CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 310
1. When reviewing the procedures for the disposal of computers, which of the following should be the GREATEST concern for the IS auditor?
A) Hard disks are overwritten several times at the sector level, but are not reformatted before leaving the organization.
B) All files and folders on hard disks are separately deleted, and the hard disks are formatted before leaving the organization.
C) Hard disks are rendered unreadable by hole-punching through the platters at specific positions before leaving the organization.
D) The transport of hard disks is escorted by internal security staff to a nearby metal recycling company, where the hard disks are registered and then shredded.
2. At a hospital, medical personal carry handheld computers which contain patient health data. These handheld computers are synchronized with PCs which transfer data from a hospital database. Which of the following would be of the most importance?
A) The handheld computers are properly protected to prevent loss of data confidentiality, in case of theft or loss.
B) The employee who deletes temporary files from the local PC, after usage, is authorized to maintain PCs.
C) Timely synchronization is ensured by policies and procedures.
D) The usage of the handheld computers is allowed by the hospital policy.
3. Which of the following would BEST support 24/7 availability?
A) Daily backup
B) offsite storage
C) Mirroring
D) Periodic testing
4. The PRIMARY purpose of implementing Redundant Array of Inexpensive Disks (RAID) level 1 in a file server is to:
A) achieve performance improvement.
B) provide user authentication.
C) ensure availability of data.
D) ensure the confidentiality of data.
5. Which of the following is the MOST important criterion when selecting a location for an offsite storage facility for IS backup files? The offsite facility must be:
A) physically separated from the data center and not subject to the same risks.
B) given the same level of protection as that of the computer data center.
C) outsourced to a reliable third party.
D) equipped with surveillance capabilities.
A) Hard disks are overwritten several times at the sector level, but are not reformatted before leaving the organization.
B) All files and folders on hard disks are separately deleted, and the hard disks are formatted before leaving the organization.
C) Hard disks are rendered unreadable by hole-punching through the platters at specific positions before leaving the organization.
D) The transport of hard disks is escorted by internal security staff to a nearby metal recycling company, where the hard disks are registered and then shredded.
2. At a hospital, medical personal carry handheld computers which contain patient health data. These handheld computers are synchronized with PCs which transfer data from a hospital database. Which of the following would be of the most importance?
A) The handheld computers are properly protected to prevent loss of data confidentiality, in case of theft or loss.
B) The employee who deletes temporary files from the local PC, after usage, is authorized to maintain PCs.
C) Timely synchronization is ensured by policies and procedures.
D) The usage of the handheld computers is allowed by the hospital policy.
3. Which of the following would BEST support 24/7 availability?
A) Daily backup
B) offsite storage
C) Mirroring
D) Periodic testing
4. The PRIMARY purpose of implementing Redundant Array of Inexpensive Disks (RAID) level 1 in a file server is to:
A) achieve performance improvement.
B) provide user authentication.
C) ensure availability of data.
D) ensure the confidentiality of data.
5. Which of the following is the MOST important criterion when selecting a location for an offsite storage facility for IS backup files? The offsite facility must be:
A) physically separated from the data center and not subject to the same risks.
B) given the same level of protection as that of the computer data center.
C) outsourced to a reliable third party.
D) equipped with surveillance capabilities.
1. Right Answer: B
Explanation: Deleting and formatting does not completely erase the data but only marks the sectors that contained files as being free. There are tools available over the Internet which allow one to reconstruct most of a hard disk's contents. Overwriting a hard disk at the sector level would completely erase data, directories, indices and master file tables. Reformatting is not necessary since all contents are destroyed. Overwriting several times makes useless some forensic measures which are able to reconstruct former contents of newly overwritten sectors by analyzing special magnetic features of the platter's surface. While hole-punching does not delete file contents, the hard disk cannot be used anymore, especially when head parking zones and track zero information are impacted. Reconstructing data would be extremely expensive since all analysis must be performed under a clean room atmosphere and is only possible within a short time frame or until the surface is corroded. Data reconstruction from shredded hard disks is virtually impossible, especially when the scrap is mixed with other metal parts. If the transport can be secured and the destruction be proved as described in the option, this is a valid method of disposal.
2. Right Answer: A
Explanation: Data confidentiality is a major requirement of privacy regulations. Choices B, C and D relate to internal security requirements, and are secondary when compared to compliance with data privacy laws.
3. Right Answer: C
Explanation: Mirroring of critical elements is a too! that facilitates immediate recoverability. Daily backup implies that it is reasonable for restoration to take place within a number of hours but not immediately. Offsite storage and periodic testing of systems do not of themselves support continuous availability.
4. Right Answer: C
Explanation: RAID level 1 provides disk mirroring. Data written to one disk are also written to another disk. Users in the network access data in the first disk; if disk one fails, the second disk takes over. This redundancy ensures the availability of data. RAID level 1 does not improve performance, has no relevance to authentication and does nothing to provide for data confidentiality.
5. Right Answer: A
Explanation: It is important that there be an offsite storage location for IS files and that it be in a location not subject to the same risks as the primary data center. The other choices are all issues that must be considered when establishing the offsite location, but they are not as critical as the location selection.
Explanation: Deleting and formatting does not completely erase the data but only marks the sectors that contained files as being free. There are tools available over the Internet which allow one to reconstruct most of a hard disk's contents. Overwriting a hard disk at the sector level would completely erase data, directories, indices and master file tables. Reformatting is not necessary since all contents are destroyed. Overwriting several times makes useless some forensic measures which are able to reconstruct former contents of newly overwritten sectors by analyzing special magnetic features of the platter's surface. While hole-punching does not delete file contents, the hard disk cannot be used anymore, especially when head parking zones and track zero information are impacted. Reconstructing data would be extremely expensive since all analysis must be performed under a clean room atmosphere and is only possible within a short time frame or until the surface is corroded. Data reconstruction from shredded hard disks is virtually impossible, especially when the scrap is mixed with other metal parts. If the transport can be secured and the destruction be proved as described in the option, this is a valid method of disposal.
2. Right Answer: A
Explanation: Data confidentiality is a major requirement of privacy regulations. Choices B, C and D relate to internal security requirements, and are secondary when compared to compliance with data privacy laws.
3. Right Answer: C
Explanation: Mirroring of critical elements is a too! that facilitates immediate recoverability. Daily backup implies that it is reasonable for restoration to take place within a number of hours but not immediately. Offsite storage and periodic testing of systems do not of themselves support continuous availability.
4. Right Answer: C
Explanation: RAID level 1 provides disk mirroring. Data written to one disk are also written to another disk. Users in the network access data in the first disk; if disk one fails, the second disk takes over. This redundancy ensures the availability of data. RAID level 1 does not improve performance, has no relevance to authentication and does nothing to provide for data confidentiality.
5. Right Answer: A
Explanation: It is important that there be an offsite storage location for IS files and that it be in a location not subject to the same risks as the primary data center. The other choices are all issues that must be considered when establishing the offsite location, but they are not as critical as the location selection.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment