Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 13

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1341

Question

Which of the following attack involves slicing small amount of money from a computerize transaction or account?

A. Eavesdropping
B. Traffic Analysis
C. Salami
D. Masquerading

Answer

C. Salami

Explanation

Salami slicing or Salami attack refers to a series of many small actions, often performed by clandestine means, that as an accumulated whole produces a much larger action or result that would be difficult or unlawful to perform all at once. The term is typically used pejoratively.

Although salami slicing is often used to carry out illegal activities, it is only a strategy for gaining an advantage over time by accumulating it in small increments, so it can be used in perfectly legal ways as well.

An example of salami slicing, also known as penny shaving, is the fraudulent practice of stealing money repeatedly in extremely small quantities, usually by taking advantage of rounding to the nearest cent (or other monetary unit) in financial transactions. It would be done by always rounding down, and putting the fractions of a cent into another account. The idea is to make the change small enough that any single transaction will go undetected.

In information security, a salami attack is a series of minor attacks that together results in a larger attack. Computers are ideally suited to automating this type of attack.

The following answers are incorrect:

Eavesdropping – is the act of secretly listening to the private conversation of others without their consent, as defined by Black’s Law Dictionary. This is commonly thought to be unethical and there is an old adage that “eavesdroppers seldom hear anything good of themselves…eavesdroppers always try to listen to matters that concern them.”

Traffic analysis – is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted and cannot be decrypted. In general, the greater the number of messages observed, or even intercepted and stored, the more can be inferred from the traffic. Traffic analysis can be performed in the context of military intelligence, counter-intelligence, or pattern-of-life analysis, and is a concern in computer security.

Masquerading – A masquerade attack is an attack that uses a fake identity, such as a network identity, to gain unauthorized access to personal computer information through legitimate access identification. If an authorization process is not fully protected, it can become extremely vulnerable to a masquerade attack.

Masquerade attacks can be perpetrated using stolen passwords and logons, by locating gaps in programs, or by finding a way around the authentication process.

The attack can be triggered either by someone within the organization or by an outsider if the organization is connected to a public network.

The amount of access masquerade attackers get depends on the level of authorization they’ve managed to attain. As such, masquerade attackers can have a full smorgasbord of cybercrime opportunities if they‘ve gained the highest access authority to a business organization.

Personal attacks, although less common, can also be harmful.

CISA Question 1342

Question

How often should a Business Continuity Plan be reviewed?

A. At least once a month
B. At least every six months
C. At least once a year
D. At least Quarterly

Answer

C. At least once a year

Explanation

As stated in SP 800-34 Rev. 1: To be effective, the plan must be maintained in a ready state that accurately reflects system requirements, procedures, organizational structure, and policies.

During the Operation/Maintenance phase of the SDLC, information systems undergo frequent changes because of shifting business needs, technology upgrades, or new internal or external policies.

As a general rule, the plan should be reviewed for accuracy and completeness at an organization-defined frequency (at least once a year for the purpose of the exam) or whenever significant changes occur to any element of the plan. Certain elements, such as contact lists, will require more frequent reviews.

Remember, there could be two good answers as specified above. Either once a year or whenever significant changes occur to the plan. You will of course get only one of the two presented within your exam.

CISA Question 1343

Question

As described at security policy, the CSO implemented an e-mail package solution that allows for ensuring integrity of messages sent using SMIME. Which of the options below BEST describes how it implements the environment to suite policyֲ´s requirement?

A. Implementing PGP and allowing for recipient to receive the private key used to sign e-mail message.
B. Implementing RSA standard for messages envelope and instructing users to sign all messages using their private key from their PKI digital certificate.
C. Implementing RSA standard for messages envelope and instructing users to sign all messages using their public key from their PKI digital certificate.
D. Implementing MIME solutions and providing a footer within each message sent, referencing to policy constraints related to e-mail usage.

Answer

B. Implementing RSA standard for messages envelope and instructing users to sign all messages using their private key from their PKI digital certificate.

