Last Updated on December 13, 2021 by Admin 3

 CISA : Certified Information Systems Auditor : Part 119

  1. How does the SSL network protocol provide confidentiality?

    • Through symmetric encryption such as RSA
    • Through asymmetric encryption such as Data Encryption Standard, or DES
    • Through asymmetric encryption such as Advanced Encryption Standard, or AES
    • Through symmetric encryption such as Data Encryption Standard, or DES

    Explanation: 
    The SSL protocol provides confidentiality through symmetric encryption such as Data Encryption.
    Standard, or DES.

  2. What are used as the framework for developing logical access controls?

    • Information systems security policies
    • Organizational security policies
    • Access Control Lists (ACL)
    • Organizational charts for identifying roles and responsibilities
    Explanation: 
    Information systems security policies are used as the framework for developing logical access controls.
  3. Which of the following are effective controls for detecting duplicate transactions such as payments made or received?

    • Concurrency controls
    • Reasonableness checks
    • Time stamps
    • Referential integrity controls
    Explanation: 
    Time stamps are an effective control for detecting duplicate transactions such as payments made or received.
  4. Which of the following is a good control for protecting confidential data residing on a PC?

    • Personal firewall
    • File encapsulation
    • File encryption
    • Host-based intrusion detection
    Explanation: 
    File encryption is a good control for protecting confidential data residing on a PC.
  5. Which of the following is a guiding best practice for implementing logical access controls?

    • Implementing the Biba Integrity Model
    • Access is granted on a least-privilege basis, per the organization’s data owners
    • Implementing the Take-Grant access control model
    • Classifying data according to the subject’s requirements
    Explanation: 
    Logical access controls should be reviewed to ensure that access is granted on a least-privilege basis, per the organization’s data owners.
  6. What does PKI use to provide some of the strongest overall control over data confidentiality, reliability, and integrity for Internet transactions?

    • A combination of public-key cryptography and digital certificates and two-factor authentication
    • A combination of public-key cryptography and two-factor authentication
    • A combination of public-key cryptography and digital certificates
    • A combination of digital certificates and two-factor authentication
    Explanation: 
    PKI uses a combination of public-key cryptography and digital certificates to provide some of the strongest overall control over data confidentiality, reliability, and integrity for Internet transactions.
  7. Which of the following do digital signatures provide?

    • Authentication and integrity of data
    • Authentication and confidentiality of data
    • Confidentiality and integrity of data
    • Authentication and availability of data
    Explanation: 
    The primary purpose of digital signatures is to provide authentication and integrity of data.
  8. Regarding digital signature implementation, which of the following answers is correct?

    • A digital signature is created by the sender to prove message integrity by encrypting the message with the sender’s private key. Upon receiving the data, the recipient can decrypt the data using the sender’s public key.
    • A digital signature is created by the sender to prove message integrity by encrypting the message with the recipient’s public key. Upon receiving the data, the recipient can decrypt the data using the recipient’s public key.
    • A digital signature is created by the sender to prove message integrity by initially using a hashing algorithm to produce a hash value or message digest from the entire message contents. Upon receiving the data, the recipient can independently create it.
    • A digital signature is created by the sender to prove message integrity by encrypting the message with the sender’s public key. Upon receiving the data, the recipient can decrypt the data using the recipient’s private key.
    Explanation: 
    A digital signature is created by the sender to prove message integrity by initially using a hashing algorithm to produce a hash value, or message digest, from the entire message contents. Upon receiving the data, the recipient can independently create its own message digest from the data for comparison and data integrity validation. Public and private are used to enforce confidentiality. Hashing algorithms are used to enforce integrity.
  9. Which of the following would provide the highest degree of server access control?

    • A mantrap-monitored entryway to the server room
    • Host-based intrusion detection combined with CCTV
    • Network-based intrusion detection
    • A fingerprint scanner facilitating biometric access control
    Explanation: 
    A fingerprint scanner facilitating biometric access control can provide a very high degree of server access control.
  10. What are often the primary safeguards for systems software and data?

    • Administrative access controls
    • Logical access controls
    • Physical access controls
    • Detective access controls
    Explanation: 
    Logical access controls are often the primary safeguards for systems software and datA.
  11. Which of the following is often used as a detection and deterrent control against Internet attacks?

    • Honeypots
    • CCTV
    • VPN
    • VLAN
    Explanation: 
    Honeypots are often used as a detection and deterrent control against Internet attacks.
  12. Which of the following BEST characterizes a mantrap or deadman door, which is used as a deterrent control for the vulnerability of piggybacking?

    • A monitored double-doorway entry system
    • A monitored turnstile entry system
    • A monitored doorway entry system
    • A one-way door that does not allow exit after entry
    Explanation: 
    A monitored double-doorway entry system, also referred to as a mantrap or deadman door, is used a deterrent control for the vulnerability of piggybacking.
  13. Which of the following is an effective method for controlling downloading of files via FTP?

    • An application-layer gateway, or proxy firewall, but not stateful inspection firewalls
    • An application-layer gateway, or proxy firewall
    • A circuit-level gateway
    • A first-generation packet-filtering firewall
    Explanation: 
    Application-layer gateways, or proxy firewalls, are an effective method for controlling downloading of files via FTP. Because FTP is an OSI application-layer protocol, the most effective firewall needs to be capable of inspecting through the application layer.
  14. Which of the following provides the strongest authentication for physical access control?

    • Sign-in logs
    • Dynamic passwords
    • Key verification
    • Biometrics
    Explanation: 
    Biometrics can be used to provide excellent physical access control.
  15. What is an effective countermeasure for the vulnerability of data entry operators potentially leaving their computers without logging off?

    • Employee security awareness training
    • Administrator alerts
    • Screensaver passwords
    • Close supervision
    Explanation: 
    Screensaver passwords are an effective control to implement as a countermeasure for the vulnerability of data entry operators potentially leaving their computers without logging off.
  16. What can ISPs use to implement inbound traffic filtering as a control to identify IP packets transmitted from unauthorized sources?

    • OSI Layer 2 switches with packet filtering enabled
    • Virtual Private Networks
    • Access Control Lists (ACL)
    • Point-to-Point Tunneling Protocol
    Explanation: 
    ISPs can use access control lists to implement inbound traffic filtering as a control to identify IP packets transmitted from unauthorized sources.
  17. What is the key distinction between encryption and hashing algorithms?

    • Hashing algorithms ensure data confidentiality.
    • Hashing algorithms are irreversible.
    • Encryption algorithms ensure data integrity.
    • Encryption algorithms are not irreversible.
    Explanation: 
    A key distinction between encryption and hashing algorithms is that hashing algorithms are irreversible.
  18. Which of the following is BEST characterized by unauthorized modification of data before or during systems data entry?

    • Data diddling
    • Skimming
    • Data corruption
    • Salami attack
    Explanation: 
    Data diddling involves modifying data before or during systems data entry.
  19. Which of the following is used to evaluate biometric access controls?

    • FAR
    • EER
    • ERR
    • FRR
    Explanation: 
    When evaluating biometric access controls, a low equal error rate (EER) is preferred. EER is also called the crossover error rate (CER).
  20. Who is ultimately responsible and accountable for reviewing user access to systems?

    • Systems security administrators
    • Data custodians
    • Data owners 
    • Information systems auditors
    Explanation: 
    Data owners are ultimately responsible and accountable for reviewing user access to systems.