ISACA CISA Certified Information Systems Auditor Exam Questions and Answers – 3

The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.

CISA Question 281

Question

Which of the following BEST addresses the availability of an online store?

A. Online backups
B. A mirrored site at another location
C. RAID level 5 storage devices
D. Clustered architecture

Answer

B. A mirrored site at another location

CISA Question 282

Question

The risk that is created if a single sign-on is implemented for all systems is that a/an:

A. user can bypass current access security.
B. compromised password gives access to all systems.
C. authorized user can bypass the security layers.
D. user has equivalent access on all systems.

Answer

B. compromised password gives access to all systems.

CISA Question 283

Question

Which of the following is an advantage of using electronic data interchange (EDI)?

A. Contracts with the vendors are simplified.
B. Transcription of information is reduced.
C. Data validation is provided by the service provider.
D. Multiple inputs of the same document are allowed at different locations.

Answer

B. Transcription of information is reduced.

CISA Question 284

Question

When connecting to an organization’s intranet from the Internet, security against unauthorized access is BEST achieved by using:

A. encryption.
B. virtual private networks (VPNs).
C. screening routers.
D. proxy servers.

Answer

B. virtual private networks (VPNs).

CISA Question 285

Question

Buffer overflow in an Internet environment is of particular concern to the IS auditor because it can:

A. corrupt databases during the build.
B. be used to obtain importer access to a system.
C. cause the loss of critical data during processing.
D. cause printers to lose some of the document text when printing.

Answer

B. be used to obtain importer access to a system.

CISA Question 286

Question

Which of the following presents the GREATEST security risk to an organization using peer-to-peer (P2P) file-sharing networks?

A. There is no audit trail for files residing outside of the organization.
B. IP addresses are shared to create a connection.
C. Penetration testing cannot identify issues with P2P file-sharing networks.
D. Controls are difficult to apply to unstructured networks.

Answer

D. Controls are difficult to apply to unstructured networks.

CISA Question 287

Question

Which of the following is the safest means of transmitting confidential information over the Internet?

A. Send the data to a trusted third party to resend to the destination.
B. Use asymmetric encryption and encrypt the data with a private key.
C. Establish a virtual private network (VPN) between the source and the destination.
D. Break the data into many packets and send it over different routes.

Answer

C. Establish a virtual private network (VPN) between the source and the destination.

CISA Question 288

Question

Which of the following is MOST likely to be spoofed in an email transmission?

A. The identity of the sender
B. The identity of the receiving host
C. The path the message traveled through the Internet
D. The identity of the sending host

Answer

A. The identity of the sender

CISA Question 289

Question

Which of the following is the MOST effective control to restrict the use of instant messaging (IM) within an organization?

A. Intrusion detection system (IDS)
B. Antivirus software
C. Application-based firewall
D. Packet filtering firewall

Answer

C. Application-based firewall

CISA Question 290

Question

Which of the following would be considered a corrective control when designing the security of a data center?

A. Perimeter fence
B. Closed-circuit television (CCTV)
C. Fire extinguisher
D. Security guards

Answer

C. Fire extinguisher