ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 18

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 1861

Question

Which of the following intrusion detection systems (IDSs) will MOST likely generate false alarms resulting from normal network activity?

A. Statistical-based
B. Signature-based
C. Neural network
D. Host-based

Answer

A. Statistical-based

Explanation

A statistical-based IDS relies on a definition of known and expected behavior of systems. Since normal network activity may at times include unexpected behavior (e.g., a sudden massive download by multiple users), these activities will be flagged as suspicious. A signature-based IDS is limited to its predefined set of detection rules, just like a virus scanner. A neural network combines the previous two IDSs to create a hybrid and better system. Host-based is another classification of IDS. Any of the three IDSs above may be host- or network-based.

CISA Question 1862

Question

IS management is considering a Voice-over Internet Protocol (VoIP) network to reduce telecommunication costs and management asked the IS auditor to comment on appropriate security controls. Which of the following security measures is MOST appropriate?

A. Review and, where necessary, upgrade firewall capabilities
B. Install modems to allow remote maintenance support access
C. Create a physically distinct network to handle VoIP traffic
D. Redirect all VoIP traffic to allow clear text logging of authentication credentials

Answer

A. Review and, where necessary, upgrade firewall capabilities

Explanation

Firewalls used as entry points to a Voice-over Internet Protocol (VoIP) network should be VoIP- capable. VoIP network services such as H.323 introduce complexities that are likely to strain the capabilities of older firewalls. Allowing for remote support access is an important consideration. However, a virtual private network (VPN) would offer a more secure means of enabling this access than reliance on modems.
Logically separating the VoIP and data network is a good idea.
Options such as virtual LANS (VLA.NS), traffic shaping, firewalls and network address translation (NAT) combined with private IP addressing can be used; however, physically separating the networks will increase both cost and administrative complexity. Transmitting or storing clear text information, particularly sensitive information such as authentication credentials, will increase network vulnerability. When designing a VoIP network, it is important to avoid introducing any processing that will unnecessarily increase latency since this will adversely impact VoIP quality.

CISA Question 1863

Question

Upon receipt of the initial signed digital certificate the user will decrypt the certificate with the public key of the:

A. registration authority (RA).
B. certificate authority (CA).
C. certificate repository.
D. receiver.

Answer

B. certificate authority (CA).

Explanation

A certificate authority (CA) is a network authority that issues and manages security credentials and public keys for message encryption. As a part of the public key infrastructure, a CA checks with a registration authority (RA) to verify information provided by the requestor of a digital certificate. If the RA verifies the requestor’s information, the CA can issue a certificate. The CA signs the certificate with its private key for distribution to the user. Upon receipt, the user will decrypt the certificate with the CA’s public key.

CISA Question 1864

Question

A perpetrator looking to gain access to and gather information about encrypted data being transmitted over the network would use:

A. eavesdropping
B. spoofing.
C. traffic analysis.
D. masquerading.

Answer

C. traffic analysis.

Explanation

In traffic analysis, which is a passive attack, an intruder determines the nature of the traffic flow between defined hosts and through an analysis of session length, frequency and message length, and the intruder is able to guess the type of communication taking place. This typically is used when messages are encrypted and eavesdropping would not yield any meaningful results, in eavesdropping, which also is a passive attack, the intruder gathers the information flowing through the network with the intent of acquiring and releasing message contents for personal analysis or for third parties. Spoofing and masquerading are active attacks, in spoofing, a user receives an e-mail that appears to have originated from one source when it actually was sent from another source. In masquerading, the intruder presents an identity other than the original identity.

CISA Question 1865

Question

Which of the following would effectively verify the originator of a transaction?

A. Using a secret password between the originator and the receiver
B. Encrypting the transaction with the receiver’s public key
C. Using a portable document format (PDF) to encapsulate transaction content
D. Digitally signing the transaction with the source’s private key

Answer

D. Digitally signing the transaction with the source’s private key

Explanation

A digital signature is an electronic identification of a person, created by using a public key algorithm, to verify to a recipient the identity of the source of a transaction and the integrity of its content. Since they are a ‘shared secret’ between the user and the system itself, passwords are considered a weaker means of authentication. Encrypting the transaction with the recipient’s public key will provide confidentiality for the information, while using a portable document format (PDF) will probe the integrity of the content but not necessarily authorship.

CISA Question 1866

Question

When using a digital signature, the message digest is computed:

A. only by the sender.
B. only by the receiver.
C. by both the sender and the receiver.
D. by the certificate authority (CA).

Answer

C. by both the sender and the receiver.

Explanation

A digital signature is an electronic identification of a person or entity. It is created by using asymmetric encryption. To verify integrity of data, the sender uses a cryptographic hashing algorithm against the entire message to create a message digest to be sent along with the message.
Upon receipt of the message, the receiver will recompute the hash using the same algorithm and compare results with what was sent to ensure the integrity of the message.

CISA Question 1867

Question

When reviewing a digital certificate verification process, which of the following findings represents the MOST significant risk?

A. There is no registration authority (RA) for reporting key compromises
B. The certificate revocation list(CRL) is not current.
C. Digital certificates contain a public key that is used to encrypt messages and verify digital signatures.
D. Subscribers report key compromises to the certificate authority (CA).

Answer

B. The certificate revocation list(CRL) is not current.

Explanation

If the certificate revocation list (CRL) is not current, there could be a digital certificate that is not revoked that could be used for unauthorized or fraudulent activities. The certificate authority (CA) can assume the responsibility if there is no registration authority (RA). Digital certificates containing a public key that is used to encrypt messages and verifying digital signatures is not a risk. Subscribers reporting key compromises to the CA is not a risk since reporting this to the CA enables the CA to take appropriate action.

CISA Question 1868

Question

The MOST effective control for reducing the risk related to phishing is:

A. centralized monitoring of systems.
B. including signatures for phishing in antivirus software.
C. publishing the policy on antiphishing on the intranet.
D. security training for all users.

Answer

D. security training for all users.

Explanation

Phishing is a type of e-mail attack that attempts to convince a user that the originator is genuine, with the intention of obtaining information.
Phishing is an example of a social engineering attack. Any social engineering type of attack can best Decontrolled through security and awareness training.

CISA Question 1869

Question

The GREATEST risk posed by an improperly implemented intrusion prevention system (IPS) is:

A. that there will be too many alerts for system administrators to verify.
B. decreased network performance due to IPS traffic.
C. the blocking of critical systems or services due to false triggers.
D. reliance on specialized expertise within the IT organization.

Answer

C. the blocking of critical systems or services due to false triggers.

Explanation

An intrusion prevention system (IPS) prevents a connection or service based on how it is programmed to react to specific incidents. If the packets are coming from a spoofed address and the IPS is triggered based on previously defined behavior, it may block the service or connection of a critical internal system. The other choices are risks that are not as severe as blocking critical systems or services due to false triggers.

CISA Question 1870

Question

An IS auditor is reviewing a software-based configuration. Which of the following represents the GREATEST vulnerability? The firewall software:

A. is configured with an implicit deny rule as the last rule in the rule base.
B. is installed on an operating system with default settings.
C. has been configured with rules permitting or denying access to systems or networks.
D. is configured as a virtual private network (VPN) endpoint.

Answer

B. is installed on an operating system with default settings.

Explanation

Default settings are often published and provide an intruder with predictable configuration information, which allows easier system compromise. To mitigate this risk, firewall software should be installed on a system using a hardened operating system that has limited functionality, providing only the services necessary to support the firewall software. Choices A, C and D are normal or best practices for firewall configurations.