Last Attempt CISA Questions

 The best way to detect that a distributed denial of service (DDoS) attack is occurring is to use automated monitoring of logs. A DDoS attack disrupts the operations of a server, service, or network byflooding it with unwanted Internet traffic2. Automated monitoring of logs can help pinpoint potentialDDoS attacks by analyzing network traffic patterns, monitoring traffic spikes or other unusual activity, and alertingadministrators or security teams of any anomalies or malicious requests, protocols, or IP blocks3. Automated monitoring of logs can also help identify the source, type, and impact of the DDoS attack, and provide evidence for further investigation or mitigation.

The other options are not as effective as automated monitoring of logs for detecting DDoS attacks. Customer service complaints are an indirect and delayed indicator of a DDoS attack, as they rely onusers reporting problems with accessing a website or service. Customer service complaints may also be caused by other factors unrelated to DDoS attacks, such as server errors or network issues. Server crashes are an extreme and undesirable indicator of a DDoS attack, as they indicate that the server has already been overwhelmed by the attack and has stopped functioning. Server crashes may also result in data loss or corruption, service disruption, or reputational damage. Penetration testing is a proactive and preventive measure for assessing the security posture of a system or network, but it does not detect ongoing DDoS attacks. Penetration testing may involve simulating DDoS attacks to test the resilienceor vulnerability of a system or network, but it does not monitor real-time traffic or identify actual attackers.

References:

ISACA CISA Review Manual 27th Edition (2019), page 254

How to prevent DDoS attacks | Methods and tools | Cloudflare2

Understanding Denial-of-Service Attacks | CISA3

The most likely application input control that would detect data input errors in the customer account number field during the processing of an accounts receivable transaction is a validity check. A validity check is a type of application control that verifieswhether the data entered in an application matches a predefined set of values or criteria1. For example, a validity check can compare the customer account number entered by the user with a list of existing customer account numbers stored in a database, and reject any input that does not match any of the valid values2.

The other options are not as likely to detect data input errors in the customer account number field, because they do not compare the input with a predefined set of values or criteria. A limit check is a type of application control that verifies whether the data entered in an application falls within a specified range or limit1. For example, a limitcheck can ensure that the amount entered for an invoice does not exceed a certainmaximum value2. A parity check is a type of application control that verifies whether the data entered in an application has an even or odd number of bits1. For example, a parity check can detect transmission errors in binary data by adding an extra bit to the data and checking whether the number of bits is consistent3. A reasonableness check is a type of applicationcontrol that verifies whether the data entered in anapplication is logical or sensible based on other related data or information1. Forexample, a reasonableness check can ensure that the date entered for an order is not in the future or before the date of creation of the customer account2. References:

What are application controls? Definition, examples & best practices1

General Control Vs Application Control: Key Differences and Example …4

Parity Check - an overview | ScienceDirect Topics

The finding that should be ranked as the highest risk is that network penetration tests are not performed. Network penetration tests are simulated cyberattacks that aim to identify and exploit the vulnerabilities and weaknesses of the network security controls, such as firewalls, routers, switches, servers, and devices. Network penetration tests are essential for assessing the effectiveness and resilience of the network security posture, and for providing recommendations for improvement and remediation. If network penetration tests are not performed, the organization may not be aware of the existing or potential threats and risks to its network, and may not be able to prevent or respond to real cyberattacks, which can result in data breaches, service disruptions, financial losses, reputational damage, and legal or regulatory penalties. The other findings are also important, butnot as risky as the lack of network penetration tests, because they either do not directly affect the networksecurity controls, or they can be addressed by documentation or approval processes. References: CISA Review Manual (Digital Version)1, Chapter 5, Section 5.2.4

The greatest concern for an IS auditor reviewing an organization’s business continuity plan (BCP) is that the BCP has not been tested since it was first issued. A BCP is a document that describes how an organization will continue its critical business functions in the event of a disruption or disaster. A BCP should include information such as roles and responsibilities, recovery strategies, resources,procedures, communication plans, and backup arrangements3. Testing the BCP is a vital step in ensuring its validity, effectiveness, and readiness. Testing the BCP involves simulating various scenarios and executing the BCP to verify whether it meets its objectives and requirements. Testing the BCP can also help to identify and correct any gaps, errors, or weaknesses in the BCP before they become issues during a real incident4. Therefore, an IS auditor should be concerned if the BCP has not been tested since it was first issued, as it may indicate that the BCP is outdated, inaccurate, incomplete, or ineffective. The other options are less concerning or incorrect because:

A. The BCP’s contact information needs to be updated is not a great concern for an IS auditor reviewing an organization’s BCP, as it is a minor issue that can be easily fixed. Contact information refers to the names, phone numbers, email addresses, or other details of the people involved in the BCP execution or communication. Contact information needs to be updated regularly to reflect any changes in personnel or roles. While having outdated contact information may cause some delays or confusion during a BCP activation, it does not affect the overall validity or effectiveness of the BCP.

B. The BCP is not version controlled is not a great concern for an IS auditor reviewing an organization’s BCP, as it is a moderate issue that can be improved. Version control refers to the process of tracking and managing changes made to the BCP over time. Version control helps to ensure that only authorized changes are made to the BCP and that there is a clear record of who made what changes when and why. Version control also helps to avoid conflicts or inconsistencies among different versions of the BCP. While having no version control may cause some difficulties or risks in maintaining and updating the BCP, it does not affect the overall validity or effectiveness of the BCP.

C. The BCP has not been approved by senior management is not a great concern for an IS auditor reviewing an organization’s BCP, as it is a high-level issue that can be resolved. Approval by senior management refers to the formal endorsement and support of the BCP by the top executives or leaders of the organization. Approval by senior management helps to ensure that the BCP is aligned with the organization’s strategy, objectives, and priorities, and that it has sufficient resources and authority to be implemented. Approval by senior management also helps to increase the awareness and commitment of the organization’s stakeholders to the BCP. While having no approval by senior management may affect the credibilityand acceptance of the BCP, it does not affect the overall validity or effectiveness of the BCP. References: Working Toward a Managed, Mature Business Continuity Plan - ISACA, ISACA Introduces New Audit Programs for Business Continuity/Disaster …, Disaster Recovery and Business Continuity Preparedness for Cloud-based …