Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 1

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 51

Question

Confidentiality of the data transmitted in a wireless LAN is BEST protected if the session is:

A. restricted to predefined MAC addresses.
B. encrypted using static keys.
C. encrypted using dynamic keys.
D. initiated from devices that have encrypted storage.

Answer

C. encrypted using dynamic keys.

Explanation

When using dynamic keys, the encryption key is changed frequently, thus reducing the risk of the key being compromised and the message being decrypted.
Limiting the number of devices that can access the network does not address the issue of encrypting the session. Encryption with static keysusing the same key for a long period of time-risks that the key would be compromised. Encryption of the data on the connected device (laptop, PDA, etc.) addresses the confidentiality of the data on the device, not the wireless session.

CISA Question 52

Question

In a public key infrastructure, a registration authority:

A. verifies information supplied by the subject requesting a certificate.
B. issues the certificate after the required attributes are verified and the keys are generated.
C. digitally signs a message to achieve nonrepudiation of the signed message.
D. registers signed messages to protect them from future repudiation.

Answer

A. verifies information supplied by the subject requesting a certificate.

Explanation

A registration authority is responsible for verifying information supplied by the subject requesting a certificate, and verifies the requestor’s right to request certificate attributes and that the requestor actually possesses the private key corresponding to the public key being sent.
Certification authorities, not registration authorities, actually issue certificates once verification of the information has been completed; because of this, choice B is incorrect. On the other hand, the sender who has control of their private key signs the message, not the registration authority. Registering signed messages is not a task performed by registration authorities.

CISA Question 53

Question

What method might an IS auditor utilize to test wireless security at branch office locations?

A. War dialing
B. Social engineering
C. War driving
D. Password cracking

Answer

C. War driving

Explanation

War driving is a technique for locating and gaining access to wireless networks by driving or walking with a wireless equipped computer around a building. War dialing is a technique for gaining access to a computer or a network through the dialing of defined blocks of telephone numbers, with the hope of getting an answer from a modem. Social engineering is a technique used to gather information that can assist an attacker in gaining logical or physical access to data or resources. Social engineering exploits human weaknesses. Password crackers are tools used to guess users’ passwords by trying combinations and dictionary words

CISA Question 54

Question

Which of the following is the MOST important action in recovering from a cyberattack?

A. Creation of an incident response team
B. Use of cyber forensic investigators
C. Execution of a business continuity plan
D. Filling an insurance claim

Answer

C. Execution of a business continuity plan

Explanation

The most important key step in recovering from cyberattacks is the execution of a business continuity plan to quickly and cost-effectively recover critical systems, processes and data. The incident response team should exist prior to a cyberattack. When a cyberattack is suspected, cyber forensic investigators should be used to set up alarms, catch intruders within the network, and track and trace them over the Internet.
After taking the above steps, an organization may have a residual risk that needs to be insured and claimed for traditional and electronic exposures.

CISA Question 55

Question

Which of the following is BEST suited for secure communications within a small group?

A. Key distribution center
B. Certification authority
C. Web of trust
D. Kerberos Authentication System

Answer

C. Web of trust

Explanation

Web of trust is a key distribution method suitable for communication in a small group. It ensures pretty good privacy (PGP) and distributes the public keys of users within a group. Key distribution center is a distribution method suitable for internal communication for a large group within an institution, and it will distribute symmetric keys for each session. Certification authority is a trusted third party that ensures the authenticity of the owner of the certificate. This is necessary for large groups and formal communication. A Kerberos Authentication System extends the function of a key distribution center, by generating ‘tickets’ to define the facilities on networked machines which are accessible to each user.

CISA Question 56

Question

Disabling which of the following would make wireless local area networks more secure against unauthorized access?

A. MAC (Media Access Control) address filtering
B. WPA (Wi-Fi Protected Access Protocol)
C. LEAP (Lightweight Extensible Authentication Protocol)
D. SSID (service set identifier) broadcasting

Answer

D. SSID (service set identifier) broadcasting

Explanation

Disabling SSID broadcasting adds security by making it more difficult for unauthorized users to find the name of the access point. Disabling MAC address filtering would reduce security. Using MAC filtering makes it more difficult to access a WLAN, because it would be necessary to catch traffic and forge the MAC address.
Disabling WPA reduces security. Using WPA adds security by encrypting the traffic. Disabling LEAP reduces security. Using LEAP adds security by encrypting the wireless traffic.

CISA Question 57

Question

Which of the following cryptographic systems is MOST appropriate for bulk data encryption and small devices such as smart cards?

A. DES
B. AES
C. Triple DES
D. RSA

Answer

B. AES

Explanation

Advanced Encryption Standard (AES), a public algorithm that supports keys from 128 to 256 bits in size, not only provides good security, but provides speed and versatility across a variety of computer platforms. AES runs securely and efficiently on large computers, desktop computers and even small devices such as smart cards. DES is not considered a strong cryptographic solution since its entire key space can be brute forced by large computer systems within a relatively short period of time. Triple DES can take up to three times longer than DES to perform encryption and decryption. RSA keys are large numbers that are suitable only for short messages, such as the creation of a digital signature.

CISA Question 58

Question

An efficient use of public key infrastructure (PKI) should encrypt the:

A. entire message.
B. private key.
C. public key.
D. symmetric session key.

Answer

D. symmetric session key.

Explanation

Public key (asymmetric) cryptographic systems require larger keys (1,024 bits) and involve intensive and time-consuming computations. In comparison, symmetric encryption is considerably faster, yet relies on the security of the process for exchanging the secret key. To enjoy the benefits of both systems, a symmetric session key is exchanged using public key methods, after which it serves as the secret key for encrypting/decrypting messages sent between two parties.

CISA Question 59

Question

Which of the following ensures a sender’s authenticity and an e-mail’s confidentiality?

A. Encrypting the hash of the message with the sender’s private key and thereafter encrypting the hash of the message with the receiver’s public key
B. The sender digitally signing the message and thereafter encrypting the hash of the message with the sender’s private key
C. Encrypting the hash of the message with the sender’s private key and thereafter encrypting the message with the receiver’s public key
D. Encrypting the message with the sender’s private key and encrypting the message hash with the receiver’s public key.

Answer

C. Encrypting the hash of the message with the sender’s private key and thereafter encrypting the message with the receiver’s public key

Explanation

To ensure authenticity and confidentiality, a message must be encrypted twice: first with the sender’s private key, and then with the receiver’s public key. The receiver can decrypt the message, thus ensuring confidentiality of the message. Thereafter, the decrypted message can be decrypted with the public key of the sender, ensuring authenticity of the message. Encrypting the message with the sender’s private key enables anyone to decrypt it.

CISA Question 60

Question

To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the:

To detect attack attempts that the firewall is unable to recognize, an IS auditor should recommend placing a network intrusion detection system (IDS) between the.

A. Firewall and the organization’s network.
B. Internet and the firewall.
C. Internet and the web server.
D. Web server and the firewall

Answer

A. Firewall and the organization’s network.

Explanation

Attack attempts that could not be recognized by the firewall will be detected if a network- based intrusion detection system is placed between the firewall and the organization’s network. A network-based intrusion detection system placed between the internet and the firewall will detect attack attempts, whether they do or do not enter the firewall.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker