The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 21
- Question
- Answer
- Explanation
- CISA Question 22
- Question
- Answer
- Explanation
- CISA Question 23
- Question
- Answer
- Explanation
- CISA Question 24
- Question
- Answer
- Explanation
- CISA Question 25
- Question
- Answer
- Explanation
- CISA Question 26
- Question
- Answer
- Explanation
- CISA Question 27
- Question
- Answer
- Explanation
- CISA Question 28
- Question
- Answer
- Explanation
- CISA Question 29
- Question
- Answer
- Explanation
- CISA Question 30
- Question
- Answer
- Explanation
CISA Question 21
Question
When installing an intrusion detection system (IDS), which of the following is MOST important?
A. Properly locating it in the network architecture
B. Preventing denial-of-service (DoS) attacks
C. Identifying messages that need to be quarantined
D. Minimizing the rejection errors
Answer
A. Properly locating it in the network architecture
Explanation
Proper location of an intrusion detection system (IDS) in the network is the most important decision during installation. A poorly located IDS could leave key areas of the network unprotected. Choices B, C and D are concerns during the configuration of an IDS, but if the IDS is not placed correctly, none of them would be adequately addressed.
CISA Question 22
Question
Which of the following would provide the BEST protection against the hacking of a computer connected to the Internet?
A. A remote access server
B. A proxy server
C. A personal firewall
D. A password-generating token
Answer
C. A personal firewall
Explanation
A personal firewall is the best way to protect against hacking, because it can be defined with rules that describe the type of user or connection that is or is not permitted. A remote access server can be mapped or scanned from the Internet, creating security exposures. Proxy servers can provide protection based on the
IP address and ports; however, an individual would need to have in-depth knowledge to do this, and applications can use different ports for the different sections of their program. A password-generating token may help to encrypt the session but does not protect a computer against hacking.
CISA Question 23
Question
An organization is using symmetric encryption. Which of the following would be a valid reason for moving to asymmetric encryption? Symmetric encryption:
A. provides authenticity.
B. is faster than asymmetric encryption.
C. can cause key management to be difficult.
D. requires a relatively simple algorithm.
Answer
C. can cause key management to be difficult.
Explanation
In a symmetric algorithm, each pair of users’ needs a unique pair of keys, so the number of keys grows and key management can become overwhelming.
Symmetric algorithms do not provide authenticity, and symmetric encryption is faster than asymmetric encryption. Symmetric algorithms require mathematical calculations, but they are not as complex as asymmetric algorithms.
CISA Question 24
Question
Which of the following BEST describes the role of a directory server in a public key infrastructure (PKI)?
A. Encrypts the information transmitted over the network
B. Makes other users’ certificates available to applications
C. Facilitates the implementation of a password policy
D. Stores certificate revocation lists (CRLs)
Answer
B. Makes other users’ certificates available to applications
Explanation
A directory server makes other users’ certificates available to applications. Encrypting the information transmitted over the network and storing certificate revocation lists (CRLs) are roles performed by a security server. Facilitating the implementation of a password policy is not relevant to public key infrastructure (PKl).
CISA Question 25
Question
An IS auditor reviewing the implementation of an intrusion detection system (IDS) should be MOST concerned if:
A. IDS sensors are placed outside of the firewall.
B. a behavior-based IDS is causing many false alarms.
C. a signature-based IDS is weak against new types of attacks.
Answer
D. the IDS is used to detect encrypted traffic.
Explanation
An intrusion detection system (IDS) cannot detect attacks within encrypted traffic, and it would be a concern if someone was misinformed and thought that the IDS could detect attacks in encrypted traffic. An organization can place sensors outside of the firewall to detect attacks.
These sensors are placed in highly sensitive areas and on extranets. Causing many false alarms is normal for a behavior-based IDS, and should not be a matter of concern. Being weak against new types of attacks is also expected from a signature- based IDS, because it can only recognize attacks that have been previously identified.
CISA Question 26
Question
To prevent IP spoofing attacks, a firewall should be configured to drop a packet if:
A. the source routing field is enabled.
B. it has a broadcast address in the destination field.
C. a reset flag (RST) is turned on for the TCP connection.
D. dynamic routing is used instead of static routing.
Answer
A. the source routing field is enabled.
Explanation
IP spoofing takes advantage of the source-routing option in the IP protocol. With this option enabled, an attacker can insert a spoofed source IP address. The packet will travel the network according to the information within the source-routing field, bypassing the logic in each router, including dynamic and static routing (choice D). Choices B and C do not have any relation to IP spoofing attacks. If a packet has a broadcast destination address (choice B), it will be sent to all addresses in the subnet. Turning on the reset flag (RST) (choice C) is part of the normal procedure to end a TCP connection.
CISA Question 27
Question
An IS auditor reviewing access controls for a client-server environment should FIRST:
A. evaluate the encryption technique.
B. identify the network access points.
C. review the identity management system.
D. review the application level access controls.
Answer
B. identify the network access points.
Explanation
A client-server environment typically contains several access points and utilizes distributed techniques, increasing the risk of unauthorized access to data and processing. To evaluate the security of the client server environment, all network access points should be identified.
Evaluating encryption techniques, reviewing the identity management system and reviewing the application level access controls would be performed at a later stage of the review.
CISA Question 28
Question
In auditing a web server, an IS auditor should be concerned about the risk of individuals gaining unauthorized access to confidential information through:
A. common gateway interface (CGI) scripts.
B. enterprise Java beans (EJBs).
C. applets.
D. web services.
Answer
A. common gateway interface (CGI) scripts.
Explanation
Common gateway interface (CGI) scripts are executable machine independent software programs on the server that can be called and executed by a web server page. CGI performs specific tasks such as processing inputs received from clients. The use of CGI scripts needs to be evaluated, because as they run in the server, a bug in them may allow a user to gain unauthorized access to the server and from there gain access to the organization’s network.
Applets are programs downloaded from a web server and executed on web browsers on client machines to run any web-based applications.
Enterprise java beans (EJBs) and web services have to be deployed by the web server administrator and are controlled by the application server.
Their execution requires knowledge of the parameters and expected return values.
CISA Question 29
Question
A virtual private network (VPN) provides data confidentiality by using:
A. Secure Sockets Layer (SSL)
B. Tunneling
C. Digital signatures
D. Phishing
Answer
B. Tunneling
Explanation
VPNs secure data in transit by encapsulating traffic, a process known as tunneling. SSL is a symmetric method of encryption between a server and a browser.
Digital signatures are not used in the VPN process, while phishing is a form of a social engineering attack.
CISA Question 30
Question
An IS auditor reviewing wireless network security determines that the Dynamic Host Configuration Protocol is disabled at all wireless access points. This practice:
A. reduces the risk of unauthorized access to the network.
B. is not suitable for small networks.
C. automatically provides an IP address to anyone.
D. increases the risks associated with Wireless Encryption Protocol (WEP).
Answer
A. reduces the risk of unauthorized access to the network.
Explanation
Dynamic Host Configuration Protocol (DHCP) automatically assigns IP addresses to anyone connected to the network. With DHCP disabled, static IP addresses must be used and represent less risk due to the potential for address contention between an unauthorized device and existing devices on the network. Choice B is incorrect because DHCP is suitable for small networks.
Choice C is incorrect because DHCP does not provide IP addresses when disabled. Choice D is incorrect because disabling of the DHCP makes it more difficult to exploit the well-known weaknesses in WEP.