The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 51
- Question
- Answer
- Explanation
- CISA Question 52
- Question
- Answer
- Explanation
- CISA Question 53
- Question
- Answer
- Explanation
- CISA Question 54
- Question
- Answer
- Explanation
- CISA Question 55
- Question
- Answer
- Explanation
- CISA Question 56
- Question
- Answer
- Explanation
- CISA Question 57
- Question
- Answer
- Explanation
- CISA Question 58
- Question
- Answer
- Explanation
- CISA Question 59
- Question
- Answer
- Explanation
- CISA Question 60
- Question
- Answer
- Explanation
CISA Question 51
Question
Confidentiality of the data transmitted in a wireless LAN is BEST protected if the session is:
A. restricted to predefined MAC addresses.
B. encrypted using static keys.
C. encrypted using dynamic keys.
D. initiated from devices that have encrypted storage.
Answer
C. encrypted using dynamic keys.
Explanation
When using dynamic keys, the encryption key is changed frequently, thus reducing the risk of the key being compromised and the message being decrypted.
Limiting the number of devices that can access the network does not address the issue of encrypting the session. Encryption with static keysusing the same key for a long period of time-risks that the key would be compromised. Encryption of the data on the connected device (laptop, PDA, etc.) addresses the confidentiality of the data on the device, not the wireless session.
CISA Question 52
Question
In a public key infrastructure, a registration authority:
A. verifies information supplied by the subject requesting a certificate.
B. issues the certificate after the required attributes are verified and the keys are generated.
C. digitally signs a message to achieve nonrepudiation of the signed message.
D. registers signed messages to protect them from future repudiation.
Answer
A. verifies information supplied by the subject requesting a certificate.
Explanation
A registration authority is responsible for verifying information supplied by the subject requesting a certificate, and verifies the requestor’s right to request certificate attributes and that the requestor actually possesses the private key corresponding to the public key being sent.
Certification authorities, not registration authorities, actually issue certificates once verification of the information has been completed; because of this, choice B is incorrect. On the other hand, the sender who has control of their private key signs the message, not the registration authority. Registering signed messages is not a task performed by registration authorities.
CISA Question 53
Question
What method might an IS auditor utilize to test wireless security at branch office locations?
A. War dialing
B. Social engineering
C. War driving
D. Password cracking
Answer
C. War driving
Explanation
War driving is a technique for locating and gaining access to wireless networks by driving or walking with a wireless equipped computer around a building. War dialing is a technique for gaining access to a computer or a network through the dialing of defined blocks of telephone numbers, with the hope of getting an answer from a modem. Social engineering is a technique used to gather information that can assist an attacker in gaining logical or physical access to data or resources. Social engineering exploits human weaknesses. Password crackers are tools used to guess users’ passwords by trying combinations and dictionary words
CISA Question 54
Question
Which of the following is the MOST important action in recovering from a cyberattack?
A. Creation of an incident response team
B. Use of cyber forensic investigators
C. Execution of a business continuity plan
D. Filling an insurance claim
Answer
C. Execution of a business continuity plan
Explanation
The most important key step in recovering from cyberattacks is the execution of a business continuity plan to quickly and cost-effectively recover critical systems, processes and data. The incident response team should exist prior to a cyberattack. When a cyberattack is suspected, cyber forensic investigators should be used to set up alarms, catch intruders within the network, and track and trace them over the Internet.
After taking the above steps, an organization may have a residual risk that needs to be insured and claimed for traditional and electronic exposures.
CISA Question 55
Question
Which of the following is BEST suited for secure communications within a small group?
A. Key distribution center
B. Certification authority
C. Web of trust
D. Kerberos Authentication System
Answer
C. Web of trust
Explanation
Web of trust is a key distribution method suitable for communication in a small group. It ensures pretty good privacy (PGP) and distributes the public keys of users within a group. Key distribution center is a distribution method suitable for internal communication for a large group within an institution, and it will distribute symmetric keys for each session. Certification authority is a trusted third party that ensures the authenticity of the owner of the certificate. This is necessary for large groups and formal communication. A Kerberos Authentication System extends the function of a key distribution center, by generating ‘tickets’ to define the facilities on networked machines which are accessible to each user.
CISA Question 56
Question
Disabling which of the following would make wireless local area networks more secure against unauthorized access?
A. MAC (Media Access Control) address filtering
B. WPA (Wi-Fi Protected Access Protocol)
C. LEAP (Lightweight Extensible Authentication Protocol)
D. SSID (service set identifier) broadcasting
Answer
D. SSID (service set identifier) broadcasting
Explanation
Disabling SSID broadcasting adds security by making it more difficult for unauthorized users to find the name of the access point. Disabling MAC address filtering would reduce security. Using MAC filtering makes it more difficult to access a WLAN, because it would be necessary to catch traffic and forge the MAC address.
Disabling WPA reduces security. Using WPA adds security by encrypting the traffic. Disabling LEAP reduces security. Using LEAP adds security by encrypting the wireless traffic.
CISA Question 57
Question
Which of the following cryptographic systems is MOST appropriate for bulk data encryption and small devices such as smart cards?
A. DES
B. AES
C. Triple DES
D. RSA
Answer
B. AES
Explanation
Advanced Encryption Standard (AES), a public algorithm that supports keys from 128 to 256 bits in size, not only provides good security, but provides speed and versatility across a variety of computer platforms. AES runs securely and efficiently on large computers, desktop computers and even small devices such as smart cards. DES is not considered a strong cryptographic solution since its entire key space can be brute forced by large computer systems within a relatively short period of time. Triple DES can take up to three times longer than DES to perform encryption and decryption. RSA keys are large numbers that are suitable only for short messages, such as the creation of a digital signature.
CISA Question 58
Question
An efficient use of public key infrastructure (PKI) should encrypt the:
A. entire message.
B. private key.
C. public key.
D. symmetric session key.
Answer
D. symmetric session key.
Explanation
Public key (asymmetric) cryptographic systems require larger keys (1,024 bits) and involve intensive and time-consuming computations. In comparison, symmetric encryption is considerably faster, yet relies on the security of the process for exchanging the secret key. To enjoy the benefits of both systems, a symmetric session key is exchanged using public key methods, after which it serves as the secret key for encrypting/decrypting messages sent between two parties.
CISA Question 59
Question
Which of the following ensures a sender’s authenticity and an e-mail’s confidentiality?
A. Encrypting the hash of the message with the sender’s private key and thereafter encrypting the hash of the message with the receiver’s public key
B. The sender digitally signing the message and thereafter encrypting the hash of the message with the sender’s private key
C. Encrypting the hash of the message with the sender’s private key and thereafter encrypting the message with the receiver’s public key
D. Encrypting the message with the sender’s private key and encrypting the message hash with the receiver’s public key.
Answer
C. Encrypting the hash of the message with the sender’s private key and thereafter encrypting the message with the receiver’s public key
Explanation
To ensure authenticity and confidentiality, a message must be encrypted twice: first with the sender’s private key, and then with the receiver’s public key. The receiver can decrypt the message, thus ensuring confidentiality of the message. Thereafter, the decrypted message can be decrypted with the public key of the sender, ensuring authenticity of the message. Encrypting the message with the sender’s private key enables anyone to decrypt it.
CISA Question 60
Question
To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the:
A. Firewall and the organization’s network.
B. Internet and the firewall.
C. Internet and the web server.
D. Web server and the firewall
Answer
A. Firewall and the organization’s network.
Explanation
Attack attempts that could not be recognized by the firewall will be detected if a network- based intrusion detection system is placed between the firewall and the organization’s network. A network-based intrusion detection system placed between the internet and the firewall will detect attack attempts, whether they do or do not enter the firewall.