The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 31
- Question
- Answer
- Explanation
- CISA Question 32
- Question
- Answer
- Explanation
- CISA Question 33
- Question
- Answer
- Explanation
- CISA Question 34
- Question
- Answer
- Explanation
- CISA Question 35
- Question
- Answer
- Explanation
- CISA Question 36
- Question
- Answer
- Explanation
- CISA Question 37
- Question
- Answer
- Explanation
- CISA Question 38
- Question
- Answer
- Explanation
- CISA Question 39
- Question
- Answer
- Explanation
- CISA Question 40
- Question
- Answer
- Explanation
CISA Question 31
Question
An investment advisor e-mails periodic newsletters to clients and wants reasonable assurance that no one has modified the newsletter. This objective can be achieved by:
A. encrypting the hash of the newsletter using the advisor’s private key.
B. encrypting the hash of the newsletter using the advisor’s public key.
C. digitally signing the document using the advisor’s private key.
D. encrypting the newsletter using the advisor’s private key.
Answer
A. encrypting the hash of the newsletter using the advisor’s private key.
Explanation
There is no attempt on the part of the investment advisor to prove their identity or to keep the newsletter confidential. The objective is to assure the receivers that it came to them without any modification, i.e., it has message integrity. Choice A is correct because the hash is encrypted using the advisor’s private key. The recipients can open the newsletter, recompute the hash and decrypt the received hash using the advisor’s public key. If the two hashes are equal, the newsletter was not modified in transit. Choice B is not feasible, for no one other than the investment advisor can open it. Choice C addresses sender authentication but not message integrity. Choice D addresses confidentiality, but not message integrity, because anyone can obtain the investment advisor’s public key, decrypt the newsletter, modify it and send it to others. The interceptor will not be able to use the advisor’s private key, because they do not have it.
Anything encrypted using the interceptor’s private key can be decrypted by the receiver only by using their public key
CISA Question 32
Question
An organization has a mix of access points that cannot be upgraded to stronger security and newer access points having advanced wireless security. An IS auditor recommends replacing the non-upgradeable access points. Which of the following would BEST justify the IS auditor’s recommendation?
A. The new access points with stronger security are affordable.
B. The old access points are poorer in terms of performance.
C. The organization’s security would be as strong as its weakest points.
D. The new access points are easier to manage.
Answer
C. The organization’s security would be as strong as its weakest points.
Explanation
The old access points should be discarded and replaced with products having strong security; otherwise, they will leave security holes open for attackers and thus make the entire network as weak as they are. Affordability is not the auditor’s major concern. Performance is not as important as security in this situation. Product manageability is not the IS auditor’s concern.
CISA Question 33
Question
Which of the following is a passive attack to a network?
A. Message modification
B. Masquerading
C. Denial of service
D. Traffic analysis
Answer
D. Traffic analysis
Explanation
The intruder determines the nature of the flow of traffic (traffic analysis) between defined hosts and is able to guess the type of communication taking place.
Message modification involves the capturing of a message and making unauthorized changes or deletions, changing the sequence or delaying transmission of captured messages. Masquerading is an active attack in which the intruder presents an identity other than the original identity.
Denial of service occurs when a computer connected to the internet is flooded with data and/or requests that must be processed.
CISA Question 34
Question
Sending a message and a message hash encrypted by the sender’s private key will ensure:
A. authenticity and integrity.
B. authenticity and privacy.
C. integrity and privacy.
D. privacy and nonrepudiation.
Answer
A. authenticity and integrity.
Explanation
If the sender sends both a message and a message hash encrypted by its private key, then the receiver can apply the sender’s public key to the hash and get the message hash. The receiver can apply the hashing algorithm to the message received and generate a hash. By matching the generated hash with the one received, the receiver is ensured that the message has been sent by the specific sender, i.e., authenticity, and that the message has not been changed enroute.
Authenticity and privacy will be ensured by first using the sender’s private key and then the receiver’s public key to encrypt the message. Privacy and integrity can be ensured by using the receiver’s public key to encrypt the message and sending a message hash/digest. Only nonrepudiation can be ensured by using the sender’s private key to encrypt the message. The sender’s public key, available to anyone, can decrypt a message; thus, it does not ensure privacy.
