CISA Information System Auditing Process • Complete Question Bank
Complete CISA Information System Auditing Process question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. ``` Change Management Log Extract: CR-2024-001: Approved | Implemented 01/15 14:00 CR-2024-002: Approved | Implemented 01/20 09:30 CR-2024-003: Emergency (post-approved) | Implemented 01/25 22:15 CR-2024-004: Approved | Implemented 02/01 11:00 CR-2024-005: Emergency (post-approved) | Implemented 02/10 23:45 CR-2024-006: Approved | Implemented 02/15 10:00 CR-2024-007: Emergency (post-approved) | Implemented 02/20 21:30 ```
Refer to the exhibit. ``` Access Control List for /payroll: User: jdoe (Read, Write) User: asmith (Read) Group: HR_Managers (Full Control) Group: Payroll_Clerks (Read, Write) Group: Internal_Audit (Read) Effective permissions for user jdoe: Read, Write ```
Refer to the exhibit. ``` System Log Entry: Timestamp: 2024-03-15 14:32:17 Event ID: 4625 (Logon Failure) Account: svc_backup Source: Backup Server Failure Reason: Account locked out. ```
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Risk without controls
Risk that controls fail
Risk that audit misses errors
Overall risk of incorrect opinion
Drag a concept onto its matching description — or click a concept then click the description.
Information System Auditing Process
Governance and Management of IT
Information Systems Acquisition, Development, and Implementation
Information Systems Operations and Business Resilience
Protection of Information Assets
Refer to the exhibit. ``` # Audit log extract from firewall 'FW-Primary' 2024-03-15 14:22:33 | rule_id=101 | action=deny | src=10.0.1.50 | dst=172.16.0.1 | port=22 | status=alert 2024-03-15 14:22:34 | rule_id=101 | action=deny | src=10.0.1.50 | dst=172.16.0.1 | port=22 | status=alert 2024-03-15 14:22:35 | rule_id=101 | action=deny | src=10.0.1.50 | dst=172.16.0.1 | port=22 | status=alert 2024-03-15 14:23:01 | rule_id=105 | action=permit | src=10.0.1.50 | dst=172.16.0.5 | port=443 | status=alert 2024-03-15 14:23:02 | rule_id=105 | action=permit | src=10.0.1.50 | dst=172.16.0.5 | port=443 | status=alert ```
Refer to the exhibit.
```
<iam-policy>
<role name="data_analyst">
<permission>READ_ONLY</permission>
<resource pattern="^projects/prod/datasets/.*/tables/sales_.*$">ALLOW</resource>
</role>
<role name="data_scientist">
<permission>READ_WRITE</permission>
<resource pattern="^projects/prod/datasets/.*/tables/sales_.*$">ALLOW</resource>
</role>
<user name="jdoe@company.com">
<role>data_analyst</role>
</user>
<user name="asmith@company.com">
<role>data_scientist</role>
</user>
</iam-policy>
```Refer to the exhibit. ``` Error Log Entry: Timestamp: 2024-03-20 10:15:32 Source: BackupServer01 EventID: 213 Level: Error Message: Backup job 'DailyBackup' failed. Source volume: \\FileServer\Shares, Destination: \\BackupServer01\Backup\Shares. Error code: 0x80070002 (The system cannot find the file specified.) ```
Refer to the exhibit. ``` Feb 20 10:15:32 firewall %ASA-4-106023: Deny tcp src outside:10.0.0.1/3389 dst inside:192.168.1.100/3389 by access-group "outside_in" [0x0, 0x0] ```
Refer to the exhibit. ``` ERROR: ORA-00604: error occurred at recursive SQL level 1 ERROR: ORA-00054: resource busy and acquire with NOWAIT specified or timeout expired ```
Refer to the exhibit.
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::confidential-data/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "10.0.0.0/8"
}
}
}
]
}
```Refer to the exhibit. Audit Finding Report Excerpt: Finding ID: F-001 Control: User Account Management Observation: Review of Active Directory logs from 01-Mar-2024 to 07-Mar-2024 revealed that the default administrator account (Administrator) was used to perform 45% of all privileged actions. No evidence of secondary approval or time-based restrictions. Configuration snippet from domain controller: Set-ADUser -Identity Administrator -PasswordNeverExpires $true Set-ADUser -Identity Administrator -CannotChangePassword $true Audit Recommendation: Implement a privileged access management (PAM) solution and enforce use of individual privileged accounts.