The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 161
- Question
- Answer
- CISA Question 162
- Question
- Answer
- CISA Question 163
- Question
- Answer
- CISA Question 164
- Question
- Answer
- CISA Question 165
- Question
- Answer
- Explanation
- CISA Question 166
- Question
- Answer
- Explanation
- CISA Question 167
- Question
- Answer
- Explanation
- CISA Question 168
- Question
- Answer
- Explanation
- CISA Question 169
- Question
- Answer
- Explanation
- CISA Question 170
- Question
- Answer
- Explanation
CISA Question 161
Question
Which of the following is the MOST effective control for protecting the confidentiality and integrity of data stored unencrypted on virtual machines?
A. Monitor access to stored images and snapshots of virtual machines
B. Restrict access to images and snapshots of virtual machines
C. Review logical access controls on virtual machines regularly
D. Limit creation of virtual machine images and snapshots
Answer
C. Review logical access controls on virtual machines regularly
CISA Question 162
Question
Which of the following would BEST protect a network from a worm that exploits a publicly announced operating system vulnerability?
A. Antivirus software
B. User awareness and training
C. Host security
D. Patch management
Answer
D. Patch management
CISA Question 163
Question
Which of the following should be considered the MOST important factor when evaluating the level of protection of fireproof magnetic media containers?
A. Storage location of the containers with respect to flammable material
B. Peak temperature and humidity of the storage location
C. Peak temperature and humidity ratings inside the container
D. Resistance of the container to water, Halon, and carbon dioxide
Answer
D. Resistance of the container to water, Halon, and carbon dioxide
CISA Question 164
Question
An IS auditor is reviewing an organization’s information asset management process. Which of the following would be of GREATEST concern to the auditor?
A. Process ownership has not been established.
B. Identification of asset value is not included in the process.
C. The process does not require specifying the physical locations of assets.
D. The process does not include asset review.
Answer
A. Process ownership has not been established.
CISA Question 165
Question
Which of the following functions is performed by a virtual private network (VPN)?
A. Hiding information from sniffers on the net
B. Enforcing security policies
C. Detecting misuse or mistakes
D. Regulating access
Answer
A. Hiding information from sniffers on the net
Explanation
A VPN hides information from sniffers on the net using encryption. It works based on tunneling. A VPN does not analyze information packets and, therefore, cannot enforce security policies, it also does not check the content of packets, so it cannot detect misuse or mistakes. A VPN also does not perform an authentication function and, therefore, cannot regulate access.
CISA Question 166
Question
The potential for unauthorized system access by way of terminals or workstations within an organization’s facility is increased when:
A. connecting points are available in the facility to connect laptops to the network.
B. users take precautions to keep their passwords confidential.
C. terminals with password protection are located in insecure locations.
D. terminals are located within the facility in small clusters under the supervision of an administrator.
Answer
A. connecting points are available in the facility to connect laptops to the network.
Explanation
Any person with wrongful intentions can connect a laptop to the network. The insecure connecting points, make unauthorized access possible if the individual has knowledge of a valid user ID and password. The other choices are controls for preventing unauthorized network access. If system passwords are not readily available for intruders to use, they must guess, introducing an additional factor and requires time. System passwords provide protection against unauthorized use of terminals located in insecure locations. Supervision is a very effective control when used to monitor access to a small operating unit or production resources.
CISA Question 167
Question
Which of the following is the MOST secure and economical method for connecting a private network over the Internet in a small- to medium-sized organization?
A. Virtual private network
B. Dedicated line
C. Leased line
D. integrated services digital network
Answer
A. Virtual private network
Explanation
The most secure method is a virtual private network (VPN), using encryption, authentication and tunneling to allow data to travel securely from a private network to the internet. Choices B, C and D are network connectivity options that are normally too expensive to be practical for smallto medium-sized organizations.
CISA Question 168
Question
An organization is considering connecting a critical PC-based system to the Internet. Which of the following would provide the BEST protection against hacking?
A. An application-level gateway
B. A remote access server
C. A proxy server
D. Port scanning
Answer
A. An application-level gateway
Explanation
An application-level gateway is the best way to protect against hacking because it can define with detail rules that describe the type of user or connection that is or is not permitted, it analyzes in detail each package, not only in layers one through four of the OSI model but also layers five through seven, which means that it reviews the commands of each higher-level protocol (HTTP, FTP, SNMP, etc.). For a remote access server, there is a device (server) that asks for a username and password before entering the network. This is good when accessing private networks, but it can be mapped or scanned from the Internet creating security exposure. Proxy servers can provide protection based on the IP address and ports. However, an individual is needed who really knows how to do this, and applications can use different ports for the different sections of the program. Port scanning works when there is a very specific task to complete, but not when trying to control what comes from the Internet, or when all the ports available need to be controlled. For example, the port for Ping (echo request) could be blocked and the IP addresses would be available for the application and browsing, but would not respond to Ping.
CISA Question 169
Question
E-mail message authenticity and confidentiality is BEST achieved by signing the message using the:
A. sender’s private key and encrypting the message using the receiver’s public key.
B. sender’s public key and encrypting the message using the receiver’s private key.
C. receiver’s private key and encrypting the message using the sender’s public key.
D. receiver’s public key and encrypting the message using the sender’s private key.
Answer
A. sender’s private key and encrypting the message using the receiver’s public key.
Explanation
By signing the message with the sender’s private key, the receiver can verify its authenticity using the sender’s public key. By encrypting the message with the receiver’s public key, only the receiver can decrypt the message using their own private key. The receiver’s private key is confidential and, therefore, unknown to the sender. Messages encrypted using the sender’s private key can be read by anyone with the sender’s public key.
CISA Question 170
Question
Use of asymmetric encryption in an internet e-commerce site, where there is one private key for the hosting server and the public key is widely distributed to the customers, is MOST likely to provide comfort to the:
A. customer over the authenticity of the hosting organization.
B. hosting organization over the authenticity of the customer.
C. customer over the confidentiality of messages from the hosting organization.
D. hosting organization over the confidentiality of messages passed to the customer.
Answer
A. customer over the authenticity of the hosting organization.
Explanation
Any false site will not be able to encrypt using the private key of the real site, so the customer would not be able to decrypt the message using the public key.
Many customers have access to the same public key so the host cannot use this mechanism to ensure the authenticity of the customer. The customer cannot be assured of the confidentiality of messages from the host as many people have access to the public key and can decrypt the messages from the host. The host cannot be assured of the confidentiality of messages sent out, as many people have access to the public key and can decrypt it.