The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 381
- Question
- Answer
- Explanation
- CISA Question 382
- Question
- Answer
- Explanation
- CISA Question 383
- Question
- Answer
- Explanation
- CISA Question 384
- Question
- Answer
- Explanation
- CISA Question 385
- Question
- Answer
- Explanation
- CISA Question 386
- Question
- Answer
- Explanation
- CISA Question 387
- Question
- Answer
- Explanation
- CISA Question 388
- Question
- Answer
- Explanation
- CISA Question 389
- Question
- Answer
- Explanation
- CISA Question 390
- Question
- Answer
- Explanation
CISA Question 381
Question
Which of the following network components is PRIMARILY set up to serve as a security measure by preventing unauthorized traffic between different segments of the network?
A. Firewalls
B. Routers
C. Layer 2 switches
D. VLANs
Answer
A. Firewalls
Explanation
Firewall systems are the primary tool that enable an organization to prevent unauthorized access between networks. An organization may choose to deploy one or more systems that function as firewalls. Routers can filter packets based on parameters, such as source address, but are not primarily a security tool. Based on Media Access Control (MAC) addresses, layer 2 switches separate traffic in a port as different segments and without determining if it is authorized or unauthorized traffic. A virtual LAN (VLAN) is a functionality of some switches that allows them to switch the traffic between different ports as if they are in the same LAN.
Nevertheless, they do not deal with authorized vs. unauthorized traffic.
CISA Question 382
Question
An IS auditor evaluating the resilience of a high-availability network should be MOST concerned if:
A. the setup is geographically dispersed.
B. the network servers are clustered in a site.
C. a hot site is ready for activation.
D. diverse routing is implemented for the network.
Answer
B. the network servers are clustered in a site.
Explanation
A clustered setup in one location makes the entire network vulnerable to natural disasters or other disruptive events. Dispersed geographical locations and diverse routing provide backup if a site has been destroyed. A hot site would also be a good alternative for a single point-offailure site.
CISA Question 383
Question
Which of the following would be an indicator of the effectiveness of a computer security incident response team?
A. Financial impact per security incident
B. Number of security vulnerabilities that were patched
C. Percentage of business applications that are being protected
D. Number of successful penetration tests
Answer
A. Financial impact per security incident
Explanation
The most important indicator is the financial impact per security incident. Choices B, C and D could be measures of effectiveness of security, but would not be a measure of the effectiveness of a response team.
CISA Question 384
Question
The MAIN criterion for determining the severity level of a service disruption incident is:
A. cost of recovery.
B. negative public opinion.
C. geographic location.
D. downtime.
Answer
D. downtime.
Explanation
The longer the period of time a client cannot be serviced, the greater the severity of the incident. The cost of recovery could be minimal yet the service downtime could have a major impact.
Negative public opinion is a symptom of an incident. Geographic location does not determine the severity of the incident.
CISA Question 385
Question
The computer security incident response team (CSIRT) of an organization disseminates detailed descriptions of recent threats. An IS auditor’s GREATEST concern should be that the users might:
A. use this information to launch attacks.
B. forward the security alert.
C. implement individual solutions.
D. fail to understand the threat.
Answer
A. use this information to launch attacks.
Explanation
An organization’s computer security incident response team (CSIRT) should disseminate recent threats, security guidelines and security updates to the users to assist them in understanding the security risk of errors and omissions. However, this introduces the risk that the users may use this information to launch attacks, directly or indirectly. An IS auditor should ensure that the CSIRT is actively involved with users to assist them in mitigation of risks arising from security failures and to prevent additional security incidents resulting from the same threat.
Forwarding the security alert is not harmful to the organization, implementing individual solutions is unlikely and users failing to understand the threat would not be a serious concern.
CISA Question 386
Question
The PRIMARY objective of performing a postincident review is that it presents an opportunity to:
A. improve internal control procedures.
B. harden the network to industry best practices.
C. highlight the importance of incident response management to management.
D. improve employee awareness of the incident response process.
Answer
A. improve internal control procedures.
Explanation
A postincident review examines both the cause and response to an incident. The lessons learned from the review can be used to improve internal controls.
Understanding the purpose and structure of postincident reviews and follow-up procedures enables the information security manager to continuously improve the security program. Improving the incident response plan based on the incident review is an internal (corrective) control. The network may already be hardened to industry best practices. Additionally, the network may not be the source of the incident. The primary objective is to improve internal control procedures, not to highlight the importance of incident response management (IRM), and an incident response (IR) review does not improve employee awareness.
CISA Question 387
Question
Which of the following is the MOST effective method for dealing with the spreading of a network worm that exploits vulnerability in a protocol?
A. Install the vendor’s security fix for the vulnerability.
B. Block the protocol traffic in the perimeter firewall.
C. Block the protocol traffic between internal network segments.
D. Stop the service until an appropriate security fix is installed.
Answer
D. Stop the service until an appropriate security fix is installed.
Explanation
Stopping the service and installing the security fix is the safest way to prevent the worm from spreading, if the service is not stopped, installing the fix is not the most effective method because the worm continues spreading until the fix becomes effective. Blocking the protocol on the perimeter does not stop the worm from spreading to the internal network(s). Blocking the protocol helps to slow down the spreading but also prohibits any software that utilizes it from working between segments.
CISA Question 388
Question
The FIRST step in managing the risk of a cyber-attack is to:
A. assess the vulnerability impact.
B. evaluate the likelihood of threats.
C. identify critical information assets.
D. estimate potential damage.
Answer
C. identify critical information assets.
Explanation
The first step in the managing risk is the identification and classification of critical information resources (assets). Once the assets have been identified, the process moves onto the identification of threats, vulnerabilities and calculation of potential damages.
CISA Question 389
Question
After installing a network, an organization installed a vulnerability assessment tool or security scanner to identify possible weaknesses. Which is the MOST serious risk associated with such tools?
A. Differential reporting
B. False-positive reporting
C. False-negative reporting
D. Less-detail reporting
Answer
C. False-negative reporting
Explanation
False-negative reporting on weaknesses means the control weaknesses in the network are not identified and therefore may not be addressed, leaving the network vulnerable to attack. False- positive reporting is one in which the controls are in place, but are evaluated as weak, which should prompt a rechecking of the controls. Less-detail reporting and differential reporting functions provided by these tools compare scan results over a period of time.
CISA Question 390
Question
Time constraints and expanded needs have been found by an IS auditor to be the root causes for recent violations of corporate data definition standards in a new business intelligence project.
Which of the following is the MOST appropriate suggestion for an auditor to make?
A. Achieve standards alignment through an increase of resources devoted to the project
B. Align the data definition standards after completion of the project
C. Delay the project until compliance with standards can be achieved
D. Enforce standard compliance by adopting punitive measures against violators
Answer
A. Achieve standards alignment through an increase of resources devoted to the project
Explanation
Provided that data architecture, technical, and operational requirements are sufficiently documented, the alignment to standards could be treated as a specific work package assigned to new project resources. The usage of nonstandard data definitions would lower the efficiency of the new development, and increase the risk of errors in critical business decisions. To change data definition standards after project conclusion (choice B) is risky and is not a viable solution. On the other hand, punishing the violators (choice D) or delaying the project (choice C) would be an inappropriate suggestion because of the likely damage to the entire project profitability.