The latest ISACA CISA (Certified Information Systems Auditor) certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the ISACA CISA exam and earn ISACA CISA certification.
Table of Contents
- CISA Question 591
- Question
- Answer
- Explanation
- CISA Question 592
- Question
- Answer
- Explanation
- CISA Question 593
- Question
- Answer
- Explanation
- CISA Question 594
- Question
- Answer
- Explanation
- CISA Question 595
- Question
- Answer
- CISA Question 596
- Question
- Answer
- CISA Question 597
- Question
- Answer
- CISA Question 598
- Question
- Answer
- CISA Question 599
- Question
- Answer
- CISA Question 600
- Question
- Answer
CISA Question 591
Question
To address the risk of operations staff’s failure to perform the daily backup, management requires that the systems administrator sign off on the daily backup. This is an example of risk:
A. avoidance
B. transference
C. mitigation
D. acceptance
Answer
C. mitigation
Explanation
Mitigation is the strategy that provides for the definition and implementation of controls to address the risk described. Avoidance is a strategy that provides for not implementing certain activities or processes that would incur risk. Transference is the strategy that provides for sharing risk with partners or taking insurance coverage. Acceptance is a strategy that provides for formal acknowledgement of the existence of a risk and the monitoring of that risk.
CISA Question 592
Question
Which of the following terms refers to systems designed to detect and prevent the unauthorized transmission of information from the computer systems of an organization to outsiders?
A. ILD&P
B. ICT&P
C. ILP&C
D. ILR&D
E. None of the choices.
Answer
A. ILD&P
Explanation
Information Leakage Detection and Prevention (ILD&P) is a computer security term referring to systems designed to detect and prevent the unauthorized transmission of information from the computer systems of an organization to outsiders. Network ILD&P are gateway-based systems installed on the organization’s internet network connection and analyze network traffic to search for unauthorized information transmissions. Host Based ILD&P systems run on end-user workstations to monitor and control access to physical devices and access information before it has been encrypted.
CISA Question 593
Question
Assessing IT risks is BEST achieved by:
A. evaluating threats associated with existing IT assets and IT projects.
B. using the firm’s past actual loss experience to determine current exposure.
C. reviewing published loss statistics from comparable organizations.
D. reviewing IT control weaknesses identified in audit reports.
Answer
A. evaluating threats associated with existing IT assets and IT projects.
Explanation
To assess IT risks, threats and vulnerabilities need to be evaluated using qualitative or quantitative risk assessment approaches. Choices B, C and D are potentially useful inputs to the risk assessment process, but by themselves are not sufficient. Basing an assessment on past losses will not adequately reflect inevitable changes to the firm’s IT assets, projects, controls and strategic environment. There are also likely to be problems with the scope and quality of the loss data available to be assessed. Comparable organizations will have differences in their IT assets, control environment and strategic circumstances. Therefore, their loss experience cannot be used to directly assess organizational IT risk. Control weaknesses identified during audits will be relevant in assessing threat exposure and further analysis may be needed to assess threat probability. Depending on the scope of the audit coverage, it is possible that not all of the critical IT assets and projects will have recently been audited, and there may not be a sufficient assessment of strategic IT risks.
CISA Question 594
Question
Which of the following does a lack of adequate security controls represent?
A. Threat
B. Asset
C. Impact
D. Vulnerability
Answer
D. Vulnerability
Explanation
The lack of adequate security controls represents a vulnerability, exposing sensitive information and data to the risk of malicious damage, attack or unauthorized access by hackers. This could result in a loss of sensitive information and lead to the loss of goodwill for the organization. A succinct definition of risk is provided by the Guidelines for the Management of IT Security published by the International Organization for Standardization (ISO), which defines risk as the ‘potential that a given threat will exploit the vulnerability of an asset or group of assets to cause loss or damage to the assets.’ The various elements of the definition are vulnerability, threat, asset and impact. Lack of adequate security functionality in this context is a vulnerability
CISA Question 595
Question
Which of the following security risks can be reduced by a properly configured network firewall?
A. Insider attacks
B. SQL injection attacks
C. Denial of service (DoS) attacks
D. Phishing attacks
Answer
C. Denial of service (DoS) attacks
CISA Question 596
Question
A database administrator should be prevented from:
A. using an emergency user ID.
B. accessing sensitive information.
C. having end user responsibilities.
D. having access to production files.
Answer
B. accessing sensitive information.
CISA Question 597
Question
Which of the following should be the PRIMARY basis for how digital evidence is handled during a forensics investigation?
A. Industry best practices
B. Regulatory requirements
C. Organizational risk culture
D. Established business practices
Answer
B. Regulatory requirements
CISA Question 598
Question
On a public-key cryptosystem when there is no previous knowledge between parties, which of the following will BEST help to prevent one person from using a fictitious key to impersonate someone else?
A. Encrypt the message containing the sender’s public key, using a private-key cryptosystem.
B. Send a certificate that can be verified by a certification authority with the public key.
C. Encrypt the message containing the sender’s public key; using the recipient’s pubic key.
D. Send the public key to the recipient prior to establishing the connection.
Answer
B. Send a certificate that can be verified by a certification authority with the public key.
CISA Question 599
Question
The PRIMARY benefit to using a dry-pipe fire-suppression system rather than a wet-pipe system is that a dry-pipe system:
A. has a decreased risk of leakage.
B. is more effective at suppressing flames.
C. allows more time to abort release of the suppressant.
D. disperses dry chemical suppressants exclusively.
Answer
A. has a decreased risk of leakage.
CISA Question 600
Question
Which of the following is the BEST way to address potential data privacy concerns associated with inadvertent disclosure of machine identifier information contained within security logs?
A. Only collect logs from servers classified as business critical.
B. Limit the use of logs to only those purposes for which they were collected.
C. Limit log collection to only periods of increased security activity.
D. Restrict the transfer of log files from host machine to online storage.
Answer
B. Limit the use of logs to only those purposes for which they were collected.