• Home
  • Blogs
  • CISA Exam Info and Free Practice Test Professional Quiz Study Materials [Q164-Q185]

CISA Exam Info and Free Practice Test Professional Quiz Study Materials [Q164-Q185]

Share

CISA Exam Info and Free Practice Test Professional Quiz Study Materials

Accurate Hot Selling CISA Exam Dumps 2023 Newly Released

NEW QUESTION 164
What is a common vulnerability, allowing denial-of-service attacks?

  • A. Improperly configured routers and router access lists
  • B. Assigning access to users according to the principle of least privilege
  • C. Lack of employee awareness of organizational security policies
  • D. Configuring firewall access rules

Answer: A

Explanation:
Explanation/Reference:
Improperly configured routers and router access lists are a common vulnerability for denial-of-service attacks.

 

NEW QUESTION 165
An information security manager is assisting in the development of the request for proposal (RFP) for a
new outsourced service. This will require the third party to have access to critical business information. The
security manager should focus PRIMARILY on defining:

  • A. risk-reporting methodologies
  • B. security requirements for the process being outsourced
  • C. service level agreements (SLAs)
  • D. security metrics

Answer: C

Explanation:
Section: Governance and Management of IT

 

NEW QUESTION 166
Which of the following findings should be of MOST concern to an IS auditor reviewing an organization's business continuity plan (BCP)?

  • A. A business feasibility study was not performed.
  • B. A business impact analysis (NA) was not performed.
  • C. A resource optimization plan is not included.
  • D. An application inventory is not included.

Answer: B

Explanation:
Section: The process of Auditing Information System

 

NEW QUESTION 167
After an IS auditor has identified threats and potential impacts, the auditor should:

  • A. Propose new controls
  • B. Report on existing controls
  • C. Conduct a business impact analysis (BIA)
  • D. Identify and evaluate the existing controls

Answer: D

Explanation:
Explanation/Reference:
After an IS auditor has identified threats and potential impacts, the auditor should then identify and evaluate the existing controls.

 

NEW QUESTION 168
Which of the following is the BEST control to ensure data entered into a calculation program is accurated?

  • A. Programmed edit checks to prevent entry of invalid data
  • B. Independent user review of test results
  • C. Programmed reasonableness checks with a data entry range
  • D. Visual verification of data entered

Answer: A

 

NEW QUESTION 169
Which of the following outsourced services has the GREATEST need for security monitoring?

  • A. Enterprise infrastructure
  • B. Application development
  • C. Web site hosting
  • D. Virtual private network (VPN) services

Answer: A

Explanation:
Section: Information System Operations, Maintenance and Support

 

NEW QUESTION 170
.Regarding digital signature implementation, which of the following answers is correct?

  • A. A digital signature is created by the sender to prove message integrity by initially using a hashing algorithm to produce a hash value or message digest from the entire message contents. Upon receiving the data, the recipient can independently create it.
  • B. A digital signature is created by the sender to prove message integrity by encrypting the message with the recipient's public key. Upon receiving the data, the recipient can decrypt the data using the recipient's public key.
  • C. A digital signature is created by the sender to prove message integrity by encrypting the message with the sender's public key. Upon receiving the data, the recipient can decrypt the data using the recipient's private key.
  • D. A digital signature is created by the sender to prove message integrity by encrypting the message with the sender's private key. Upon receiving the data, the recipient can decrypt the data using the sender's public key.

Answer: A

Explanation:
A digital signature is created by the sender to prove message integrity by initially using a hashing algorithm to produce a hash value, or message digest, from the entire message contents. Upon receiving the data, the recipient can independently create its own message digest from the data for comparison and data integrity validation. Public and private are used to enforce confidentiality. Hashing algorithms are used to enforce integrity.

 

NEW QUESTION 171
Labeling information according to its security classification:

  • A. reduces the number and type of countermeasures required.
  • B. affects the consequences if information is handled insecurely.
  • C. enhances the likelihood of people handling information securely.
  • D. reduces the need to identify baseline controls for each classification.

Answer: B

Explanation:
Section: Information System Operations, Maintenance and Support

 

NEW QUESTION 172
The MOST important difference between hashing and encryption is that hashing:

  • A. is concerned with integrity and security.
  • B. output is the same length as the original message.
  • C. is irreversible.
  • D. is the same at the sending and receiving end.

Answer: C

Explanation:
Hashing works one way; by applying a hashing algorithm to a message, a message hash/digest is created. If the same hashing algorithm is applied to the message digest, it will not result in the original message. As such, hashing is irreversible, whileencryption is reversible. This is the basic difference between hashing and encryption. Hashing creates an output that is smaller than the original message, and encryption creates an output of the same length as the original message. Hashing is usedto verify the integrity of the message and does not address security. The same hashing algorithm is used at the sending and receiving ends to generate and verify the message hash/digest. Encryption will not necessarily use the same algorithm at the sending and receiving end to encrypt and decrypt.

 

NEW QUESTION 173
When performing an audit of a client relationship management (CRM) system migration project, which of the following should be of GREATEST concern to an IS auditor?

  • A. Five weeks prior to the target date, there are still numerous defects in the printing functionality of the new system's software.
  • B. A single implementation is planned, immediately decommissioning the legacy system.
  • C. The technical migration is planned for a Friday preceding a long weekend, and the time window is too short for completing all tasks.
  • D. Employees pilot-testing the system are concerned that the data representation in the new system is completely different from the old system.

Answer: B

Explanation:
Explanation/Reference:
Explanation:
Major system migrations should include a phase of parallel operation or a phased cut-over to reduce implementation risks. Decommissioning or disposing of the old hardware would complicate any fallback strategy, should the new system not operate correctly. A weekend can be used as a time buffer so that the new system will have a better chance of being up and running after the weekend. A different data representation does not mean different data presentation at the front end. Even when this is thecase, this issue can be solved by adequate training and user support. The printing functionality is commonly one of the last functions to be tested in a new system because it is usually the last step performed in any business event. Thus, meaningful testing and the respective error fixing are only possible after all other parts of the software have been successfully tested.

 

NEW QUESTION 174
An IS auditor has identified the lack of an authorization process for users of an application. The IS auditor's
main concern should be that:

  • A. there is no way to limit the functions assigned to users.
  • B. more than one individual can claim to be a specific user.
  • C. users have a need-to-know privilege.
  • D. user accounts can be shared.

Answer: A

Explanation:
Section: Protection of Information Assets
Explanation:
Without an appropriate authorization process, it will be impossible to establish functional limits and
accountability. The risk that more than one individual can claim to be a specific user is associated with the
authentication processes, rather than with authorization. The risk that user accounts can be shared is
associated with identification processes, rather than with authorization. The need-to-know basis is the best
approach to assigning privileges during the authorization process.

 

NEW QUESTION 175
Which of the following BEST helps to identify errors during data transfer?

  • A. Enable a logging process for data transfer.
  • B. Decrease the size of data transfer packets.
  • C. Test the integrity of the data transfer.
  • D. Review and verify the data transfer sequence numbers.

Answer: D

 

NEW QUESTION 176
Which of the following poses the GREATEST risk to the enforceability of networking policies in a virtualized environment?

  • A. Transmission of data on public networks
  • B. Use of a public key infrastructure
  • C. Lack of visibility into the networks
  • D. Lack of encryption for data at rest

Answer: C

 

NEW QUESTION 177
Identify the WAN message switching technique being used from the description presented below:
"Data is routed in its entirety from the source node to the destination node, one hope at a time. During message routing, every intermediate switch in the network stores the whole message. If the entire network's resources are engaged or the network becomes blocked, this WAN switching technology stores and delays the message until ample resources become available for effective transmission of the message. "

  • A. Circuit switching
  • B. Message Switching
  • C. Packet switching
  • D. Virtual Circuits

Answer: B

Explanation:
Explanation/Reference:
For your exam you should know below information about WAN message transmission technique:
Message Switching
Message switching is a network switching technique in which data is routed in its entirety from the source node to the destination node, one hope at a time. During message routing, every intermediate switch in the network stores the whole message. If the entire network's resources are engaged or the network becomes blocked, the message-switched network stores and delays the message until ample resources become available for effective transmission of the message.
Message Switching

Image from: http://ecomputernotes.com/images/Message-Switched-data-Network.jpg Packet Switching Refers to protocols in which messages are divided into packets before they are sent. Each packet is then transmitted individually and can even follow different routes to its destination. Once all the packets forming a message arrive at the destination, they are recompiled into the original message.
Packet Switching

Image from: http://upload.wikimedia.org/wikipedia/commons/f/f6/Packet_Switching.gif Circuit Switching Circuit switching is a methodology of implementing a telecommunications network in which two network nodes establish a dedicated communications channel (circuit) through the network before the nodes may communicate.
The circuit guarantees the full bandwidth of the channel and remains connected for the duration of the session. The circuit functions as if the nodes were physically connected similar to an electrical circuit.
The defining example of a circuit-switched network is the early analog telephone network. When a call is made from one telephone to another, switches within the telephone exchanges create a continuous wire circuit between the two telephones, for as long as the call lasts.
In circuit switching, the bit delay is constant during a connection, as opposed to packet switching, where packet queues may cause varying and potentially indefinitely long packet transfer delays. No circuit can be degraded by competing users because it is protected from use by other callers until the circuit is released and a new connection is set up. Even if no actual communication is taking place, the channel remains reserved and protected from competing users.
Circuit Switching

