The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 1701
- Question
- Answer
- Explanation
- CISA Question 1702
- Question
- Answer
- Explanation
- CISA Question 1703
- Question
- Answer
- Explanation
- CISA Question 1704
- Question
- Answer
- Explanation
- CISA Question 1705
- Question
- Answer
- Explanation
- CISA Question 1706
- Question
- Answer
- Explanation
- CISA Question 1707
- Question
- Answer
- Explanation
- CISA Question 1708
- Question
- Answer
- Explanation
- CISA Question 1709
- Question
- Answer
- Explanation
- CISA Question 1710
- Question
- Answer
- Explanation
CISA Question 1701
Question
TEMPEST is a hardware for which of the following purposes?
A. Eavedropping
B. Social engineering
C. Virus scanning
D. Firewalling
E. None of the choices.
Answer
A. Eavedropping
Explanation
Any data that is transmitted over a network is at some risk of being eavesdropped, or even modified by a malicious person. Even machines that operate as a closed system can be eavesdropped upon via monitoring the faint electromagnetic transmissions generated by the hardware such as TEMPEST.
CISA Question 1702
Question
Machines that operate as a closed system can NEVER be eavesdropped.
A. True
B. False
Answer
B. False
Explanation
Any data that is transmitted over a network is at some risk of being eavesdropped, or even modified by a malicious person. Even machines that operate as a closed system can be eavesdropped upon via monitoring the faint electromagnetic transmissions generated by the hardware such as TEMPEST.
CISA Question 1703
Question
Codes from exploit programs are frequently reused in:
A. trojan horses only.
B. computer viruses only.
C. OS patchers.
D. eavedroppers.
E. trojan horses and computer viruses.
F. None of the choices.
Answer
E. trojan horses and computer viruses.
Explanation
“The term “”exploit”” generally refers to small programs designed to take advantage of a software flaw that has been discovered, either remote or local. The code from the exploit program is frequently reused in trojan horses and computer viruses. In some cases, a vulnerability can lie in a certain programs processing of a specific file type, such as a non-executable media file.”
CISA Question 1704
Question
Which of the following terms generally refers to small programs designed to take advantage of a software flaw that has been discovered?
A. exploit
B. patch
C. quick fix
D. service pack
E. malware
F. None of the choices.
Answer
A. exploit
Explanation
“The term “”exploit”” generally refers to small programs designed to take advantage of a software flaw that has been discovered, either remote or local. The code from the exploit program is frequently reused in trojan horses and computer viruses. In some cases, a vulnerability can lie in a certain programs processing of a specific file type, such as a non-executable media file.”
CISA Question 1705
Question
The ‘trusted systems’ approach has been predominant in the design of:
A. many earlier Microsoft OS products
B. the IBM AS/400 series
C. the SUN Solaris series
D. most OS products in the market
E. None of the choices.
Answer
A. many earlier Microsoft OS products
Explanation
The ‘trusted systems’ approach has been predominant in the design of many Microsoft OS products, due to the long-standing Microsoft policy of emphasizing functionality and ‘ease of use’.
CISA Question 1706
Question
Security should ALWAYS be an all or nothing issue.
A. True
B. True for trusted systems only
C. True for untrusted systems only
D. False
E. None of the choices.
Answer
D. False
Explanation
Security should not be an all or nothing issue. The designers and operators of systems should assume that security breaches are inevitable in the long term. Full audit trails should be kept of system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined.
CISA Question 1707
Question
Under the concept of defense in depth, subsystems should be designed to:
A. fail insecure
B. fail secure
C. react to attack
D. react to failure
E. None of the choices
Answer
B. fail secure
Explanation
With 0 defense in depth, more than one subsystem needs to be compromised to compromise the security of the system and the information it holds.
Subsystems should default to secure settings, and wherever possible should be designed to fail secure rather than fail insecure.
CISA Question 1708
Question
Which of the following BEST describes the concept of “”defense in depth””?
A. more than one subsystem needs to be compromised to compromise the security of the system and the information it holds.
B. multiple firewalls are implemented.
C. multiple firewalls and multiple network OS are implemented.
D. intrusion detection and firewall filtering are required.
E. None of the choices.
Answer
A. more than one subsystem needs to be compromised to compromise the security of the system and the information it holds.
Explanation
With 0 defense in depth, more than one subsystem needs to be compromised to compromise the security of the system and the information it holds.
Subsystems should default to secure settings, and wherever possible should be designed to fail secure rather than fail insecure.
CISA Question 1709
Question
Which of the following refers to the proving of mathematical theorems by a computer program?
A. Analytical theorem proving
B. Automated technology proving
C. Automated theorem processing
D. Automated theorem proving
E. None of the choices.
Answer
D. Automated theorem proving
Explanation
Automated theorem proving (ATP) is the proving of mathematical theorems by a computer program. Depending on the underlying logic, the problem of deciding the validity of a theorem varies from trivial to impossible. Commercial use of automated theorem proving is mostly concentrated in integrated circuit design and verification.
CISA Question 1710
Question
Talking about the different approaches to security in computing, the principle of regarding the computer system itself as largely an untrusted system emphasizes:
A. most privilege
B. full privilege
C. least privilege
D. null privilege
E. None of the choices.
Answer
C. least privilege
Explanation
There are two different approaches to security in computing. One focuses mainly on external threats, and generally treats the computer system itself as a trusted system. The other regards the computer system itself as largely an untrusted system, and redesigns it to make it more secure in a number of ways.
This technique enforces the principle of least privilege to great extent, where an entity has only the privileges that are needed for its function.