Explanation

RSA e-mail standers stands for SMIME envelope. Using tm‘s private key to sign messages, users will ensure recipients of message integrity by using senderֲ´s public key for hash decryption and content comparison.

Exam candidates should be aware of e-mail solutions and technologies that addresses confidentiality, integrity and non-repudiation.

The following answers are incorrect:

  • Implementing PGP and allowing for recipient to receive the private key used to sign e-mail message.
  • Implementing RSA standard for messages envelope and instructing users to sign all messages using their public key from the PKI digital certificate.
  • Implementing MIME solutions and providing a footer within each message sent, referencing to policy constraints related to e-mail usage.

CISA Question 1344

Question

Business Continuity Planning (BCP) is not defined as a preparation that facilitates:

A. the rapid recovery of mission-critical business operations
B. the continuation of critical business functions
C. the monitoring of threat activity for adjustment of technical controls
D. the reduction of the impact of a disaster

Answer

C. the monitoring of threat activity for adjustment of technical controls

Explanation

The following answers are incorrect:

  • All of the other choices are facilitated by a BCP:
  • the continuation of critical business functions
  • the rapid recovery of mission-critical business operations
  • the reduction of the impact of a disaster

CISA Question 1345

Question

Which of the following statements regarding an off-site information processing facility is TRUE?

A. It should have the same amount of physical access restrictions as the primary processing site.
B. It should be located in proximity to the originating site so that it can quickly be made operational.
C. It should be easily identified from the outside so in the event of an emergency it can be easily found.
D. Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive.

Answer

A. It should have the same amount of physical access restrictions as the primary processing site.

Explanation

It is very important that the offsite has the same restrictions in order to avoided misuse.

The following answers are incorrect because:

  • It should be located in proximity to the originating site so that it can quickly be made operational is incorrect as the offsite is also subject to the same disaster as of the primary site.
  • It should be easily identified from the outside so in the event of an emergency it can be easily found is also incorrect as it should not be easily identified to prevent intentional sabotage.
  • Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive is also incorrect as it should be like its primary site.

CISA Question 1346

Question

During the testing of the business continuity plan (BCP), which of the following methods of results analysis provides the BEST assurance that the plan is workable?

A. Measurement of accuracy
B. Elapsed time for completion of critical tasks
C. Quantitatively measuring the results of the test
D. Evaluation of the observed test results

Answer

C. Quantitatively measuring the results of the test

Explanation

It is important to have ways to measure the success of the plan and tests against the stated objectives. Therefore, results must be quantitatively gauged as opposed to an evaluation based only on observation. Quantitatively measuring the results of the test involves a generic statement measuring all the activities performed during BCP, which gives the best assurance of an effective plan. Although choices A and B are also quantitative, they relate to specific areas, or an analysis of results from one viewpoint, namely the accuracy of the results and the elapsed time.

CISA Question 1347

Question

During a disaster recovery audit, an IS auditor finds that a business impact analysis (BIA) has not been performed. The auditor should FIRST:

A. perform a business impact analysis (BIA).
B. issue an intermediate report to management.
C. evaluate the impact on current disaster recovery capability.
D. ׁonduct additional compliance testing.

Answer

C. evaluate the impact on current disaster recovery capability.

CISA Question 1348

Question

An organization using instant messaging to communicate with customers can prevent legitimate customers from being impersonated by:

A. using call monitoring.
B. using firewalls to limit network traffic to authorized ports.
C. logging conversations.
D. authenticating users before conversations are initiated.

Answer

D. authenticating users before conversations are initiated.

CISA Question 1349

Question

Which of the following protects against the impact of temporary and rapid decreases or increases in electricity?

A. Redundant power supply
B. Emergency power-off switch
C. Stand-by generator
D. Uninterruptible power supply (UPS)

Answer

D. Uninterruptible power supply (UPS)

CISA Question 1350

Question

Documentation of workaround processes to keep a business function operational during recovery of IT systems is a core part of a:

A. business impact analysis (BIA).
B. threat and risk assessment.
C. business continuity plan (BCP).
D. disaster recovery plan (DRP).

Answer

C. business continuity plan (BCP).

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker