The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1341
- Question
- Answer
- Explanation
- CISA Question 1342
- Question
- Answer
- Explanation
- CISA Question 1343
- Question
- Answer
- Explanation
- CISA Question 1344
- Question
- Answer
- Explanation
- CISA Question 1345
- Question
- Answer
- Explanation
- CISA Question 1346
- Question
- Answer
- Explanation
- CISA Question 1347
- Question
- Answer
- CISA Question 1348
- Question
- Answer
- CISA Question 1349
- Question
- Answer
- CISA Question 1350
- Question
- Answer
CISA Question 1341
Question
Which of the following attack involves slicing small amount of money from a computerize transaction or account?
A. Eavesdropping
B. Traffic Analysis
C. Salami
D. Masquerading
Answer
C. Salami
Explanation
Salami slicing or Salami attack refers to a series of many small actions, often performed by clandestine means, that as an accumulated whole produces a much larger action or result that would be difficult or unlawful to perform all at once. The term is typically used pejoratively.
Although salami slicing is often used to carry out illegal activities, it is only a strategy for gaining an advantage over time by accumulating it in small increments, so it can be used in perfectly legal ways as well.
An example of salami slicing, also known as penny shaving, is the fraudulent practice of stealing money repeatedly in extremely small quantities, usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. It would be done by always rounding down, and putting the fractions of a cent into another account. The idea is to make the change small enough that any single transaction will go undetected.
In information security, a salami attack is a series of minor attacks that together results in a larger attack. Computers are ideally suited to automating this type of attack.
The following answers are incorrect:
Eavesdropping – is the act of secretly listening to the private conversation of others without their consent, as defined by Black’s Law Dictionary. This is commonly thought to be unethical and there is an old adage that “eavesdroppers seldom hear anything good of themselves…eavesdroppers always try to listen to matters that concern them.”
Traffic analysis – is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and stored, the more can be inferred from the traffic. Traffic analysis can be performed in the context of military intelligence, counter-intelligence, or pattern-of-life analysis, and is a concern in computer security.
Masquerading – A masquerade attack is an attack that uses a fake identity, such as a network identity, to gain unauthorized access to personal computer information through legitimate access identification. If an authorization process is not fully protected, it can become extremely vulnerable to a masquerade attack.
Masquerade attacks can be perpetrated using stolen passwords and logons, by locating gaps in programs, or by finding a way around the authentication process.
The attack can be triggered either by someone within the organization or by an outsider if the organization is connected to a public network.
The amount of access masquerade attackers get depends on the level of authorization they’ve managed to attain. As such, masquerade attackers can have a full smorgasbord of cybercrime opportunities if they‘ve gained the highest access authority to a business organization.
Personal attacks, although less common, can also be harmful.
CISA Question 1342
Question
How often should a Business Continuity Plan be reviewed?
A. At least once a month
B. At least every six months
C. At least once a year
D. At least Quarterly
Answer
C. At least once a year
Explanation
As stated in SP 800-34 Rev. 1: To be effective, the plan must be maintained in a ready state that accurately reflects system requirements, procedures, organizational structure, and policies.
During the Operation/Maintenance phase of the SDLC, information systems undergo frequent changes because of shifting business needs, technology upgrades, or new internal or external policies.
As a general rule, the plan should be reviewed for accuracy and completeness at an organization-defined frequency (at least once a year for the purpose of the exam) or whenever significant changes occur to any element of the plan. Certain elements, such as contact lists, will require more frequent reviews.
Remember, there could be two good answers as specified above. Either once a year or whenever significant changes occur to the plan. You will of course get only one of the two presented within your exam.
CISA Question 1343
Question
As described at security policy, the CSO implemented an e-mail package solution that allows for ensuring integrity of messages sent using SMIME. Which of the options below BEST describes how it implements the environment to suite policyֲ´s requirement?
A. Implementing PGP and allowing for recipient to receive the private key used to sign e-mail message.
B. Implementing RSA standard for messages envelope and instructing users to sign all messages using their private key from their PKI digital certificate.
C. Implementing RSA standard for messages envelope and instructing users to sign all messages using their public key from their PKI digital certificate.
D. Implementing MIME solutions and providing a footer within each message sent, referencing to policy constraints related to e-mail usage.
Answer
B. Implementing RSA standard for messages envelope and instructing users to sign all messages using their private key from their PKI digital certificate.
Explanation
RSA e-mail standers stands for SMIME envelope. Using tm‘s private key to sign messages, users will ensure recipients of message integrity by using senderֲ´s public key for hash decryption and content comparison.
Exam candidates should be aware of e-mail solutions and technologies that addresses confidentiality, integrity and non-repudiation.
The following answers are incorrect:
- Implementing PGP and allowing for recipient to receive the private key used to sign e-mail message.
- Implementing RSA standard for messages envelope and instructing users to sign all messages using their public key from the PKI digital certificate.
- Implementing MIME solutions and providing a footer within each message sent, referencing to policy constraints related to e-mail usage.
CISA Question 1344
Question
Business Continuity Planning (BCP) is not defined as a preparation that facilitates:
A. the rapid recovery of mission-critical business operations
B. the continuation of critical business functions
C. the monitoring of threat activity for adjustment of technical controls
D. the reduction of the impact of a disaster
Answer
C. the monitoring of threat activity for adjustment of technical controls
Explanation
The following answers are incorrect:
- All of the other choices are facilitated by a BCP:
- the continuation of critical business functions
- the rapid recovery of mission-critical business operations
- the reduction of the impact of a disaster
CISA Question 1345
Question
Which of the following statements regarding an off-site information processing facility is TRUE?
A. It should have the same amount of physical access restrictions as the primary processing site.
B. It should be located in proximity to the originating site so that it can quickly be made operational.
C. It should be easily identified from the outside so in the event of an emergency it can be easily found.
D. Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive.
Answer
A. It should have the same amount of physical access restrictions as the primary processing site.
Explanation
It is very important that the offsite has the same restrictions in order to avoided misuse.
The following answers are incorrect because:
- It should be located in proximity to the originating site so that it can quickly be made operational is incorrect as the offsite is also subject to the same disaster as of the primary site.
- It should be easily identified from the outside so in the event of an emergency it can be easily found is also incorrect as it should not be easily identified to prevent intentional sabotage.
- Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive is also incorrect as it should be like its primary site.
CISA Question 1346
Question
During the testing of the business continuity plan (BCP), which of the following methods of results analysis provides the BEST assurance that the plan is workable?
A. Measurement of accuracy
B. Elapsed time for completion of critical tasks
C. Quantitatively measuring the results of the test
D. Evaluation of the observed test results
Answer
C. Quantitatively measuring the results of the test
Explanation
It is important to have ways to measure the success of the plan and tests against the stated objectives. Therefore, results must be quantitatively gauged as opposed to an evaluation based only on observation. Quantitatively measuring the results of the test involves a generic statement measuring all the activities performed during BCP, which gives the best assurance of an effective plan. Although choices A and B are also quantitative, they relate to specific areas, or an analysis of results from one viewpoint, namely the accuracy of the results and the elapsed time.
CISA Question 1347
Question
During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST:
A. perform a business impact analysis (BIA).
B. issue an intermediate report to management.
C. evaluate the impact on current disaster recovery capability.
D. ׁonduct additional compliance testing.
Answer
C. evaluate the impact on current disaster recovery capability.
CISA Question 1348
Question
An organization using instant messaging to communicate with customers can prevent legitimate customers from being impersonated by:
A. using call monitoring.
B. using firewalls to limit network traffic to authorized ports.
C. logging conversations.
D. authenticating users before conversations are initiated.
Answer
D. authenticating users before conversations are initiated.
CISA Question 1349
Question
Which of the following protects against the impact of temporary and rapid decreases or increases in electricity?
A. Redundant power supply
B. Emergency power-off switch
C. Stand-by generator
D. Uninterruptible power supply (UPS)
Answer
D. Uninterruptible power supply (UPS)
CISA Question 1350
Question
Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:
A. business impact analysis (BIA).
B. threat and risk assessment.
C. business continuity plan (BCP).
D. disaster recovery plan (DRP).
Answer
C. business continuity plan (BCP).