CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 309
1. Which of the following is the MOST robust method for disposing of magnetic media that contains confidential information?
A) Degaussing
B) Defragmenting
C) Erasing
D) Destroying
2. Which of the following would MOST effectively control the usage of universal storage bus (USB) storage devices?
A) Policies that require instant dismissal if such devices are found
B) Software for tracking and managing USB storage devices
C) Administratively disabling the USB port
D) Searching personnel for USB storage devices at the facility's entrance
3. An organization is disposing of a number of laptop computers. Which of the following data destruction methods would be the MOST effective?
A) Run a low-level data wipe utility on all hard drives
B) Erase all data file directories
C) Format all hard drives
D) Physical destruction of the hard drive
4. To ensure authentication, confidentiality and integrity of a message, the sender should encrypt the hash of the message with the sender's:
A) public key and then encrypt the message with the receiver's private key.
B) private key and then encrypt the message with the receiver's public key.
C) public key and then encrypt the message with the receiver's public key.
D) private key and then encrypt the message with the receiver's private key.
5. Which of the following would be the MOST significant audit finding when reviewing a point-of-sale (POS) system?
A) invoices recorded on the POS system are manually entered into an accounting application
B) An optical scanner is not used to read bar codes for the generation of sales invoices
C) Frequent power outages occur, resulting in the manual preparation of invoices
D) Customer credit card information is stored unencrypted on the local POS system
A) Degaussing
B) Defragmenting
C) Erasing
D) Destroying
2. Which of the following would MOST effectively control the usage of universal storage bus (USB) storage devices?
A) Policies that require instant dismissal if such devices are found
B) Software for tracking and managing USB storage devices
C) Administratively disabling the USB port
D) Searching personnel for USB storage devices at the facility's entrance
3. An organization is disposing of a number of laptop computers. Which of the following data destruction methods would be the MOST effective?
A) Run a low-level data wipe utility on all hard drives
B) Erase all data file directories
C) Format all hard drives
D) Physical destruction of the hard drive
4. To ensure authentication, confidentiality and integrity of a message, the sender should encrypt the hash of the message with the sender's:
A) public key and then encrypt the message with the receiver's private key.
B) private key and then encrypt the message with the receiver's public key.
C) public key and then encrypt the message with the receiver's public key.
D) private key and then encrypt the message with the receiver's private key.
5. Which of the following would be the MOST significant audit finding when reviewing a point-of-sale (POS) system?
A) invoices recorded on the POS system are manually entered into an accounting application
B) An optical scanner is not used to read bar codes for the generation of sales invoices
C) Frequent power outages occur, resulting in the manual preparation of invoices
D) Customer credit card information is stored unencrypted on the local POS system
1. Right Answer: D
Explanation: Destroying magnetic media is the only way to assure that confidential information cannot be recovered. Degaussing or demagnetizing is not sufficient to fully erase information from magnetic media. The purpose of defragmentation is to eliminate fragmentation in file systems and does not remove information. Erasing or deleting magnetic media does not remove the information; this method simply changes a file's indexing information.
2. Right Answer: B
Explanation: Software for centralized tracking and monitoring would allow a USB usage policy to be applied to each user based on changing business requirements, and would provide for monitoring and reporting exceptions to management. A policy requiring dismissal may result in increased employee attrition and business requirements would not be properly addressed. Disabling ports would be complex to manage and might not allow for new business needs. Searching of personnel for USB storage devices at the entrance to a facility is not a practical solution since these devices are small and could be easily hidden.
3. Right Answer: D
Explanation: The most effective method is physical destruction. Running a low-level data wipe utility may leave some residual data that could be recovered; erasing data directories and formatting hard drives are easily reversed, exposing all data on the drive to unauthorized individuals.
4. Right Answer: B
Explanation: Obtaining the hash of the message ensures integrity; signing the hash of the message with the sender's private key ensures the authenticity of the origin, and encrypting the resulting message with the receiver's public key ensures confidentiality. The other choices are incorrect.
5. Right Answer: D
Explanation: It is important for the IS auditor to determine if any credit card information is stored on the local point-of-sale (POS) system. Any such information, if stored, should be encrypted or protected by other means to avoid the possibility of unauthorized disclosure. Manually inputting sale invoices into the accounting application is an operational issue, if the POS system were to be interfaced with the financial accounting application, the overall efficiency could be improved. The nonavailability of optical scanners to read bar codes of the products and power outages are operational issues.
Explanation: Destroying magnetic media is the only way to assure that confidential information cannot be recovered. Degaussing or demagnetizing is not sufficient to fully erase information from magnetic media. The purpose of defragmentation is to eliminate fragmentation in file systems and does not remove information. Erasing or deleting magnetic media does not remove the information; this method simply changes a file's indexing information.
2. Right Answer: B
Explanation: Software for centralized tracking and monitoring would allow a USB usage policy to be applied to each user based on changing business requirements, and would provide for monitoring and reporting exceptions to management. A policy requiring dismissal may result in increased employee attrition and business requirements would not be properly addressed. Disabling ports would be complex to manage and might not allow for new business needs. Searching of personnel for USB storage devices at the entrance to a facility is not a practical solution since these devices are small and could be easily hidden.
3. Right Answer: D
Explanation: The most effective method is physical destruction. Running a low-level data wipe utility may leave some residual data that could be recovered; erasing data directories and formatting hard drives are easily reversed, exposing all data on the drive to unauthorized individuals.
4. Right Answer: B
Explanation: Obtaining the hash of the message ensures integrity; signing the hash of the message with the sender's private key ensures the authenticity of the origin, and encrypting the resulting message with the receiver's public key ensures confidentiality. The other choices are incorrect.
5. Right Answer: D
Explanation: It is important for the IS auditor to determine if any credit card information is stored on the local point-of-sale (POS) system. Any such information, if stored, should be encrypted or protected by other means to avoid the possibility of unauthorized disclosure. Manually inputting sale invoices into the accounting application is an operational issue, if the POS system were to be interfaced with the financial accounting application, the overall efficiency could be improved. The nonavailability of optical scanners to read bar codes of the products and power outages are operational issues.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment