Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CISA Exam 87 Questions with Verified Answers,100% CORRECT, Exams of Information and Communications Technology (ICT)

CISA Exam 87 Questions with Verified Answers

Typology: Exams

2023/2024

Available from 07/27/2024

paul-kamau-2
paul-kamau-2 🇺🇸

3.5

(2)

3.2K documents

1 / 13

Toggle sidebar

Related documents


Partial preview of the text

Download CISA Exam 87 Questions with Verified Answers,100% CORRECT and more Exams Information and Communications Technology (ICT) in PDF only on Docsity! CISA Exam 87 Questions with Verified Answers Email authenticity and confidentiality is best achieves by signing the message using the: - CORRECT ANSWER Sender's private key and encrypting the message using the receiver's public key- authenticity - public key; confidentiality receivers public keg Nonrepudiation is a process that: - CORRECT ANSWER the assurance that someone cannot deny something. Encryption of Data - CORRECT ANSWER The most secure method of protecting confidential data from exposure. To enhance the security and reliability of its VOIP system and data traffic, what would meet this objective? - CORRECT ANSWER VOIP Infrastructure needs to be segregated using VLANs would protect from network-based attacks, potential eavesdropping and network issues which would help to ensure uptime Digital Signatures - CORRECT ANSWER Verifies the identity of the sender Over the long term, what has the greatest potential to improve the security incident response process? - CORRECT ANSWER Postevent reviews to find gaps and shortcomings in the incident response process will help improve the process over time In reviewing the network operations center, a great concern is? - CORRECT ANSWER A carbon dixoide-based fire suppression system Best directory server in a public key infrastructure - CORRECT ANSWER Makes other users' certificates available to apps Performing a telecommunication access control review should be primarily concerned with: - CORRECT ANSWER Authorization and authentication os users prior to granting access to system resources - preventative controm What best helps to decrease research time needed to investigate exceptions? - CORRECT ANSWER Transaction logs generate an audit trail - a review can be performed on the logs rather than on the entire transaction file DDoS attacks on the internet sites are typically evoked by hackers using? - CORRECT ANSWER Trojan horses are malicious or damaging code hidden within an authorized computer program. Hackers use trojans to coordinate distributed DDoS attacks that overload a site so that it may no longer be able to process legitimate requests What method of suppressing a fire in a Data Center is the most effective snd environmentally friendly? - CORRECT ANSWER Dry-pipe sprinklers, they prevent the risk of leakage. What provides the MOST relevant information for proactively strengthening security settings? - CORRECT ANSWER Honeypot - the design of a honeypot is such that it lures the hacker and provides clues as to the attacker's methods and strategies and the resources required to address such attacks. A honeypot allows the attack to continue, so as to obtain information about the hacker's strategy and methods What is the MOST important factor in ensuring a successful firewall deployment! - CORRECT ANSWER Testing and validating the ruleset. A mistake can render a firewall ineffective or insecure. Which control is the BEST way to ensure that the data in a file have not been changed during transmission? - CORRECT ANSWER Hash values - they are calculated on the file and are very sensitive to any changes in the data values in the file Which phase in system development would user acceptance test plans normally be prepared? - CORRECT ANSWER Requirements definition- at this time, users should be working with the team to consider and document how the system functionality can be tested to ensure that it meets their stated needs To protect a VoIP infrastructures against a DDoS attack, it is most important to secure the: - CORRECT ANSWER Session border controllers - they enhance the What is a digital signature? - CORRECT ANSWER an electronic document that contains the digital signature of the certificate-issuing authority, binds together a public key with an identity and can be used to verify a public key belongs to a particular person or entity. What is the most important difference between hashing and em encryption? - CORRECT ANSWER Hashing is irreversible. It is used to verify the integrity of the message, but does not address security. Encryption may use different keys or reverse a process at the sending and receiving ends to encrypt and decrypt What approach is most appropriate for implementing access control that will facilitate security mgmt of the VOIP web application? - CORRECT ANSWER RBAC, controls access according to job roles or functions Primary objective for classifying information assets is to: - CORRECT ANSWER Establish guidelines for the level of access controls that should be assigned What can be used to ensure confidentiality of transmitted date? Encrypting the: - CORRECT ANSWER Session key with the receiver's public key. Access to the session key can only be obtained using the receiver's private key Voltage regulator ensures that: - CORRECT ANSWER Hardware is protected against power surges as it protects against short-term power fluctuations What kind of software application testing is considered the final stage of testing and includes users outside the dev team? - CORRECT ANSWER Beta testing - finale stage of testing typically includes users outside of the dev team. It is a form of UAT and generally involves a limited number of users who are external to the development effort When upgrading its existing VPN to support Voice-over Internet Protocol (VOIP) comm via tunneling, what should primarily addressed? - CORRECT ANSWER Reliability and quality of service (QoS) are the primary considerations to be addressed. Voice comms require consistent levels of service of service, which may be provided through QoS and class of service (CoS) controls What function is performed by a VPN? - CORRECT ANSWER Hides information from sniffers on the internet using tunneling. It works based on encapsulation and encryption of sensitive traffic What helps following choices BEST helps information owners to properly classify data? - CORRECT ANSWER While implementing data classification, it is most essential that organizational policies and standards, including the data classification schema, are understood by the owner or custodian of the data so they can be properly classified The reason for establishing a stop or freezing point of the design of a new system is to: - CORRECT ANSWER Require that changes after that point be evaluated for cost-effectiveness The most effective control over visitor access to a data center - CORRECT ANSWER Visitors are escorted What is a prevalent risk in the development of end-user computer (EUC) applications? - CORRECT ANSWER Applications may not be subject to testing and IT general Controls An auditor performing detailed network assessments and access control reviews should first - CORRECT ANSWER Determine points of entry - determine the points of entry to the system and review points of entry accordingly for appropriate controls Limit checks - CORRECT ANSWER A type of input validation check that provides a preventive control to ensure that invalid data cannot be entered because values must fall within a predetermined limit The best filter rule for protecting a network from being used as an amplifier in a DoS attack is to deny all: - CORRECT ANSWER Outgoing traffic with IP source addresses external to the network The best overall control for an internet business looking for confidentiality, reliability and integrity of data - CORRECT ANSWER SSL - used for many e- commerce apps to set up a secure channel for comms providing confidentiality through a combination of public and symmetric key encryption and integrity through hash message authentication code (HMAC) Neural networks are effective in detecting fraud because they can: - CORRECT ANSWER Attack problems that require consideration of a large number of input variables - capable of capturing relationships and patterns often missed by other statistical methods, but they will not discover new trends What antispam filtering technique would best prevent a valid, variable length email message obtaining a heavily-weighted spam keyboard from being labeled as spam? - CORRECT ANSWER Bayesian (Statistical) applies statistical modeling to messages by performing a frequency analysis on each word within the message and then evaluate the message as a whole. Therefore, it can ignore a suspicious keyword if the entire message is within normal bounds What is the next line of defense after the network firewall has been compromised? - CORRECT ANSWER IDS - detects anomalies in the network/server activity and try to detect the perpetrator What is an advantage of elliptic curve encryption over RSA encryption? - CORRECT ANSWER Computation speed - the use of much smaller keys in the ECC algorithm than in RSA The malicious modification of a webapp is: - CORRECT ANSWER Parameter tampering A penetration test that simulates a real attack and is used to test incident handling and response capability of the target - CORRECT ANSWER Double-blind testing What is the greatest concern associated with the use of peer to peer computing? - CORRECT ANSWER Data Leakage -peer to peer computing can share the contents of a user hard drive over the internet. The risk that sensitive data could be shared with others is the greatest concern The greatest benefit of having a well-defined data classification policies and procedures is: - CORRECT ANSWER A decreased cost of controls - lower costs to Which would most likely be a contributor to a DoS attack? - CORRECT ANSWER Router configuration and rules - improper router configuration and rules could lead to an exposure to DoS attacks What is most reliable sender authentication method? - CORRECT ANSWER Digital certs - issued by a trusted thirty party. The message sender attaches the certificate and recipient can verify authenticity with the certificate repository What presents an inherent risk with no distinct identifiable preventive controls - CORRECT ANSWER Data diddling - involved changing data before they are entered into the computer. It is a common abuses it requires limited technical knowledge and occurs before computer security can protect the data. There are only compensating controls a digital signature contains a message digest to: - CORRECT ANSWER Show if the message bas been altered after transmission - the message digest is calculated and included in a digital signature to prove the message has not been altered What is 4GL - CORRECT ANSWER 4GL(4th-generation language) 4GLs are usually not suitable for data intensive operations. Instead, they are used mainly for graphic user interface (GUI) design or as simple query/report generators Examples of 4GL - CORRECT ANSWER ASA, SPSS, Strata, COBOL, Coldfusion, oracle forms IS management has decided to rewrite a legacy customer relations system using fourth generation languages (4GLs). Which of the following risks is MOST often associated with system development using 4GLs? A. Inadequate screen/report design facilities B. Complex programming language subsets C. Lack of portability across operating systems D. Inability to perform data intensive operations - CORRECT ANSWER D - 4GLs are usually not suitable for data intensive operations. Instead, they are used mainly for graphic user interface (GUI) design or as simple query/report generators. Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly? A. Field checks B. Control totals C. Reasonableness checks D. A before-and-after maintenance report - CORRECT ANSWER D - A before-and- after maintenance report is the best answer because a visual review would provide the most positive verification that updating was proper Which of the following is a dynamic analysis tool for the purpose of testing software modules? A. Blackbox test B. Desk checking C. Structured walk-through D. Design and code - CORRECT ANSWER A - A blackbox test is a dynamic analysis tool for testing software modules. During the testing of software modules a blackbox test works first in a cohesive manner as one single unit/entity, consisting of numerous modules and second, with the user data that flows across software modules. In some cases, this even drives the software behavior. Which of the following is MOST likely to result from a business process reengineering (BPR) project? A. An increased number of people using technology B. Significant cost savings, through a reduction in the complexity of information technology C. A weaker organizational structures and less accountability D. Increased information protection (IP) risk will increase - CORRECT ANSWER A - A BPR project more often leads to an increased number of people using technology, and this would be a cause for concern Which of the following devices extends the network and has the capacity to store frames and act as a storage and forward device? A. Router B. Bridge C. Repeater D. Gateway - CORRECT ANSWER B - A bridge connects two separate networks to form a logical network (e.g., joining an ethernet and token network) and has the storage capacity to store frames and act as a storage and forward device. Bridges operate at the OSI data link layer by examining the media access control header of a data packet. Which of the following is a benefit of using callback devices? A. Provide an audit trail B. Can be used in a switchboard environment C. Permit unlimited user mobility D. Allow call forwarding - CORRECT ANSWER A - A callback feature hooks into the access control software and logs all authorized and unauthorized access attempts, permitting the follow-up and further review of potential breaches. Call forwarding (choice D) is a means of potentially bypassing callback control. By dialing through an authorized phone number from an unauthorized phone number, a perpetrator can gain computer access. This vulnerability can be controlled through callback systems that are available. A call-back system requires that a user with an id and password call a remote server through a dial-up line, then the server disconnects and: A. dials back to the user machine based on the user id and password using a telephone number from its database. B. dials back to the user machine based on the user id and password using a telephone number