CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 301
1. The GREATEST risk posed by an improperly implemented intrusion prevention system (IPS) is:
A) that there will be too many alerts for system administrators to verify.
B) decreased network performance due to IPS traffic.
C) the blocking of critical systems or services due to false triggers.
D) reliance on specialized expertise within the IT organization.
2. The MOST effective control for reducing the risk related to phishing is:
A) centralized monitoring of systems.
B) including signatures for phishing in antivirus software.
C) publishing the policy on antiphishing on the intranet.
D) security training for all users.
3. When reviewing a digital certificate verification process, which of the following findings represents the MOST significant risk?
A) There is no registration authority (RA) for reporting key compromises
B) The certificate revocation list(CRL) is not current.
C) Digital certificates contain a public key that is used to encrypt messages and verify digital signatures.
D) Subscribers report key compromises to the certificate authority (CA).
4. When using a digital signature, the message digest is computed:
A) only by the sender.
B) only by the receiver.
C) by both the sender and the receiver.
D) by the certificate authority (CA).
5. Which of the following would effectively verify the originator of a transaction?
A) Using a secret password between the originator and the receiver
B) Encrypting the transaction with the receiver's public key
C) Using a portable document format (PDF) to encapsulate transaction content
D) Digitally signing the transaction with the source's private key
A) that there will be too many alerts for system administrators to verify.
B) decreased network performance due to IPS traffic.
C) the blocking of critical systems or services due to false triggers.
D) reliance on specialized expertise within the IT organization.
2. The MOST effective control for reducing the risk related to phishing is:
A) centralized monitoring of systems.
B) including signatures for phishing in antivirus software.
C) publishing the policy on antiphishing on the intranet.
D) security training for all users.
3. When reviewing a digital certificate verification process, which of the following findings represents the MOST significant risk?
A) There is no registration authority (RA) for reporting key compromises
B) The certificate revocation list(CRL) is not current.
C) Digital certificates contain a public key that is used to encrypt messages and verify digital signatures.
D) Subscribers report key compromises to the certificate authority (CA).
4. When using a digital signature, the message digest is computed:
A) only by the sender.
B) only by the receiver.
C) by both the sender and the receiver.
D) by the certificate authority (CA).
5. Which of the following would effectively verify the originator of a transaction?
A) Using a secret password between the originator and the receiver
B) Encrypting the transaction with the receiver's public key
C) Using a portable document format (PDF) to encapsulate transaction content
D) Digitally signing the transaction with the source's private key
1. Right Answer: C
Explanation: An intrusion prevention system (IPS) prevents a connection or service based on how it is programmed to react to specific incidents. If the packets are coming from a spoofed address and the IPS is triggered based on previously defined behavior, it may block the service or connection of a critical internal system. The other choices are risks that are not as severe as blocking critical systems or services due to false triggers.
2. Right Answer: D
Explanation: Phishing is a type of e-mail attack that attempts to convince a user that the originator is genuine, with the intention of obtaining information. Phishing is an example of a social engineering attack. Any social engineering type of attack can best Decontrolled through security and awareness training.
3. Right Answer: B
Explanation: If the certificate revocation list (CRL) is not current, there could be a digital certificate that is not revoked that could be used for unauthorized or fraudulent activities. The certificate authority (CA) can assume the responsibility if there is no registration authority (RA). Digital certificates containing a public key that is used to encrypt messages and verifying digital signatures is not a risk. Subscribers reporting key compromises to the CA is not a risk since reporting this to the CA enables the CA to take appropriate action.
4. Right Answer: C
Explanation: A digital signature is an electronic identification of a person or entity. It is created by using asymmetric encryption. To verify integrity of data, the sender uses a cryptographic hashing algorithm against the entire message to create a message digest to be sent along with the message. Upon receipt of the message, the receiver will recompute the hash using the same algorithm and compare results with what was sent to ensure the integrity of the message.
5. Right Answer: D
Explanation: A digital signature is an electronic identification of a person, created by using a public key algorithm, to verify to a recipient the identity of the source of a transaction and the integrity of its content. Since they are a 'shared secret' between the user and the system itself, passwords are considered a weaker means of authentication. Encrypting the transaction with the recipient's public key will provide confidentiality for the information, while using a portable document format(PDF) will probe the integrity of the content but not necessarily authorship.
Explanation: An intrusion prevention system (IPS) prevents a connection or service based on how it is programmed to react to specific incidents. If the packets are coming from a spoofed address and the IPS is triggered based on previously defined behavior, it may block the service or connection of a critical internal system. The other choices are risks that are not as severe as blocking critical systems or services due to false triggers.
2. Right Answer: D
Explanation: Phishing is a type of e-mail attack that attempts to convince a user that the originator is genuine, with the intention of obtaining information. Phishing is an example of a social engineering attack. Any social engineering type of attack can best Decontrolled through security and awareness training.
3. Right Answer: B
Explanation: If the certificate revocation list (CRL) is not current, there could be a digital certificate that is not revoked that could be used for unauthorized or fraudulent activities. The certificate authority (CA) can assume the responsibility if there is no registration authority (RA). Digital certificates containing a public key that is used to encrypt messages and verifying digital signatures is not a risk. Subscribers reporting key compromises to the CA is not a risk since reporting this to the CA enables the CA to take appropriate action.
4. Right Answer: C
Explanation: A digital signature is an electronic identification of a person or entity. It is created by using asymmetric encryption. To verify integrity of data, the sender uses a cryptographic hashing algorithm against the entire message to create a message digest to be sent along with the message. Upon receipt of the message, the receiver will recompute the hash using the same algorithm and compare results with what was sent to ensure the integrity of the message.
5. Right Answer: D
Explanation: A digital signature is an electronic identification of a person, created by using a public key algorithm, to verify to a recipient the identity of the source of a transaction and the integrity of its content. Since they are a 'shared secret' between the user and the system itself, passwords are considered a weaker means of authentication. Encrypting the transaction with the recipient's public key will provide confidentiality for the information, while using a portable document format(PDF) will probe the integrity of the content but not necessarily authorship.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment