CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 297
1. The BEST filter rule for protecting a network from being used as an amplifier in a denial of service (DoS) attack is to deny all:
A) outgoing traffic with IP source addresses externa! to the network.
B) incoming traffic with discernible spoofed IP source addresses.
C) incoming traffic with IP options set.
D) incoming traffic to critical hosts.
2. The network of an organization has been the victim of several intruders' attacks. Which of the following measures would allow for the early detection of such incidents?
A) Antivirus software
B) Hardening the servers
C) Screening routers
D) Honeypots
3. A company has decided to implement an electronic signature scheme based on public key infrastructure. The user's private key will be stored on the computer's hard drive and protected by a password. The MOST significant risk of this approach is:
A) use of the user's electronic signature by another person if the password is compromised.
B) forgery by using another user's private key to sign a message with an electronic signature.
C) impersonation of a user by substitution of the user's public key with another person's public key.
D) forgery by substitution of another person's private key on the computer.
4. An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. Which of the following is MOST important?
A) The tools used to conduct the test
B) Certifications held by the IS auditor
C) Permission from the data owner of the server
D) An intrusion detection system (IDS) is enabled
5. After observing suspicious activities in a server, a manager requests a forensic analysis.Which of the following findings should be of MOST concern to the investigator?
A) Server is a member of a workgroup and not part of the server domain
B) Guest account is enabled on the server
C) Recently, 100 users were created in the server
D) Audit logs are not enabled for the server
A) outgoing traffic with IP source addresses externa! to the network.
B) incoming traffic with discernible spoofed IP source addresses.
C) incoming traffic with IP options set.
D) incoming traffic to critical hosts.
2. The network of an organization has been the victim of several intruders' attacks. Which of the following measures would allow for the early detection of such incidents?
A) Antivirus software
B) Hardening the servers
C) Screening routers
D) Honeypots
3. A company has decided to implement an electronic signature scheme based on public key infrastructure. The user's private key will be stored on the computer's hard drive and protected by a password. The MOST significant risk of this approach is:
A) use of the user's electronic signature by another person if the password is compromised.
B) forgery by using another user's private key to sign a message with an electronic signature.
C) impersonation of a user by substitution of the user's public key with another person's public key.
D) forgery by substitution of another person's private key on the computer.
4. An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. Which of the following is MOST important?
A) The tools used to conduct the test
B) Certifications held by the IS auditor
C) Permission from the data owner of the server
D) An intrusion detection system (IDS) is enabled
5. After observing suspicious activities in a server, a manager requests a forensic analysis.Which of the following findings should be of MOST concern to the investigator?
A) Server is a member of a workgroup and not part of the server domain
B) Guest account is enabled on the server
C) Recently, 100 users were created in the server
D) Audit logs are not enabled for the server
1. Right Answer: A
Explanation: Outgoing traffic with an IP source address different than the IP range in the network is invalid, in most of the cases, it signals a DoS attack originated by an internal user or by a previously compromised internal machine; in both cases, applying this filter will stop the attack.
2. Right Answer: D
Explanation: Honeypots can collect data on precursors of attacks. Since they serve no business function, honeypots are hosts that have no authorized users other than the honeypot administrators. All activity directed at them is considered suspicious. Attackers will scan and attack honeypots, giving administrators data on new trends and attack tools, particularly malicious code. However, honeypots are a supplement to, not a replacement for, properly securing networks, systems and applications. If honeypots are to be used by an organization, qualified incident handlers and intrusion detection analysts should manage them. The other choices do not provide indications of potential attacks.
3. Right Answer: A
Explanation: The user's digital signature is only protected by a password. Compromise of the password would enable access to the signature. This is the most significant risk.Choice B would require subversion of the public key infrastructure mechanism, which is very difficult and least likely.Choice C would require that the message appear to have come from a different person and therefore the true user's credentials would not be forged. Choice D has the same consequence as choice C.
4. Right Answer: C
Explanation: The data owner should be informed of the risks associated with a penetration test, what types of tests are to be conducted and other relevant details. All other choices are not as important as the data owner's responsibility for the security of the data assets.
5. Right Answer: D
Explanation: Audit logs can provide evidence which is required to proceed with an investigation and should not be disabled. For business needs, a server can be a member of a workgroup and, therefore, not a concern. Having a guest account enabled on a system is a poor security practice but not a forensic investigation concern.Recently creating 100 users in the server may have been required to meet business needs and should not be a concern.
Explanation: Outgoing traffic with an IP source address different than the IP range in the network is invalid, in most of the cases, it signals a DoS attack originated by an internal user or by a previously compromised internal machine; in both cases, applying this filter will stop the attack.
2. Right Answer: D
Explanation: Honeypots can collect data on precursors of attacks. Since they serve no business function, honeypots are hosts that have no authorized users other than the honeypot administrators. All activity directed at them is considered suspicious. Attackers will scan and attack honeypots, giving administrators data on new trends and attack tools, particularly malicious code. However, honeypots are a supplement to, not a replacement for, properly securing networks, systems and applications. If honeypots are to be used by an organization, qualified incident handlers and intrusion detection analysts should manage them. The other choices do not provide indications of potential attacks.
3. Right Answer: A
Explanation: The user's digital signature is only protected by a password. Compromise of the password would enable access to the signature. This is the most significant risk.Choice B would require subversion of the public key infrastructure mechanism, which is very difficult and least likely.Choice C would require that the message appear to have come from a different person and therefore the true user's credentials would not be forged. Choice D has the same consequence as choice C.
4. Right Answer: C
Explanation: The data owner should be informed of the risks associated with a penetration test, what types of tests are to be conducted and other relevant details. All other choices are not as important as the data owner's responsibility for the security of the data assets.
5. Right Answer: D
Explanation: Audit logs can provide evidence which is required to proceed with an investigation and should not be disabled. For business needs, a server can be a member of a workgroup and, therefore, not a concern. Having a guest account enabled on a system is a poor security practice but not a forensic investigation concern.Recently creating 100 users in the server may have been required to meet business needs and should not be a concern.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment