The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1691
- Question
- Answer
- Explanation
- CISA Question 1692
- Question
- Answer
- Explanation
- CISA Question 1693
- Question
- Answer
- Explanation
- CISA Question 1694
- Question
- Answer
- Explanation
- CISA Question 1695
- Question
- Answer
- Explanation
- CISA Question 1696
- Question
- Answer
- Explanation
- CISA Question 1697
- Question
- Answer
- Explanation
- CISA Question 1698
- Question
- Answer
- Explanation
- CISA Question 1699
- Question
- Answer
- Explanation
- CISA Question 1700
- Question
- Answer
- Explanation
CISA Question 1691
Question
You may reduce a cracker’s chances of success by: (Choose all that apply.)
A. keeping your systems up to date using a security scanner.
B. hiring competent people responsible for security to scan and update your systems.
C. using multiple firewalls.
D. using multiple firewalls and IDS.
E. None of the choices.
Answer
A. keeping your systems up to date using a security scanner.
B. hiring competent people responsible for security to scan and update your systems.
Explanation
Only a small fraction of computer program code is mathematically proven, or even goes through comprehensive information technology audits or inexpensive but extremely valuable computer security audits, so it is quite possible for a determined cracker to read, copy, alter or destroy data in well secured computers, albeit at the cost of great time and resources. You may reduce a cracker’s chances by keeping your systems up to date, using a security scanner or/and hiring competent people responsible for security.
CISA Question 1692
Question
Why is one-time pad not always preferable for encryption: (Choose all that apply.)
A. it is difficult to use securely.
B. it is highly inconvenient to use.
C. it requires licensing fee.
D. it requires internet connectivity.
E. it is Microsoft only.
F. None of the choices.
Answer
A. it is difficult to use securely.
B. it is highly inconvenient to use.
Explanation
It’s possible to protect messages in transit by means of cryptography. One method of encryption – the one-time pad – has been proven to be unbreakable when correctly used. This method uses a matching pair of key- codes, securely distributed, which are used once-and-only-once to encode and decode a single message. Note that this method is difficult to use securely, and is highly inconvenient as well.
CISA Question 1693
Question
Which of the following encryption methods uses a matching pair of key-codes, securely distributed, which are used once-and-only-once to encode and decode a single message?
A. Blowfish
B. Tripwire
C. certificate
D. DES
E. one-time pad
F. None of the choices.
Answer
E. one-time pad
Explanation
It’s possible to protect messages in transit by means of cryptography. One method of encryption – the one-time pad – has been proven to be unbreakable when correctly used. This method uses a matching pair of key- codes, securely distributed, which are used once-and-only-once to encode and decode a single message. Note that this method is difficult to use securely, and is highly inconvenient as well.
CISA Question 1694
Question
Which of the following methods of encryption has been proven to be almost unbreakable when correctly used?
A. key pair
B. Oakley
C. certificate
D. 3-DES
E. one-time pad
F. None of the choices.
Answer
E. one-time pad
Explanation
It’s possible to protect messages in transit by means of cryptography. One method of encryption – the one-time pad –has been proven to be unbreakable when correctly used. This method uses a matching pair of key- codes, securely distributed, which are used once-and-only-once to encode and decode a single message. Note that this method is difficult to use securely, and is highly inconvenient as well.
CISA Question 1695
Question
Which of the following types of attack almost always requires physical access to the targets?
A. Direct access attack
B. Wireless attack
C. Port attack
D. Window attack
E. System attack
F. None of the choices.
Answer
A. Direct access attack
Explanation
Direct access attacks make use of common consumer devices that can be used to transfer data surreptitiously. Someone gaining physical access to a computer can install all manner of devices to compromise security, including operating system modifications, software worms, keyboard loggers, and covert listening devices. The attacker can also easily download large quantities of data onto backup media or portable devices.
CISA Question 1696
Question
Which of the following types of attack makes use of common consumer devices that can be used to transfer data surreptitiously?
A. Direct access attacks
B. Indirect access attacks
C. Port attack
D. Window attack
E. Social attack
F. None of the choices.
Answer
A. Direct access attacks
Explanation
Direct access attacks make use of common consumer devices that can be used to transfer data surreptitiously. Someone gaining physical access to a computer can install all manner of devices to compromise security, including operating system modifications, software worms, keyboard loggers, and covert listening devices. The attacker can also easily download large quantities of data onto backup media or portable devices.
CISA Question 1697
Question
Which of the following will replace system binaries and/or hook into the function calls of the operating system to hide the presence of other programs (choose the most precise answer)?
A. rootkits
B. virus
C. trojan
D. tripwire
E. None of the choices.
Answer
A. rootkits
Explanation
“A backdoor may take the form of an installed program (e.g., Back Orifice) or could be in the form of an existing “”legitimate”” program, or executable file. A specific form of backdoors are rootkits, which replaces system binaries and/or hooks into the function calls of the operating system to hide the presence of other programs, users, services and open ports.”
CISA Question 1698
Question
Back Orifice is an example of:
A. a virus.
B. a legitimate remote control software.
C. a backdoor that takes the form of an installed program.
D. an eavesdropper.
E. None of the choices.
Answer
C. a backdoor that takes the form of an installed program.
Explanation
“A backdoor may take the form of an installed program (e.g., Back Orifice) or could be in the form of an existing “”legitimate”” program, or executable file. A specific form of backdoors are rootkits, which replaces system binaries and/or hooks into the function calls of the operating system to hide the presence of other programs, users, services and open ports.”
CISA Question 1699
Question
Attack amplifier is often being HEAVILY relied upon on by which of the following types of attack?
A. Packet dropping
B. ToS
C. DDoS
D. ATP
E. Wiretapping
F. None of the choices.
Answer
C. DDoS
Explanation
Distributed denial of service (DDoS) attacks are common, where a large number of compromised hosts are used to flood a target system with network requests.
One technique to exhaust victim resources is through the use of an attack amplifier – where the attacker takes advantage of poorly designed protocols on 3rd party machines in order to instruct these hosts to launch the flood.
CISA Question 1700
Question
A computer system is no more secure than the human systems responsible for its operation. Malicious individuals have regularly penetrated welldesigned, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them. zombie computers are being HEAVILY relied upon on by which of the following types of attack?
A. Eavedropping
B. DoS
C. DDoS
D. ATP
E. Social Engineering
F. None of the choices.
Answer
C. DDoS
Explanation
“Distributed denial of service (DDoS) attacks are common, where a large number of compromised hosts (“”zombie computers””) are used to flood a target system with network requests, thus attempting to render it unusable through resource exhaustion.”