The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 181
- Question
- Answer
- Explanation
- CISA Question 182
- Question
- Answer
- Explanation
- CISA Question 183
- Question
- Answer
- Explanation
- CISA Question 184
- Question
- Answer
- Explanation
- CISA Question 185
- Question
- Answer
- Explanation
- CISA Question 186
- Question
- Answer
- Explanation
- CISA Question 187
- Question
- Answer
- Explanation
- CISA Question 188
- Question
- Answer
- Explanation
- CISA Question 189
- Question
- Answer
- Explanation
- CISA Question 190
- Question
- Answer
- Explanation
CISA Question 181
Question
Which of the following is a feature of an intrusion detection system (IDS)?
A. Gathering evidence on attack attempts
B. Identifying weaknesses in the policy definition
C. Blocking access to particular sites on the Internet
D. Preventing certain users from accessing specific servers
Answer
A. Gathering evidence on attack attempts
Explanation
An IDS can gather evidence on intrusive activity such as an attack or penetration attempt. Identifying weaknesses in the policy definition is a limitation of an IDS.
Choices C and D are features of firewalls, while choice B requires a manual review, and therefore is outside the functionality of an IDS.
CISA Question 182
Question
Which of the following controls would BEST detect intrusion?
A. User IDs and user privileges are granted through authorized procedures.
B. Automatic logoff is used when a workstation is inactive for a particular period of time.
C. Automatic logoff of the system occurs after a specified number of unsuccessful attempts.
D. Unsuccessful logon attempts are monitored by the security administrator.
Answer
D. Unsuccessful logon attempts are monitored by the security administrator.
Explanation
Intrusion is detected by the active monitoring and review of unsuccessful logons. User IDs and the granting of user privileges define a policy, not a control.
Automatic logoff is a method of preventing access on inactive terminals and is not a detective control. Unsuccessful attempts to log on are a method for preventing intrusion, not detecting.
CISA Question 183
Question
Which of the following is a technique that could be used to capture network user passwords?
A. Encryption
B. Sniffing
C. Spoofing
D. Data destruction
Answer
B. Sniffing
Explanation
Sniffing is an attack that can be used to capture sensitive pieces of information (e.g., a password) passing through the network. Encryption is a method of scrambling information to prevent unauthorized individuals from understanding the transmission. Spoofing is forging an address and inserting it into a packet to disguise the origin of the communication. Data destruction is erasing information or removing it from its original location.
CISA Question 184
Question
Which of the following should concern an IS auditor when reviewing security in a client- server environment?
A. Protecting data using an encryption technique
B. Preventing unauthorized access using a diskless workstation
C. The ability of users to access and modify the database directly
D. Disabling floppy drives on the users’ machines
Answer
C. The ability of users to access and modify the database directly
Explanation
For the purpose of data security in a client-server environment, an IS auditor should be concerned with the user’s ability to access and modify a database directly.
This could affect the integrity of the data in the database. Data protected by encryption aid in securing the data. Diskless workstations prevent copying of data into local disks and thus help to maintain the integrity and confidentiality of data. Disabling floppy drives is a physical access control, which helps to maintain the confidentiality of data by preventing it from being copied onto a disk.
CISA Question 185
Question
An IS auditor doing penetration testing during an audit of internet connections would:
A. evaluate configurations.
B. examine security settings.
C. ensure virus-scanning software is in use.
D. use tools and techniques available to a hacker.
Answer
D. use tools and techniques available to a hacker.
Explanation
Penetration testing is a technique used to mimic an experienced hacker attacking a live site by using tools and techniques available to a hacker.
The other choices are procedures that an IS auditor would consider undertaking during an audit of Internet connections, but are not aspects of penetration testing techniques.
CISA Question 186
Question
The feature of a digital signature that ensures the sender cannot later deny generating and sending the message is called:
A. data integrity.
B. authentication.
C. non repudiation.
D. replay protection.
Answer
C. non repudiation.
Explanation
All of the above are features of a digital signature. Non repudiation ensures that the claimed sender cannot later deny generating and sending the message. Data integrity refers to changes in the plaintext message that would result in the recipient failing to compute the same message hash. Since only the claimed sender has the key, authentication ensures that the message has been sent by the claimed sender. Replay protection is a method that a recipient can use to check that the message was not intercepted and replayed.
CISA Question 187
Question
Digital signatures require the:
A. signer to have a public key and the receiver to have a private key.
B. signer to have a private key and the receiver to have a public key.
C. signer and receiver to have a public key.
D. signer and receiver to have a private key.
Answer
B. signer to have a private key and the receiver to have a public key.
Explanation
Digital signatures are intended to verify to a recipient the integrity of the data and the identity of the sender. The digital signature standard is a public key algorithm.
This requires the signer to have a private key and the receiver to have a public key.
CISA Question 188
Question
A TCP/IP-based environment is exposed to the Internet. Which of the following BEST ensures that complete encryption and authentication protocols exist for protecting information while transmitted?
A. Work is completed in tunnel mode with IP security using the nested services of authentication header (AH) and encapsulating security payload (ESP).
B. A digital signature with RSA has been implemented.
C. Digital certificates with RSA are being used.
D. Work is being completed in TCP services.
Answer
A. Work is completed in tunnel mode with IP security using the nested services of authentication header (AH) and encapsulating security payload (ESP).
Explanation
Tunnel mode with IP security provides encryption and authentication of the complete IP package. To accomplish this, the AH and ESP services can be nested.
Choices B and C provide authentication and integrity. TCP services do not provide encryption and authentication.
CISA Question 189
Question
Which of the following manages the digital certificate life cycle to ensure adequate security and controls exist in digital signature applications related to e- commerce?
A. Registration authority
B. Certificate authority (CA)
C. Certification relocation list
D. Certification practice statement
Answer
B. Certificate authority (CA)
Explanation
The certificate authority maintains a directory of digital certificates for the reference of those receiving them, it manages the certificate life cycle, including certificate directory maintenance and certificate revocation list maintenance and publication. Choice A is not correct because a registration authority is an optional entity that is responsible for the administrative tasks associated with registering the end entity that is the subject of the certificate issued by the CA. Choice C is incorrect since a CRL is an instrument for checking the continued validity of the certificates for which the CA has responsibility. Choice D is incorrect because a certification practice statement is a detailed set of rules governing the certificate authority’s operations.
CISA Question 190
Question
A digital signature contains a message digest to:
A. show if the message has been altered after transmission.
B. define the encryption algorithm.
C. confirm the identity of the originator.
D. enable message transmission in a digital format.
Answer
A. show if the message has been altered after transmission.
Explanation
The message digest is calculated and included in a digital signature to prove that the message has not been altered. It should be the same value as a recalculation performed upon receipt. It does not define the algorithm or enable the transmission in digital format and has no effect on the identity of the user; it is there to ensure integrity rather than identity.