- (Topic 4)
Which of the following is the MOST effective accuracy control for entry of a valid numeric part number?

1. A. Hash totals
2. B. Online review of description
3. C. Comparison to historical order pattern
4. D. Self-checking digit

Correct Answer: D
A self-checking digit is the most effective accuracy control for entry of a valid numeric part number. This method involves adding an extra digit at the end of every number which is calculated from the other digits. This digit is then used to check the accuracy of the entered number1. While hash totals, online review of description, and comparison to historical order
pattern can be used as accuracy controls, they are not as effective as a self-checking digit.

- (Topic 4)
Which of the following are used in a firewall to protect the entity's internal resources?

1. A. Remote access servers
2. B. Secure Sockets Layers (SSLs)
3. C. Internet Protocol (IP) address restrictions
4. D. Failover services

Correct Answer: C
Internet Protocol (IP) address restrictions are used in a firewall to protect the entity’s internal resources by allowing or denying access to specific IP addresses or ranges of IP addresses based on predefined rules. Remote access servers, Secure Sockets Layers (SSLs), and failover services are not directly related to firewall protection, but rather to other aspects of network security, such as authentication, encryption, and
availability. References: CISA Review Manual (Digital Version), Chapter 5: Protection of Information Assets, Section 5.2: Network Security Devices and Technologies

- (Topic 1)
Spreadsheets are used to calculate project cost estimates. Totals for each cost category are then keyed into the job-costing system. What is the BEST control to ensure that data is accurately entered into the system?

1. A. Reconciliation of total amounts by project
2. B. Validity checks, preventing entry of character data
3. C. Reasonableness checks for each cost type
4. D. Display the back of the project detail after the entry

Correct Answer: A
Reconciliation of total amounts by project is the best control to ensure that data is accurately entered into the job-costing system from spreadsheets. Reconciliation is a process of comparing two sets of data to identify any differences or discrepancies between them. By reconciling the total amounts by project from spreadsheets with those from the job-costing system, any errors or omissions in data entry can be detected and corrected. Validity checks are controls that verify that data conforms to predefined formats or ranges. They can prevent entry of character data into numeric fields, but they cannot ensure that the numeric data is correct or complete. Reasonableness checks are controls that verify that data is within expected or acceptable limits. They can detect outliers or anomalies in data, but they cannot ensure that the data matches the source. Display back of project detail after entry is a control that allows the user to review and confirm the data entered into the system. It can help reduce human errors, but it cannot guarantee that the data is accurate or consistent with the source. References: Information Systems Operations and Business Resilience, CISA Review Manual (Digital Version)

- (Topic 3)
Which of the following is the BEST control lo mitigate attacks that redirect Internet traffic to an unauthorized website?

1. A. Utilize a network-based firewall.
2. B. Conduct regular user security awareness training.
3. C. Perform domain name system (DNS) server security hardening.
4. D. Enforce a strong password policy meeting complexity requirement.

Correct Answer: C
The best control to mitigate attacks that redirect Internet traffic to an unauthorized website is to perform domain name system (DNS) server security hardening. DNS servers are responsible for resolving domain names into IP addresses, and they are often targeted by attackers who want to manipulate or spoof DNS records to redirect users to malicious websites4. By applying security best practices to DNS servers, such as encrypting DNS traffic, implementing DNSSEC, restricting access and updating patches, the organization can reduce the risk of DNS hijacking attacks. A network-based firewall, user security awareness training and a strong password policy are also important controls, but they are not as effective as DNS server security hardening in preventing this specific type of attack. References:
✑ CISA Review Manual, 27th Edition, page 4021
✑ CISA Review Questions, Answers & Explanations Database - 12 Month Subscription

- (Topic 4)
When a data center is attempting to restore computing facilities at an alternative site following a disaster, which of the following should be restored FIRST?

1. A. Data backups
2. B. Decision support system
3. C. Operating system
4. D. Applications

Correct Answer: C
When a data center is attempting to restore computing facilities at an
alternative site following a disaster, the operating system should be restored FIRST. Here’s why:
✑ Operating System (OS):
✑ Data Backups:
✑ Applications:
✑ Decision Support System (DSS):
In summary, prioritize restoring the operating system, which forms the basis for subsequent recovery steps12. Once the OS is functional, proceed with data backups, applications, and other systems as needed.