Skip to Content

ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 17

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

ISACA Certified Information Systems Auditor (CISA) Exam Questions and Answers

CISA Question 1701

Question

TEMPEST is a hardware for which of the following purposes?

A. Eavedropping
B. Social engineering
C. Virus scanning
D. Firewalling
E. None of the choices.

Answer

A. Eavedropping

Explanation

Any data that is transmitted over a network is at some risk of being eavesdropped, or even modified by a malicious person. Even machines that operate as a closed system can be eavesdropped upon via monitoring the faint electromagnetic transmissions generated by the hardware such as TEMPEST.

CISA Question 1702

Question

Machines that operate as a closed system can NEVER be eavesdropped.

A. True
B. False

Answer

B. False

Explanation

Any data that is transmitted over a network is at some risk of being eavesdropped, or even modified by a malicious person. Even machines that operate as a closed system can be eavesdropped upon via monitoring the faint electromagnetic transmissions generated by the hardware such as TEMPEST.

CISA Question 1703

Question

Codes from exploit programs are frequently reused in:

A. trojan horses only.
B. computer viruses only.
C. OS patchers.
D. eavedroppers.
E. trojan horses and computer viruses.
F. None of the choices.

Answer

E. trojan horses and computer viruses.

Explanation

“The term “”exploit”” generally refers to small programs designed to take advantage of a software flaw that has been discovered, either remote or local. The code from the exploit program is frequently reused in trojan horses and computer viruses. In some cases, a vulnerability can lie in a certain programs processing of a specific file type, such as a non-executable media file.”

CISA Question 1704

Question

Which of the following terms generally refers to small programs designed to take advantage of a software flaw that has been discovered?

A. exploit
B. patch
C. quick fix
D. service pack
E. malware
F. None of the choices.

Answer

A. exploit

Explanation

“The term “”exploit”” generally refers to small programs designed to take advantage of a software flaw that has been discovered, either remote or local. The code from the exploit program is frequently reused in trojan horses and computer viruses. In some cases, a vulnerability can lie in a certain programs processing of a specific file type, such as a non-executable media file.”

CISA Question 1705

Question

The ‘trusted systems’ approach has been predominant in the design of:

A. many earlier Microsoft OS products
B. the IBM AS/400 series
C. the SUN Solaris series
D. most OS products in the market
E. None of the choices.

Answer

A. many earlier Microsoft OS products

Explanation

The ‘trusted systems’ approach has been predominant in the design of many Microsoft OS products, due to the long-standing Microsoft policy of emphasizing functionality and ‘ease of use’.

CISA Question 1706

Question

Security should ALWAYS be an all or nothing issue.

A. True
B. True for trusted systems only
C. True for untrusted systems only
D. False
E. None of the choices.

Answer

D. False

Explanation

Security should not be an all or nothing issue. The designers and operators of systems should assume that security breaches are inevitable in the long term. Full audit trails should be kept of system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined.

CISA Question 1707

Question

Under the concept of defense in depth, subsystems should be designed to:

A. fail insecure
B. fail secure
C. react to attack
D. react to failure
E. None of the choices

Answer

B. fail secure

Explanation

With 0 defense in depth, more than one subsystem needs to be compromised to compromise the security of the system and the information it holds.
Subsystems should default to secure settings, and wherever possible should be designed to fail secure rather than fail insecure.

CISA Question 1708

Question

Which of the following BEST describes the concept of “”defense in depth””?

A. more than one subsystem needs to be compromised to compromise the security of the system and the information it holds.
B. multiple firewalls are implemented.
C. multiple firewalls and multiple network OS are implemented.
D. intrusion detection and firewall filtering are required.
E. None of the choices.

Answer

A. more than one subsystem needs to be compromised to compromise the security of the system and the information it holds.

Explanation

With 0 defense in depth, more than one subsystem needs to be compromised to compromise the security of the system and the information it holds.
Subsystems should default to secure settings, and wherever possible should be designed to fail secure rather than fail insecure.

CISA Question 1709

Question

Which of the following refers to the proving of mathematical theorems by a computer program?

A. Analytical theorem proving
B. Automated technology proving
C. Automated theorem processing
D. Automated theorem proving
E. None of the choices.

Answer

D. Automated theorem proving

Explanation

Automated theorem proving (ATP) is the proving of mathematical theorems by a computer program. Depending on the underlying logic, the problem of deciding the validity of a theorem varies from trivial to impossible. Commercial use of automated theorem proving is mostly concentrated in integrated circuit design and verification.

CISA Question 1710

Question

Talking about the different approaches to security in computing, the principle of regarding the computer system itself as largely an untrusted system emphasizes:

A. most privilege
B. full privilege
C. least privilege
D. null privilege
E. None of the choices.

Answer

C. least privilege

Explanation

There are two different approaches to security in computing. One focuses mainly on external threats, and generally treats the computer system itself as a trusted system. The other regards the computer system itself as largely an untrusted system, and redesigns it to make it more secure in a number of ways.
This technique enforces the principle of least privilege to great extent, where an entity has only the privileges that are needed for its function.

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.