Isaca Updated CISA Exam Questions and Answers by zadie

The best way to sanitize a hard disk for reuse to ensure the organization’s information cannot be accessed is data wiping. Data wiping is a process that overwrites the data on the hard disk with random or meaningless patterns, making it unrecoverable by any software or hardware methods. Data wiping can provide a high level of security and assurance that the organization’s information is permanently erased from the hard disk, and that it cannot be accessed by unauthorized parties or malicious actors.

Re-partitioning is not a way to sanitize a hard disk for reuse, but rather a way to organize the hard disk into different logical sections or volumes. Re-partitioning does not erase the data on the hard disk, but only changes the structure and allocation of the disk space. Re-partitioning may make the data inaccessible to the operating system, but not to other tools or methods that can scan or recover the data from the disk sectors.

Degaussing is a way to sanitize a hard disk for reuse, but only for magnetic hard disks, not solid state drives (SSDs). Degaussing is a process that exposes the hard disk to a strong magnetic field, which disrupts and destroys the magnetic alignment of the data on the disk platters. Degaussing can effectively erase the data on magnetic hard disks, but it can also damage or render unusable the electronic components of the hard disk, such as the read/write heads or circuit boards. Degaussing also does not work on SSDs, which store data using flash memory cells, not magnetic media.

Formatting is not a way to sanitize a hard disk for reuse, but rather a way to prepare the hard disk for use by an operating system. Formatting is a process that creates a file system on the hard disk, which defines how the data is stored and accessed on the disk. Formatting does not erase the data on the hard disk, but only deletes the file system metadata and marks the disk space as available for new data. Formatting may make the data invisible to the operating system, but not to other tools or methods that can restore or recover the data from the disk sectors.

References:

• How to Wipe A Hard Drive for Reuse? Check the Quickest Way to Wipe A Hard Drive - EaseUS 1
• HP PCs - Using Secure Erase or HP Disk Sanitizer 2
• HOW to QUICKLY and PERMANENTLY SANITIZE ANY DRIVE (SSD, USB thumb drive …) 

This is because the business processes are the core activities and functions that enable the organization to achieve its objectives and create value for its stakeholders. The business processes are also the sources and drivers of various risks that may affect the organization’s performance, compliance, and reputation. Therefore, the IS auditor should focus on understanding, assessing, and prioritizing the business processes that are most critical, complex, or vulnerable to the organization’s success, and align the audit objectives, scope, and resources accordingly12.

Critical business applications (A) are not the most important area of focus for an IS auditor when developing a risk-based audit strategy, but rather a specific aspect of the business processes that may require attention. Critical business applications are the software systems that support the execution and automation of the business processes, such as enterprise resource planning (ERP), customer relationship management (CRM), or accounting systems. Critical business applications may pose significant risks to the organization if they are not reliable, secure, or efficient. Therefore, the IS auditor should consider the criticality, functionality, and dependency of the business applications when planning the audit, but not as the primary focus12.

Existing IT controls © are not the most important area of focus for an IS auditor when developing a risk-based audit strategy, but rather an outcome or output of the risk assessment process. Existing IT controls are the policies, procedures, practices, and technologies that are implemented to manage and mitigate the IT-related risks that may affect the organization’s business processes and objectives. Existing IT controls may vary in their design, effectiveness, and maturity. Therefore, the IS auditor should evaluate and test the existing IT controls as part of the audit execution and reporting process, but not as the main focus12.

Recent audit results (D) are not the most important area of focus for an IS auditor when developing a risk-based audit strategy, but rather an input or source of information for the risk assessment process. Recent audit results are the findings, recommendations, and opinions of previous audits that may provide insights or feedback on the organization’s business processes, risks, and controls. Recent audit results may also indicate any changes or trends in the organization’s risk profile or environment. Therefore, the IS auditor should review and consider the recent audit results as part of the audit planning and scoping process, but not as the main focus12.

The best course of action for a security administrator who is called in the middle of the night by the on-call programmer who needs access to the live system is to give the programmer an emergency ID for temporary access and review the activity. This is because:

• Requiring that a change request be completed and approved may delay the resolution of the problem and cause further damage or disruption to the system or business operations. A change request is a formal document that describes the proposed change, its rationale, impact, benefits, risks, costs, and approval process. A change request is usually required for planned or scheduled changes, not for emergency or urgent changes.
• Giving the programmer read-only access to investigate the problem may not be sufficient or effective, as the programmer may need to perform actions or tests that require write or execute permissions. Read-only access means that the user can only view or copy data or files, but cannot modify or delete them.
• Reviewing activity logs the following day and investigating any suspicious activity may not prevent or detect any unauthorized or malicious actions by the programmer in real time. Activity logs are records of events and actions that occur within a system or network. Activity logs can provide evidence and accountability for system activities, but they are not proactive or preventive controls.

Therefore, giving the programmer an emergency ID for temporary access and reviewing the activity is the best course of action, as it allows the programmer to access the live system and resolve the problem quickly, while also ensuring that the security administrator can monitor and verify the programmer’s activity and revoke the access when it is no longer needed. An emergency ID is a temporary account that grants a user elevated privileges or access to a system or resource for a specific purpose and duration. An emergency ID should be:

• Created and authorized by a security administrator or manager
• Assigned to a specific user and purpose
• Limited in scope and time
• Logged and audited
• Revoked and deleted after use

Some of the best practices for emergency access to live systems are12:

• Establish clear policies and procedures for requesting, approving, granting, monitoring, reviewing, and revoking emergency access
• Define criteria and scenarios for emergency access, such as severity, impact, urgency, and risk
• Implement controls to prevent unauthorized or unnecessary use of emergency access, such as multifactor authentication, approval workflows, alerts, notifications, and time restrictions
• Implement controls to track and audit emergency access activities, such as logging, reporting, analysis, and investigation
• Implement controls to ensure accountability and responsibility for emergency access users, such as attestation, justification, documentation, and feedback

Recovery facilities providing a redundant combination of Internet connections to the local communications loop is an example of last-mile circuit protection. Last-mile circuit protection is a type of telecommunications continuity that ensures the availability and redundancy of the final segment of the network that connects the end-user to the service provider. The local communications loop, also known as the local loop or subscriber line, is the physical link between the customer premises and the nearest central office or point of presence of the service provider. By having multiple Internet connections from different providers or technologies, such as cable, DSL, fiber, wireless, or satellite, the recovery facilities can avoid losing connectivity in case one of the connections fails or is disrupted by a disaster5.

References:

• 9: Last Mile Redundancy - How to Ensure Business Continuity - Multapplied Networks