Isaca Certification CISA Updated Exam

 The primary basis for selecting which IS audits to perform in the coming year is the organizational risk assessment. An organizational risk assessment is a formal process for identifying, evaluating, and controlling risks that may affect the achievement of the organization’s goals and objectives3. An organizational risk assessment can help IS auditors prioritize and plan their audit activities based on the level of risk exposure and impact of each area or process within the organization. An organizational risk assessment can also help IS auditors align their audit objectives and criteria with the organization’s strategy and performance indicators. Senior management’s request, prior year’s audit findings, and previous audit coverage and scope are also possible bases for selecting which IS audits to perform in the coming year, but not as primary as the organizational risk assessment. These factors are more secondary or supplementary sources of information that can help IS auditors refine or adjust their audit plan based on specific needs or issues identified by management or previous audits. However, these factors may not reflect the current or emerging risks that may affect the organization’s operations or performance. References: ISACA CISA Review Manual 27th Edition, page 295

 The first thing that should be done when an intrusion into an organization network is detected is to identify nodes that have been compromised. Identifying nodes that have been compromised is a critical step in responding to an intrusion, as it helps determine the scope, impact, and source of the attack, and enables the implementation of appropriate containment and recovery measures. The other options are not the first things that should be done when an intrusion into an organization network is detected, as they may be premature or ineffective without identifying nodes that have been compromised. Blocking all compromised network nodes is a containment measure that can help isolate and prevent the spread of the attack, but it may not be possible or feasible without identifying nodes that have been compromised. Contacting law enforcement is a reporting measure that can help seek external assistance and comply with legal obligations, but it may not be necessary or appropriate without identifying nodes that have been compromised. Notifying senior management is a communication measure that can help inform and escalate the incident, but it may not be urgent or accurate without identifying nodes that have been compromised. References: CISA Review Manual (Digital Version), Chapter 4, Section 4.2.2

Flooding the site with an excessive number of packets is an attack technique that will succeed because of an inherent security weakness in an Internet firewall. This type of attack is also known as a denial-of-service (DoS) attack or a distributed denial-of-service (DDoS) attack if it involves multiple sources. The aim of this attack is to overwhelm the network bandwidth or the processing capacity of the firewall or the target system, rendering it unable to respond to legitimate requests or perform its normal functions. An Internet firewall is a device or software that monitors and controls incoming and outgoing network traffic based on predefined rules. A firewall can block or allow traffic based on various criteria, such as source address, destination address, port number, protocol type, application type, etc. However, a firewall cannot prevent traffic from reaching its interface or distinguish between legitimate and malicious traffic based on its content or behavior. Therefore, a firewall is vulnerable to flooding attacks that exploit its limited resources. Phishing is an attack technique that involves sending fraudulent emails or messages that appear to come from legitimate sources, such as banks, government agencies, online services, etc., in order to trick recipients into revealing their personal or financial information, such as passwords, credit card numbers, bank account details, etc., or into clicking on malicious links or attachments that can infect their systems with malware or ransomware. Phishing does not exploit an inherent security weakness in an Internet firewall, but rather exploits human psychology and social engineering techniques. A firewall cannot prevent phishing emails or messages from reaching their intended targets, unless they contain some identifiable features that can be filtered out by the firewall rules. However, a firewall cannot detect or prevent users from responding to phishing emails or messages or from opening malicious links or attachments. Using a dictionary attack of encrypted passwords is an attack technique that involves trying to guess or crack passwords by using a list of common or likely passwords or by using a brute-force method that tries all possible combinations of characters. This type of attack does not exploit an inherent security weakness in an Internet firewall, but rather exploits weak or poorly chosen passwords or weak encryption algorithms. A firewall cannot prevent a dictionary attack of encrypted passwords, unless it has some mechanisms to detect and block repeated or suspicious login attempts or to enforce strong password policies. However, a firewall cannot protect passwords from being stolen or intercepted by other means, such as phishing, malware, keylogging, etc. Intercepting packets and viewing passwords is an attack technique that involves capturing and analyzing network traffic that contains sensitive information, such as passwords, credit card numbers, bank account details, etc., in order to use them for malicious purposes. This type of attack does not exploit an inherent security weakness in an Internet firewall, but rather exploits insecure or unencrypted network communication protocols or channels. A firewall cannot prevent packets from being intercepted and viewed by unauthorized parties, unless it has some mechanisms to encrypt or obfuscate the network traffic or to authenticate the source and destination of the traffic. However, a firewall cannot protect packets from being modified or tampered with by other means, such as man-in-the-middle attacks, replay attacks, etc. References: ISACA CISA Review Manual 27th Edition, page 300

 The IS auditor’s independence would be most likely impaired if they implemented a specific control during the development of an application system. This is because the IS auditor would be auditing their own work, which creates a self-review threat that could compromise their objectivity and impartiality. The IS auditor should avoid participating in any operational or management activities that could affect their ability to perform an unbiased audit. The other options do not pose a significant threat to the IS auditor’s independence, as long as they follow the ethical standards and guidelines of the profession.