Image from: http://www.louiewong.com/wp-content/uploads/2010/09/Circuit_Switching.jpg See a table below comparing Circuit Switched versus Packet Switched networks:
Difference between Circuit and packet switching

Image from:http://www.hardware-one.com/reviews/network-guide-2/images/packet-vs-circuit.gif Virtual circuit In telecommunications and computer networks, a virtual circuit (VC), synonymous with virtual connection and virtual channel, is a connection oriented communication service that is delivered by means of packet mode communication.
After a connection or virtual circuit is established between two nodes or application processes, a bit stream or byte stream may be delivered between the nodes; a virtual circuit protocol allows higher level protocols to avoid dealing with the division of data into segments, packets, or frames.
Virtual circuit communication resembles circuit switching, since both are connection oriented, meaning that in both cases data is delivered in correct order, and signaling overhead is required during a connection establishment phase. However, circuit switching provides constant bit rate and latency, while these may vary in a virtual circuit service due to factors such as:
varying packet queue lengths in the network nodes,
varying bit rate generated by the application,
varying load from other users sharing the same network resources by means of statistical multiplexing, etc.
The following were incorrect answers:
The other options presented are not valid choices.
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 265

 

NEW QUESTION 178
Which of the following BEST describes the concept of ""defense in depth""?

  • A. multiple firewalls are implemented.
  • B. intrusion detection and firewall filtering are required.
  • C. more than one subsystem needs to be compromised to compromise the security of the system and the information it holds.
  • D. None of the choices.
  • E. multiple firewalls and multiple network OS are implemented.

Answer: C

Explanation:
Section: Protection of Information Assets
Explanation:
"With 0""defense in depth"", more than one subsystem needs to be compromised to compromise the security of the system and the information it holds. Subsystems should default to secure settings, and wherever possible should be designed to ""fail secure"" rather than ""fail insecure""."

 

NEW QUESTION 179
Which of the following BEST describes an audit risk?

  • A. Employees have been misappropriating funds.
  • B. Key employees have not taken vacation for 2 years.
  • C. The financial report may contain undetected material errors.
  • D. The company is being sued for false accusations.

Answer: B

 

NEW QUESTION 180
What are used as a countermeasure for potential database corruption when two processes attempt to simultaneously edit or update the same information?

  • A. Normalization controls
  • B. Referential integrity controls
  • C. Concurrency controls
  • D. Run-to-run totals

Answer: B

Explanation:
Explanation/Reference:
Explanation:
Concurrency controls are used as a countermeasure for potential database corruption when two processes attempt to simultaneously edit or update the same information.

 

NEW QUESTION 181
When auditing the security architecture of an e-commerce environment, an IS auditor should FIRST review the:

  • A. criteria used for selecting the firewall.
  • B. alternate firewall arrangements.
  • C. location of the firewall within the network.
  • D. configuration of the firewall.

Answer: A

 

NEW QUESTION 182
Which of the following is MOST important to ensure that electronic evidence collected during a forensic investigation will be admissible in future legal proceeding?

  • A. Restricting evidence access to professionally certified forensic investigation
  • B. Engaging an independent third party to perform the forensic investigation
  • C. Documentation evidence handling by personnel throughout the forensic investigation
  • D. Performing investigate procedures on the original hard drives rather than images of the hard drives

Answer: A

 

NEW QUESTION 183
A banking organization has outsourced its customer data processing facilities to an external service provider. Which of the following roles is accountable for ensuring the security of customer data?

  • A. The service provider's data processor
  • B. The bank's senior management
  • C. The service provider's data privacy officer
  • D. The bank's vendor risk manager

Answer: B

 

NEW QUESTION 184
An IS auditor is evaluating management's risk assessment of information systems. The IS auditor should FIRST review:

  • A. the threats/vulnerabilities affecting the assets.
  • B. the controls already in place.
  • C. the mechanism for monitoring the risks related to the assets.
  • D. the effectiveness of the controls in place.

Answer: A

Explanation:
One of the key factors to be considered while assessing the risks related to the use of various information systems is the threats and vulnerabilities affecting the assets. The risks related to the use of information assets should be evaluated in isolation from the installed controls. Similarly, the effectiveness of the controls should be considered during the risk mitigation stage and not during the risk assessment phase A mechanism to continuously monitor the risks related to assets should be put in place during the risk monitoring function that follows the risk assessment phase.

 

NEW QUESTION 185
......

Get 100% Authentic ISACA CISA Dumps with Correct Answers: https://www.examprepaway.com/ISACA/braindumps.CISA.ete.file.html

New Training Course CISA Tutorial Preparation Guide: https://drive.google.com/open?id=12nAEHAtQfz6HPRciDwOHO1o1pzUdHXZd

Related Blogs

more
ISACA CISA Certification Practice Exam