CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISA—Certified Information Systems Auditor - Part 47
1. Which of the following ISO/OSI layers performs transformations on data to provide a standardized application interface and to provide common communication services such as encryption?
A) Application layer
B) Session layer
C) Presentation layer
D) Transport layer
2. Which of the following is NOT a defined ISO basic task related to network management?
A) Fault management
B) Accounting resources
C) Security management
D) Communications management
3. What is the most effective means of determining that controls are functioning properly within an operating system?
A) Interview with computer operator
B) Review of software control features and/or parameters
C) Review of operating system manual
D) Interview with product vendor
4. Which of the following characteristics pertaining to databases is not true?
A) A data model should exist and all entities should have a significant name.
B) Justifications must exist for normalized data.
C) No NULLs should be allowed for primary keys.
D) All relations must have a specific cardinality.
5. Which of the following is the BEST way to detect software license violations?
A) Implementing a corporate policy on copyright infringements and software use.
B) Requiring that all PCs be diskless workstations.
C) Installing metering software on the LAN so applications can be accessed through the metered software.
D) Regularly scanning PCs in use to ensure that unauthorized copies of software have not been loaded on the PC.
A) Application layer
B) Session layer
C) Presentation layer
D) Transport layer
2. Which of the following is NOT a defined ISO basic task related to network management?
A) Fault management
B) Accounting resources
C) Security management
D) Communications management
3. What is the most effective means of determining that controls are functioning properly within an operating system?
A) Interview with computer operator
B) Review of software control features and/or parameters
C) Review of operating system manual
D) Interview with product vendor
4. Which of the following characteristics pertaining to databases is not true?
A) A data model should exist and all entities should have a significant name.
B) Justifications must exist for normalized data.
C) No NULLs should be allowed for primary keys.
D) All relations must have a specific cardinality.
5. Which of the following is the BEST way to detect software license violations?
A) Implementing a corporate policy on copyright infringements and software use.
B) Requiring that all PCs be diskless workstations.
C) Installing metering software on the LAN so applications can be accessed through the metered software.
D) Regularly scanning PCs in use to ensure that unauthorized copies of software have not been loaded on the PC.
1. Right Answer: C
Explanation: The presentation layer (ISO/OSI layer 6) performs transformations on data to provide a standardized application interface and to provide common communication services such as encryption, text compression and reformatting. The function of the presentation layer is to ensure that the format of the data submitted by the application layer conforms to the applicable network standard.Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure andOperational Practices (page 119).
2. Right Answer: D
Explanation: Fault management: Detects the devices that present some kind of fault.Configuration management: Allows users to know, define and change remotely the configuration of any device.Accounting resources: Holds the records of the resource usage in the WAN.Performance management: Monitors usage levels and sets alarms when a threshold has been surpassed.Security management: Detects suspicious traffic or users and generates alarms accordingly.Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure andOperational Practices (page 137).
3. Right Answer: B
Explanation: Various operating system software products provide parameters and options for the tailoring of the system and activation of features such as activity logging.Parameters are important in determining how a system runs because they allow a standard piece of software to be customized to diverse environments. The reviewing of software control features and/or parameters is the most effective means of determining how controls are functioning within an operating system and of assessing and operating system's integrity.The operating system manual should provide information as to what settings can be used but will not likely give any hint as to how parameters are actually set.The product vendor and computer operator are not necessarily aware of the detailed setting of all parameters.The review of software control features and/or parameters would be part of your security audit. A security audit is typically performed by an independent third party to the management of the system. The audit determines the degree with which the required controls are implemented.A security review is conducted by the system maintenance or security personnel to discover vulnerabilities within the system. A vulnerability occurs when policies are not followed, miscon figurations are present, or flaws exist in the hardware or software of the system. System reviews are sometimes referred to as a vulnerability assessment.Reference(s) used for this question:Schneider, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition: Security Operations, Page 1054, for users with the Kindle edition look atLocations 851-855 -andInformation Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure andOperational Practices (page 102).
4. Right Answer: B
Explanation: Justifications should be provided when data is renormalized, not when it is normalized, because it introduces risk of data inconsistency. Renormalization is usually introduced for performance purposes.Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure andOperational Practices (page 108).
5. Right Answer: D
Explanation: The best way to prevent and detect software license violations is to regularly scan used PCs, either from the LAN or directly, to ensure that unauthorized copies of software have not been loaded on the PC.Other options are not detective.A corporate policy is not necessarily enforced and followed by all employees.Software can be installed from other means than floppies or CD-ROMs (from a LAN or even downloaded from the Internet) and software metering only concerns applications that are registered.Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure andOperational Practices (page 108).
Explanation: The presentation layer (ISO/OSI layer 6) performs transformations on data to provide a standardized application interface and to provide common communication services such as encryption, text compression and reformatting. The function of the presentation layer is to ensure that the format of the data submitted by the application layer conforms to the applicable network standard.Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure andOperational Practices (page 119).
2. Right Answer: D
Explanation: Fault management: Detects the devices that present some kind of fault.Configuration management: Allows users to know, define and change remotely the configuration of any device.Accounting resources: Holds the records of the resource usage in the WAN.Performance management: Monitors usage levels and sets alarms when a threshold has been surpassed.Security management: Detects suspicious traffic or users and generates alarms accordingly.Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure andOperational Practices (page 137).
3. Right Answer: B
Explanation: Various operating system software products provide parameters and options for the tailoring of the system and activation of features such as activity logging.Parameters are important in determining how a system runs because they allow a standard piece of software to be customized to diverse environments. The reviewing of software control features and/or parameters is the most effective means of determining how controls are functioning within an operating system and of assessing and operating system's integrity.The operating system manual should provide information as to what settings can be used but will not likely give any hint as to how parameters are actually set.The product vendor and computer operator are not necessarily aware of the detailed setting of all parameters.The review of software control features and/or parameters would be part of your security audit. A security audit is typically performed by an independent third party to the management of the system. The audit determines the degree with which the required controls are implemented.A security review is conducted by the system maintenance or security personnel to discover vulnerabilities within the system. A vulnerability occurs when policies are not followed, miscon figurations are present, or flaws exist in the hardware or software of the system. System reviews are sometimes referred to as a vulnerability assessment.Reference(s) used for this question:Schneider, Andrew (2013-04-15). Official (ISC)2 Guide to the CISSP CBK, Third Edition: Security Operations, Page 1054, for users with the Kindle edition look atLocations 851-855 -andInformation Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure andOperational Practices (page 102).
4. Right Answer: B
Explanation: Justifications should be provided when data is renormalized, not when it is normalized, because it introduces risk of data inconsistency. Renormalization is usually introduced for performance purposes.Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure andOperational Practices (page 108).
5. Right Answer: D
Explanation: The best way to prevent and detect software license violations is to regularly scan used PCs, either from the LAN or directly, to ensure that unauthorized copies of software have not been loaded on the PC.Other options are not detective.A corporate policy is not necessarily enforced and followed by all employees.Software can be installed from other means than floppies or CD-ROMs (from a LAN or even downloaded from the Internet) and software metering only concerns applications that are registered.Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure andOperational Practices (page 108).
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment