decommissioning processes for the original source of data
C.Review backup processes and retention requirements tor the original
D.Perform an audit of the data migration scripts to ensure integrity of the database

Question 125

An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?

A.Monitoring employees social networking usage
B.Requiring policy acknowledgment and nondisclosure agreements signed by employees
C.Providing education and guidelines to employees on use of social networking sites
D.Establishing strong access controls on confidential data

Question 121

Question 122

Question 123

Question 124

Question 125

Download PDF File