CISA Question 35
Question
An organization can ensure that the recipients of e-mails from its employees can authenticate the identity of the sender by:
A. digitally signing all e-mail messages.
B. encrypting all e-mail messages.
C. compressing all e-mail messages.
D. password protecting all e-mail messages.
Answer
A. digitally signing all e-mail messages.
Explanation
By digitally signing all e-mail messages, the receiver will be able to validate the authenticity of the sender. Encrypting all e-mail messages would ensure that only the intended recipient will be able to open the message; however, it would not ensure the authenticity of the sender.
Compressing all e-mail messages would reduce the size of the message, but would not ensure the authenticity. Password protecting all e-mail messages would ensure that only those who have the password would be able to open the message; however, it would not ensure the authenticity of the sender.
CISA Question 36
Question
Two-factor authentication can be circumvented through which of the following attacks?
A. Denial-of-service
B. Man-in-the-middle
C. Key logging
D. Brute force
Answer
B. Man-in-the-middle
Explanation
A man-in-the-middle attack is similar to piggybacking, in that the attacker pretends to be the legitimate destination, and then merely retransmits whatever is sent by the authorized user along with additional transactions after authentication has been accepted. A denial-of- service attack does not have a relationship to authentication. Key logging and brute force could circumvent a normal authentication but not a two-factor authentication.
CISA Question 37
Question
When conducting a penetration test of an organization’s internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected on the network?
A. Use the IP address of an existing file server or domain controller.
B. Pause the scanning every few minutes to allow thresholds to reset.
C. Conduct the scans during evening hours when no one is logged-in.
D. Use multiple scanning tools since each tool has different characteristics.
Answer
B. Pause the scanning every few minutes to allow thresholds to reset.
Explanation
Pausing the scanning every few minutes avoids overtaxing the network as well as exceeding thresholds that may trigger alert messages to the network administrator. Using the IP address of a server would result in an address contention that would attract attention. Conducting scans after hours would increase the chance of detection, since there would be less traffic to conceal ones activities. Using different tools could increase the likelihood that one of them would be detected by an intrusion detection system.
CISA Question 38
Question
Active radio frequency ID (RFID) tags are subject to which of the following exposures?
A. Session hijacking
B. Eavesdropping
C. Malicious code
D. Phishing
Answer
B. Eavesdropping
Explanation
Like wireless devices, active RFID tags are subject to eavesdropping. They are by nature not subject to session hijacking, malicious code or phishing.
CISA Question 39
Question
Which of the following public key infrastructure (PKI) elements provides detailed descriptions for dealing with a compromised private key?
A. Certificate revocation list (CRL)
B. Certification practice statement (CPS)
C. Certificate policy (CP)
D. PKI disclosure statement (PDS)
Answer
B. Certification practice statement (CPS)
Explanation
The CPS is the how-to part in policy-based PKI. The CRL is a list of certificates that have been revoked before their scheduled expiration date.
The CP sets the requirements that are subsequently implemented by the CPS. The PDS covers critical items such as the warranties, limitations and obligations that legally bind each party.
CISA Question 40
Question
Which of the following antispam filtering techniques would BEST prevent a valid, variable- length e-mail message containing a heavily weighted spam keyword from being labeled as spam?
A. Heuristic (rule-based)
B. Signature-based
C. Pattern matching
D. Bayesian (statistical)
Answer
D. Bayesian (statistical)
Explanation
Bayesian filtering applies statistical modeling to messages, by performing a frequency analysis on each word within the message and then evaluating the message as a whole. Therefore, it can ignore a suspicious keyword if the entire message is within normal bounds. Heuristic filtering is less effective, since new exception rules may need to be defined when a valid message is labeled as spam. Signature-based filtering is useless against variable- length messages, because the calculated MD5 hash changes all the time. Finally, pattern matching is actually a degraded rule- based technique, where the rules operate at the word level using wildcards, and not at higher levels.