Proper study guides for CISA Isaca CISA certified begins with preparation products which designed to deliver the by making you pass the CISA test at your first time. Try the free right now.
Online CISA free questions and answers of New Version:
NEW QUESTION 1
During a postimplementation review of an enterprise resource management system, an IS auditor would MOST likely:
- A. review access control configuratio
- B. evaluate interface testin
- C. review detailed design documentatio
- D. evaluate system testin
Reviewing access control configuration would be the first task performed to determine whether security has been appropriately mapped in the system. Since a postimplementation review is done after user acceptance testing and actual implementation, onewould not engage in interface testing or detailed design documentation. Evaluating interface testing would be part of the implementation process. The issue of reviewing detailed design documentation is not generally relevant to an enterprise resource management system, since these are usually vendor packages with user manuals. System testing should be performed before final user signoff.
NEW QUESTION 2
To prevent IP spoofing attacks, a firewall should be configured to drop a packet if:
- A. the source routing field is enable
- B. it has a broadcast address in the destination fiel
- C. a reset flag (RST) is turned on for the TCP connectio
- D. dynamic routing is used instead of static routin
IP spoofing takes advantage of the source-routing option in the IP protocol. With this option enabled, an attacker can insert a spoofed source IP address. The packet will travel the network according to the information within the source-routing field, bypassing the logic in each router, including dynamic and static routing (choice D). Choices B and C do not have any relation to IP spoofing attacks. If a packet has a broadcast destination address (choice B), it will be sent to all addresses in the subnet. Turning on the reset flag (RST) (choice C) is part of the normal procedure to end a TCP connection.
NEW QUESTION 3
Disabling which of the following would make wireless local area networks more secure against unauthorized access?
- A. MAC (Media Access Control) address filtering
- B. WPA (Wi-Fi Protected Access Protocol)
- C. LEAP (Lightweight Extensible Authentication Protocol)
- D. SSID (service set identifier) broadcasting
Disabling SSID broadcasting adds security by making it more difficult for unauthorized users to find the name of the access point. Disabling MAC address filtering would reduce security. Using MAC filtering makes it more difficult to access a WLAN, because it would be necessary to catch traffic and forge the MAC address. Disabling WPA reduces security. Using WPA adds security by encrypting the traffic. Disabling LEAP reduces security. Using LEAP adds security by encrypting the wireless traffic.
NEW QUESTION 4
Which of the following software tools is often used for stealing money from infected PC owner through taking control of the modem?
- A. System patcher
- B. Porn dialer
- C. War dialer
- D. T1 dialer
- E. T3 dialer
- F. None of the choice
One way of stealing money from infected PC owner is to take control of the modem and dial an expensive toll call. Dialer such as porn dialer software dials up a premium-rate telephone number and leave the line open, charging the toll to the infected user.
NEW QUESTION 5
The MOST significant security concern when using flash memory (e.g., USB removable disk) is that the:
- A. contents are highly volatil
- B. data cannot be backed u
- C. data can be copie
- D. device may not be compatible with other peripheral
Unless properly controlled, flash memory provides an avenue for anyone to copy any content with ease. The contents stored in flash memory are not volatile. Backing up flash memory data is not a control concern, as the data are sometimes stored as a backup. Flash memory will be accessed through a PC rather than any other peripheral; therefore, compatibility is not an issue.
NEW QUESTION 6
When developing a formal enterprise security program, the MOST critical success factor (CSF) would be the:
- A. establishment of a review boar
- B. creation of a security uni
- C. effective support of an executive sponso
- D. selection of a security process owne
The executive sponsor would be in charge of supporting the organization's strategic security program, and would aid in directing the organization's overall security management activities. Therefore, support by the executive level of management is themost critical success factor (CSF). None of the other choices are effective without visible sponsorship of top management.
NEW QUESTION 7
When installing an intrusion detection system (IDS), which of the following is MOST important?
- A. Properly locating it in the network architecture
- B. Preventing denial-of-service (DoS) attacks
- C. Identifying messages that need to be quarantined
- D. Minimizing the rejection errors
Proper location of an intrusion detection system (IDS) in the network is the most important decision during installation. A poorly located IDS could leave key areas of the network unprotected. Choices B, C and D are concerns during the configuration of an IDS, but if the IDS is not placed correctly, none of them would be adequately addressed.
NEW QUESTION 8
A review of wide area network (WAN) usage discovers that traffic on one communication line between sites, synchronously linking the master and standby database, peaks at 96 percent of the line capacity. An IS auditor should conclude that:
- A. analysis is required to determine if a pattern emerges that results in a service loss for a short period of tim
- B. WAN capacity is adequate for the maximum traffic demands since saturation has not been reache
- C. the line should immediately be replaced by one with a larger capacity to provide approximately 85 percent saturatio
- D. users should be instructed to reduce their traffic demands or distribute them across all service hours to flatten bandwidth consumptio
The peak at 96 percent could be the result of a one-off incident, e.g., a user downloading a large amount of data; therefore, analysis to establish whether this is a regular pattern and what causes this behavior should be carried out before expenditure on a larger line capacity is recommended. Since the link provides for a standby database, a short loss of this service should be acceptable. If the peak is established to be a regular occurrence without any other opportunities for mitigation (usage of bandwidth reservation protocol, or other types of prioritizing network traffic), the line should be replaced as there is the risk of loss of service as the traffic approaches 100 percent. If, however, the peak is a one-off or can be put in othertime frames, then user education may be an option.
