ISACA CISA Certified Information Systems Auditor Exam Questions and Answers - 16 - Page 4 of 10

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1631

Question

Phishing attack works primarily through:

A. email and hyperlinks
B. SMS
C. chat
D. email attachment
E. news
F. file download
G. None of the choices.

Answer

A. email and hyperlinks

Explanation

“Phishing applies to email appearing to come from a legitimate business, requesting “verification”” of information and warning of some dire consequence if it is not done. The letter usually contains a link to a fradulent web page that looks legitimate and has a form requesting everything from a home address to an ATM card’s PIN.”

CISA Question 1632

Question

Why is it not preferable for a firewall to treat each network frame or packet in isolation?

A. Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet.
B. Such a firewall is costly to setup.
C. Such a firewall is too complicated to maintain.
D. Such a firewall is CPU hungry.
E. Such a firewall offers poor compatibility.
F. None of the choices.

Answer

A. Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet.

Explanation

A stateless firewall treats each network frame or packet in isolation.
Such a firewall has no way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet.

CISA Question 1633

Question

A major portion of what is required to address nonrepudiation is accomplished through the use of:

A. strong methods for authentication and ensuring data validity
B. strong methods for authentication and ensuring data integrity.
C. strong methods for authorization and ensuring data integrity.
D. strong methods for authentication and ensuring data reliability.
E. None of the choices.

Answer

B. strong methods for authentication and ensuring data integrity.

Explanation

A major portion of what is required to address nonrepudiation is accomplished through the use of strong methods for authentication and ensuring data integrity.

CISA Question 1634

Question

Screening router inspects traffic through examining:

A. message header.
B. virus payload
C. message content
D. attachment type
E. None of the choices.

Answer

A. message header.

Explanation

The simplest and almost cheapest type of firewall is a packet filter that stops messages with inappropriate network addresses. It usually consists of a screening router and a set of rules that accept or reject a message based on information in the message header.

CISA Question 1635

Question

Which of the following can be thought of as the simplest and almost cheapest type of firewall?

A. stateful firewall
B. hardware firewall
C. PIX firewall
D. packet filter
E. None of the choices.

Answer

D. packet filter

Explanation

CISA Question 1636

Question

Within a virus, which component is responsible for what the virus does to the victim file?

A. the payload
B. the signature
C. the trigger
D. the premium
E. None of the choices.

Answer

A. the payload

Explanation

“A virus typically consist of three parts, which are a mechanism that allows them to infect other files and reproduce a trigger that activates delivery of a “payload” and the payload from which the virus often gets its name. The payload is what the virus does to the victim file.”

CISA Question 1637

Question

A virus typically consists of what major parts (Choose three.):

A. a mechanism that allows them to infect other files and reproduce” a trigger that activates delivery of a “payload””
B. a payload
C. a signature
D. None of the choices.

Answer

A. a mechanism that allows them to infect other files and reproduce” a trigger that activates delivery of a “payload””
B. a payload
C. a signature

Explanation

CISA Question 1638

Question

You should keep all computer rooms at reasonable humidity levels, which are in between:

A. 20 – 70 percent.
B. 10 – 70 percent.
C. 10 – 60 percent.
D. 70 – 90 percent.
E. 60 – 80 percent.
F. None of the choices.

Answer

A. 20 – 70 percent.

Explanation

You should keep all computer rooms at reasonable temperatures, which is in between 60 – 75 degrees Fahrenheit or 10 – 25 degrees Celsius.
You should also keep humidity levels at 20 – 70 percent.

CISA Question 1639

Question

You should keep all computer rooms at reasonable temperatures, which is in between: (Choose all that apply.)

A. 60 – 75 degrees Fahrenheit
B. 10 – 25 degrees Celsius
C. 30 – 45 degrees Fahrenheit
D. 1 – 15 degrees Celsius
E. 20 – 35 degrees Fahrenheit
F. 0 – 5 degrees Celsius

Answer

A. 60 – 75 degrees Fahrenheit
B. 10 – 25 degrees Celsius

Explanation

CISA Question 1640

Question

Which of the following is a good time frame for making changes to passwords?

A. every 180 to 365 days
B. every 30 to 45 days
C. every 10 to 20 days
D. every 90 to 120 days
E. None of the choices.

Answer

D. every 90 to 120 days

Explanation

“Passwords are the first defensive line in protecting your data and information. Your users need to be made aware of what a password provides them and what can be done with their password. They also need to be made aware of the things that make up a good password versus a bad password. A good password has mixed-case alphabetic characters, numbers, and symbols. Do use a password that is at least eight or more characters. You may want to run a “password cracker” program periodically, and require users to immediately change any easily cracked passwords. In any case ask them to change their passwords every 90 to 120 days.”