ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 11

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 1181

Question

Which of the following are effective controls for detecting duplicate transactions such as payments made or received?

A. Concurrency controls
B. Reasonableness checks
C. Time stamps
D. Referential integrity controls

Answer

C. Time stamps

Explanation

Time stamps are an effective control for detecting duplicate transactions such as payments made or received.

CISA Question 1182

Question

What are used as the framework for developing logical access controls?

A. Information systems security policies
B. Organizational security policies
C. Access Control Lists (ACL)
D. Organizational charts for identifying roles and responsibilities

Answer

A. Information systems security policies

Explanation

Information systems security policies are used as the framework for developing logical access controls.

CISA Question 1183

Question

How does the SSL network protocol provide confidentiality?

A. Through symmetric encryption such as RSA
B. Through asymmetric encryption such as Data Encryption Standard, or DES
C. Through asymmetric encryption such as Advanced Encryption Standard, or AES
D. Through symmetric encryption such as Data Encryption Standard, or DES

Answer

D. Through symmetric encryption such as Data Encryption Standard, or DES

Explanation

The SSL protocol provides confidentiality through symmetric encryption such as Data Encryption.
Standard, or DES.

CISA Question 1184

Question

What type of cryptosystem is characterized by data being encrypted by the sender using the recipient’s public key, and the data then being decrypted using the recipient’s private key?

A. With public-key encryption, or symmetric encryption
B. With public-key encryption, or asymmetric encryption
C. With shared-key encryption, or symmetric encryption
D. With shared-key encryption, or asymmetric encryption

Answer

B. With public-key encryption, or asymmetric encryption

Explanation

With public key encryption or asymmetric encryption, data is encrypted by the sender using the recipient’s public key; the data is then decrypted using the recipient’s private key.

CISA Question 1185

Question

What is an initial step in creating a proper firewall policy?

A. Assigning access to users according to the principle of least privilege
B. Determining appropriate firewall hardware and software
C. Identifying network applications such as mail, web, or FTP servers
D. Configuring firewall access rules

Answer

C. Identifying network applications such as mail, web, or FTP servers

Explanation

Identifying network applications such as mail, web, or FTP servers to be externally accessed is an initial step in creating a proper firewall policy.

CISA Question 1186

Question

Which of the following best characterizes `worms`?

A. Malicious programs that can run independently and can propagate without the aid of a carrier program such as email.
B. Programming code errors that cause a program to repeatedly dump data
C. Malicious programs that require the aid of a carrier program such as email
D. Malicious programs that masquerade as common applications such as screensavers or macro- enabled Word documents

Answer

A. Malicious programs that can run independently and can propagate without the aid of a carrier program such as email.

Explanation

Worms are malicious programs that can run independently and can propagate without the aid of a carrier program such as email.

CISA Question 1187

Question

What increases encryption overhead and cost the most?

A. A long symmetric encryption key
B. A long asymmetric encryption key
C. A long Advance Encryption Standard (AES) key
D. A long Data Encryption Standard (DES) key

Answer

B. A long asymmetric encryption key

Explanation

A long asymmetric encryption key (public key encryption) increases encryption overhead and cost. All other answers are single shared symmetric keys.

CISA Question 1188

Question

What are used as a countermeasure for potential database corruption when two processes attempt to simultaneously edit or update the same information?

A. Referential integrity controls
B. Normalization controls
C. Concurrency controls
D. Run-to-run totals

Answer

A. Referential integrity controls

Explanation

Concurrency controls are used as a countermeasure for potential database corruption when two processes attempt to simultaneously edit or update the same information.

CISA Question 1189

Question

What can be very helpful to an IS auditor when determining the efficacy of a systems maintenance program?

A. Network-monitoring software
B. A system downtime log
C. Administration activity reports
D. Help-desk utilization trend reports

Answer

B. A system downtime log

Explanation

A system downtime log can be very helpful to an IS auditor when determining the efficacy of a systems maintenance program.

CISA Question 1190

Question

What benefit does using capacity-monitoring software to monitor usage patterns and trends provide to management?

A. The software can dynamically readjust network traffic capabilities based upon current usage.
B. The software produces nice reports that really impress management.
C. It allows users to properly allocate resources and ensure continuous efficiency of operations.
D. It allows management to properly allocate resources and ensure continuous efficiency of operations.

Answer

D. It allows management to properly allocate resources and ensure continuous efficiency of operations.

Explanation

Using capacity-monitoring software to monitor usage patterns and trends enables management to properly allocate resources and ensure continuous efficiency of operations.