NEW QUESTION 9
To prevent unauthorized entry to the data maintained in a dial-up, fast response system, an IS auditor should recommend:
- A. online terminals are placed in restricted area
- B. online terminals are equipped with key lock
- C. ID cards are required to gain access to online terminal
- D. online access is terminated after a specified number of unsuccessful attempt
The most appropriate control to prevent unauthorized entry is to terminate connection after a specified number of attempts. This will deter access through the guessing of IDs and passwords. The other choices are physical controls, which are not effective in deterring unauthorized accesses via telephone lines.
NEW QUESTION 10
Which of the following would an IS auditor use to determine if unauthorized modifications were made to production programs?
- A. System log analysis
- B. Compliance testing
- C. Forensic analysis
- D. Analytical review
Determining that only authorized modifications are made to production programs would require the change management process be reviewed to evaluate the existence of a trail of documentary evidence. Compliance testing would help to verify that the change management process has been applied consistently. It is unlikely that the system log analysis would provide information about the modification of programs. Forensic analysis is a specialized technique for criminal investigation. An analytical review assesses the general control environment of an organization.
NEW QUESTION 11
The PRIMARY objective of an audit of IT security policies is to ensure that:
- A. they are distributed and available to all staf
- B. security and control policies support business and IT objective
- C. there is a published organizational chart with functional description
- D. duties are appropriately segregate
Business orientation should be the main theme in implementing security. Hence, an IS audit of IT security policies should primarily focus on whether the IT and related security and control policies support business and IT objectives. Reviewing whether policies are available to all is an objective, but distribution does not ensure compliance. Availability of organizational charts with functional descriptions and segregation of duties might be included in the review, but are not the primary objective of an audit of security policies.
NEW QUESTION 12
IS audits should be selected through a risk analysis process to concentrate on:
- A. those areas of greatest risk and opportunity for improvement
- B. those areas of least risk and opportunity for improvement
- C. those areas of the greatest financial valu
- D. areas led by the key people of the organizatio
- E. random event
- F. irregular event
Audits are typically selected through a risk analysis process to concentrate on those areas of greatest risk and opportunity for improvements.
Audit topics are supposed to be chosen based on potential for cost savings and service improvements.
NEW QUESTION 13
Which of the following line media would provide the BEST security for a telecommunication network?
- A. Broadband network digital transmission
- B. Baseband network
- C. Dial-up
- D. Dedicated lines
Dedicated lines are set apart for a particular user or organization. Since there is no sharing of lines or intermediate entry points, the risk of interception or disruption of telecommunications messages is lower.
NEW QUESTION 14
Which of the following is the PRIMARY purpose for conducting parallel testing?
- A. To determine if the system is cost-effective
- B. To enable comprehensive unit and system testing
- C. To highlight errors in the program interfaces with files
- D. To ensure the new system meets user requirements
The purpose of parallel testing is to ensure that the implementation of a new system will meet user requirements. Parallel testing may show that the old system is, in fact, better than the new system, but this is not the primary reason. Unit and system testing are completed before parallel testing. Program interfaces with files are tested for errors during system testing.
NEW QUESTION 15
"Under the concept of ""defense in depth"", subsystems should be designed to:"
- A. ""fail insecure"""
- B. ""fail secure"""
- C. ""react to attack"""
- D. ""react to failure"""
- E. None of the choice
"With 0""defense in depth"", more than one subsystem needs to be compromised to compromise the security of the system and the information it holds. Subsystems should default to secure settings, and wherever possible should be designed to ""fail secure"" rather than ""fail insecure""."
NEW QUESTION 16
Which of the following is the PRIMARY objective of an IT performance measurement process?
- A. Minimize errors
- B. Gather performance data
- C. Establish performance baselines
- D. Optimize performance
An IT performance measurement process can be used to optimize performance, measure and manage products/services, assure accountability and make budget decisions. Minimizing errors is an aspect of performance, but not the primary objective of performance management. Gathering performance data is a phase of IT measurement process and would be used to evaluate the performance against previously established performance baselines.
NEW QUESTION 17
Which of the following should be of MOST concern to an IS auditor reviewing the BCP?
- A. The disaster levels are based on scopes of damaged functions, but not on duratio
- B. The difference between low-level disaster and software incidents is not clea
- C. The overall BCP is documented, but detailed recovery steps are not specifie
- D. The responsibility for declaring a disaster is not identifie
If nobody declares the disaster, the response and recovery plan would not be invoked, making all other concerns mute. Although failure to consider duration could be a problem, it is not as significant as scope, and neither is as critical as the need to have someone invoke the plan. The difference between incidents and low-level disasters is always unclear and frequently revolves around the amount of time required to correct the damage. The lack of detailed steps should be documented, but their absence does not mean a lack of recovery, if in fact someone has invoked the plan.
NEW QUESTION 18
In an EDI process, the device which transmits and receives electronic documents is the:
- A. communications handle
- B. EDI translato
- C. application interfac
- D. EDI interfac
A communications handler transmits and receives electronic documents between trading partners and/or wide area networks (WANs).
100% Valid and Newest Version CISA Questions & Answers shared by Certstest, Get Full Dumps HERE: https://www.certstest.com/dumps/CISA/ (New 1177 Q&As)