CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 265
1. Which of the following provides the framework for designing and developing logical access controls?
A) Information systems security policy
B) Access control lists
C) Password management
D) System configuration files
2. A hacker could obtain passwords without the use of computer tools or programs through the technique of:
A) social engineering.
B) sniffers.
C) back doors.
D) Trojan horses.
3. The reliability of an application system's audit trail may be questionable if:
A) user IDs are recorded in the audit trail.
B) the security administrator has read-only rights to the audit file.
C) date and time stamps are recorded when an action occurs.
D) users can amend audit trail records when correcting system errors.
4. Which of the following user profiles should be of MOST concern to an IS auditor when performing an audit of an EFT system?
A) Three users with the ability to capture and verify their own messages
B) Five users with the ability to capture and send their own messages
C) Five users with the ability to verify other users and to send their own messages
D) Three users with the ability to capture and verify the messages of other users and to send their own messages
5. An IS auditor performing an independent classification of systems should consider a situation where functions could be performed manually at a tolerable cost for an extended period of time as:
A) critical
B) vital.
C) sensitive.
D) noncritical.
A) Information systems security policy
B) Access control lists
C) Password management
D) System configuration files
2. A hacker could obtain passwords without the use of computer tools or programs through the technique of:
A) social engineering.
B) sniffers.
C) back doors.
D) Trojan horses.
3. The reliability of an application system's audit trail may be questionable if:
A) user IDs are recorded in the audit trail.
B) the security administrator has read-only rights to the audit file.
C) date and time stamps are recorded when an action occurs.
D) users can amend audit trail records when correcting system errors.
4. Which of the following user profiles should be of MOST concern to an IS auditor when performing an audit of an EFT system?
A) Three users with the ability to capture and verify their own messages
B) Five users with the ability to capture and send their own messages
C) Five users with the ability to verify other users and to send their own messages
D) Three users with the ability to capture and verify the messages of other users and to send their own messages
5. An IS auditor performing an independent classification of systems should consider a situation where functions could be performed manually at a tolerable cost for an extended period of time as:
A) critical
B) vital.
C) sensitive.
D) noncritical.
1. Right Answer: A
Explanation: The information systems security policy developed and approved by an organization's top management is the basis upon which logical access control is designed and developed. Access control lists, password management and systems configuration files are tools for implementing the access controls.
2. Right Answer: A
Explanation: Social engineering is based on the divulgence of private information through dialogues, interviews, inquiries, etc., in which a user may be indiscreet regarding their or someone else's personal data. A sniffer is a computer tool to monitor the traffic in networks. Back doors are computer programs left by hackers to exploit vulnerabilities. Trojan horses are computer programs that pretend to supplant a real program; thus, the functionality of the program is not authorized and is usually malicious in nature.
3. Right Answer: D
Explanation: An audit trail is not effective if the details in it can be amended.
4. Right Answer: A
Explanation: The ability of one individual to capture and verify messages represents an inadequate segregation, since messages can be taken as correct and as if they had already been verified.
5. Right Answer: C
Explanation: Sensitive functions are best described as those that can be performed manually at a tolerable cost for an extended period of time. Critical functions are those that cannot be performed unless they are replaced by identical capabilities and cannot be replaced by manual methods. Vital functions refer to those that can be performed manually but only for a brief period of time; this is associated with lower costs of disruption than critical functions. Noncritical functions may be interrupted for an extended period of time at little or no cost to the company, and require little time or cost to restore.
Explanation: The information systems security policy developed and approved by an organization's top management is the basis upon which logical access control is designed and developed. Access control lists, password management and systems configuration files are tools for implementing the access controls.
2. Right Answer: A
Explanation: Social engineering is based on the divulgence of private information through dialogues, interviews, inquiries, etc., in which a user may be indiscreet regarding their or someone else's personal data. A sniffer is a computer tool to monitor the traffic in networks. Back doors are computer programs left by hackers to exploit vulnerabilities. Trojan horses are computer programs that pretend to supplant a real program; thus, the functionality of the program is not authorized and is usually malicious in nature.
3. Right Answer: D
Explanation: An audit trail is not effective if the details in it can be amended.
4. Right Answer: A
Explanation: The ability of one individual to capture and verify messages represents an inadequate segregation, since messages can be taken as correct and as if they had already been verified.
5. Right Answer: C
Explanation: Sensitive functions are best described as those that can be performed manually at a tolerable cost for an extended period of time. Critical functions are those that cannot be performed unless they are replaced by identical capabilities and cannot be replaced by manual methods. Vital functions refer to those that can be performed manually but only for a brief period of time; this is associated with lower costs of disruption than critical functions. Noncritical functions may be interrupted for an extended period of time at little or no cost to the company, and require little time or cost to restore.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment