ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 3

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 201

Question

Which of the following would be the BEST overall control for an Internet business looking for confidentiality, reliability and integrity of data?

A. Secure Sockets Layer (SSL)
B. Intrusion detection system (IDS)
C. Public key infrastructure (PKI)
D. Virtual private network (VPN)

Answer

C. Public key infrastructure (PKI)

Explanation

PKI would be the best overall technology because cryptography provides for encryption, digital signatures and non-repudiation controls for confidentiality and reliability. SSL can provide confidentiality. IDS is a detective control. A VPN would provide confidentiality and authentication (reliability).

CISA Question 202

Question

Which of the following is the GREATEST advantage of elliptic curve encryption over RSA encryption?

A. Computation speed
B. Ability to support digital signatures
C. Simpler key distribution
D. Greater strength for a given key length

Answer

A. Computation speed

Explanation

The main advantage of elliptic curve encryption over RSA encryption is its computation speed. This method was first independently suggested by Neal Koblitz and Victor S. Miller. Both encryption methods support digital signatures and are used for public key encryption and distribution. However, a stronger key per se does not necessarily guarantee better performance, but rather the actual algorithm employed.

CISA Question 203

Question

Which of the following results in a denial-of-service attack?

A. Brute force attack
B. Ping of death
C. Leapfrog attack
D. Negative acknowledgement (NAK) attack

Answer

B. Ping of death

Explanation

The use of Ping with a packet size higher than 65 KB and no fragmentation flag on will cause a denial of service. A brute force attack is typically a text attack that exhausts all possible key combinations. A leapfrog attack, the act of tenting through one or more hosts to preclude a trace, makes use of user ID and password information obtained illicitly from one host to compromise another host. A negative acknowledgement attack is a penetration technique that capitalizes on a potential weakness in an operating system that does not handle asynchronous interrupts properly, leaving the system in an unprotected state during such interrupts.

CISA Question 204

Question

A certificate authority (CA) can delegate the processes of:

A. revocation and suspension of a subscriber’s certificate.
B. generation and distribution of the CA public key.
C. establishing a link between the requesting entity and its public key.
D. issuing and distributing subscriber certificates.,

Answer

C. establishing a link between the requesting entity and its public key.

Explanation

Establishing a link between the requesting entity and its public key is a function of a registration authority. This may or may not be performed by a CA; therefore, this function can be delegated. Revocation and suspension and issuance and distribution of the subscriber certificate are functions of the subscriber certificate life cycle management, which the CA must perform.
Generation and distribution of the CA public key is a part of the CA key life cycle management process and, as such, cannot be delegated.

CISA Question 205

Question

Which of the following acts as a decoy to detect active internet attacks?

A. Honeypots
B. Firewalls
C. Trapdoors
D. Traffic analysis

Answer

A. Honeypots

Explanation

Honeypots are computer systems that are expressly set up to attract and trap individuals who attempt to penetrate other individuals’ computer systems. The concept of a honeypot is to learn from intruder’s actions. A properly designed and configured honeypot provides data on methods used to attack systems. The data are then used to improve measures that could curb future attacks. A firewall is basically a preventive measure. Trapdoors create a vulnerability that provides an opportunity for the insertion of unauthorized code into a system. Traffic analysis is a type of passive attack.

CISA Question 206

Question

Which of the following append themselves to files as a protection against viruses?

A. Behavior blockers
B. Cyclical redundancy checkers (CRCs)
C. Immunizers
D. Active monitors

Answer

C. Immunizers

Explanation

Immunizers defend against viruses by appending sections of themselves to files. They continuously check the file for changes and report changes as possible viral behavior. Behavior blockers focus on detecting potentially abnormal behavior, such as writing to the boot sector or the master boot record, or making changes to executable files. Cyclical redundancy checkers compute a binary number on a known virus-free program that is then stored in a database file. When that program is subsequently called to be executed, the checkers look for changes to the files, compare it to the database and report possible infection if changes have occurred. Active monitors interpret DOS and ROM basic inputoutput system (BIOS) calls, looking for virus-like actions.

CISA Question 207

Question

Which of the following virus prevention techniques can be implemented through hardware?

A. Remote booting
B. Heuristic scanners
C. Behavior blockers
D. Immunizers

Answer

A. Remote booting

Explanation

Remote booting (e.g., diskless workstations) is a method of preventing viruses, and can be implemented through hardware. Choice C is a detection, not a prevention, although it is hardware-based. Choices B and D are not hard ware-based.

CISA Question 208

Question

The MOST important success factor in planning a penetration test is:

A. the documentation of the planned testing procedure.
B. scheduling and deciding on the timed length of the test.
C. the involvement of the management of the client organization.
D. the qualifications and experience of staff involved in the test.

Answer

C. the involvement of the management of the client organization.

Explanation

The most important part of planning any penetration test is the involvement of the management of the client organization. Penetration testing without management approval could reasonably be considered espionage and is illegal in many jurisdictions.

CISA Question 209

Question

Which of the following cryptography options would increase overhead/cost?

A. The encryption is symmetric rather than asymmetric.
B. A long asymmetric encryption key is used.
C. The hash is encrypted rather than the message.
D. A secret key is used.

Answer

B. A long asymmetric encryption key is used.

Explanation

Computer processing time is increased for longer asymmetric encryption keys, and the increase may be disproportionate. For example, one benchmark showed that doubling the length of an RSA key from 512 bits to 1,024 bits caused the decrypt time to increase nearly six-fold. An asymmetric algorithm requires more processing time than symmetric algorithms. A hash is shorter than the original message; therefore, a smaller overhead is required if the hash is encrypted rather than the message. Use of a secret key, as a symmetric encryption key, is generally small and used for the purpose of encrypting user data.

CISA Question 210

Question

The MOST important difference between hashing and encryption is that hashing:

A. is irreversible.
B. output is the same length as the original message.
C. is concerned with integrity and security.
D. is the same at the sending and receiving end.

Answer

A. is irreversible.

Explanation

Hashing works one way; by applying a hashing algorithm to a message, a message hash/digest is created. If the same hashing algorithm is applied to the message digest, it will not result in the original message. As such, hashing is irreversible, while encryption is reversible. This is the basic difference between hashing and encryption. Hashing creates an output that is smaller than the original message, and encryption creates an output of the same length as the original message. Hashing is used to verify the integrity of the message and does not address security. The same hashing algorithm is used at the sending and receiving ends to generate and verify the message hash/digest. Encryption will not necessarily use the same algorithm at the sending and receiving and to encrypt and decrypt.