CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 280
1. An IS auditor performing a telecommunication access control review should be concerned PRIMARILY with the:
A) maintenance of access logs of usage of various system resources.
B) authorization and authentication of the user prior to granting access to system resources.
C) adequate protection of stored data on servers by encryption or other means.
D) accountability system and the ability to identify any terminal accessing system resources.
2. Which of the following is the MOST effective type of antivirus software?
A) Scanners
B) Active monitors
C) integrity checkers
D) Vaccines
3. When using public key encryption to secure data being transmitted across a network:
A) both the key used to encrypt and decrypt the data are public.
B) the key used to encrypt is private, but the key used to decrypt the data is public.
C) the key used to encrypt is public, but the key used to decrypt the data is private.
D) both the key used to encrypt and decrypt the data are private.
4. The technique used to ensure security in virtual private networks (VPNs) is:
A) encapsulation.
B) wrapping.
C) transform.
D) encryption
5. During an audit of a telecommunications system, an IS auditor finds that the risk of intercepting data transmitted to and from remote sites is very high. The MOST effective control for reducing this exposure is:
A) encryption.
B) callback modems.
C) message authentication.
D) dedicated leased lines.
A) maintenance of access logs of usage of various system resources.
B) authorization and authentication of the user prior to granting access to system resources.
C) adequate protection of stored data on servers by encryption or other means.
D) accountability system and the ability to identify any terminal accessing system resources.
2. Which of the following is the MOST effective type of antivirus software?
A) Scanners
B) Active monitors
C) integrity checkers
D) Vaccines
3. When using public key encryption to secure data being transmitted across a network:
A) both the key used to encrypt and decrypt the data are public.
B) the key used to encrypt is private, but the key used to decrypt the data is public.
C) the key used to encrypt is public, but the key used to decrypt the data is private.
D) both the key used to encrypt and decrypt the data are private.
4. The technique used to ensure security in virtual private networks (VPNs) is:
A) encapsulation.
B) wrapping.
C) transform.
D) encryption
5. During an audit of a telecommunications system, an IS auditor finds that the risk of intercepting data transmitted to and from remote sites is very high. The MOST effective control for reducing this exposure is:
A) encryption.
B) callback modems.
C) message authentication.
D) dedicated leased lines.
1. Right Answer: B
Explanation: The authorization and authentication of users is the most significant aspect in a telecommunications access control review, as it is a preventive control. Weak controls at this level can affect all other aspects. The maintenance of access logs of usage of system resources is a detective control. The adequate protection of data being transmitted to and from servers by encryption or other means is a method of protecting information during transmission and is not an access issue. The accountability system and the ability to identify any terminal accessing system resources deal with controlling access through the identification of a terminal.
2. Right Answer: C
Explanation: Integrity checkers compute a binary number on a known virus-free program that is then stored in a database file. This number is called a cyclical redundancy check (CRC). When that program is called to execute, the checker computes the CRC on the program about to be executed and compares it to the number in the database. A match means no infection; a mismatch means that a change in the program has occurred. A change in the program could mean a virus. Scanners look for sequences of bits called signatures that are typical of virus programs. They examine memory, disk boot sectors, executables and command files for bit patterns that match a known virus. Therefore, scanners need to be updated periodically to remain effective. Active monitors interpret DOS and ROM basic input- output system (BIOS) calls, looking for virus-like actions.Active monitors can be misleading, because they cannot distinguish between a user request and a program or virus request. As a result, users are asked to confirm actions like formatting a disk or deleting a file or set of files. Vaccines are known to be good antivirus software. However, they also need to be updated periodically to remain effective.
3. Right Answer: C
Explanation: Public key encryption, also known as asymmetric key cryptography, uses a public key to encrypt the message and a private key to decrypt it.
4. Right Answer: A
Explanation: Encapsulation, or tunneling, is a technique used to carry the traffic of one protocol over a network that does not support that protocol directly. The original packet is wrapped in another packet. The other choices are not security techniques specific to VPNs.
5. Right Answer: A
Explanation: Encryption of data is the most secure method. The other methods are less secure, with leased lines being possibly the least secure method.
Explanation: The authorization and authentication of users is the most significant aspect in a telecommunications access control review, as it is a preventive control. Weak controls at this level can affect all other aspects. The maintenance of access logs of usage of system resources is a detective control. The adequate protection of data being transmitted to and from servers by encryption or other means is a method of protecting information during transmission and is not an access issue. The accountability system and the ability to identify any terminal accessing system resources deal with controlling access through the identification of a terminal.
2. Right Answer: C
Explanation: Integrity checkers compute a binary number on a known virus-free program that is then stored in a database file. This number is called a cyclical redundancy check (CRC). When that program is called to execute, the checker computes the CRC on the program about to be executed and compares it to the number in the database. A match means no infection; a mismatch means that a change in the program has occurred. A change in the program could mean a virus. Scanners look for sequences of bits called signatures that are typical of virus programs. They examine memory, disk boot sectors, executables and command files for bit patterns that match a known virus. Therefore, scanners need to be updated periodically to remain effective. Active monitors interpret DOS and ROM basic input- output system (BIOS) calls, looking for virus-like actions.Active monitors can be misleading, because they cannot distinguish between a user request and a program or virus request. As a result, users are asked to confirm actions like formatting a disk or deleting a file or set of files. Vaccines are known to be good antivirus software. However, they also need to be updated periodically to remain effective.
3. Right Answer: C
Explanation: Public key encryption, also known as asymmetric key cryptography, uses a public key to encrypt the message and a private key to decrypt it.
4. Right Answer: A
Explanation: Encapsulation, or tunneling, is a technique used to carry the traffic of one protocol over a network that does not support that protocol directly. The original packet is wrapped in another packet. The other choices are not security techniques specific to VPNs.
5. Right Answer: A
Explanation: Encryption of data is the most secure method. The other methods are less secure, with leased lines being possibly the least secure method.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment