ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 1

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 41

Question

The IS management of a multinational company is considering upgrading its existing virtual private network (VPN) to support voice-over IP (VoIP) communications via tunneling. Which of the following considerations should be PRIMARILY addressed?

A. Reliability and quality of service (QoS)
B. Means of authentication
C. Privacy of voice transmissions
D. Confidentiality of data transmissions

Answer

A. Reliability and quality of service (QoS)

Explanation

The company currently has a VPN; issues such as authentication and confidentiality have been implemented by the VPN using tunneling.
Privacy of voice transmissions is provided by the VPN protocol. Reliability and QoS are, therefore, the primary considerations to be addressed.

CISA Question 42

Question

Which of the following encryption techniques will BEST protect a wireless network from a man-in-the-middle attack?

A. 128-bit wired equivalent privacy (WEP)
B. MAC-based pre-shared key(PSK)
C. Randomly generated pre-shared key (PSKJ
D. Alphanumeric service set identifier (SSID)

Answer

C. Randomly generated pre-shared key (PSKJ

Explanation

A randomly generated PSK is stronger than a MAC-based PSK, because the MAC address of a computer is fixed and often accessible. WEP has been shown to be a very weak encryption technique and can be cracked within minutes. The SSID is broadcast on the wireless network in plaintext.

CISA Question 43

Question

IS management recently replaced its existing wired local area network (LAN) with a wireless infrastructure to accommodate the increased use of mobile devices within the organization. This will increase the risk of which of the following attacks?

A. Port scanning
B. Back door
C. Man-in-the-middle
D. War driving

Answer

D. War driving

Explanation

A war driving attack uses a wireless Ethernet card, set in promiscuous mode, and a powerful antenna to penetrate wireless systems from outside. Port scanning will often target the external firewall of the organization. A back door is an opening left in software that enables an unknown entry into a system. Man-in-the-middle attacks intercept a message and either replace or modify it.

CISA Question 44

Question

An IS auditor notes that IDS log entries related to port scanning are not being analyzed. This lack of analysis will MOST likely increase the risk of success of which of the following attacks?

A. Denial-of-service
B. Replay
C. Social engineering
D. Buffer overflow

Answer

A. Denial-of-service

Explanation

Prior to launching a denial-of-service attack, hackers often use automatic port scanning software to acquire information about the subject of their attack. A replay attack is simply sending the same packet again. Social engineering exploits end-user vulnerabilities, and buffer overflow attacks exploit poorly written code.

CISA Question 45

Question

In transport mode, the use of the Encapsulating Security Payload (ESP) protocol is advantageous over the Authentication Header (AH) protocol because it provides:

A. connectionless integrity.
B. data origin authentication.
C. antireplay service.
D. confidentiality.

Answer

D. confidentiality.

Explanation

Both protocols support choices A, B and C, but only the ESP protocol provides confidentiality via encryption.

CISA Question 46

Question

Validated digital signatures in an e-mail software application will:

A. help detect spam.
B. provide confidentiality.
C. add to the workload of gateway servers.
D. significantly reduce available bandwidth.

Answer

A. help detect spam.

Explanation

Validated electronic signatures are based on qualified certificates that are created by a certification authority (CA), with the technical standards required to ensure the key can neither be forced nor reproduced in a reasonable time. Such certificates are only delivered through a registration authority (RA) after a proof of identity has been passed. Using strong signatures in e- mail traffic, nonrepudiation can be assured and a sender can be tracked. The recipient can configure their e-mail server or client to automatically delete e-mails from specific senders. For confidentiality issues, one must use encryption, not a signature, although both methods can be based on qualified certificates. Without any filters directly applied on mail gateway servers to block traffic without strong signatures, the workload will not increase. Using filters directly on a gateway server will result in an overhead less than antivirus software imposes. Digital signatures are only a few bytes in size and will not slash bandwidth. Even if gateway servers were to check CRLs, there is little overhead.

CISA Question 47

Question

Distributed denial-of-service (DDOS) attacks on Internet sites are typically evoked by hackers using which of the following?

A. Logic bombs
B. Phishing
C. Spyware
D. Trojan horses

Answer

D. Trojan horses

Explanation

Trojan horses are malicious or damaging code hidden within an authorized computer program. Hackers use Trojans to mastermind DDOS attacks that affect computers that access the same Internet site at the same moment, resulting in overloaded site servers that may no longer be able to process legitimate requests.
Logic bombs are programs designed to destroy or modify data at a specific time in the future. Phishing is an attack, normally via e-mail, pretending to be an authorized person or organization requesting information. Spyware is a program that picks up information from PC drives by making copies of their contents.

CISA Question 48

Question

When reviewing an intrusion detection system (IDS), an IS auditor should be MOST concerned about which of the following?

A. Number of nonthreatening events identified as threatening
B. Attacks not being identified by the system
C. Reports/logs being produced by an automated tool
D. Legitimate traffic being blocked by the system

Answer

B. Attacks not being identified by the system

Explanation

Attacks not being identified by the system present a higher risk, because they are unknown and no action will be taken to address the attack.
Although the number of false-positives is a serious issue, the problem will be known and can be corrected. Often, IDS reports are first analyzed by an automated tool to eliminate known false-positives, which generally are not a problem. An IDS does not block any traffic.

CISA Question 49

Question

Over the long term, which of the following has the greatest potential to improve the security incident response process?

A. A walkthrough review of incident response procedures
B. Postevent reviews by the incident response team
C. Ongoing security training for users
D. Documenting responses to an incident

Answer

B. Postevent reviews by the incident response team

Explanation

Postevent reviews to find the gaps and shortcomings in the actual incident response processes will help to improve the process over time.
Choices A, C and D are desirable actions, but postevent reviews are the most reliable mechanism for improving security incident response processes.

CISA Question 50

Question

Which of the following provides the MOST relevant information for proactively strengthening security settings?

A. Bastion host
B. Intrusion detection system
C. Honeypot
D. Intrusion prevention system

Answer

C. Honeypot

Explanation

The design of a honeypot is such that it lures the hacker and provides clues as to the hacker’s methods and strategies and the resources required to address such attacks. A bastion host does not provide information about an attack. Intrusion detection systems and intrusion prevention systems are designed to detect and address an attack in progress and stop it as soon as possible. A honeypot allows the attack to continue, so as to obtain information about the hacker’s strategy and methods.