- (Topic 4)
Which of the following would be MOST effective in detecting the presence of an unauthorized wireless access point on an internal network?

1. A. Continuous network monitoring
2. B. Periodic network vulnerability assessments
3. C. Review of electronic access logs
4. D. Physical security reviews

Correct Answer: A
The most effective method for detecting the presence of an unauthorized wireless access point on an internal network is A. Continuous network monitoring. This is because continuous network monitoring can capture and analyze all the wireless traffic in the network and identify any rogue or spoofed devices that may be connected to the network without authorization. Continuous network monitoring can also alert the system administrator of any suspicious or anomalous activities on the network and help to locate and remove the unauthorized wireless access point quickly.
Periodic network vulnerability assessments (B) can also help to detect unauthorized wireless access points, but they are not as effective as continuous network monitoring, because they are performed at fixed intervals and may miss some devices that are added or removed between the assessments. Review of electronic access logs © can provide some information about the devices that access the network, but they may not be able to detect devices that use fake or stolen credentials or devices that do not generate any logs. Physical security reviews (D) can help to prevent unauthorized physical access to the network ports or devices, but they may not be able to detect wireless access points that are hidden or disguised as legitimate devices.

- (Topic 2)
Which of the following is the MOST important determining factor when establishing appropriate timeframes for follow-up activities related to audit findings?

1. A. Availability of IS audit resources
2. B. Remediation dates included in management responses
3. C. Peak activity periods for the business
4. D. Complexity of business processes identified in the audit

Correct Answer: B
The most important determining factor when establishing appropriate timeframes for follow-up activities related to audit findings is the remediation dates included in management responses. The IS auditor should ensure that the follow-up activities are aligned with the agreed-upon action plans and deadlines that management has committed to in response to the audit findings. The follow-up activities should verify that management has implemented the corrective actions effectively and in a timely manner, and that the audit findings have been resolved or mitigated.
The other options are less important factors for establishing timeframes for follow-up activities:
✑ Availability of IS audit resources. This is a practical factor that may affect the scheduling and execution of follow-up activities, but it should not override the priority and urgency of verifying management’s corrective actions.
✑ Peak activity periods for the business. This is a factor that may affect the availability and cooperation of auditees during follow-up activities, but it should not delay or postpone the verification of management’s corrective actions beyond reasonable limits.
✑ Complexity of business processes identified in the audit. This is a factor that may affect the scope and depth of follow-up activities, but it should not affect the timeframe for verifying management’s corrective actions.

- (Topic 4)
Which of the following is the BEST recommendation to include in an organization's bring your own device (BYOD) policy to help prevent data leakage?

1. A. Require employees to waive privacy rights related to data on BYOD devices.
2. B. Require multi-factor authentication on BYOD devices,
3. C. Specify employee responsibilities for reporting lost or stolen BYOD devices.
4. D. Allow only registered BYOD devices to access the network.

Correct Answer: B
The best recommendation to include in an organization’s bring your own device (BYOD) policy to help prevent data leakage is to require multi-factor authentication on BYOD devices. BYOD is a practice that allows employees to use their own personal devices, such as smartphones, tablets, or laptops, to access the organization’s network, data, and systems. Data leakage is a risk that involves the unauthorized or accidental disclosure or transfer of sensitive or confidential data from the organization to external parties or devices. Multi-factor authentication is a security measure that requires users to provide two or more pieces of evidence to verify their identity and access rights, such as passwords, tokens, biometrics, or codes. Multi-factor authentication can help prevent data leakage by reducing the likelihood of unauthorized access to the organization’s data and systems through BYOD devices, especially if they are lost, stolen, or compromised. The other options are not as effective as requiring multi-factor authentication on BYOD devices, because they either do not prevent data leakage directly, or they are reactive rather than proactive measures. References: CISA Review Manual (Digital Version)1, Chapter 5, Section 5.2.3

- (Topic 4)
Which of the following should be considered when examining fire suppression systems as part of a data center environmental controls review?

1. A. Installation manuals
2. B. Onsite replacement availability
3. C. Insurance coverage
4. D. Maintenance procedures

Correct Answer: D
The correct answer is D. Maintenance procedures should be considered when examining fire suppression systems as part of a data center environmental controls review. Fire suppression systems are critical for protecting the data center equipment and personnel from fire hazards. Therefore, they should be regularly maintained and tested to ensure their proper functioning and compliance with safety standards. Maintenance procedures should include inspection, cleaning, replacement, and repair of the fire suppression system components, as well as documentation of the maintenance activities and results. Installation manuals, onsite replacement availability, and insurance coverage are not directly related to the fire suppression system performance and effectiveness, and therefore are not relevant for the audit review. References: CISA Review Manual (Digital Version)1, page 403.

- (Topic 4)
An IT balanced scorecard is PRIMARILY used for:

1. A. evaluating the IT project portfolio
2. B. measuring IT strategic performance
3. C. allocating IT budget and resources
4. D. monitoring risk in lT-related processes

Correct Answer: B
An IT balanced scorecard is primarily used for measuring IT strategic performance. An IT balanced scorecard is a framework that translates the IT strategy into measurable objectives, indicators, targets, and initiatives across four perspectives: financial, customer, internal process, and learning and growth. An IT balanced scorecard helps to monitor and evaluate how well the IT function is delivering value to the organization, achieving its strategic goals, and improving its capabilities and competencies. The other options are not the primary uses of an IT balanced scorecard, because they either focus on specific aspects of IT rather than the overall performance, or they are not directly related to the IT strategy. References: CISA Review Manual (Digital Version)1, Chapter 1, Section 1.2.3