CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 299
1. The FIRST step in a successful attack to a system would be:
A) gathering information.
B) gaining access.
C) denying services.
D) evading detection.
2. The sender of a public key would be authenticated by a:
A) certificate authority,
B) digital signature.
C) digital certificate.
D) registration authority.
3. An IS auditor finds that conference rooms have active network ports. Which of the following is MOST important to ensure?
A) The corporate network is using an intrusion prevention system (IPS)
B) This part of the network is isolated from the corporate network
C) A single sign-on has been implemented in the corporate network
D) Antivirus software is in place to protect the corporate network
4. What is the BEST action to prevent loss of data integrity or confidentiality in the case of an e- commerce application running on a LAN, processing electronic fund transfers (EFT) and orders?
A) Using virtual private network (VPN) tunnels for data transfer
B) Enabling data encryption within the application
C) Auditing the access control to the network
D) Logging all changes to access lists
5. When conducting a penetration test of an IT system, an organization should be MOST concerned with:
A) the confidentiality of the report.
B) finding all possible weaknesses on the system.
C) restoring all systems to the original state.
D) logging all changes made to the production system.
A) gathering information.
B) gaining access.
C) denying services.
D) evading detection.
2. The sender of a public key would be authenticated by a:
A) certificate authority,
B) digital signature.
C) digital certificate.
D) registration authority.
3. An IS auditor finds that conference rooms have active network ports. Which of the following is MOST important to ensure?
A) The corporate network is using an intrusion prevention system (IPS)
B) This part of the network is isolated from the corporate network
C) A single sign-on has been implemented in the corporate network
D) Antivirus software is in place to protect the corporate network
4. What is the BEST action to prevent loss of data integrity or confidentiality in the case of an e- commerce application running on a LAN, processing electronic fund transfers (EFT) and orders?
A) Using virtual private network (VPN) tunnels for data transfer
B) Enabling data encryption within the application
C) Auditing the access control to the network
D) Logging all changes to access lists
5. When conducting a penetration test of an IT system, an organization should be MOST concerned with:
A) the confidentiality of the report.
B) finding all possible weaknesses on the system.
C) restoring all systems to the original state.
D) logging all changes made to the production system.
1. Right Answer: A
Explanation: Successful attacks start by gathering information about the target system. This is done in advance so that the attacker gets to know the target systems and their vulnerabilities. All of the other choices are based on the information gathered.
2. Right Answer: C
Explanation: A digital certificate is an electronic document that declares a public key holder is who the holder claims to be. The certificates do handle data authentication as they are used to determine who sent a particular message. A certificate authority issues the digital certificates, and distributes, generates and manages public keys. A digital signature is used to ensure integrity of the message being sent and solve the nonrepudiation issue of message origination. The registration authority would perform most of the administrative tasks of a certificate authority, i.e., registration of the users of a digital signature plus authenticating the information that is put in the digital certificate.
3. Right Answer: B
Explanation: If the conference rooms have access to the corporate network, unauthorized users may be able to connect to the corporate network; therefore, both networks should be isolated either via a firewall or being physically separated. An I PS would detect possible attacks, but only after they have occurred. A single sign-on would ease authentication management. Antivirus software would reduce the impact of possible viruses; however, unauthorized users would still be able to access the corporate network, which is the biggest risk.
4. Right Answer: A
Explanation: The best way to ensure confidentiality and integrity of data is to encrypt it using virtual private network (VPN) tunnels. This is the most common and convenient way to encrypt the data traveling over the network. Data encryption within the application is less efficient than VPN. The other options are good practices, but they do not directly prevent the loss of data Integrity and confidentiality during communication through a network.
5. Right Answer: C
Explanation: All suggested items should be considered by the system owner before agreeing to penetration tests, but the most important task is to be able to restore all systems to their original state.Information that is created and/or stored on the tested systems should be removed from these systems. If for some reason, at the end of the penetration test, this is not possible, all files (with their location) should be identified in the technical report so that the client's technical staff will be able to remove these after the report has been received.
Explanation: Successful attacks start by gathering information about the target system. This is done in advance so that the attacker gets to know the target systems and their vulnerabilities. All of the other choices are based on the information gathered.
2. Right Answer: C
Explanation: A digital certificate is an electronic document that declares a public key holder is who the holder claims to be. The certificates do handle data authentication as they are used to determine who sent a particular message. A certificate authority issues the digital certificates, and distributes, generates and manages public keys. A digital signature is used to ensure integrity of the message being sent and solve the nonrepudiation issue of message origination. The registration authority would perform most of the administrative tasks of a certificate authority, i.e., registration of the users of a digital signature plus authenticating the information that is put in the digital certificate.
3. Right Answer: B
Explanation: If the conference rooms have access to the corporate network, unauthorized users may be able to connect to the corporate network; therefore, both networks should be isolated either via a firewall or being physically separated. An I PS would detect possible attacks, but only after they have occurred. A single sign-on would ease authentication management. Antivirus software would reduce the impact of possible viruses; however, unauthorized users would still be able to access the corporate network, which is the biggest risk.
4. Right Answer: A
Explanation: The best way to ensure confidentiality and integrity of data is to encrypt it using virtual private network (VPN) tunnels. This is the most common and convenient way to encrypt the data traveling over the network. Data encryption within the application is less efficient than VPN. The other options are good practices, but they do not directly prevent the loss of data Integrity and confidentiality during communication through a network.
5. Right Answer: C
Explanation: All suggested items should be considered by the system owner before agreeing to penetration tests, but the most important task is to be able to restore all systems to their original state.Information that is created and/or stored on the tested systems should be removed from these systems. If for some reason, at the end of the penetration test, this is not possible, all files (with their location) should be identified in the technical report so that the client's technical staff will be able to remove these after the report has been received.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment