The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 71
- Question
- Answer
- Explanation
- CISA Question 72
- Question
- Answer
- Explanation
- CISA Question 73
- Question
- Answer
- Explanation
- CISA Question 74
- Question
- Answer
- Explanation
- CISA Question 75
- Question
- Answer
- Explanation
- CISA Question 76
- Question
- Answer
- Explanation
- CISA Question 77
- Question
- Answer
- Explanation
- CISA Question 78
- Question
- Answer
- Explanation
- CISA Question 79
- Question
- Answer
- Explanation
- CISA Question 80
- Question
- Answer
- Explanation
CISA Question 71
Question
The difference between a vulnerability assessment and a penetration test is that a vulnerability assessment:
A. searches and checks the infrastructure to detect vulnerabilities, whereas penetration testing intends to exploit the vulnerabilities to probe the damage that could result from the vulnerabilities.
B. and penetration tests are different names for the same activity.
C. is executed by automated tools, whereas penetration testing is a totally manual process.
D. is executed by commercial tools, whereas penetration testing is executed by public processes.
Answer
A. searches and checks the infrastructure to detect vulnerabilities, whereas penetration testing intends to exploit the vulnerabilities to probe the damage that could result from the vulnerabilities.
Explanation
The objective of a vulnerability assessment is to find the security holds in the computers and elements analyzed; its intent is not to damage the infrastructure. The intent of penetration testing is to imitate a hacker’s activities and determine how far they could go into the network. They are not the same; they have different approaches. Vulnerability assessments and penetration testing can be executed by automated or manual tools or processes and can be executed by commercial or free tools.
CISA Question 72
Question
An IS auditor performing detailed network assessments and access control reviews should FIRST:
A. determine the points of entry.
B. evaluate users’ access authorization.
C. assess users’ identification and authorization.
D. evaluate the domain-controlling server configuration.
Answer
A. determine the points of entry.
Explanation
In performing detailed network assessments and access control reviews, an IS auditor should first determine the points of entry to the system and review the points of entry accordingly for appropriate controls. Evaluation of user access authorization, assessment of user identification and authorization, and evaluation of the domain-controlling server configuration are all implementation issues for appropriate controls for the points of entry.
CISA Question 73
Question
The PRIMARY goal of a web site certificate is:
A. authentication of the web site that will be surfed.
B. authentication of the user who surfs through that site.
C. preventing surfing of the web site by hackers.
D. the same purpose as that of a digital certificate.
Answer
A. authentication of the web site that will be surfed.
Explanation
Authenticating the site to be surfed is the primary goal of a web certificate. Authentication of a user is achieved through passwords and not by a web site certificate. The site certificate does not prevent hacking nor does it authenticate a person.
CISA Question 74
Question
The Secure Sockets Layer (SSL) protocol addresses the confidentiality of a message through:
A. symmetric encryption.
B. message authentication code.
C. hash function.
D. digital signature certificates.
Answer
A. symmetric encryption.
Explanation
SSL uses a symmetric key for message encryption. A message authentication code is used for ensuring data integrity. Hash function is used for generating a message digest; it does not use public key encryption for message encryption. Digital signature certificates are used by SSL for server authentication.
CISA Question 75
Question
If inadequate, which of the following would be the MOST likely contributor to a denial-of- service attack?
A. Router configuration and rules
B. Design of the internal network
C. Updates to the router system software
D. Audit testing and review techniques
Answer
A. Router configuration and rules
Explanation
Inadequate router configuration and rules would lead to an exposure to denial-of-service attacks. Choices B and C would be lesser contributors.
Choice D is incorrect because audit testing and review techniques are applied after the fact.
CISA Question 76
Question
Which of the following is a concern when data are transmitted through Secure Sockets Layer (SSL) encryption, implemented on a trading partner’s server?
A. The organization does not have control over encryption.
B. Messages are subjected to wiretapping.
C. Data might not reach the intended recipient.
D. The communication may not be secure.
Answer
A. The organization does not have control over encryption.
Explanation
The SSL security protocol provides data encryption, server authentication, message integrity and optional client authentication. Because SSL is built into all major browsers and web servers, simply installing a digital certificate turns on the SSL capabilities. SSL encrypts the datum while it is being transmitted over the internet.
The encryption is done in the background, without any interaction from the user; consequently, there is no password to remember. The other choices are incorrect.
Since the communication between client and server is encrypted, the confidentiality of information is not affected by wiretapping. Since SSL does the client authentication, only the intended recipient will receive the decrypted data. All data sent over an encrypted SSL connection are protected with a mechanism to detect tampering, i.e., automatically determining whether data has been altered in transit.
CISA Question 77
Question
Which of the following internet security threats could compromise integrity?
A. Theft of data from the client
B. Exposure of network configuration information
C. A Trojan horse browser
D. Eavesdropping on the net
Answer
C. A Trojan horse browser
Explanation
Internet security threats/vulnerabilities to integrity include a Trojan horse, which could modify user data, memory and messages found in clientbrowser software.
The other options compromise confidentiality
CISA Question 78
Question
Which of the following provides the GREATEST assurance of message authenticity?
A. The prehash code is derived mathematically from the message being sent.
B. The prehash code is encrypted using the sender’s private key.
C. The prehash code and the message are encrypted using the secret key.
D. The sender attains the recipient’s public key and verifies the authenticity of its digital certificate with a certificate authority.
Answer
B. The prehash code is encrypted using the sender’s private key.
Explanation
Encrypting the prehash code using the sender’s private key provides assurance of the authenticity of the message. Mathematically deriving the prehash code provides integrity to the message. Encrypting the prehash code and the message using the secretkey provides confidentiality
CISA Question 79
Question
Which of the following is the MOST reliable sender authentication method?
A. Digital signatures
B. Asymmetric cryptography
C. Digital certificates
D. Message authentication code
Answer
C. Digital certificates
Explanation
Digital certificates are issued by a trusted third party. The message sender attaches the certificate and the recipient can verify authenticity with the certificate repository. Asymmetric cryptography, such as public key infrastructure (PKl), appears to authenticate the sender but is vulnerable to a man-in-the-middle attack.
Digital signatures are used for both authentication and confidentiality, but the identity of the sender would still be confirmed by the digital certificate. Message authentication code is used for message integrity verification.
CISA Question 80
Question
Which of the following implementation modes would provide the GREATEST amount of security for outbound data connecting to the internet?
A. Transport mode with authentication header (AH) plus encapsulating security payload (ESP)
B. Secure Sockets Layer (SSL) mode
C. Tunnel mode with AH plus ESP
D. Triple-DES encryption mode
Answer
C. Tunnel mode with AH plus ESP
Explanation
Tunnel mode provides protection to the entire IP package. To accomplish this, AH and ESP services can be nested. The transport mode provides primary protection for the higher layers of the protocols by extending protection to the data fields (payload) of an IP package. The SSL mode provides security to the higher communication layers (transport layer). The triple-DES encryption mode is an algorithm that provides confidentiality.