ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 1

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 1

Question

The FIRST step in a successful attack to a system would be:

A. gathering information.
B. gaining access.
C. denying services.
D. evading detection.

Answer

A. gathering information.

Explanation

Successful attacks start by gathering information about the target system. This is done in advance so that the attacker gets to know the target systems and their vulnerabilities. All of the other choices are based on the information gathered.

CISA Question 2

Question

The use of digital signatures:

A. requires the use of a one-time password generator.
B. provides encryption to a message.
C. validates the source of a message.
D. ensures message confidentiality.

Answer

C. validates the source of a message.

Explanation

The use of a digital signature verifies the identity of the sender, but does not encrypt the whole message, and hence is not enough to ensure confidentiality. A one- time password generator is an option, but is not a requirement for using digital signatures.

CISA Question 3

Question

What is the MOST prevalent security risk when an organization implements remote virtual private network (VPN) access to its network?

A. Malicious code could be spread across the network
B. VPN logon could be spoofed
C. Traffic could be sniffed and decrypted
D. VPN gateway could be compromised

Answer

A. Malicious code could be spread across the network

Explanation

VPN is a mature technology; VPN devices are hard to break. However, when remote access is enabled, malicious code in a remote client could spread to the organization’s network. Though choices B, C and D are security risks, VPN technology largely mitigates these risks.

CISA Question 4

Question

The human resources (HR) department has developed a system to allow employees to enroll in benefits via a web site on the corporate Intranet.
Which of the following would protect the confidentiality of the data?

A. SSL encryption
B. Two-factor authentication
C. Encrypted session cookies
D. IP address verification

Answer

A. SSL encryption

Explanation

The main risk in this scenario is confidentiality, therefore the only option which would provide confidentiality is Secure Socket Layer (SSL) encryption. The remaining options deal with authentication issues.

CISA Question 5

Question

A firewall is being deployed at a new location. Which of the following is the MOST important factor in ensuring a successful deployment?

A. Reviewing logs frequently
B. Testing and validating the rules
C. Training a local administrator at the new location
D. Sharing firewall administrative duties

Answer

B. Testing and validating the rules

Explanation

A mistake in the rule set can render a firewall insecure. Therefore, testing and validating the rules is the most important factor in ensuring a successful deployment. A regular review of log files would not start until the deployment has been completed. Training a local administrator may not be necessary if the firewalls are managed from a central location. Having multiple administrators is a good idea, but not the most important.

CISA Question 6

Question

Which of the following would be the GREATEST cause for concern when data are sent over the Internet using HTTPS protocol?

A. Presence of spyware in one of the ends
B. The use of a traffic sniffing tool
C. The implementation of an RSA-compliant solution
D. A symmetric cryptography is used for transmitting data

Answer

A. Presence of spyware in one of the ends

Explanation

Encryption using secure sockets layer/transport layer security (SSL/TLS) tunnels makes it difficult to intercept data in transit, but when spyware is running on an end user’s computer, data are collected before encryption takes place. The other choices are related to encrypting the traffic, but the presence of spyware in one of the ends captures the data before encryption takes place.

CISA Question 7

Question

After observing suspicious activities in a server, a manager requests a forensic analysis.
Which of the following findings should be of MOST concern to the investigator?

A. Server is a member of a workgroup and not part of the server domain
B. Guest account is enabled on the server
C. Recently, 100 users were created in the server
D. Audit logs are not enabled for the server

Answer

D. Audit logs are not enabled for the server

Explanation

Audit logs can provide evidence which is required to proceed with an investigation and should not be disabled. For business needs, a server can be a member of a workgroup and, therefore, not a concern. Having a guest account enabled on a system is a poor security practice but not a forensic investigation concern.
Recently creating 100 users in the server may have been required to meet business needs and should not be a concern.

CISA Question 8

Question

An IS auditor selects a server for a penetration test that will be carried out by a technical specialist. Which of the following is MOST important?

A. The tools used to conduct the test
B. Certifications held by the IS auditor
C. Permission from the data owner of the server
D. An intrusion detection system (IDS) is enabled

Answer

C. Permission from the data owner of the server

Explanation

The data owner should be informed of the risks associated with a penetration test, what types of tests are to be conducted and other relevant details. All other choices are not as important as the data owner’s responsibility for the security of the data assets.

CISA Question 9

Question

A company has decided to implement an electronic signature scheme based on public key infrastructure. The user’s private key will be stored on the computer’s hard drive and protected by a password. The MOST significant risk of this approach is:

A. use of the user’s electronic signature by another person if the password is compromised.
B. forgery by using another user’s private key to sign a message with an electronic signature.
C. impersonation of a user by substitution of the user’s public key with another person’s public key.
D. forgery by substitution of another person’s private key on the computer.

Answer

A. use of the user’s electronic signature by another person if the password is compromised.

Explanation

The user’s digital signature is only protected by a password. Compromise of the password would enable access to the signature. This is the most significant risk.
Choice B would require subversion of the public key infrastructure mechanism, which is very difficult and least likely.
Choice C would require that the message appear to have come from a different person and therefore the true user’s credentials would not be forged. Choice D has the same consequence as choice C.

CISA Question 10

Question

The network of an organization has been the victim of several intruders’ attacks. Which of the following measures would allow for the early detection of such incidents?

A. Antivirus software
B. Hardening the servers
C. Screening routers
D. Honeypots

Answer

D. Honeypots

Explanation

Honeypots can collect data on precursors of attacks. Since they serve no business function, honeypots are hosts that have no authorized users other than the honeypot administrators. All activity directed at them is considered suspicious. Attackers will scan and attack honeypots, giving administrators data on new trends and attack tools, particularly malicious code. However, honeypots are a supplement to, not a replacement for, properly securing networks, systems and applications. If honeypots are to be used by an organization, qualified incident handlers and intrusion detection analysts should manage them. The other choices do not provide indications of potential attacks.